In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/

ThreatLocker - https://www.threatlocker.com/

Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b Chapters

• 00:00 Introduction and Welcome
• 00:27 Meet Danny Jenkins, CEO of Threat Locker
• 01:12 The Philosophy Behind Threat Locker
• 02:52 Customer-Centric Culture at Threat Locker
• 04:32 Technical Leadership and Personal Insights
• 08:55 Leadership Advice for Aspiring CISOs
• 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance.

Chapters

• 00:00 Introduction to AI Governance
• 00:30 Guest Introduction: Dave Lewis
• 00:49 The Importance of AI Governance
• 01:42 Challenges in AI Implementation
• 03:20 AI in the Modern Enterprise
• 03:49 Shadow AI and Security Concerns
• 04:49 AI's Impact on Jobs and Industry
• 05:27 The Gartner Hype Cycle and AI
• 05:43 AI's Influence on the Stock Market
• 06:14 Historical Context of AI
• 06:32 AI and Credential Security
• 08:29 The Role of Governance in AI
• 12:47 The Future of AI and Security
• 18:36 Governance and Policy Recommendations
• 19:26 AI Governance and Ethical Concerns
• 20:01 AI Self-Preservation and Human Safety
• 20:18 Uncontrollable AI Applications
• 21:17 Vectors of AI Trouble
• 21:58 AI Hallucinations and Data Security
• 22:53 AI Vulnerabilities and Exploits
• 26:29 Deepfakes and AI Misuse
• 27:33 Historical Cybersecurity Incidents
• 29:04 Future of AI and Job Security
• 33:47 Managing AI Identities and Credentials
• 34:21 Conclusion and Final Thoughts

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders.

Chapters

• 00:00 Introduction and Welcome
• 00:59 The SolarWinds Incident Unfolds
• 03:13 Understanding the Attack and Response
• 04:04 The Role of SVR and Supply Chain Security
• 10:43 Technical Details of the Attack
• 14:56 Compliance and Reporting Challenges
• 19:24 Rebuilding Trust and Personal Impact
• 22:06 CISO Concerns and Company Support
• 22:14 Legal Challenges and Company Expenses
• 23:40 SEC Charges and Legal Proceedings
• 29:35 Supply Chain Security and Vendor Assurance
• 35:47 CISO Accountability and Industry Standards
• 39:41 Final Thoughts and Advice for CISOs