CISO Tradecraft®

Ross Young, an experienced cybersecurity leader and former CIA operator, shares his insights on effective vulnerability management. He reveals a shocking 300-day patching backlog he encountered, emphasizing the growing threat of vulnerabilities exacerbated by AI. Ross proposes a comprehensive framework that combines people, processes, and tools to foster accountability and efficiency in patching. He discusses how integrating AI can drastically reduce remediation times, ensuring organizations can swiftly adapt to emerging threats.

In this discussion, cybersecurity expert and author Ross Young shares insights on maximizing security budgets and improving processes for CISOs. He explains the OWASP Threat and Safeguard Matrix and its importance in prioritizing defenses against key threats like phishing and identity attacks. Ross also provides strategies for negotiating master service agreements and optimizing security practices with tools like murder boards. The conversation further explores applying AI-related risk assessments and enhancing leadership approaches for new CISOs.

Ross Young, a 20-year cybersecurity veteran with experience at the CIA and Capital One, shares his expertise on optimizing security budgets. He emphasizes that throwing money at tools can dilute effectiveness and stresses prioritizing risk reduction over compliance. Ross advocates for zero-based budgeting and highlights the importance of calculating total cost of ownership. He also critiques traditional cyber risk quantification methods and stresses the need to present budget requests in financial terms that showcase ROI. His insights promise to transform how CISOs approach their spending.

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives!Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/

Join Andrew Carney, Director of DARPA's AI Cyber Challenge and a veteran in vulnerability research, as he unveils the revolutionary capabilities of autonomous systems designed to identify and patch software vulnerabilities. The conversation explores the challenge's journey and its profound implications for cybersecurity, particularly in critical infrastructure. Andrew shares insights on real-world applications, the impact of synthetic vulnerabilities, and how these tools can empower defenders while emphasizing the necessity of human oversight. Discover the future of AI in cyber defense!

In this engaging discussion, Neal Foard, a seasoned advertising and storytelling expert, shares his insights on the art of storytelling for cybersecurity leaders. He emphasizes that emotions drive decision-making and highlights the importance of elevating others in narratives. Neal explains how to frame security successes for executives and advocates for hopeful, people-first messaging to build trust. With practical tips on continual improvement and finding stories everywhere, he shows how effective storytelling can amplify a professional's influence and career impact.

Ronan Murphy, Chief Strategy Officer at Forcepoint and a veteran in cybersecurity, shares invaluable insights on data protection in the AI era. He emphasizes the need for CISOs to transition from legacy tools to a strategic approach that focuses on AI-driven security. The discussion unveils common pitfalls CISOs face, the importance of real-time monitoring, and the relevance of granular taxonomies for effective data governance. They also dive into shadow AI risks and the evolving role of data strategists in enhancing organizational security.

In this discussion, Patrick Garrity, a security researcher at VulnCheck, and Tod Beardsley, VP of Security Research at RunZero, dive into the complex world of cybersecurity vulnerabilities. They explore the challenges of CVE numbering, the nuances of cyber attribution, and the ever-evolving threat landscape driven by state actors. The duo offers practical advice for CISOs on effective communication strategies to secure executive buy-in, along with insights into the critical need for strong defenses against ransomware and social engineering attacks.

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field. Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf  GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response  Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc Chapters 00:00 Introduction to AI and Cryptocurrencies 00:27 Welcome to CISO Tradecraft 00:55 Guest Introduction: Tomas Roccia 01:06 Tomas Roccia's Background and Career 02:51 AI in Cybersecurity: Defensive Approaches 03:19 The Democratization of AI: Risks and Opportunities 06:09 AI Tools for Cyber Defense 08:09 Challenges and Limitations of AI in Cybersecurity 09:20 Microsoft's AI Tools for Defenders 12:13 Open Source AI Security: Project Nova 18:37 Community Contributions and Open Source Projects 19:30 Case Study: Babit Crypto Hack 22:12 Money Laundering Techniques in Cryptocurrency 23:01 AI in Tracking Cryptocurrency Transactions 26:09 Sophisticated Attacks and Money Laundering 33:50 Future of AI and Cryptocurrency 38:17 Final Thoughts and Advice for Security Executives 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/ ThreatLocker - https://www.threatlocker.com/  Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b  Chapters 00:00 Introduction and Welcome 00:27 Meet Danny Jenkins, CEO of Threat Locker 01:12 The Philosophy Behind Threat Locker 02:52 Customer-Centric Culture at Threat Locker 04:32 Technical Leadership and Personal Insights 08:55 Leadership Advice for Aspiring CISOs 11:22 Conclusion and Farewell