CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Neatsun Ziv from Ox Security to discuss the evolving landscape of vibe coding and its security implications. The conversation delves into the risks and opportunities surrounding vibe coding, how it can enhance productivity while maintaining security, and the importance of embedding security into the entire lifecycle. They also explore the concept of VibeSec, why traditional shift-left security approaches might be failing, and what new methodologies can be adopted to ensure robust security in a rapidly changing tech world. Tune in to gain valuable insights into how you can future-proof your code, leverage modern IDEs and MCP, and maintain a strong security posture in the era of AI-driven development.Ox Security's Website - https://www.ox.security/Are AI App Builders Secure - https://www.ox.security/resource-category/whitepapers-and-reports/are-ai-app-builders-secure-we-tested-lovable-base44-and-bolt-to-find-out/The AI Code Security Crisis - https://www.ox.security/resource-category/whitepapers-and-reports/army-of-juniors/

In this episode of CISO Tradecraft, host G Mark Hardy is joined by Yuriy Tsibere from ThreatLocker to discuss an essential topic for cybersecurity leaders: Defense Against Configurations (DAC). With a focus on the significant risks posed by misconfigurations, Yuriy shares insights on how ThreatLocker's new DAC tool helps organizations identify and rectify vulnerabilities in OS configurations, ensuring a higher degree of security. They explore the critical role of maintaining proper endpoint configurations, Zero Trust principles, and how DAC seamlessly integrates into ThreatLocker’s platform to provide real-time monitoring and reporting. Yuriy also touches on how DAC supports various security frameworks and compliance standards, making it a valuable asset for any organization aiming to enhance its cybersecurity posture. Big Thanks to Threatlocker for supporting this episode. Register to attend Zero Trust World 2026: https://ztw.com/?utm_source=ciso_tradecraft&utm_medium=sponsor&utm_campaign=dac_yuriy_q4_25&utm_content=dac_yuriy-&utm_term=video Use discount code ZTWCISOTRADECRAFT26 for $200 off

Join host G Mark Hardy in an exciting episode of CISO Tradecraft where we delve into the cutting-edge world of Human AI Security Operation Centers (SOCs). With special guests Brian Carbaugh and William McMillan, former CIA operatives and leading figures in cybersecurity innovation, we explore how AI is transforming the landscape of security operations. Discover the unparalleled efficiency, accuracy, and proactive threat detection offered by AI-driven SOCs compared to traditional platforms. Learn from real-world examples, such as condensing hundreds of investigative hours into just 90 seconds, and understand the critical role of contextual data in modern threat detection. Perfect for CISOs ready to elevate their security strategies, this episode provides actionable insights and expert advice on navigating AI SOC adoption and integration. Don't miss this informative and forward-thinking discussion! Big thanks to our sponsorBig thanks to our sponsor Forcepoint Check out their The Practical Guide to Mastering Data Compliance: https://www.forcepoint.com/resources/ebooks/practical-guide-mastering-data-compliance?utm_source=&sf_src_cmpid=701a600000exxd7AAA&utm_medium=display&utm_content=AW_NC_LinkedInAds_October25_ban&utm_campaign=LinkedInAds_October25William MacMillan - https://www.linkedin.com/in/william-andesite/Brian Carbaugh- https://www.linkedin.com/in/brian-carbaugh-38b339243/

In this captivating episode of CISO Tradecraft, hosted by G. Mark Hardy, we delve into the incredible life journey of Jeri Ellsworth—a renowned inventor and tech entrepreneur. From her early fascination with electronics in rural Oregon to her innovative ventures in Silicon Valley, Jeri shares her unique experiences and hard-earned wisdom. Discover the highs and lows of her career, including her time at Valve Software, navigating significant security breaches, and her foray into the world of crowdfunding and startups. This episode is packed with invaluable lessons for CISOs, cybersecurity professionals, and aspiring entrepreneurs alike. Tune in now and get inspired by Jeri's story of resilience, innovation, and leadership. Jerri Ellsworth - https://www.linkedin.com/in/jeriellsworth/

