CISO Tradecraft®

This week Rafeeq Rehman returns to discuss the 2023 updates to the CISO Mindmap. Note you can find his work here: https://rafeeqrehman.com/2023/03/25/ciso-mindmap-2023-what-do-infosec-professionals-really-do/ Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty - Get a free copy of The Five CISO Archetypes eBook from risk3sixty. By reading this eBook, you will discover your strengths, weaknesses, areas where you need support from your team, and the types of organizations you best fit. The eBook also provides the tools to analyze organizations to understand their security priorities better. You will be able to use these tools to identify organizations that would most benefit from your natural strengths as a security leader. Organizations that you will love to work with and that would love to have you as part of their team. The steps outlined in this book will make you a more effective security leader and more satisfied with your career. https://risk3sixty.com/whitepaper/five-ciso-archetypes-ebook/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook Transcripts: https://docs.google.com/document/d/1tFhZ6DdzwG12dYXvuVpaZdmfNWBVFswx  Chapters 00:00 Introduction 03:36 How to Write a Book 05:32 How to Master a Security Tool 09:19 Updating the Mind Map for 2023 and 2024 13:12 How to Resiliently Respond to Ransomware Attacks 16:15 The Importance of Redundancy in Security 19:18 How to Manage Your Security Budget Effectively 22:43 Building a Brand for a Security Organization 26:10 Untangle the Application Web of Components 29:38 The Importance of Software Build of Materials 33:28 How to Automate Security Operations 36:31 The Six Importances of a Security Mind Map 38:43 The Future of Generative AI 40:47 The Future of CISO Tradecraft

Imagine if you could get 1% better every day at something and do this for an entire year. Well, that's 365 days. And you go, okay, fine. 1%. 1%. That's going to be like 3.65%, right? No, because it compounds. And if you go ahead and open up your calculator and you take 1.01 and you raise it to the 365th power you're going to get 37.78. On today's show we have Andy Ellis discuss ways to get 1% better as a leader. Thanks to our two sponsors for this episode. 1) Prelude: https://www.preludesecurity.com/ 2) Risk3Sixty - Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and certify security, privacy, and compliance programs. They publish weekly thought leadership, webinars, and downloadable resources like budget and assessment templates. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook  1% Leadership Book: https://www.amazon.com/1-Leadership-Master-Improvements-Leaders-ebook/dp/B0B8YXJ2H1?&_encoding=UTF8&tag=cisotradecr05-20&linkCode=ur2&linkId=51e35f5bdcbe65e448e03d779143278c&camp=1789&creative=9325 Transcripts: https://docs.google.com/document/d/1Ul9N9cw579JMB_e7Vlk91_JpYxOBXQmx/ Chapters: 00:00 Introduction 02:09 Andy's career in cyber 04:04 The Butterfly Effect 06:06 How to Be 1% More Efficient at Cyber 09:01 The Importance of Uncloneability 10:57 The Importance of Personal Improvement in Leadership 14:21 The Importance of Commitment 16:10 The Importance of Feedback 20:23 Planning for a Sudden Change in Your Environment 26:51 How to Create Safety for Cyber Professionals 29:01 How to Face Adversity with Grace 30:36 The Importance of Culture in Email Security 32:11 The Importance of Delegation 33:55 Delegating vs Dumping 36:02 How to Reduce the Energy Cost of Inclusion 40:18 The Importance of Diversity in Organizations 42:07 Don't Borrow Evil

Are you a Chief Information Security Officer (CISO) looking to share your knowledge and insights with the world? In this episode, we explore how CISOs can embark on their journey of writing their first book. Join us as we delve into valuable tips and advice, including learning from renowned author Bill Pollock, who has paved the way for aspiring CISO authors.   Risk3Sixty is cyber security technology and consulting firm that works with high-growth technology firms to help leaders build, manage and certify security, privacy, and compliance programs.  They publish weekly thought leadership, webinars, and downloadable resources like budget and assessment templates. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook   Transcripts: https://docs.google.com/document/d/1uxNgxe7ad9VBfRLeRH4nWY6tSkI-Kexd   Chapters 00:00 Introduction 04:37 How No Starch Press was Founded 07:24 The Rise and Fall of the Hacking Underground 11:41 How to be a Successful Hacker 14:11 How to Edit a Book 16:38 How to Be a Good Writer 18:14 How to Write a Book Proposal 23:50 How to Overclock Your Computer 26:31 The Future of AI 28:15 The Value of a Author Book Publishing Agreement 33:39 How to Make Money Writing a Book 37:34 The No Starch Press Foundation and the Hacker Initiative 40:30 Hacker Initiative: A Public Charity for Cyber Security

