CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy welcomes Richard Stiennon, an industry analyst and cybersecurity expert. Together, they delve into the reasons why Chief Information Security Officers (CISOs) often miss upcoming security challenges and discuss actionable solutions. Richard shares his extensive background, including his time at Gartner, his founding of IT Harvest, and his work on the Security Yearbook. The conversation also explores the rapid growth of AI in cybersecurity, the challenges of understanding the market, and the future landscape of cybersecurity technologies. This episode provides valuable insights for CISOs looking to stay ahead in an ever-evolving industry.

In this episode of CISO Tradecraft, hosts G Mark Hardy and Ross Young discuss the extensive redesign at CISO Tradecraft and introduce a series of free cybersecurity tools and templates available on their website. The tools, created with the help of AI, range from a Cybersecurity Budget Template and Gen AI Risk Assessment to a Personal Values Exercise and Process Improvement exercise. They also cover topics such as AI coding, CMMC Compliance, Cloud Security Alliance’s AI Control Matrix, and the Cyber Six Pack for improving vulnerability management. Additionally, they share insights on tools rationalization exercises, such as the cybersecurity murder board, and the importance of aligning tasks with personal values. Tune in for detailed walkthroughs of these innovative resources designed to enhance your cybersecurity strategies without breaking the bank. Templates can be found here: https://www.cisotradecraft.com/freetemplates

Most cybersecurity programs are built on rigid “best practices” that assume people will behave rationally, consistently, and exactly as policy dictates; even under stress, time pressure, and uncertainty. In reality, humans don’t work that way. Cognitive bias, fatigue, incentives, and real-world constraints cause well-intentioned employees, analysts, and leaders to make decisions that quietly undermine security. The result? Incident response stalls, SOCs drown in noise, and organizations continue to repeat the same failures, even while believing they’re “doing everything right.” In this episode of CISO Tradecraft, host G. Mark Hardy and Dr. Dustin Sachs demonstrate how applying behavioral science and human decision-making can radically improve cybersecurity outcomes. By designing security around how people actually think and operate, not how policies assume they do, leaders can build adaptable, resilient programs that work in the real world. Check out Dustin's new book: https://www.amazon.com/Behavioral-Insights-Cybersecurity-Security-Leadership/dp/1032998539 Dustin Sachs's Linkedin Profile: https://www.linkedin.com/in/dustinsachs/

In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Rajan Kapoor, VP of Security at Material Security, to discuss critical topics in cloud workspace security. From discussing the increased attack surfaces in cloud environments like Google Workspace and Microsoft 365 to practical solutions for mitigating these risks, Rajan provides invaluable insights into creating a secure cloud office environment. Tune in for expert advice on improving security maturity, managing cloud security tools efficiently, and leveraging modern technology for enhanced protection and reduced dwell time. Whether you're a small enterprise or a large corporation, this episode has actionable insights to help you strengthen your security posture. Check out the Material Security Scorecard to measure your Cloud Office Security https://material.security/workspace-security-scorecard Rajan Kapoor https://www.linkedin.com/in/rajankkapoor/ MITRE ATT&CK® Office Suite platform https://attack.mitre.org/matrices/enterprise/cloud/officesuite/

Dive into the rapidly evolving world of AI with G Mark Hardy and Ross Young in this episode of CISO Tradecraft. Explore how AI is transforming business processes, the critical need for cybersecurity leadership in AI deployments, and the importance of setting clear goals, monitoring performance, and ensuring data quality. Learn about the different types of AI from traditional to generative and agentic AI, and understand the frameworks and risk assessments shaping the future of AI integration in organizations. Don't miss this essential conversation for cybersecurity leaders looking to stay ahead of the curve. Generative Artificial Intelligence Risk Assessment SIMM 5305-F: https://cdt.ca.gov/wp-content/uploads/2025/08/SIMM-5305-F-Generative-Artificial-Intelligence-Risk-Assessment-20250822FINAL.pdf

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Neatsun Ziv from Ox Security to discuss the evolving landscape of vibe coding and its security implications. The conversation delves into the risks and opportunities surrounding vibe coding, how it can enhance productivity while maintaining security, and the importance of embedding security into the entire lifecycle. They also explore the concept of VibeSec, why traditional shift-left security approaches might be failing, and what new methodologies can be adopted to ensure robust security in a rapidly changing tech world. Tune in to gain valuable insights into how you can future-proof your code, leverage modern IDEs and MCP, and maintain a strong security posture in the era of AI-driven development. Ox Security's Website - https://www.ox.security/ Are AI App Builders Secure - https://www.ox.security/resource-category/whitepapers-and-reports/are-ai-app-builders-secure-we-tested-lovable-base44-and-bolt-to-find-out/ The AI Code Security Crisis - https://www.ox.security/resource-category/whitepapers-and-reports/army-of-juniors/

