CISO Tradecraft®

Discover the key to a more effective cybersecurity strategy in the newest episode of CISO Tradecraft! We're talking SOC tools, building a data lake for security, and more with guest Noam Brosh of Hunters. Don't miss it!

Big Thanks to our Sponsors

• Risk3Sixty - https://risk3sixty.com/
• Hunters - https://www.hunters.security/

Noam Brosh - https://www.linkedin.com/in/noam-brosh-5743938/

Transcripts: https://docs.google.com/d...

In this episode of CISO Tradecraft, G Mark Hardy and Hasan Eksi from CyberNow Labs continue the discussion about the vital skills needed for an effective incident responder within a Security Operations Center (SOC). The skills highlighted in this episode include: incident triage, incident response frameworks, communication, collaboration, documentation, memory analysis, incident containment and eradication, scripting and automation...

In this episode of CISO Tradecraft, host G Mark Hardy talks to Kevin O'Connor, the Director of Threat Research at Adlumin. They discuss the importance of comprehensive cybersecurity for Small to Medium-sized Businesses (SMBs), including law firms and mid-sized banks. The conversation explores the complexities of managing security infrastructures, the role of managed security service providers, and the usefulness of managed detectio...

In this episode of CISO Tradecraft we have a detailed conversation with Hasan Eksi from CyberNow Labs. G Mark and Hasan discuss the top 20 skills required by incident responders, covering the first 10 in part 1 of this series. The discussion ranges from understanding cybersecurity fundamentals to incident detection, threat intelligence, and malware analysis. This episode aims to enhance listeners' understanding of incident response...

In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Amer Deeba, CEO and co-founder of Normalyze. They focus on the importance of data security in today's cloud-centric, multi-platform tech environment. Amer shares valuable insights on the need for a data security platform that offers a unified, holistic approach. The conversation also delves into the importance of understanding the value of your data, and h...

On this episode we talk about the differences between Gamification and Game-Based Learning. We think you will enjoy hearing how Game-Based learning gets folks into the flow and creates novel training that resonates.  We also have a great discussion on how games can be applicable for Board Members and Techies.  You just need to get the right type of game for the right audience and let the magic happen.

Big Thanks to our Sponsors

Learn the language of the board with Andrew Chrostowski. In this episode we discuss the 3 major risk categories of opportunity risk, cybersecurity risk and complex systems. We highlight intentional deficit and what to do about it. Finally, don't miss the part where we talk about the time for a digital strategy is past. What is needed today is a comprehensive strategy for a world of digital opportunities and existential cyber risks.

On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out.

Big thanks to our sponsor:

Risk3Sixty - https://risk3sixty.com/whitepaper/

Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC8YQmnYVGrsH93-H

Air Force Doctrine Publication 3-0 - Operations and Planning https:...

On this episode we discuss the measuring results cheat sheet from Justin Mecham.  Key focuses include:

• Defining SMART Goals (Specific, Measurable, Achievable, Relevant, & Time-Bound)
• Identifying KPIs (Key Performance Indicators)
• Using the WOOP Model (Wish, Outcome, Obstacle, and Plan)
• Using a Gap Analysis
• Using the 5 Why Method
• Using Plan, Do, Check, & Act.

Link to the Measuring Results Cheat Sheet https://www.lin...

On this episode we discuss the four key roles Boards play in cybersecurity.

1. Setting the company's vision and risk strategy
2. Reviewing assessment results
3. Evaluating management cyber risk stance
4. Approving risk management plans

Big thanks to our sponsor:

Risk3Sixty - https://risk3sixty.com/whitepaper/

Transcripts - https://docs.google.com/document/d/1jarCcQYioT59jtIrppH4xZqyAy4Vn_tB/

Chapters

• 00:00 Introduction
• 01:36 Wha...

On this episode we bring on the leading expert of threat modeling (Adam Shostack) to discuss the four questions that every team should ask:

1. What are we working on?
2. What can go wrong?
3. What are we going to do about it?
4. Did we do a good enough job?

Big thanks to our sponsor:

Risk3Sixty - https://risk3sixty.com/whitepaper/

Adam Shostack's LinkedIn Profile - https://www.linkedin.com/in/shostack/

Learn more about threat modeling...

There's a lot of new cyber attacks occurring and today we are going to talk about them in more detail.  Many bad actors are using SMS spoofing and Social Engineering to get in.  Listen in an learn about how those attacks played out against the casino industry. You don't want to miss when we share what you can do to stop them.  Pro-tip: Good MFA is your friend.  Use it everywhere you can including on your employees and customers dur...

Have you ever thought about what does it mean to say there has been a material incident? How is materiality determined? What is the history of how that term has been defined by U.S. Regulators. Listen to today's show and increase your CISO Tradecraft

Big Thanks to our Sponsors

• Risk3Sixty - https://risk3sixty.com/whitepaper/
• CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is here ...

On this episode we overview the CIS Document titled, "The Cost of Cyber Defense". https://www.cisecurity.org/insights/white-papers/the-cost-of-cyber-defense-cis-controls-ig1

Big Thanks to our Sponsors

• Risk3Sixty - https://risk3sixty.com/whitepaper/
• CPRIME - For those valuing leadership, policy, and governance in tech risk and security, Cprime is here to help. Enhance your skills with our training and workshops, ensuring effec...

In this episode of CISO Tradecraft, we delve into the evolving landscape of cybersecurity regulations. From data incident notifications to required contract language, we uncover common trends and compliance challenges. Learn how to prepare, adapt, and network within your industry to stay ahead. Tune in for insights and tips!

Thanks again to our Sponsors for supporting this episode:

• Risk3Sixty: Check out Risk3Sixty's weekly thou...

Here's a nice overview of cybersecurity on passwords, authentication, rainbow tables, and password managers. Enjoy the show and check out our other podcasts.

Special Thanks to our Sponsors:

• Risk3Sixty: Being able to clearly articulate your vision for your security program to the board and other executives within your firm is critical to obtaining the buy in you need for your program's success. Risk3Sixty has created a presentat...

Join us at the heart of Hacker Summer Camp for insights into the cybersecurity world! Discover the art of asking powerful questions that can change your career and impact others. Learn how CISOs assess cyber solutions and how startups can win their attention. Uncover the secrets of building connections and value through meaningful inquiries. Don't miss this episode featuring expert advice on navigating the cybersecurity landscape.

...

On this episode, David London and Adam Isles from the Chertoff Group stop by to discuss emerging risk topics such as AI, Supply Chain Attacks, and the new SEC regulations. Stick around and learn the tradecraft to better protect your company.

Special Thanks to our Sponsors:

• The Chertoff Group: https://www.chertoffgroup.com.Note you can read more about their thoughts on AI here: https://www.chertoffgroup.com/managing-ai-risks/
• Pr...

Don't let Bobby the Intern cause havoc in your network. On this episode of CISO Tradecraft, G Mark Hardy discusses the importance of training new hires in cybersecurity to create a strong security culture within an organization. The focus is on shaping employees' behavior and beliefs to enhance the overall cybersecurity posture.

Special Thanks to our Two Sponsors:

1) The Chertoff Group: www.chertoffgroup.com

2) Prelude: https://ww...