One of the most important activities a CISO must perform is presenting high quality presentations to the Board of Directors.  Listen and learn from Demetrios Lazarikos (Laz) and G Mark Hardy as they discuss what CISOs are putting in their decks and how best to answer the board's questions.  Special thanks to our sponsor Risk3Sixty for supporting this episode. Risk3sixty has created a presentation template that helps you structure your thoughts while telling a compelling story about where you want your security program to go. Download it today for free at: https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook References RSAC ESAF Download: https://www.rsaconference.com/rsac-programs/executive-security-action-forum NACD 2023 Directors Handbook: https://www.nacdonline.org/insights/publications.cfm?ItemNumber=74777 Blue Lava: https://bluelava.io/cybersecurity-board-reporting/ Transcripts: https://docs.google.com/document/d/1juM8MQUEtAZEDp1HpzkPdNw-D11O3ofq Chapters 00:00 Introduction 05:17 The Importance of External Audits in Managing Risk 06:48 How to Help Your Business of Revenue Protection Reduce Risk 11:15 How to be a Successful CISO 12:52 How to Measure the Threat to Your Environment 15:04 How to Prepare for Cyber Threats and Incidents 18:49 The Importance of Understanding the Business's Critical Assets 22:28 OSINT and CSIRT.global Tools and Technologies 25:14 Building a Matrix of Good Intention, Bad Behavior, and Access Management 28:10 How to Create an Incident Response Plan 30:20 How to Keep Your Board of Directors Informed of Cybersecurity Incidents 31:50 How to Keep Track of the Latest Cyber Threats Coming Around the Corner 34:11 How to Achieve Cyber Insurance Coverage 37:06 Cyber Liability Insurance: A Necessary Component of Running Your Business in 2023 39:22 How to Measure the Effectiveness of a Company's Cybersecurity Program 40:54 The Importance of Business Alignment

A lot of times we focus on preventing ransomware, but we forget what we should do when we actually encounter it.  That's why we are bringing on Ricoh Danielson to talk about it.  Learn from him as he discusses tactics and techniques for businesses to follow then stuff hits the fan. Special thanks to our sponsor Risk3Sixty for supporting this episode. https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=ebook Ricoh Danielson - https://www.linkedin.com/in/ricoh-danielson-736a0715/ Transcript: https://docs.google.com/document/d/1R82dUBChC3URM6iaP3D7dds_2nh27DTs/ Chapters 00:00 Introduction 03:19 How to Help a Small Business Dig Out of Cybercrime 05:00 How to Negotiate with Your Cyber Insurance Company 08:58 How to Deal with a Threat Actor 12:57 The Importance of Treating Everything Equally 15:45 How to Use Microsoft Tools to Capture Information 17:25 How to Combat a Threat Actor with Microsoft Defender 22:41 Set up PGP Keys in Advance 25:26 How to Negotiate with an OFAC sanctioned organization 28:24 How to Deal with Ransomware 30:28 The Nature of Instant Response 32:25 How to Get Concurrency in your Organization 34:05 The Importance of a a Strong Relationship with a Client 37:34 The Importance of Breach Notifications 39:21 How to Hand Combat a Threat Actor

This episode features Lee Kushner discussing various topics, including negotiating skills, the importance of degrees in the cybersecurity field, the need for diversity in the industry, challenges faced by cybersecurity professionals, starting a career in cybersecurity, and the value of technical skills. The conversation emphasizes the need for individuals to acquire technical skills, such as coding and networking, as they are in high demand and can differentiate them in the job market. It also mentions the importance of understanding the industry and its composition when seeking employment in cybersecurity. Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser Transcripts: https://docs.google.com/document/d/11askuaFcV_jYov2FklkbZXxVN3JSNu6y/ Chapters 00:00 Introduction 07:56 The Importance of Professional First Mindset in the Staffing Industry 09:33 The Importance of Perception in a Staffing Environment 11:36 The Role of the Research Professional in a Hiring Process 16:03 How to Overcome Barriers in the Recruitment Process 18:09 The Importance of Education in Executive Search 20:41 The Importance of Diversity in Cyber Talent 25:25 How to Get a Job in Cyber Security 27:48 The Importance of a Technical Foundation in Careers 32:08 How to Become a Cybersecurity Professional 34:06 The Future of Cybersecurity Career Paths 35:56 The Future of Security 41:24 How to Get in Touch With Your Clients

On this episode we bring in Cyndi and Ron Gula from Gula Tech (https://www.gula.tech/) to talk about their cyber security experiences. Listen and enjoy as they tell their stories about leaving the NSA, creating the first commercial network Intrusion Detection System (IDS), Founding Tenable Network Security, and investing in multiple cybersecurity startups. Special thanks to our sponsor Risk3Sixty for supporting this episode. Be sure to check their weekly thought leadership, webinars, and downloadable resources like budget and assessment templates at: https://risk3sixty.com/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=sponser Transcripts: https://docs.google.com/document/d/1zdJwzJUXHBLlQvOGYWtWVQqmxFzmAe5Z  Chapters 00:00 Introduction 02:30 The Importance of Computer Security 04:46 The Career Path to the National Security Agency 07:39 The Importance of Compatibility 10:40 How to Get Your First Customer Off the Ground 14:28 How to Make your First Hire as a Beginning Entrepreneur 16:10 The Transition to Network Security Wizards 18:35 The Origins of Tenable 21:38 How to to Survive Contact with the Enemy 24:45 The Importance of Culture in the Military 29:31 Gula Tech Adventures 33:24 The Future of Venture Investing 36:13 Secrets of Working Together as Spouses 39:33 The Future of Venture Capital 42:21 Google Tech Adventures: How to Learn Startups

