CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance. Chapters 00:00 Introduction to AI Governance 00:30 Guest Introduction: Dave Lewis 00:49 The Importance of AI Governance 01:42 Challenges in AI Implementation 03:20 AI in the Modern Enterprise 03:49 Shadow AI and Security Concerns 04:49 AI's Impact on Jobs and Industry 05:27 The Gartner Hype Cycle and AI 05:43 AI's Influence on the Stock Market 06:14 Historical Context of AI 06:32 AI and Credential Security 08:29 The Role of Governance in AI 12:47 The Future of AI and Security 18:36 Governance and Policy Recommendations 19:26 AI Governance and Ethical Concerns 20:01 AI Self-Preservation and Human Safety 20:18 Uncontrollable AI Applications 21:17 Vectors of AI Trouble 21:58 AI Hallucinations and Data Security 22:53 AI Vulnerabilities and Exploits 26:29 Deepfakes and AI Misuse 27:33 Historical Cybersecurity Incidents 29:04 Future of AI and Job Security 33:47 Managing AI Identities and Credentials 34:21 Conclusion and Final Thoughts

Tim Brown, the Chief Information Security Officer of SolarWinds, shares his firsthand experience navigating the infamous supply-chain breach. He discusses the attacker’s sophisticated tactics and the challenges of incident response, including real-time communications and customer notifications. Tim emphasizes the importance of supply-chain security, highlighting tools like SBOMs for risk assessment. He also covers the legal complexities and accountability that CISOs face in today’s regulatory landscape, offering crucial insights for cybersecurity leaders.

In this engaging discussion, Casey Marquette, a cybersecurity recruitment expert and former senior security leader, shares insights on building effective cybersecurity teams and advancing careers. He emphasizes the importance of networking, mentorship, and hiring for passion over experience. Casey introduces Scout, an AI tool designed to streamline recruitment, while addressing risks like deepfakes. He also provides practical advice on career growth, highlighting the value of written goals and strong relationships, making it essential listening for both job seekers and hiring managers in the cybersecurity field.

Join host G Mark Hardy in another enlightening episode of CISO Tradecraft as he speaks with special guest Christophe Foulon, a seasoned cybersecurity professional and podcast host. In this episode, Christophe delves into his journey from the help desk to cybersecurity expert, the challenges faced by newcomers, and the keys to successfully building and leading cybersecurity teams. Learn about the importance of continuous learning, managing career transitions, and the emotional rewards and challenges of being a CISO. Whether you're an aspiring CISO or looking to advance in your cybersecurity career, this episode offers invaluable insights and practical advice. Christophe's LinkedIn: https://www.linkedin.com/in/christophefoulon/  Christophe's Website: https://christophefoulon.com/ Christophe's Podcast: https://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698  Transcripts: https://docs.google.com/document/d/1UytoyelIMezzbtxdPHo5FE_oLiXYS_58 Chapters 00:00 Introduction to the Episode 00:27 Meet the Guest: Christophe Foulon 01:30 Christophe's Journey into Cybersecurity 06:24 The Allure and Challenges of a CISO Role 09:55 Developing Political and Leadership Skills 20:30 Aligning Team Members with Their Strengths 31:34 Navigating HR and Diversity in Cybersecurity 36:29 Becoming a Fractional or Virtual CISO 42:27 Final Thoughts and How to Connect with Christophe

Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out of your Hacker Summer Camp experience. Transcripts: https://docs.google.com/document/d/1Y-MenErnVCzUga4xu20ZIz8hT9xsGSJD   Chapters 00:00 Introduction to Hacker Summer Camp 01:29 History and Significance of DEFCON 02:50 Spot the Fed and Early DEFCON Experiences 05:31 The Evolution of Black Hat 09:34 The Birth and Growth of BSides 11:19 Tips for Attending Hacker Summer Camp 19:57 Networking and Participation Strategies 25:31 Conclusion and Final Thoughts

In this enlightening conversation, cybersecurity expert Ross Young shares insights on creating a personal board of directors for career advancement. He emphasizes the value of mentorship and sponsorship, explaining how informal relationships can outperform formal coaching. Discover the importance of diversifying board members, including ‘grave diggers’ to identify organizational issues. Ross offers practical tips for effectively approaching and maintaining connections with mentors, ultimately guiding listeners on how to strategically navigate their career paths.