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Yuriy Tsibere from ThreatLocker to discuss an essential topic for cybersecurity leaders: Defense Against Configurations (DAC). With a focus on the significant risks posed by misconfigurations, Yuriy shares insights on how ThreatLocker's new DAC tool helps organizations identify and rectify vulnerabilities in OS configurations, ensuring a higher degree of security. They explore the critical role of maintaining proper endpoint configurations, Zero Trust principles, and how DAC seamlessly integrates into ThreatLocker’s platform to provide real-time monitoring and reporting. Yuriy also touches on how DAC supports various security frameworks and compliance standards, making it a valuable asset for any organization aiming to enhance its cybersecurity posture. Big Thanks to Threatlocker for supporting this episode. Register to attend Zero Trust World 2026: https://ztw.com/?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=dac_yuriy_q4_25&utm_content=dac_yuriy-&utm_term=video Use discount code ZTWCISOTRADECRAFT26 for $200 off

Join host G Mark Hardy in an exciting episode of CISO Tradecraft where we delve into the cutting-edge world of Human AI Security Operation Centers (SOCs). With special guests Brian Carbaugh and William McMillan, former CIA operatives and leading figures in cybersecurity innovation, we explore how AI is transforming the landscape of security operations. Discover the unparalleled efficiency, accuracy, and proactive threat detection offered by AI-driven SOCs compared to traditional platforms. Learn from real-world examples, such as condensing hundreds of investigative hours into just 90 seconds, and understand the critical role of contextual data in modern threat detection. Perfect for CISOs ready to elevate their security strategies, this episode provides actionable insights and expert advice on navigating AI SOC adoption and integration. Don't miss this informative and forward-thinking discussion! Big thanks to our sponsor Forcepoint: https://www.forcepoint.com/resources/ebooks/practical-guide-mastering-data-compliance?utm_source=&sf_src_cmpid=701a600000exxd7AAA&utm_medium=display&utm_content=AW_NC_LinkedInAds_October25_ban&utm_campaign=LinkedInAds_October25 William MacMillan - https://www.linkedin.com/in/william-andesite/ Brian Carbaugh- https://www.linkedin.com/in/brian-carbaugh-38b339243/

In this captivating episode of CISO Tradecraft, hosted by G. Mark Hardy, we delve into the incredible life journey of Jeri Ellsworth—a renowned inventor and tech entrepreneur. From her early fascination with electronics in rural Oregon to her innovative ventures in Silicon Valley, Jeri shares her unique experiences and hard-earned wisdom. Discover the highs and lows of her career, including her time at Valve Software, navigating significant security breaches, and her foray into the world of crowdfunding and startups. This episode is packed with invaluable lessons for CISOs, cybersecurity professionals, and aspiring entrepreneurs alike. Tune in now and get inspired by Jeri's story of resilience, innovation, and leadership. Jerri Ellsworth - https://www.linkedin.com/in/jeriellsworth/

Imagine stepping into a role and discovering your predecessor had been severely underreporting vulnerabilities, leaving your systems 300 days behind on patches. Join G Mark Hardy and Ross Young in this riveting episode of CISO Tradecraft as they unveil a startling real-world scenario and a proven strategy to revolutionize your patching process. Learn how to tackle the ever-growing number of vulnerabilities, leverage AI and automation, and instill a culture of accountability and gamification among your team. With expert insights and practical steps, this episode is a must-watch for every cybersecurity leader looking to stay ahead of threats and secure their organization's future. Big thanks to our sponsor, Forcepoint. Check out how they can help you shut down ShadowAI. https://www.forcepoint.com/resources/ebooks/shadow-ai-security-guide?utm_source=linkedin&sf_src_cmpid=701a600000exxd7AAA&utm_medium=display&utm_content=AW_NC_LinkedInAds_October25_ban&utm_campaign=LinkedInAds_October25 Note slides can be found here: https://www.linkedin.com/posts/mrrossyoung_patch-or-perish-activity-7389964440546471936--I_F?utm_source=share&utm_medium=member_desktop&rcm=ACoAABnnk5MBYbK8I-lYgI25f6ro7t6rOeP-Ods Chapters 00:00 Introduction: The CISO Challenge 00:31 The Importance of Data Security 01:05 Welcome to CISO Tradecraft 02:01 Ross Young's Patching Journey 03:34 The Growing Threat of Vulnerabilities 05:16 AI and Cybersecurity 07:34 Developing a Comprehensive Security Approach 10:51 Accountability and Metrics 15:30 Improving Vulnerability Management Processes 19:28 Advanced Tooling and Automation 23:16 Future Trends in Cybersecurity 27:06 Conclusion: Adapting to the Future

In this episode of CISO Tradecraft, G Mark Hardy and Ross Young dive into part two of their series on cybersecurity budgets. Continuing from where they left off, they discuss the OWASP Threat and Safeguard Matrix (TaSM), effective protection scoring, and practical strategies to enhance your budget management as a CISO. Learn about the importance of understanding material threats, leveraging AI, and employing tools like murder boards to optimize security practices. Ross also shares inside tips for negotiating master service agreements and improving organizational processes, all aimed at making you a more effective security leader.

