CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life. Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/ Actionable Gamification Book - https://a.co/d/isv7K0W 10,000 Hours of Play Book - https://a.co/d/3L88jTs Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL Chapters 00:0000:3404:1607:3409:2416:4922:1423:1224:4626:4828:0530:3831:3932:5037:5041:27

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity. Nathan Case - https://www.linkedin.com/in/nathancase/ Chapters 00:0000:5201:5103:3608:0015:0116:5623:2824:0625:3926:2327:1132:2136:1339:39

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations. 11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf 14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV Chapters 00:0000:5303:3306:1009:2623:5030:2840:07

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations. Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/ Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/ Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/ Chapters 01:3906:0614:4819:2622:1823:1524:2126:2631:4341:0943:56

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community. Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH Chapters 00:0000:2604:0906:2209:3316:4021:2522:0722:4124:1726:0627:2129:5534:3439:0140:29

In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows. Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_ References Model Context Protocol specification and security best practices, https://modelcontextprotocol.io ⁠ Security risks of MCP, https://pillar.security ⁠ ⁠ MCP security considerations, https://writer.com Chapters 00:0000:2701:4104:2308:4112:0718:0025:0028:0330:34

Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology. Chapters 00:0000:3101:3903:5104:3605:5108:0917:2220:1023:5124:2225:0526:4028:3630:1030:5534:0936:5939:5941:03

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:3501:1602:3803:1504:3208:0809:3912:2514:0415:0418:0719:1920:0621:08

Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis. Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK Chapters 00:2100:3601:2202:0802:4104:0909:2813:09

In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.' Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB Knostic's Website - https://www.knostic.ai/solution-brief-request Chapters 00:0000:3202:5106:0908:3419:0135:1039:46

In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently. Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII Chapters 00:0001:1303:0706:4713:1115:5318:27

Join host G Mark Hardy on CISO Tradecraft as he welcomes expert Scott Gicking to discuss the Center for Internet Security's (CIS) Controls Self-Assessment Tool (CSAT). Learn what CSAT is, how to effectively use it, and how it can enhance your career in cybersecurity. Stay tuned for insights on creating effective security frameworks, measuring maturity, and improving organizational security posture using the CSAT tool. Scott Gicking - https://www.linkedin.com/in/scottgickingus/ CIS CSAT - https://www.cisecurity.org/controls/cis-controls-self-assessment-tool-cis-csat Transcripts: https://docs.google.com/document/d/1WAI9U0WEUSJH1ZVWM1HdtFEf-O9hLJBe Chapters 01:1602:4904:0307:3809:4910:1313:0018:3823:2524:2025:2227:5230:0133:0737:3840:0242:55

Ever wonder how the CISO role went from obscure techie to boardroom MVP? In this episode of CISO Tradecraft, G Mark Hardy takes you on a journey through the evolution of the Chief Information Security Officer — from Steve Katz's groundbreaking appointment at Citibank in 1995 to the high-stakes, high-impact role CISOs play today. Transcripts: https://docs.google.com/document/d/1FlKBW6zlVBqLoSTQMGZIfz--ZLD_aS9t/edit Chapters 00:0000:5803:5808:3912:2317:5825:0727:51

In this episode of CISO Tradecraft, we host Chris Hughes, CEO of Aquia, cybersecurity consultant, and author. Chris shares insights on the evolving landscape of cybersecurity, discussing software supply chain threats, vulnerability management, relationships between security and development, and the future impacts of AI. Tune in to gain expert advice on becoming an effective cybersecurity leader. Chris Hughes - https://www.linkedin.com/in/resilientcyber/ Transcripts: https://docs.google.com/document/d/1j5ernS0Gk3LH-qcjhi6gOfojBqQljGhi Chapters 00:0000:5502:4603:4207:3412:1322:1923:4124:2925:3326:3233:2743:0545:05

In this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program. References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf Transcripts: https://docs.google.com/document/d/1VLeRozClLZAkZsusYsUn4Q9_1v7WCoN0 Chapters 00:0001:3202:4004:2505:5407:1909:2410:3112:3514:1016:0018:0019:3721:2422:5223:5825:2926:29

In this episode of CISO Tradecraft, host G. Mark Hardy dives into the evolution, challenges, and solutions of Data Loss Prevention (DLP). From early methods like 'dirty word lists' in the military to advanced AI and machine learning models of today, discover how DLP technologies have developed to safeguard sensitive information. Learn about different DLP phases, regulatory impacts, and modern tools like Microsoft Purview that can help manage and classify data effectively. This episode is packed with valuable insights to help you tackle data security with confidence and efficiency. Transcripts https://docs.google.com/document/d/1u7owNI5P3WajJvRPIXbzrUYy-PCsRcfC References Crash course in Microsoft Purview: A guide to securing and managing your data estate Chapters

