CISO Tradecraft®

Discover the key to a more effective cybersecurity strategy in the newest episode of CISO Tradecraft! We're talking SOC tools, building a data lake for security, and more with guest Noam Brosh of Hunters. Don't miss it! Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/ Hunters - https://www.hunters.security/ Noam Brosh - https://www.linkedin.com/in/noam-brosh-5743938/ Transcripts: https://docs.google.com/document/d/1ArTixgEvRsVpLVdV2uVFAKCKSB2mBUKo Youtube Link: https://youtu.be/ThEpI2_LpD8  Chapters 00:00 Introduction and Welcome 01:20 Understanding the Role of SOC Tools 05:39 Challenges with Traditional SIEM Tools 08:48 The Shift to Data Lakes and the Impact on SIEMs 18:04 Understanding Different Cybersecurity Tools: SIEM, XDR, and SOC Platforms 19:25 The Role of Automation in Modern SOC Tools 26:01 The Importance of Third-Party Connection Tools in SOC Tools 27:27 Trends and Disruptions in the SIEM Space 28:09 Addressing False Positives in SOC Tools 31:14 Outsourcing Aspects of SOC and Staffing 36:28 Dealing with Multi-Cloud or Hybrid Cloud Environments 41:02 Reporting SOC Metrics to Executive Stakeholders

In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode include: incident triage, incident response frameworks, communication, collaboration, documentation, memory analysis, incident containment and eradication, scripting and automation, cloud security, and crisis management. Big Thanks to our Sponsors Risk3Sixty - https://risk3sixty.com/ Adlumin - https://adlumin.com/ Hasan Eksi's LinkedIn Profile: https://www.linkedin.com/in/eksihasan/ Transcripts: https://docs.google.com/document/d/1rWixzKgf_unanPlnoL6dt8qpEsbZj9lv Chapters  00:00 Introduction and Recap of the 10 Previous Skills 02:25 Skill #11) Incident Triage 04:21 Skill #12) Incident Response Frameworks 07:09 Skill #13) Communication 09:38 Skill #14) Collaboration 14:58 Skill #15) Documentation 19:35 Skill #16) Memory Analysis 22:36 Skill #17) Incident Containment and Eradication 25:31 Skill #18) Scripting and Automation 28:53 Skill #19) Cloud Security 31:10 Skill #20) Crisis Management 33:58 Recap of 20 SOC Skills and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, the role of managed security service providers, and the usefulness of managed detection and response systems. The discussion also delves into the increasing threat of ransomware and the critical importance of managing data vulnerabilities and providing security awareness training. Big Thanks to our Sponsor: Adlumin - https://adlumin.com/ Transcripts: https://docs.google.com/document/d/1V_qkMFdGC4NRLCG-80gcsiSA8ikT8SwP Youtube: https://youtu.be/diCZfWWB3z8   Chapters 00:12 Introduction and Sponsor Message 01:42 Guest Introduction: Kevin O'Connor 02:29 Discussion on Cybersecurity Roles and Challenges 03:20 The Importance of Defense in Cybersecurity 04:23 The Role of Managed Security Services for SMBs 07:26 The Cost and Staffing Challenges of In-House SOCs 14:41 The Value of Managed Security Services for Legal Firms 16:30 The Threat Landscape for Small and Mid-Sized Banks 18:19 The Difference Between Compliance and Security 20:08 Understanding the Reality of Cybersecurity 20:45 The Challenges of Building IT Infrastructure 21:08 Outsourcing vs In-house Security Management 21:55 The Importance of Understanding Your Data 22:43 Security Operations Center vs Security Operations Platform 24:21 The Role of Managed Detection and Response 24:54 The Importance of Quick Response in Security 28:07 The Threat of Ransomware and Data Breaches 34:31 The Role of Pen Testing in Cybersecurity 36:33 The Growing Threat of Ransomware 38:28 The Importance of Security Awareness Training 40:42 The Role of Incident Response and Forensics 42:11 Final Thoughts on Cybersecurity

In this episode of CISO Tradecraft we have a detailed conversation with Hasan Eksi from CyberNow Labs. G Mark and Hasan discuss the top 20 skills required by incident responders, covering the first 10 in part 1 of this series. The discussion ranges from understanding cybersecurity fundamentals to incident detection, threat intelligence, and malware analysis. This episode aims to enhance listeners' understanding of incident response, its significance, the skills required, and strategies for effective training. Big Thanks to our Sponsor Adlumin - https://adlumin.com/ Hasan Eksi's LinkedIn Profile: https://www.linkedin.com/in/eksihasan/ Transcripts: https://docs.google.com/document/d/1lE9Tz-um1II2aNX4JU-bQ-BND7fPNteE/ Chapters 00:00 Introduction 14:15 Skill 1) IT/Cyber Fundamentals 17:17 Skill 2) Incident Detection 18:34 Skill 3) Threat Intelligence 20:11 Skill 4) Cybersecurity Tools 24:12 Skill 5) Network Analysis 25:55 Skill 6) Endpoint Analysis 28:33 Skill 7) Log Analysis 32:41 Skill 8) Malware Analysis 35:20 Skill 9) Forensics 38:30 Skill 10) Vulnerability Assessment

