CISO Tradecraft®
You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved
Episodes
On this episode of CISO Tradecraft, host G Mark Hardy talks with Gary Hayslip about cybersecurity career growth beyond the traditional CISO “apex,” drawing on Hayslip’s 25+ years across military service, US Navy civil service, the City of San Diego as its first CISO, Webroot (CISO/CIO), SoftBank (including cyber and physical security), and most recently a field CISO role before being laid off. They discuss how the...
In this CISO Tradecraft episode, host G Mark Hardy interviews Steve McMichael, author of "How to Break into GRC: Mindset, Methods, and Skills," about entering cybersecurity through governance, risk, and compliance. McMichael shares his transition from accounting and explains GRC’s role as decision support and the interface between business and technical teams, breaking down governance, risk management, and compliance (includi...
Want to move from "security expert" to "trusted business leader"?
Join G. Mark Hardy and Michael Hammer. The mind behind the core of DMARC, for 40 years of hard-won wisdom on navigating the CISO role, This episode is a masterclass in evolving from a technical gatekeeper to a strategic influencer who changes the environment,.
Inside this episode:
- Modern Email Security: Why DMARC and SPF aren't "set and forget" tools and how to st...
What if your next breach isn't caused by a human... but by an AI agent acting exactly as instructed?
Cyberhaven's CEO (Nishant Doshi) and SVP of Engineering (Saro Subbiah) reveal why AI is a true zero-to-one shift, why every employee is building agents, and why traditional security controls are struggling to keep up with machine-speed workflows.
The most interesting question for CISOs isn't whether AI will be adopted, it's which secu...
In this discussion, G. Mark Hardy and Nishant Kaushik explore the necessity of moving beyond traditional passwords, which they define as the original sin of cybersecurity due to their vulnerability to credential stuffing and phishing attacks. Kaushik explains that the FIDO Alliance promotes a passwordless future by replacing shared secrets with asymmetric cryptography, utilizing private keys stored on smartphones or hardware tokens...
What can today’s CISOs learn from the chaos of Code Red and SQL Slammer?
In this episode, G Mark Hardy interviews Aaron Turner about what it was like responding inside Microsoft during two of the most infamous cyber outbreaks in history.
Aaron shares firsthand stories from the era when SQL Slammer infected at least 75,000 systems in roughly 10 minutes, exposing massive gaps in patch management, security QA, firewall design, and...
In this episode of the CISO Tradecraft podcast, host G Mark Hardy interviews early tech adopter Chris Brogan to explore the intersection of high-performance leadership and effective communication. Drawing from his interviews with Navy SEALs and his tenure as a Chief of Staff, Brogan emphasizes that leadership is essentially the management of options and the cultivation of repetitive training to build a reliable team base. The discu...
In this CISO Tradecraft episode, host G Mark Hardy interviews recovering CISO Rock Lambros (Zenity) about securing Agentic AI and the emerging risks beyond LLM hallucinations. Lambros recounts his path from Oracle developer to CISO and AI standards work, then explains how agentic AI increases risk by connecting models to tools and actions. They discuss agentic AI supply chain attacks, including backdoored LiteLLM packages on PyPI a...
In this CISO Tradecraft episode, host G Mark Hardy talks with Anton Chuvakin and Alex Hurtado about how SIEM programs fail and how organizations overspend when implementations prioritize dashboards or compliance over actionable detection engineering and collecting the right data. They share costly war stories ranging from multi-million and eight-figure deployments that became expensive “log toilets” or missed incidents ...
In this episode of CISO Tradecraft, host G Mark Hardy speaks with Gadi Evron about the paper “The AI Vulnerability Storm Building: A Mythos Ready Security Program,” a community-driven draft produced in days with extensive input from security leaders. Evron explains how advances in LLMs and agents are accelerating vulnerability discovery and exploitation, shrinking time-to-exploit assumptions and likely increasing the vo...
On CISO Tradecraft, host G Mark Hardy welcomes back JP Bourgeet to discuss what “AI readiness” means for organizations, framing it as both a data governance challenge and a change-management problem. JP defines readiness for CISOs as strong threat protection, data security/governance, and device management, with the biggest gaps typically in labeling, DLP/DSPM, and poor information architecture (e.g., commingled data in...