Join G Mark Hardy in this special episode of CISO Tradecraft as he interviews Ross Young, the creator of the OWASP Threat and Safeguard Matrix (TaSM). Ross shares his extensive cybersecurity background and discusses the development and utility of the TaSM, including its applications in threat modeling and risk management. Additionally, Ross introduces his upcoming book, 'Cybersecurity's Dirty Secret: How Most Budgets Are Wasted,' and provides insights on maximizing cybersecurity budgets. Don't miss this episode for essential knowledge on enhancing your cybersecurity leadership and strategies.   OWASP Threat and Safeguard Matrix - https://owasp.org/www-project-threat-and-safeguard-matrix/ Transcripts - https://docs.google.com/document/d/1anGewI3XccGnXoV3oE2h7BfelY5QxiSL/   Chapters 00:00 Introduction to the Threat and Safeguard Matrix 00:30 Meet Ross Young: Cybersecurity Expert 01:08 Ross Young's Career Journey 01:59 The Upcoming Book: Cybersecurity's Dirty Secret 03:04 Introduction to the Threat and Safeguard Matrix (TaSM) 03:48 Understanding the TaSM Framework 07:10 Applying the TaSM to Real-World Scenarios 19:32 Using TaSM for Threat Modeling and Risk Committees 21:58 Extending TaSM Beyond Cybersecurity 23:52 AI Risks and the TaSM 24:43 Conclusion and Final Thoughts

Join us for an engaging episode of CISO Tradecraft, hosted by G Mark Hardy, featuring cybersecurity veteran Ira Winkler. In this episode, we dive deep into cybersecurity careers, discuss the unique CruiseCon cybersecurity event, and explore the evolution of information security. Hear firsthand accounts of career journey highlights, networking strategies, and the importance of democratizing top-tier content. Learn about the impacts of AI in cybersecurity, data poisoning, and upcoming cybersecurity conferences. Whether you're a seasoned professional or just starting your journey, this episode is packed with invaluable insights and advice.   https://cruisecon.com/ Don't forget to the the following code for 10% off "CISOTRADECRAFT10"   Transcripts: https://docs.google.com/document/d/1-H1CShsyirr4ZL9d1WCx6IMA_ngjWoEN   Chapters 00:00 Introduction to CISO Tradecraft 01:34 Meet Ira Winkler: Cybersecurity Veteran 02:50 The Concept of CruiseCon 05:58 Challenges in Cybersecurity Events 08:03 Building a Cybersecurity Community 13:45 Mentorship and Networking in Cybersecurity 21:52 The Importance of Relevant Mentorship 24:40 The Importance of Programmatic Principles 25:19 Finding the Right Mentor for Your Career Path 26:38 Adapting to a Shifting Career Landscape 27:05 Understanding AI Fundamentals 29:12 The Role of Data in AI 30:57 Agentic AI and Its Applications 32:48 Challenges and Risks in AI 41:33 Upcoming Events and Keynote Speakers 43:35 Leadership Lessons from Ground Zero 46:39 Future Cruise Con Events 47:44 Conclusion and Farewell

Yu-Kai Chou, a gamification pioneer and author, shares insights on how to harness play for success in life and career. He explains his Octalysis framework, emphasizing the importance of aligning passions with skills and selecting meaningful life games. The conversation delves into practical advice for knowing personal attributes, enhancing skills, and building alliances. Chou argues that reframing dedicated practice as enjoyable play can unlock legendary success, encouraging listeners to find their true passions and embark on quests for continuous growth.

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity. Nathan Case - https://www.linkedin.com/in/nathancase/   Chapters 00:00 Introduction to the Israel-Iran Conflict 00:52 Meet the Expert: Nate Case 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict 03:36 The Impact of Cyber on Critical Infrastructure 08:00 Ethics and Rules of Cyber Warfare 15:01 Iran's Cyber Capabilities and Strategies 16:56 Historical Context and Modern Cyber Threats 23:28 Foreign Cyber Threats: The Iranian Example 24:06 Israel's Cyber Capabilities 25:39 The Role of Cyber Command 26:23 Challenges in Cyber Defense 27:11 The Complexity of Cyber Warfare 32:21 Ransomware and Attribution Issues 36:13 Defensive Cyber Operations 39:39 Final Thoughts and Recommendations