In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Amer Deeba, CEO and co-founder of Normalyze. They focus on the importance of data security in today's cloud-centric, multi-platform tech environment. Amer shares valuable insights on the need for a data security platform that offers a unified, holistic approach. The conversation also delves into the importance of understanding the value of your data, and how solutions such as Normalyze can accurately identify and classify sensitive data, measure its value, and mitigate risk of compromise. Ideal for CISOs and professionals navigating data security, this episode provides key recommendations for data visibility, security posture management, and response mechanisms, built around the principles of cybersecurity. Big Thanks to our Sponsors Normalyze - https://normalyze.ai/ Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts: https://docs.google.com/document/d/1_z20Y5Xvs7qv6K9D2TUvM3ufLYSmXbvs Chapters 00:00 Introduction 02:46 Understanding Data Security 03:58 The Importance of Data Security 04:21 The Challenges of Data Security 08:26 The Role of Data Security Posture Management 10:31 The Value of Data and Compliance 13:58 The Importance of Real-Time Data Protection 15:31 The Role of Encryption in Data Security 17:19 Understanding the Risks of Data Breaches 18:45 The Importance of Holistic Data Security 36:26 The Role of Anomaly Checks in Data Security 37:48 Understanding Generational Data 40:38 Conclusion and Contact Information

On this episode we talk about the differences between Gamification and Game-Based Learning. We think you will enjoy hearing how Game-Based learning gets folks into the flow and creates novel training that resonates.  We also have a great discussion on how games can be applicable for Board Members and Techies.  You just need to get the right type of game for the right audience and let the magic happen. Big Thanks to our Sponsors Haiku - https://www.haikuinc.io/ Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1XmkMO7eJR3yAnXJPOCTaA5J9sakk639Q Prefer to watch on YouTube? https://www.youtube.com/watch?v=45eViHH_ktA  Chapters 00:00 Introduction 03:38 What is Game-Based Learning? 07:55 Training Board of Directors 10:18 Gamification vs Game-Based Learning 14:30 Do Your Duties 21:09 Delaware Fiduciary Duties 22:54 Building a Forge 26:11 Tailored Game Types 33:35 Teaching Girl Scouts Linux Commands 40:17 Retaining Your Best People

Learn the language of the board with Andrew Chrostowski. In this episode we discuss the 3 major risk categories of opportunity risk, cybersecurity risk and complex systems. We highlight intentional deficit and what to do about it. Finally, don't miss the part where we talk about the time for a digital strategy is past. What is needed today is a comprehensive strategy for a world of digital opportunities and existential cyber risks. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/iso-27001-certification/ Transcripts https://docs.google.com/document/d/15PnB1gYwt7vj-wRE4ABuEWxvB-H96rp0 Chapters 00:00 Introduction 04:22 Communication is a Requirement 09:34 How does cyber create value? 11:30 Culture and Operational Excellence 16:51 How does growth strategy align with cyber? 22:30 Intention Deficit Disorder 26:48 Accountability Loops 28:39 What's the evolution for a digital strategy? 32:02 Sharpen your axe 36:40 Digital Directors Network & Qualified Technical Experts

On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC8YQmnYVGrsH93-H Air Force Doctrine Publication 3-0 - Operations and Planning https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-0/3-0-D15-OPS-Coercion-Continuum.pdf Dykstra, J., Inglis, C., & Walcott, T. S. (Joint Forces Quarterly 99, October 2020) Differentiating Kinetic and Cyber Weapons to Improve Integrated Combat. https://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-99/jfq-99_116-123_Dykstra-Inglis-Walcott.pdf Tallinn Manual 1.0 published April 2013; 2.0 in 2017 https://ccdcoe.org/research/tallinn-manual/ Version 3.0 under development; inputs solicited at https://ecv.microsoft.com/RRllEKKMJQ https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war Chapters 00:00 Introduction 01:57 Definition of Cyber War 04:18 Kinetic vs Cyber War 07:02 Goal of Offensive Cyber Operations 10:06 International Law Applied to Cyber Operations (Sovereignty & Necessity) 11:33 Diplomatic, Information, Military, & Economic (DIME) 12:57 Proportionality 14:04 Law of Distinction 15:56 Tallinn Manual 18:15 Stuxnet, Sony Pictures, NotPetya, and SolarWinds attacks 23:47 Ukraine Cyber War 28:21 Comparing old tanks to old mainframes 39:55 Winning a Cyber War

On this episode we discuss the measuring results cheat sheet from Justin Mecham.  Key focuses include: Defining SMART Goals (Specific, Measurable, Achievable, Relevant, & Time-Bound) Identifying KPIs (Key Performance Indicators) Using the WOOP Model (Wish, Outcome, Obstacle, and Plan) Using a Gap Analysis Using the 5 Why Method Using Plan, Do, Check, & Act. Link to the Measuring Results Cheat Sheet https://www.linkedin.com/posts/justinmecham_harvard-says-leaders-are-10x-more-likely-activity-7112050615576391681-Ro60/ Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1Ok9cFBdubI6M4ubhcR0HZzmauHiU7fsN Chapters 00:00 Introduction 03:34 SMART Goals (Specific, Measurable, Achievable, Relevant, and Time Bound) 07:29 Key Performance Indicators 09:36 WOOP Model (Wish, Outcome, Obstacle, and Plan) 09:59 Gap Analysis 12:36 Root Cause Analysis and the 5 Whys 14:09 Plan, Do, Check, and Act

On this episode we discuss the four key roles Boards play in cybersecurity. Setting the company's vision and risk strategy Reviewing assessment results Evaluating management cyber risk stance Approving risk management plans Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts - https://docs.google.com/document/d/1jarCcQYioT59jtIrppH4xZqyAy4Vn_tB/ Chapters 00:00 Introduction 01:36 What is a Board of Directors and what do they do? 09:33 FFIEC requirements for Boards 16:51 Establishing an Information Security Culture 19:08 Vision and Risk Appetite 22:00 Reviewing Cyber Assessments 25:09 Are we secure? 32:44 Castle Walls and Attacks 33:37 Getting your budget requests approved 37:10 Using use or loose money and reserved funding