CISO Tradecraft®-logo

CISO Tradecraft®

Technology Podcasts

Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.

Location:

United States

Description:

Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.

Language:

English


Episodes

#121 - Legal Questions (with Evan Wolff)

3/20/2023
Have you ever wanted to get a legal perspective on cybersecurity? On this episode of CISO Tradecraft, Evan Wolff stops by to discuss terms such as legal disclaimers, negligence, due care, and others. He also provides important insights on how to structure your cyber policies, respond to regulators/auditors, and partner with general council. Please enjoy. Full Transcripts: https://docs.google.com/document/d/1hbqB5GQfQsi0egPVdOtdfYEwLA3-1Jnh Chapters

Duration:00:38:29

#120 - Negotiating Your Best CISO Package (with Michael Piacente)

3/13/2023
Have you ever wondered how to negotiate your best CISO compensation package? On this episode, we invite Michael Piacente from Hitch Partners to discuss important parts of the compensation packages. Examples include but are not limited to: - Base Salary, You can learn more about CISO compensations by Googling any of the following compensation...

Duration:00:39:41

#119 - Ethics (with Stephen Northcutt)

3/6/2023
One of the most difficult things to do as a manager or leader is to take an ethical stance on something you believe in. Sometimes ethical stances are clear and you know you are doing what’s right. Others are blurry, messy, and really weigh on your mind. So we thought we would take this episode to talk about various ethical models, tricky ethical scenarios you might encounter as a CISO, and finally we will look at the Federal Case where Joe Sullivan the Former Chief Security Officer of Uber...

Duration:00:41:15

#118 - Data Engineering (with Gal Shpantzer)

2/27/2023
Our systems generate fantastic amounts of information, but do we have a complete understanding of how we collect, analyze, manage, store, and retrieve possibly petabytes a day? Gal Shpantzer has been doing InfoSec for over 20 years and has managed some huge data engineering projects, and offers a lot of actionable insights in this CISO Tradecraft episode. Gal's LinkedIn Page - https://www.linkedin.com/in/riskmanagement/ Gal's Twitter Page - https://twitter.com/Shpantzer Full Transcript -...

Duration:00:44:45

#117 - Good Governance (with Sameer Sait)

2/20/2023
Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues? Today we are going to overcome that by talking about what good governance looks like. We bring on the former CISO of Amazon Whole Foods (Sameer Sait) to discuss his lessons learned as a CISO. We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute. Cyber Risk Institute - Cyber Security Profile https://cyberriskinstitute.org/the-profile/...

Duration:00:39:34

#116 - A European view of CISO responsibilities (with Michael Krausz)

2/13/2023
In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be technically-focused, but as a security department matures, the...

Duration:00:43:37

#115 - The Business Case for a Global Lead of Field Cybersecurity (with Joye Purser)

2/6/2023
How can cyber best help the sales organization? It's a great thought exercise that we bring on Joye Purser to discuss. Learn from her experience as we go over how cybersecurity is becoming an even closer business partner with the creation of a new important role. Full Transcript: https://docs.google.com/document/d/1Shd1Qldb8iKEHBgXJqFez81Iwfpl6JT-/ Chapters

Duration:00:41:38

#114 - One Vendor to Secure Them All

1/30/2023
Did you ever wonder how much security you can implement with a single vendor? We did and were surprised by how much you can do using the Australian Top Eight as a template. We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full...

Duration:00:24:06

#113 - SAST Security (with John Steven)

1/23/2023
This episode provides a deep dive into Static Application Security Testing (SAST) tools. Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization. Special thanks to John Steven for coming on the show to share his expertise. Special thanks to our sponsor Praetorian for supporting this episode. https://www.praetorian.com/ Full...

Duration:00:42:51

#112 - Attack Surface Management (with Richard Ford)

1/17/2023
How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels. Special thanks to our sponsor Praetorian for supporting this episode. A Full Transcript of this podcast can be found...

Duration:00:41:56

#111 - Leading with Style

1/9/2023
Have you ever wanted to be like Neo in "The Matrix" and learn things like Kung Fu in just a few minutes? Well on today's episode, we try to do just that by cramming powerful leadership concepts into your head in just 45 minutes. So sit back, relax, and enjoy CISO Tradecraft. Show Notes with Pictures & References: https://docs.google.com/document/d/1z5FwVwYlNiJlevQXP9IK48Z5kYqG-Ee_/edit?usp=sharing&ouid=104989998442085477687&rtpof=true&sd=true Full Transcript:...

