In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity.

Nathan Case - https://www.linkedin.com/in/nathancase/

Chapters

• 00:00 Introduction to the Israel-Iran Conflict
• 00:52 Meet the Expert: Nate Case
• 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict
• 03:36 The Impact of Cyber on Critical Infrastructure
• 08:00 Ethics and Rules of Cyber Warfare
• 15:01 Iran's Cyber Capabilities and Strategies
• 16:56 Historical Context and Modern Cyber Threats
• 23:28 Foreign Cyber Threats: The Iranian Example
• 24:06 Israel's Cyber Capabilities
• 25:39 The Role of Cyber Command
• 26:23 Challenges in Cyber Defense
• 27:11 The Complexity of Cyber Warfare
• 32:21 Ransomware and Attribution Issues
• 36:13 Defensive Cyber Operations
• 39:39 Final Thoughts and Recommendations

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations.

11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf

14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf

Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV

Chapters

• 00:00 Introduction and Guest Welcome
• 00:53 Background and Book Discussion
• 03:33 SOC Challenges and Stagnation
• 06:10 Managing SOC Alerts and Burnout
• 09:26 SOC Evolution and Neurodiversity
• 23:50 Career Progression in Cybersecurity
• 30:28 Impact of AI on SOC Operations
• 40:07 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.

Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/

Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/

Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/

Chapters

• 01:39 Meet Matt Hillary: CISO of Drata
• 06:06 The Evolution of GRC and Trust Management
• 14:48 Continuous Compliance and Automation
• 19:26 Compliance as Code: The Future of GRC
• 22:18 The Importance of Getting It Right the First Time
• 23:15 Customer Compliance Challenges
• 24:21 Vendor Risk Management and Trust Building
• 26:26 Leveraging AI for Compliance and Risk Management
• 31:43 Evaluating Credibility of Third-Party Evidence
• 41:09 Common Mistakes in GRC Programs
• 43:56 Final Thoughts and Industry Call to Action