Imagine stepping into a role and discovering your predecessor had been severely underreporting vulnerabilities, leaving your systems 300 days behind on patches. Join G Mark Hardy and Ross Young in this riveting episode of CISO Tradecraft as they unveil a startling real-world scenario and a proven strategy to revolutionize your patching process. Learn how to tackle the ever-growing number of vulnerabilities, leverage AI and automation, and instill a culture of accountability and gamification among your team. With expert insights and practical steps, this episode is a must-watch for every cybersecurity leader looking to stay ahead of threats and secure their organization's future.Big thanks to our sponsor, Forcepoint. Check out how they can help you shut down ShadowAI. https://www.forcepoint.com/resources/ebooks/shadow-ai-security-guide?utm_source=linkedin&sf_src_cmpid=701a600000exxd7AAA&utm_medium=display&utm_content=AW_NC_LinkedInAds_October25_ban&utm_campaign=LinkedInAds_October25Slides can be found here: https://www.linkedin.com/posts/mrrossyoung_patch-or-perish-activity-7389964440546471936--I_F?utm_source=share&utm_medium=member_desktop&rcm=ACoAABnnk5MBYbK8I-lYgI25f6ro7t6rOeP-OdsChapters00:00 Introduction: The CISO Challenge 00:31 The Importance of Data Security 01:05 Welcome to CISO Tradecraft 02:01 Ross Young's Patching Journey 03:34 The Growing Threat of Vulnerabilities 05:16 AI and Cybersecurity 07:34 Developing a Comprehensive Security Approach 10:51 Accountability and Metrics 15:30 Improving Vulnerability Management Processes 19:28 Advanced Tooling and Automation 23:16 Future Trends in Cybersecurity 27:06 Conclusion: Adapting to the Future

In this episode of CISO Tradecraft, G Mark Hardy and Ross Young dive into part two of their series on cybersecurity budgets. Continuing from where they left off, they discuss the OWASP Threat and Safeguard Matrix (TaSM), effective protection scoring, and practical strategies to enhance your budget management as a CISO. Learn about the importance of understanding material threats, leveraging AI, and employing tools like murder boards to optimize security practices. Ross also shares inside tips for negotiating master service agreements and improving organizational processes, all aimed at making you a more effective security leader.

Welcome to another episode of CISO Tradecraft! Join G Mark Hardy and Ross Young as they dive deep into strategies for maximizing your security budget while minimizing waste. Ross, the author of the soon-to-be-released 'Cybersecurity's Dirty Secret,' shares insights from his 20-year career, including his time at the CIA, Capital One, and Caterpillar Financial. Get expert tips on zero-based budgeting, total cost of ownership, avoiding meeting waste, and more. Don't miss this episode if you want to learn how to make every cybersecurity dollar count!Free Templates: https://www.cisotradecraft.com/storeCourse: https://www.cisotradecraft.com/course-master-the-budget-game-in-cybersecurity

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives!Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/

Dive into an exciting discussion on CISO Tradecraft as host G Mark Hardy engages with DARPA's AI Cyber Challenge director, Andrew Carney. Learn about the world of autonomous systems capable of identifying and fixing vulnerabilities at an unprecedented speed and scale. Discover the highs and lows of AIxCC's two-year journey, its groundbreaking impact on cybersecurity, and the potential it holds for the future. Whether you're a seasoned CISO or just passionate about cybersecurity, this episode is packed with insights on leveraging AI to protect critical infrastructure and defend against cyber threats. Don't miss it! https://aicyberchallenge.com/

Join us in this captivating episode of CISO Tradecraft as host G Mark Hardy sits down with storytelling maestro Neal Foard. Learn the secrets of impactful storytelling straight from Neal, who shares an engaging story about an unforgettable lesson at the New Jersey State Fair. Delve into the importance of emotions in storytelling, glean tips for effective communication, and discover how being an inspiring leader can propel your cybersecurity career. Don't miss this opportunity to enhance your storytelling prowess and become a more effective cybersecurity leader!