Duration:00:44:52

#110 - Predictions for 2023

1/2/2023
Want to know CISO Tradecraft's Top 10 cyber security predictions for 2023? Listen to the episode to learn more about: Be sure to also check out G Mark Hardy's annual ISACA talk at http://isaca-cmc.org/ Link to full transcripts of the podcast can be found here: https://docs.google.com/document/d/1RkrtkuunBn-qaU-Y9HvgHJzAKoIIszcW/edit?usp=sharing&ouid=104989998442085477687&rtpof=true&sd=true

Duration:00:24:13

#109 - The Right Stuff

12/19/2022
Success leaves clues, but sometimes we limit ourselves by only looking close by for them. This week, we pondered what business skills are essential for a successful CISO, and then extended the search to some non-traditional sources to find some very relevant advice. Take the time to listen and do a self-examination (you don't have to submit for a grade :) and see where you could boost your skills portfolio to increase your success as a security leader. Some of the essential skills we discuss...

Duration:00:45:39

#108 - Show Me The Money (with Nick Vigier)

12/12/2022
There's a lot of things you need to know as a CISO, but one of the things least taught is budgeting best practices. On today's episode, CISO Nick Vigier stops by to share his lessons learned on the topic. His conversations focus on spends vs investments. Remember spends = overhead, whereas investments = growth. Here's a great point. [10:00] There are opportunities that we have to frame some of these things as investments versus framing them as risk mitigations. And so one of the mantras or...

Duration:00:43:03

#107 - Consolidating Vulnerability Management (with Jeff Gouge)

12/5/2022
Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management. We also thank our sponsor Nucleus Security for supporting this episode. Consistently tracking and prioritizing vulnerabilities is a difficult problem. This episode talks about it in detail and helps you increase your understanding in: CISA Known Exploited Vulnerabilities CatalogExploit Prediction Scoring System (EPSS)Stakeholder-Specific Vulnerability Categorization Guide (SSVC) Note a Full...

Duration:00:42:43

#106 - How to Win Your First CISO Role

11/28/2022
Are You Ready To Win Your First CISO role? Apply these techniques into your resume and interview process so both recruiters and hiring managers will offer you the job. This show focuses on: Please note the full show transcript can be found here https://docs.google.com/document/d/18Feg4eXbezHVPiNQ9qO6Pdht3P0eQ5nn

Duration:00:29:31

#105 - Start Me Up (with Bob Cousins)

11/21/2022
Would you like to hear a master class on what Technology professionals need to know about startups? On this episode Bob Cousins stops by to share his knowledge and experience on working in technology companies, dealing with founders, and partnering with venture capitalists. Listen and learn more about: Subscribe to the CISO Tradecraft LinkedIn Page

Duration:00:48:40

#104 - Breach and Attack Simulation (with Dave Klein)

11/14/2022
Special Thanks to our podcast sponsor, Cymulate. On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face: Breach and Attack Simulation tooling address these 3 digital challenges by focusing on Breach Attack Simulation, Vulnerability Prioritization, & Threat Exposure Management. This combined approach allows a cyber organization to ensure its security is fully optimized and its risk exposure is minimized. Key benefits of adopting Breach and Attack...

Duration:00:44:33

#103 - Listening to the Wise (with Bill Cheswick)

11/7/2022
Have you ever just met someone that was so interesting that you just sat and gave them your full attention? On this episode of CISO Tradecraft, we have Bill Cheswick come on the show. Bill talks about his 50 years in computing. From working with the pioneers of Unix at Bell Labs, inventing network visualization techniques for the DoD, and creating the early best practices in firewalls and perimeter defenses. He was also the first person to co-author a book on Internet Security. So listen in...

Duration:00:44:55

#102 - Mentorship, Sponsorship, and A Message to Garcia

10/31/2022
Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today's episode is about how to better mentor your people (and in doing so, improve yourself as well.) Mentoring is an important part of being a leader, and I would venture that most listeners have achieved their current level of success with the insights of a mentor, along with a lot...

Duration:00:38:47