Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment

Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj

Chapters

• 00:00 Introduction to Profitable Growth for CISOs
• 01:16 Understanding Profit and Business Objectives
• 03:24 Enhancing Customer Experience through Cybersecurity
• 08:51 Service Enablement and Upselling Strategies
• 11:39 Ensuring Operational Resilience
• 13:36 Cost Reduction and Efficiency Improvements
• 18:31 Recap and Final Thoughts
• 19:10 Exciting Announcement: CISO Training Course

Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to learn about AI governance, responsible use, and how to prepare for the future of AI in cybersecurity.

Transcripts: https://docs.google.com/document/d/1x0UTLiQY7hWWUdfPE6sIx7l7B0ip7CZo

Chapters

• 00:00 Introduction and Guest Welcome
• 00:59 Tom Bendien's Background and Journey
• 02:30 Diving into AI and ChatGPT
• 04:29 Understanding AI Models and Neural Networks
• 07:11 The Role of Agents in AI
• 10:10 Challenges and Ethical Considerations in AI
• 13:47 Open Source AI and Security Concerns
• 18:32 Apple's AI Integration and Compliance Issues
• 24:01 Navigating AI in Cybersecurity
• 25:09 Ethical Dilemmas in AI Usage
• 27:59 AI Coaching and Its Importance
• 32:20 AI in Education and Youth Engagement
• 35:55 Career Coaching in the Age of AI
• 39:20 The Future of AI and Its Saturation Point
• 42:07 Final Thoughts and Contact Information

In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control AI systems ethically in your organization.

Transcripts: https://docs.google.com/document/d/10AhefqdhkT0PrEbh8qBZVn9wWS6wABO6

Chapters

• 00:00 Introduction to CISO Tradecraft
• 01:01 Stages of Artificial Intelligence
• 03:33 Ethical Implications of AI
• 05:24 Business Models and Data Security
• 13:52 Ethical Frameworks Explained
• 23:18 AI and Human Behavior
• 25:44 The TikTok Feedback Loop and Digital Addiction
• 26:54 AI's Unpredictable Capabilities
• 28:25 The Ethical Dilemmas of AI
• 30:57 Generative AI and Its Implications
• 42:10 The Role of Government and Society in AI Regulation
• 45:49 Conclusion and Ethical Considerations

In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices.

Transcripts: https://docs.google.com/document/d/1J0rPr0HxULpeVJMIwXKXqHuCfnXn4gDu

Chapters

• 00:00 Introduction
• 01:03 The Misconception of Complexity in Cybersecurity
• 02:41 Real-World Complexities and Their Impact on IT
• 10:06 Simplifying Cybersecurity: Strategies and Solutions
• 14:48 Conclusion: Embracing Simplicity in Cybersecurity

This episode of CISO Tradecraft features a conversation between host G. Mark Hardy and Chris Rothe, co-founder of Red Canary, focusing on cloud security, managed detection and response (MDR) services, and the evolution of cybersecurity practices. They discuss the genesis of Red Canary, the significance of their company name, and the distinctions between Managed Security Service Providers (MSSPs) and MDRs. The conversation also covers the importance of cloud security, the challenges of securing serverless and containerized environments, and leveraging open-source projects like Atomic Red Team for cybersecurity. They conclude with insights on the cybersecurity labor market, the value of threat detection reports, and the future of cloud security.

Red Canary: https://redcanary.com/

Chris Rothe: https://www.linkedin.com/in/crothe/

Transcripts: https://docs.google.com/document/d/1XN4Bp7Sa2geGCVaHuqMRmJckms4q7_L6

This episode of CISO Tradecraft, hosted by G Mark Hardy, features special guest Debbie Gordon. The discussion focuses on the critical role of Security Operations Centers (SOCs) in an organization's cybersecurity efforts, emphasizing the importance of personnel, skill development, and maintaining a high-performing team. It covers the essential aspects of building and managing a successful SOC, from hiring and retaining skilled incident responders to measuring their performance and productivity. The conversation also explores the benefits of simulation-based training with CloudRange Cyber, highlighting how such training can improve job satisfaction, reduce incident response times, and help organizations meet regulatory requirements. Through this in-depth discussion, listeners gain insights into best practices for enhancing their organization's cybersecurity posture and developing key skill sets to defend against evolving cyber threats.

