CISO Tradecraft®

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations. 11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf 14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV Chapters  00:00 Introduction and Guest Welcome 00:53 Background and Book Discussion 03:33 SOC Challenges and Stagnation 06:10 Managing SOC Alerts and Burnout 09:26 SOC Evolution and Neurodiversity 23:50 Career Progression in Cybersecurity 30:28 Impact of AI on SOC Operations 40:07 Final Thoughts and Conclusion

Matt Hillary, Chief Information Security Officer at Drata, shares his expertise in governance, risk, and compliance. He discusses the evolution of GRC from spreadsheets to automated platforms, emphasizing compliance as code. Matt highlights leveraging AI for faster responses in compliance processes and the importance of effective risk management. He also touches on common pitfalls in GRC programs and the significance of mental health for cybersecurity leaders, underscoring the challenges and opportunities in today’s compliance landscape.

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community. Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH    Chapters 00:00 Welcome to THOTCON: Meeting Amazing People 00:26 Introducing Ryan Gooler: A Journey into Cybersecurity 04:09 The Value of Mentorship in Cybersecurity 06:22 Career Management and Setting Goals 09:33 Financial Planning for Cybersecurity Professionals 16:40 Automating Finances and Smart Spending 21:25 Financial Sophistication and Mutual Funds 22:07 Automating Life Tasks 22:41 The Concept of a Finishing Stamp 24:17 Leadership and Delegation in the Navy 26:06 Building and Maintaining Culture 27:21 Surviving Toxic Environments 29:55 Taking Risks and Finding Joy 34:34 Advice for Cybersecurity Careers 39:01 The Importance of Teaching and Learning 40:29 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows. Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_   References Model Context Protocol specification and security best practices, https://modelcontextprotocol.io  ⁠  Security risks of MCP, https://pillar.security  ⁠ ⁠ MCP security considerations, https://writer.com   Chapters 00:00 Introduction to Model Context Protocol (MCP) 00:27 Understanding MCP and Its Importance 01:41 How MCP Works and Its Security Implications 04:23 Comparing MCP to Traditional APIs 08:41 MCP Architecture and Security Benefits 12:07 Top Security Risks of MCP 18:00 Implementing Security Controls for MCP 25:00 Governance Framework for MCP 28:03 Future Trends and Strategic Recommendations 30:34 Conclusion and Next Steps

Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology.    Chapters 00:00 Introduction to Web 3.0 00:31 Meet the Expert: Aaron Markell 01:39 Aaron's Journey into Web 3.0 03:51 Understanding Web 1.0, 2.0, and 3.0 04:36 Decentralization and Blockchain Basics 05:51 The SETI Project and Distributed Workloads 08:09 Proof of Work and Blockchain Security 17:22 Smart Contracts Explained 20:10 Proof of Stake vs. Proof of Work 23:51 The Role of Tokens in Web 3.0 24:22 Understanding Microtransactions and Ownership 25:05 What is an NFT? 26:40 The Rise and Fall of NFTs 28:36 Web 3.0 and Its Impact on Industries 30:10 Blockchain in Finance and Commerce 30:55 Private Blockchains and Government Transparency 34:09 Blockchain in Legal and Healthcare Sectors 36:59 Supply Chain Transformation with Web 3.0 39:59 The Future of Web 3.0 and AI Integration 41:03 Final Thoughts and Security Tips

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz Chapters 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction 01:16 Accessing the DBIR Report 02:38 Key Takeaways from the DBIR 03:15 Third-Party Breaches 04:32 Ransomware Insights 08:08 Exploitation of Vulnerabilities 09:39 Credential Abuse 12:25 Espionage Attacks 14:04 System Intrusions in APAC 15:04 Business Email Compromise (BEC) 18:07 Human Risk and Security Awareness 19:19 Industry-Specific Trends 20:06 Multi-Layered Defense Strategy 21:08 Data Leakage to Gen AI

Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis. Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link  https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK  Chapters 00:21 Welcome to CISO Tradecraft 00:36 RSAC 2025 Conference Experience 01:22 Shelby's Health Scare 02:08 Understanding Technical Debt 02:41 The Consequences of Technical Debt 04:09 Shelby's Story as a Technical Debt Analogy 09:28 Lessons Learned from Shelby's Story 13:09 Conclusion and Call to Action

In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.' Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB Knostic's Website - https://www.knostic.ai/solution-brief-request  Chapters 00:00 Introduction to Microsoft Copilot Risks 00:32 Meet the Guest: Sounil Yu 02:51 Understanding Microsoft 365 Copilot 06:09 The DIKW Pyramid and Knowledge Management 08:34 Challenges of Data Permissions and Oversharing 19:01 Need to Know: A New Approach to Access Control 35:10 Measuring and Mitigating Risks with Copilot 39:46 Conclusion and Next Steps

In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently. Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII Chapters 00:00 Introduction to CVE and CVSS 01:13 History of Vulnerability Tracking 03:07 The CVE System Explained 06:47 Understanding CVSS Scoring 13:11 Recent Funding Crisis and Its Impact 15:53 Future of the CVE Program 18:27 Conclusion and Final Thoughts

In this discussion, Scott Gicking, a former FBI cybersecurity specialist and seasoned CISO, shares insights on the Center for Internet Security's Controls Self-Assessment Tool (CSAT). He explains how CSAT transforms traditional assessments into a streamlined, software-driven process. Scott highlights the importance of creating a three-year roadmap for security improvements and emphasizes the need for honest self-assessments to build trust with executives. Tune in for valuable tips on enhancing cybersecurity maturity and organizational security posture!