Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a Chief Information Security Officer (CISO) and learning about cyber security. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.
Sometimes you just need structure to the madness. Christopher Crowley stops by to talk about methodologies that can help security organizations. Come and see why you need them, how we get the scientific method wrong in cyber, and how to leverage a CIA analytical methodology that can help you. There's a lot more to check out so tune in.
Analysis of Competing Hypothesis https://www.cia.gov/static/9a5f1162fd0932c29bfed1c030edf4ae/Pysc...
Have you ever wanted to get a legal perspective on cybersecurity? On this episode of CISO Tradecraft, Evan Wolff stops by to discuss terms such as legal disclaimers, negligence, due care, and others. He also provides important insights on how to structure your cyber policies, respond to regulators/auditors, and partner with general council. Please enjoy.
Full Transcripts: https://docs.google.com/document/d/1hbqB5GQfQsi0egPVdO...
Have you ever wondered how to negotiate your best CISO compensation package? On this episode, we invite Michael Piacente from Hitch Partners to discuss important parts of the compensation packages. Examples include but are not limited to: - Base Salary,
One of the most difficult things to do as a manager or leader is to take an ethical stance on something you believe in. Sometimes ethical stances are clear and you know you are doing what’s right. Others are blurry, messy, and really weigh on your mind. So we thought we would take this episode to talk about various ethical models, tricky ethical scenarios you might encounter as a CISO, and finally we will look at the Federal Cas...
Our systems generate fantastic amounts of information, but do we have a complete understanding of how we collect, analyze, manage, store, and retrieve possibly petabytes a day? Gal Shpantzer has been doing InfoSec for over 20 years and has managed some huge data engineering projects, and offers a lot of actionable insights in this CISO Tradecraft episode.
Gal's LinkedIn Page - https://www.linkedin.com/in/riskmanagement/
Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues? Today we are going to overcome that by talking about what good governance looks like. We bring on the former CISO of Amazon Whole Foods (Sameer Sait) to discuss his lessons learned as a CISO. We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute. Cyber Risk Institute - Cyber...
In the US we often focus on SOC-2, NIST Special Pubs, and the Cybersecurity Framework. In Europe (and most of the rest of the world), ISO 27001 is the primary standard. ISO concerns itself with policy, practice, and proof, whereas NIST often shows the method to follow. Michael points out that a CISO is responsible for governance, (internal) consulting, and audit. In early stages of growing a security function, a CISO needs to be te...
How can cyber best help the sales organization? It's a great thought exercise that we bring on Joye Purser to discuss. Learn from her experience as we go over how cybersecurity is becoming an even closer business partner with the creation of a new important role.
Full Transcript: https://docs.google.com/document/d/1Shd1Qldb8iKEHBgXJqFez81Iwfpl6JT-/
Chapters
Did you ever wonder how much security you can implement with a single vendor? We did and were surprised by how much you can do using the Australian Top Eight as a template. We'll bet you can improve your security by using these tips, tools, and techniques that you might not have even known were there.
Special thanks to our sponsor Praetorian for supporting this episode.
Full...
This episode provides a deep dive into Static Application Security Testing (SAST) tools. Learn how they work, why they don't work as well as you think they will in certain use cases, and find some novel ways apply them to your organization. Special thanks to John Steven for coming on the show to share his expertise.
Special thanks to our sponsor Praetorian for supporting this episode.
...How do you defend against automated attacks in an era of ChatGPT-formulated malware, coordinated nation-state actors, and a host of disgruntled laid-off security professionals? Want to find your vulnerabilities faster than the bad actors do? Come listen to Richard Ford to learn how to apply best practices in attack surface management and defend your crown jewels.
Special thanks to our sponsor Praetorian for supporting this episod...
Have you ever wanted to be like Neo in "The Matrix" and learn things like Kung Fu in just a few minutes? Well on today's episode, we try to do just that by cramming powerful leadership concepts into your head in just 45 minutes. So sit back, relax, and enjoy CISO Tradecraft.
Show Notes with Pictures & References:
Want to know CISO Tradecraft's Top 10 cyber security predictions for 2023? Listen to the episode to learn more about:
Success leaves clues, but sometimes we limit ourselves by only looking close by for them. This week, we pondered what business skills are essential for a successful CISO, and then extended the search to some non-traditional sources to find some very relevant advice. Take the time to listen and do a self-examination (you don't have to submit for a grade :) and see where you could boost your skills portfolio to increase your succes...
There's a lot of things you need to know as a CISO, but one of the things least taught is budgeting best practices. On today's episode, CISO Nick Vigier stops by to share his lessons learned on the topic. His conversations focus on spends vs investments. Remember spends = overhead, whereas investments = growth. Here's a great point.
[10:00] There are opportunities that we have to frame some of these things as investments versus...
Special thanks to Jeff Gouge for sharing his thoughts on consolidating vulnerability management. We also thank our sponsor Nucleus Security for supporting this episode.
Consistently tracking and prioritizing vulnerabilities is a difficult problem. This episode talks about it in detail and helps you increase your understanding in:
Are You Ready To Win Your First CISO role? Apply these techniques into your resume and interview process so both recruiters and hiring managers will offer you the job. This show focuses on:
Would you like to hear a master class on what Technology professionals need to know about startups? On this episode Bob Cousins stops by to share his knowledge and experience on working in technology companies, dealing with founders, and partnering with venture capitalists. Listen and learn more about:
Special Thanks to our podcast sponsor, Cymulate.
On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face:
Have you ever just met someone that was so interesting that you just sat and gave them your full attention? On this episode of CISO Tradecraft, we have Bill Cheswick come on the show. Bill talks about his 50 years in computing. From working with the pioneers of Unix at Bell Labs, inventing network visualization techniques for the DoD, and creating the early best practices in firewalls and perimeter defenses. He was also the fir...
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
If you can never get enough true crime... Congratulations, you’ve found your people.
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.
It’s a lighthearted nightmare in here, weirdos! Morbid is a true crime, creepy history and all things spooky podcast hosted by an autopsy technician and a hairstylist. Join us for a heavy dose of research with a dash of comedy thrown in for flavor.
New episodes come out every Monday for free, with 1-week early access when you join Amazon Music or 1-week early and ad-free for Wondery+ subscribers "SmartLess" with Jason Bateman, Sean Hayes, & Will Arnett is a podcast that connects and unites people from all walks of life to learn about shared experiences through thoughtful dialogue and organic hilarity. A nice surprise: in each episode of SmartLess, one of the hosts reveals his mystery guest to the other two. What ensues is a genuinely improvised and authentic conversation filled with laughter and newfound knowledge to feed the SmartLess mind.