CISO Tradecraft®

CISO Tradecraft®

Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.


March 27, 2023 43 min

Sometimes you just need structure to the madness. Christopher Crowley stops by to talk about methodologies that can help security organizations. Come and see why you need them, how we get the scientific method wrong in cyber, and how to leverage a CIA analytical methodology that can help you. There's a lot more to check out so tune in.

Analysis of Competing Hypothesis

Mark as Played

Have you ever wanted to get a legal perspective on cybersecurity?  On this episode of CISO Tradecraft, Evan Wolff stops by to discuss terms such as legal disclaimers, negligence, due care, and others.  He also provides important insights on how to structure your cyber policies, respond to regulators/auditors, and partner with general council.  Please enjoy. 

Full Transcripts:

Mark as Played

Have you ever wondered how to negotiate your best CISO compensation package?  On this episode, we invite Michael Piacente from Hitch Partners to discuss important parts of the compensation packages.  Examples include but are not limited to: - Base Salary,

  • Bonuses (Annual, Relocation, & Hiring)
  • Reserve Stock Units
  • Annual Leave
  • Title (VP or SVP)
  • Directors & Officers Insurance
  • Accelerated Vesting Clauses
  • Severance Agreements

Mark as Played

One of the most difficult things to do as a manager or leader is to take an ethical stance on something you believe in.  Sometimes ethical stances are clear and you know you are doing what’s right.  Others are blurry, messy, and really weigh on your mind.  So we thought we would take this episode to talk about various ethical models, tricky ethical scenarios you might encounter as a CISO, and finally we will look at the Federal Cas...

Mark as Played

Our systems generate fantastic amounts of information, but do we have a complete understanding of how we collect, analyze, manage, store, and retrieve possibly petabytes a day? Gal Shpantzer has been doing InfoSec for over 20 years and has managed some huge data engineering projects, and offers a lot of actionable insights in this CISO Tradecraft episode.

Gal's LinkedIn Page -

Gal's Twitt...

Mark as Played
February 20, 2023 39 min

Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues?  Today we are going to overcome that by talking about what good governance looks like.  We bring on the former CISO of Amazon Whole Foods (Sameer Sait) to discuss his lessons learned as a CISO.  We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute. Cyber Risk Institute - Cyber...

Mark as Played

In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be te...

Mark as Played

How can cyber best help the sales organization?  It's a great thought exercise that we bring on Joye Purser to discuss. Learn from her experience as we go over how cybersecurity is becoming an even closer business partner with the creation of a new important role.

Full Transcript:


  • 00:00 Introduction
  • 02:58 How did you marry those two cultures?
  • 06:40 B...
Mark as Played
January 30, 2023 24 min

Did you ever wonder how much security you can implement with a single vendor?  We did and were surprised by how much you can do using the Australian Top Eight as a template.  We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there.

Special thanks to our sponsor Praetorian for supporting this episode.


Mark as Played
January 23, 2023 42 min

This episode provides a deep dive into Static Application Security Testing (SAST) tools.  Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization.  Special thanks to John Steven for coming on the show to share his expertise.  


Special thanks to our sponsor Praetorian for supporting this episode.


Mark as Played

How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels.

Special thanks to our sponsor Praetorian for supporting this episod...

Mark as Played
January 9, 2023 44 min

Have you ever wanted to be like Neo in "The Matrix" and learn things like Kung Fu in just a few minutes?  Well on today's episode, we try to do just that by cramming powerful leadership concepts into your head in just 45 minutes.  So sit back, relax, and enjoy CISO Tradecraft.


Show Notes with Pictures & References:

Mark as Played
January 2, 2023 24 min

Want to know CISO Tradecraft's Top 10 cyber security predictions for 2023?  Listen to the episode to learn more about:

  1. Proactive Identity Management = Automated Provisioning of Access + Minimizing Digital Blast Radius
  2. Convergence of Security Tools
  3. Collaboration Technology
  4. Evolution of the Endpoint (Chromebooks or Browser Isolation)
  5. Chatbots
  6. Vague and unclear cyber laws
  7. CISO liability increases
  8. Umbrella IT general controls mappi...
Mark as Played
December 19, 2022 45 min

Success leaves clues, but sometimes we limit ourselves by only looking close by for them.  This week, we pondered what business skills are essential for a successful CISO, and then extended the search to some non-traditional sources to find some very relevant advice.  Take the time to listen and do a self-examination (you don't have to submit for a grade :) and see where you could boost your skills portfolio to increase your succes...

Mark as Played

There's a lot of things you need to know as a CISO, but one of the things least taught is budgeting best practices.  On today's episode, CISO Nick Vigier stops by to share his lessons learned on the topic.  His conversations focus on spends vs investments.  Remember spends = overhead, whereas investments = growth.  Here's a great point.

[10:00] There are opportunities that we have to frame some of these things as investments versus...

Mark as Played

Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management.  We also thank our sponsor Nucleus Security for supporting this episode.

Consistently tracking and prioritizing vulnerabilities is a difficult problem.  This episode talks about it in detail and helps you increase your understanding in:

  • Various application security scanning tools (SAST, DAST, SCA, Container, IoT, Secret Scanners, Cl...
Mark as Played
November 28, 2022 29 min

Are You Ready To Win Your First CISO role? Apply these techniques into your resume and interview process so both recruiters and hiring managers will offer you the job.  This show focuses on:

  1. Highlighting the Different Types of CISO Roles
  2. Showing how to progress from a Senior Director Role into a Fortune 100 CISO
  3. Resume Tricks and Tips that get you noticed by recruiters
  4. How to have a great interview with a recruiter
  5. What Hiring ...
Mark as Played
November 21, 2022 48 min

Would you like to hear a master class on what Technology professionals need to know about startups?  On this episode Bob Cousins stops by to share his knowledge and experience on working in technology companies, dealing with founders, and partnering with venture capitalists.  Listen and learn more about:

  • What should a technology professional know about venture capital and dealing with venture capitalists?
  • What is the role of ma...
Mark as Played

Special Thanks to our podcast sponsor, Cymulate

On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face:

  1. Cyber threats evolve on a daily basis and this constant threat to our environment appears to be only accelerating
  2. The level of vulnerabilities today is 30x what it was 10 years ago.  We have more IT infrastructure, complexity, and developers in our current environment.
  3. In the pursui...
Mark as Played

Have you ever just met someone that was so interesting that you just sat and gave them your full attention?  On this episode of CISO Tradecraft, we have Bill Cheswick come on the show.  Bill talks about his 50 years in computing.  From working with the pioneers of Unix at Bell Labs, inventing network visualization techniques for the DoD, and creating the early best practices in firewalls and perimeter defenses.  He was also the fir...

Mark as Played

Popular Podcasts

    Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.

    Crime Junkie

    If you can never get enough true crime... Congratulations, you’ve found your people.

    Stuff You Should Know

    If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.


    It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.


    New episodes come out every Monday for free, with 1-week early access when you join Amazon Music or 1-week early and ad-free for Wondery+ subscribers "SmartLess" with Jason Bateman, Sean Hayes, & Will Arnett is a podcast that connects and unites people from all walks of life to learn about shared experiences through thoughtful dialogue and organic hilarity. A nice surprise: in each episode of SmartLess, one of the hosts reveals his mystery guest to the other two. What ensues is a genuinely improvised and authentic conversation filled with laughter and newfound knowledge to feed the SmartLess mind.

Advertise With Us

For You

    Music, radio and podcasts, all free. Listen online or download the iHeart App.


    © 2023 iHeartMedia, Inc.