Cloud Range Cyber: https://www.cloudrangecyber.com/

Transcripts: https://docs.google.com/document/d/18ILhpOgHIFokMrkDAYaIEHK-f9hoy63u

Chapters

• 00:00 Introduction
• 01:04 The Indispensable Role of Security Operations Centers (SOCs)
• 02:07 Building an Effective SOC: Starting with People
• 03:04 Measuring Productivity and Performance in Your SOC
• 05:36 The Importance of Continuous Training and Simulation in Cybersecurity
• 09:00 Debbie Gordon on the Evolution of Cyber Training
• 11:54 Developing Cybersecurity Talent: The Importance of Simulation Training
• 14:46 The Critical Role of People in Cybersecurity
• 21:57 The Impact of Regulations on Cybersecurity Practices
• 24:36 The Importance of Proactive Cybersecurity Training
• 26:26 Redefining Cybersecurity Roles and Training Approaches
• 30:08 Leveraging Cyber Ranges for Real-World Cybersecurity Training
• 36:03 Evaluating and Enhancing Cybersecurity Skills and Team Dynamics
• 37:49 Maximizing Cybersecurity Training ROI and Employee Engagement
• 41:40 Exploring CloudRange Cyber's Training Solutions
• 43:28 Conclusion: The Future of Cybersecurity Training

In this episode of CISO Tradecraft, host G Mark Hardy discusses the findings of the 2024 Verizon Data Breach Investigations Report (DBIR), covering over 10,000 breaches. Beginning with a brief history of the DBIR's inception in 2008, Hardy highlights the evolution of cyber threats, such as the significance of patching vulnerabilities and the predominance of hacking and malware. The report identifies the top methods bad actors use for exploiting companies, including attacking VPNs, desktop sharing software, web applications, conducting phishing, and stealing credentials, emphasizing the growing sophistication of attacks facilitated by technology like ChatGPT for phishing and deepfake tech for social engineering. The episode touches on various cybersecurity measures, the omnipresence of multi-factor authentication (MFA) as a necessity rather than a best practice, and the surge in denial-of-service (DDoS) attacks. Hardy also discusses generative AI's role in enhancing social engineering attacks and the potential impact of deepfake content on elections and corporate reputations. Listeners are encouraged to download the DBIR for a deeper dive into its findings.

Transcripts: https://docs.google.com/document/d/1HYHukTHr6uL6khGncR_YUJVOhikedjSE

Chapters

• 00:00 Welcome to CISO Tradecraft
• 00:35 Celebrating Milestones and Offering Services
• 01:39 Diving into the Verizon Data Breach Investigations Report
• 04:22 Top Attack Methods: VPNs and Desktop Sharing Software Vulnerabilities
• 09:24 The Rise of Phishing and Credential Theft
• 19:43 Advanced Threats: Deepfakes and Generative AI
• 23:23 Closing Thoughts and Recommendations

In this joint episode of the Security Break podcast and CISO Tradecraft podcast, hosts from both platforms come together to discuss a variety of current cybersecurity topics. They delve into the challenge of filtering relevant information in the cybersecurity sphere, elaborate on different interpretations of the same news based on the reader's background, and share a detailed analysis on specific cybersecurity news stories. The discussion covers topics such as the implications of data sharing without user consent by major wireless providers and the fines imposed by the FCC, the significance of increasing bug bounty payouts by tech companies like Google, and a comprehensive look at how edge devices are exploited by hackers to create botnets for various cyberattacks. The conversation addresses the complexity of the cybersecurity landscape, including how different actors with varied objectives can simultaneously compromise the same devices, making it difficult to attribute attacks and protect networks effectively.

Transcripts: https://docs.google.com/document/d/1GtFIWtDf_DSIIgs_7CizcnAHGnFTTrs5

Chapters

• 00:00 Welcome to a Special Joint Episode: Security Break & CISO Tradecraft
• 01:27 The Challenge of Filtering Cybersecurity Information
• 04:23 Exploring the FCC's Fine on Wireless Providers for Privacy Breaches
• 06:41 The Complex Landscape of Data Privacy Regulations
• 16:00 The Economics of Data Breaches and Regulatory Fines
• 24:23 Bug Bounties and the Value of Security Research
• 33:21 Exploring the Economics of Cybersecurity
• 33:50 The Lucrative World of Bug Bounties
• 34:38 The Impact of Security Vulnerabilities on Businesses
• 35:50 Navigating the Complex Landscape of Cybersecurity
• 36:22 The Ethical Dilemma of Selling Exploit Information
• 37:32 Understanding the Market Dynamics of Cybersecurity
• 38:00 Focusing on Android Application Security
• 38:34 The Importance of Targeting in Cybersecurity Efforts
• 42:33 Exploring the Threat Landscape of Edge Devices
• 46:37 The Challenge of Securing Outdated Technology
• 49:28 The Role of Cybersecurity in Modern Warfare
• 53:15 Strategies for Enhancing Cybersecurity Defenses
• 01:05:25 Concluding Thoughts on Cybersecurity Challenges