In this episode of CISO Tradecraft, G. Mark Hardy dives deep into the world of Agentic AI and its impact on cybersecurity. The discussion covers the definition and characteristics of Agentic AI, as well as expert insights on its feasibility. Learn about its primary functions—perception, cognition, and action—and explore practical cybersecurity applications. Discover the rapid advancements made by tech giants and potential risks involved. This episode is a comprehensive guide to understanding and securely implementing Agentic AI in your enterprise. Transcripts https://docs.google.com/document/d/1tIv2NKX0DL4NTnvqKV9rKrgrewa68m3W References https://www.rt.com/news/401731-ai-rule-world-putin/ https://link.springer.com/article/10.1007/s44163-024-00216-2 https://www.cnbc.com/2024/10/22/anthropic-announces-ai-agents-for-complex-tasks-racing-openai.html https://convergence.ai/training-web-agents-with-web-world-models-dec-2024/ https://openai.com/index/introducing-operator/ https://venturebeat.com/ai/bytedances-ui-tars-can-take-over-your-computer-outperforms-gpt-4o-and-claude/ https://www.linkedin.com/pulse/openai-bytedance-zapier-launch-ai-agents-getcoai-l6blf/ https://www.microsoft.com/en-us/research/articles/omniparser-v2-turning-any-llm-into-a-computer-use-agent/ https://deepmind.google/technologies/project-mariner/ https://markovate.com/blog/agentic-ai-architecture/ https://doi.org/10.6028/NIST.AI.600-1 https://atlas.mitre.org/ https://owasp.org/www-project-top-10-for-large-language-model-applications/ https://www.iso.org/standard/81230.html Chapters 00:0001:1002:0104:3206:5408:2015:3521:1224:22

In this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success. Transcripts: https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe

In this episode of CISO Tradecraft, host G Mark Hardy discusses Microsoft's groundbreaking announcement of their new quantum chip, the Majorana. The chip harnesses properties of a topological superconductor, making quantum computing promises more tangible. The episode delves into the technical aspects of quantum bits (qubits), cryptography, and the implications of topological quantum computing. With insights on competitor advancements by Google and potential challenges, this episode provides a comprehensive overview of quantum computing's future and its cyber security implications. Transcripts: https://docs.google.com/document/d/1O2XG47o2_6jHBtPKL2PcwGRKPe69wFvi Link: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/ Chapters 00:0000:2601:5103:2306:0009:4116:4820:2925:01

In this CISO Tradecraft episode, host G. Mark Hardy delves into the recent U.S. presidential executive orders impacting AI and their implications for cybersecurity professionals. Learn about the evolution of AI policies from various administrations and how they influence national security, innovation, and the strategic decisions of CISOs. Discover key directives, deregulatory moves, and practical steps you can take to secure your AI systems in an era marked by rapidly changing regulations. Plus, explore the benefits of using AI tools like ZeroPath to bolster your cybersecurity efforts. Big Thanks to our Sponsors: ZeroPath - https://zeropath.com/ Transcripts: https://docs.google.com/document/d/1Nv27tpDQs2fjdOedJOi0LhlkyQ5N5dKt Links: https://www.americanbar.org/groups/public_education/publications/teaching-legal-docs/what-is-an-executive-order-/https://www.federalregister.gov/documents/2019/02/14/2019-02544/maintaining-american-leadership-in-artificial-intelligencehttps://www.csis.org/analysis/made-china-2025 https://www.researchgate.net/publication/242704112_China's_15-year_Science_and_Technology_Planhttps://www.federalregister.gov/documents/2020/12/08/2020-27065/promoting-the-use-of-trustworthy-artificial-intelligence-in-the-federal-governmenthttps://www.federalregister.gov/documents/2021/05/17/2021-10460/improving-the-nations-cybersecurity https://www.federalregister.gov/documents/2023/11/01/2023-24283/safe-secure-and-trustworthy-development-and-use-of-artificial-intelligencehttps://www.presidency.ucsb.edu/documents/executive-order-14148-initial-rescissions-harmful- executive-orders-and-actions https://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurityhttps://www.federalregister.gov/documents/2025/01/17/2025-01470/strengthening-and-promoting- innovation-in-the-nations-cybersecurityhttps://www.cisecurity.org/controls/cis-controls-list Chapters 00:0000:2301:1202:4405:4207:1009:3811:0912:2115:2637:1940:15