In this CISO Tradecraft episode, G Mark Hardy, Ross Young, and Andy Ellis share RSAC insights from the vendor floor, including Andy’s effort to visit about 607 booths. They highlight dominant themes like AI SOC offerings and agentic/agent security messaging, noting that many booths used unclear marketing or even failed to describe what they do. The discussion critiques activity-based metrics like badge scans, arguing for outc...
In this CISO Tradecraft episode, co-hosts G Mark Hardy and Ross Young discuss how large language models are transforming software development and shifting cybersecurity from buying Software as a Service to “Service as Software,” and ultimately to "Systems of AI agents". They explain how writing code in English enables rapid prototyping, changing cost models by reducing labor hours and increasing speed and scale, with me...
In this episode of CISO Tradecraft, host G Mark Hardy speaks with Brian Long, CEO and co-founder of Adaptive Security, about how AI is accelerating and scaling social engineering through deepfakes, OSINT-driven personalization, and real-time conversational attacks. Brian says people remain the biggest opportunity in cyber defense, citing rapid growth in deepfake-enabled incidents and examples including a widely reported $25M wire f...
In this CISO Tradecraft episode, host G Mark Hardy interviews Shahar Man of Backslash Security about the rapidly expanding attack surface created by AI-driven “vibe coding” tools like Claude Code, Cursor, and Copilot. Shahar explains how prompting is shifting software creation, affecting education and hiring, and pushing security “further left” to the prompt, agent, MCP, skills, and rules level. He discuss r...
In this CISO Tradecraft episode, host G Mark Hardy interviews Steve Shelton (https://www.linkedin.com/in/greenshoesteve/) of Green Shoe Consulting about the “State of Stress in Cybersecurity 2025” report and why burnout is widespread among cybersecurity leaders. Shelton explains the difference between beneficial stress (eustress) and chronic distress, how threat vs challenge interpretations shape performance, and why cy...
Your SOC is drowning in alerts, false positives, and static tuning, while attackers evolve faster than your team can respond.
Analysts burn out chasing noise. Real threats slip through. And traditional metrics reward ticket volume instead of investigation quality, creating “Swiss cheese security.”
In this CISO Tradecraft episode, G. Mark Hardy and Oren Saban break down the rise of the Wisdom-Led, AI-driven SOC, where AI...
In this episode of CISO Tradecraft, host G Mark Hardy speaks with EJ Pappas of PKWARE and Ross Young about why AI-driven threats demand a shift from platform-centric security to a data-centric strategy.
CISOs still struggle to answer, “Where is our sensitive data?” as it sprawls across AI, endpoints, cloud, SaaS, and shared environments. In this conversation, we explore:
- Why CISOs still struggle with data visibility ...
In this special episode of CISO Tradecraft, host G Mark Hardy welcomes Chris Inglis, former National Cyber Director and career public servant, to delve into a wide-ranging conversation about cybersecurity leadership, public service, and life lessons. Chris shares his career journey from the Air Force Academy to piloting planes and serving at the NSA, providing unique insights along the way. They discuss the importance of integratin...
Can you still tell what’s true on the internet or does everything feel questionable now?
That confusion isn’t accidental. Disinformation, deepfakes, and cyber deception are being used deliberately to manipulate attention, erode trust, and fracture societies, often faster than truth can respond.
In this episode of CISO Tradecraft, we break down how modern information warfare actually works and what leaders can do to defe...
Popular Podcasts
Hey Jonas! The official Jonas Brothers podcast. Hosted by Kevin, Joe, and Nick Jonas. It’s the Jonas Brothers you know... musicians, actors, and well, yes, brothers. Now, they’re sharing another side of themselves in the playful, intimate, and irreverent way only they can. Spend time with the Jonas Brothers here and stay a little bit longer for deep conversations like never before.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Building on the belief that a deeper understanding of the natural world enriches all of our lives, host Steven Rinella brings an in-depth and relevant look at all outdoor topics including hunting, fishing, nature, conservation, and wild foods. Filled with humor, irreverence, and things that will surprise the hell out of you, each episode welcomes a diverse group of guests who add their own expertise to the vast world of the outdoors. Part of The MeatEater Podcast Network.
The official podcast of comedian Joe Rogan.