How do we frame an executive discussion so we can structure and present information in a way that effectively engages and aligns with the needs and interests of the executive audience?  On this episode we answer that question by discussing the 8 important elements of framing a discussion with executives: Clearly define the objective Start with the big picture Identify key issues Highlight impacts and benefits Use visually compelling data and metrics Be able to anticipate questions and concerns Provide actionable recommendations Seek alignment with existing perspectives of the organization Special thanks to our sponsor Risk3Sixty for supporting this episode.  Be sure to check their Security Budget & Business Case Template: https://risk3sixty.com/whitepaper/security-budget-template/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=budget Full Transcripts: https://docs.google.com/document/d/1vhLmqEAy-yQ01ZY1y8Nf7y-u_swTYCm8 Chapters 00:00 Introduction 02:42 How should we frame an executive discussion? 05:30 Start with the Bottom Line Up Front (BLUF) 07:11 1) Clearly Define the Objective 08:13 2) Start with the Big Picture 09:46 3) Identify Key Issues 10:47 4) Highlight Impact and Benefits 12:17 5) Use Visually Compelling Data and Metrics 13:07 6) Be able to Anticipate Questions and Concerns 15:06 7) Provide Actionable Recommendations 17:35 8) Seek Alignment with Existing Perspectives of the Organization

Learn how to unlock financial success with key strategies by Logan Jackson from Ray Capital Advisors.  Logan highlights how to set clear goals, choose the right asset class, diversify your portfolio for stability and growth, build a well-diversified investment portfolio to create wealth and mitigate risk, take control of your financial future through retirement planning and goal setting, & leverage tax loss harvesting. He also discusses how to prioritize tax planning, understand the impact of behavioral finance, seek professional money management, navigate conflicts of interest in financial planning, and discover hidden wealth advisors for personalized guidance. Special thanks to our sponsor Risk3Sixty for supporting this episode.  Be sure to check their Security Program Maturity Presentation for CISOs: https://risk3sixty.com/whitepaper/security-program-maturity-presentation-template-for-cisos/?utm_source=cisotradecraft&utm_medium=podcast&utm_campaign=2023-ct&utm_term=1week&utm_content=template Also if you would like to contact Logan Jackson please use his contact page at: https://www.raycapitaladvisors.com/  Full Transcripts: https://docs.google.com/document/d/1DLXnE5PTm4tDbONRSBarMa-1T8aduztf Chapters 00:00 Introduction 02:37 The Importance of Financial Goal Setting 06:48 How to Choose the Right Asset Class for Your Family 11:17 How to Diversify Your Portfolio 12:56 How to Build a Diversified Investment Portfolio 15:22 How to Diversify a Portfolio and Build Wealth 19:48 How to Take Risk Off the Table 22:47 The Importance of Diversifying Your Portfolio 24:13 The Importance of Retirement Planning 28:56 The Importance of Goal Setting 30:35 The Importance of Tax Planning 33:10 How to Maximize Your Tax Implications in Taxable Investment Accounts 35:20 How to Use Tax Loss Harvesting to Avoid Tax Losses 39:51 The Importance of Behavioral Finance in Investing 43:39 The Importance of Professional Money Management 45:55 The Conflicts of Interest in Financial Planning 47:50 How to Find a Hidden Wealth Advisor

Are you looking for ways to protect your most valuable asset? In this episode, G Mark Hardy argues that our most valuable asset is our family, not the crown jewels or critical assets of a corporation. He emphasizes the importance of managing money, having an emergency fund, obtaining life insurance, building retirement savings, protecting against credit card fraud, and creating a plan for your children's digital life.   Special thanks to our sponsor Risk3Sixty for supporting this episode. You can learn more about them from the Risk3Sixty Website: https://tinyurl.com/yc4xv7bj Full Transcript:  https://docs.google.com/document/d/1vVASHmOV7n7Js0luDF1kWBF3qoytDnTy Chapters 00:00 Introduction 02:01 How to Manage Your Money 05:54 The Millionaire Next Door 10:28 How to Diversity your Investments 12:35 The Importance of Paying Yourself First 15:41 How to Buy Paper I Bonds for Yourself 17:39 How to Choose the Right Life Insurance for You 21:28 The Cost of Life Insurance 23:12 The Importance of Retirement Savings 26:51 How to Optimize Your Retirement Income 28:47 How to Protect Yourself From Credit Card Fraud 30:40 How to Manage Your Credit 33:34 How to Avoid a Data Breach 35:44 How to Manage Your Passwords Effectively 37:36 How to Protect Your Children from the Risks of Online Content 41:23 How to Get Out of Dodge Quickly