Welcome to another episode of CISO Tradecraft! Join G Mark Hardy and Ross Young as they dive deep into strategies for maximizing your security budget while minimizing waste. Ross, the author of the soon-to-be-released 'Cybersecurity's Dirty Secret,' shares insights from his 20-year career, including his time at the CIA, Capital One, and Caterpillar Financial. Get expert tips on zero-based budgeting, total cost of ownership, avoiding meeting waste, and more. Don't miss this episode if you want to learn how to make every cybersecurity dollar count! Free Templates: https://www.cisotradecraft.com/store Course: https://www.cisotradecraft.com/course-master-the-budget-game-in-cybersecurity

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives! Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/ Chapters 01:07 Guest Background and Career Journey 03:00 Cybersecurity and Privacy Integration 08:04 AI's Impact on Cybersecurity and Privacy 12:32 Data Retention Challenges and Solutions 17:56 Improving Data Visibility 19:28 GDPR Compliance and Data Breaches 19:55 Challenges of Data Management in Large Enterprises 21:02 AI and Cloud Governance 22:52 Encouraging AI Literacy in the Workplace 25:39 AI Policy and Legal Protections 28:56 AI's Limitations and Risks 31:48 The Importance of AI Literacy Across Functions 35:23 Final Thoughts and Advice for CISOs

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives! Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/

Dive into an exciting discussion on CISO Tradecraft as host G Mark Hardy engages with DARPA's AI Cyber Challenge director, Andrew Carney. Learn about the world of autonomous systems capable of identifying and fixing vulnerabilities at an unprecedented speed and scale. Discover the highs and lows of AIxCC's two-year journey, its groundbreaking impact on cybersecurity, and the potential it holds for the future. Whether you're a seasoned CISO or just passionate about cybersecurity, this episode is packed with insights on leveraging AI to protect critical infrastructure and defend against cyber threats. Don't miss it! https://aicyberchallenge.com/

Dive into an exciting discussion on CISO Tradecraft as host G Mark Hardy engages with DARPA's AI Cyber Challenge director, Andrew Carney. Learn about the world of autonomous systems capable of identifying and fixing vulnerabilities at an unprecedented speed and scale. Discover the highs and lows of AIxCC's two-year journey, its groundbreaking impact on cybersecurity, and the potential it holds for the future. Whether you're a seasoned CISO or just passionate about cybersecurity, this episode is packed with insights on leveraging AI to protect critical infrastructure and defend against cyber threats. Don't miss it! https://aicyberchallenge.com/

Join us in this captivating episode of CISO Tradecraft as host G Mark Hardy sits down with storytelling maestro Neil Foard. Learn the secrets of impactful storytelling straight from Neil, who shares an engaging story about an unforgettable lesson at the New Jersey State Fair. Delve into the importance of emotions in storytelling, glean tips for effective communication, and discover how being an inspiring leader can propel your cybersecurity career. Don't miss this opportunity to enhance your storytelling prowess and become a more effective cybersecurity leader!

Join us in this captivating episode of CISO Tradecraft as host G Mark Hardy sits down with storytelling maestro Neal Foard. Learn the secrets of impactful storytelling straight from Neal, who shares an engaging story about an unforgettable lesson at the New Jersey State Fair. Delve into the importance of emotions in storytelling, glean tips for effective communication, and discover how being an inspiring leader can propel your cybersecurity career. Don't miss this opportunity to enhance your storytelling prowess and become a more effective cybersecurity leader!

Learn how to elevate Data Protection in the Age of AI with Ronan Murphy In this episode of CISO Tradecraft, host G Mark Hardy and guest Ronan Murphy, Chief Strategy Officer at Forcepoint, discuss the critical importance of data protection for enterprises in the age of AI. Discover expert insights on common mistakes CISOs make, how AI revolutionizes data security, and the evolving role of CISOs from enforcers to strategists. Learn about effective data governance, AI’s impact on data, and leveraging tools like DLP & CASB for robust cybersecurity. Plus, hear about Forcepoint Aware 2025 and actionable strategies for elevating your organization's data security posture. https://www.forcepoint.com/aware Chapters 00:00 Introduction: The Importance of Data Security 00:26 Meet the Expert: Ronan Murphy's Background 02:40 Challenges in Data Protection 04:01 The Role of AI in Data Security 06:26 Strategies for Effective Data Management 19:05 Understanding Data Loss Prevention (DLP) 20:36 Exploring Cloud Access Security Brokers (CASB) 24:37 Data Security Posture Management (DSPM) 38:36 The Future Role of CISOs 40:30 Conclusion and Upcoming Events

Learn how to elevate Data Protection in the Age of AI with Ronan Murphy In this episode of CISO Tradecraft, host G Mark Hardy and guest Ronan Murphy, Chief Strategy Officer at Forcepoint, discuss the critical importance of data protection for enterprises in the age of AI. Discover expert insights on common mistakes CISOs make, how AI revolutionizes data security, and the evolving role of CISOs from enforcers to strategists. Learn about effective data governance, AI’s impact on data, and leveraging tools like DLP & CASB for robust cybersecurity. Plus, hear about Forcepoint Aware 2025 and actionable strategies for elevating your organization's data security posture. https://www.forcepoint.com/aware