Learn how to elevate Data Protection in the Age of AI with Ronan Murphy In this episode of CISO Tradecraft, host G Mark Hardy and guest Ronan Murphy, Chief Strategy Officer at Forcepoint, discuss the critical importance of data protection for enterprises in the age of AI. Discover expert insights on common mistakes CISOs make, how AI revolutionizes data security, and the evolving role of CISOs from enforcers to strategists. Learn about effective data governance, AI’s impact on data, and leveraging tools like DLP & CASB for robust cybersecurity.Plus, hear about Forcepoint Aware 2025 and actionable strategies for elevating your organization's data security posture. https://www.forcepoint.com/aware

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management. Chapters00:00 Introduction and Guest Welcome00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast02:12 Meet Todd Beardsley: From Hacker to Security Research VP03:58 The Evolution of Vulnerabilities and Patching07:06 Understanding CVE Numbering and Exploitation14:01 The Role of Attribution in Cybersecurity16:48 Cyber Warfare and Global Threat Landscape20:18 The Rise of International Hacking22:01 Delegation of Duties in Offensive Warfare22:25 The Role of Companies in Cyber Defense23:00 Attack Vectors and Exploits24:25 Real-World Scenarios and Threats28:46 The Importance of Communication Skills for CISOs31:42 Ransomware: A Divisive Topic38:39 Actionable Steps for Security Executives

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field. Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf  GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response  Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc Chapters 00:00 Introduction to AI and Cryptocurrencies 00:27 Welcome to CISO Tradecraft 00:55 Guest Introduction: Tomas Roccia 01:06 Tomas Roccia's Background and Career 02:51 AI in Cybersecurity: Defensive Approaches 03:19 The Democratization of AI: Risks and Opportunities 06:09 AI Tools for Cyber Defense 08:09 Challenges and Limitations of AI in Cybersecurity 09:20 Microsoft's AI Tools for Defenders 12:13 Open Source AI Security: Project Nova 18:37 Community Contributions and Open Source Projects 19:30 Case Study: Babit Crypto Hack 22:12 Money Laundering Techniques in Cryptocurrency 23:01 AI in Tracking Cryptocurrency Transactions 26:09 Sophisticated Attacks and Money Laundering 33:50 Future of AI and Cryptocurrency 38:17 Final Thoughts and Advice for Security Executives 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/ ThreatLocker - https://www.threatlocker.com/  Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b  Chapters 00:00 Introduction and Welcome 00:27 Meet Danny Jenkins, CEO of Threat Locker 01:12 The Philosophy Behind Threat Locker 02:52 Customer-Centric Culture at Threat Locker 04:32 Technical Leadership and Personal Insights 08:55 Leadership Advice for Aspiring CISOs 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance. Chapters 00:00 Introduction to AI Governance 00:30 Guest Introduction: Dave Lewis 00:49 The Importance of AI Governance 01:42 Challenges in AI Implementation 03:20 AI in the Modern Enterprise 03:49 Shadow AI and Security Concerns 04:49 AI's Impact on Jobs and Industry 05:27 The Gartner Hype Cycle and AI 05:43 AI's Influence on the Stock Market 06:14 Historical Context of AI 06:32 AI and Credential Security 08:29 The Role of Governance in AI 12:47 The Future of AI and Security 18:36 Governance and Policy Recommendations 19:26 AI Governance and Ethical Concerns 20:01 AI Self-Preservation and Human Safety 20:18 Uncontrollable AI Applications 21:17 Vectors of AI Trouble 21:58 AI Hallucinations and Data Security 22:53 AI Vulnerabilities and Exploits 26:29 Deepfakes and AI Misuse 27:33 Historical Cybersecurity Incidents 29:04 Future of AI and Job Security 33:47 Managing AI Identities and Credentials 34:21 Conclusion and Final Thoughts

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders. Chapters  00:00 Introduction and Welcome 00:59 The SolarWinds Incident Unfolds 03:13 Understanding the Attack and Response 04:04 The Role of SVR and Supply Chain Security 10:43 Technical Details of the Attack 14:56 Compliance and Reporting Challenges 19:24 Rebuilding Trust and Personal Impact 22:06 CISO Concerns and Company Support 22:14 Legal Challenges and Company Expenses 23:40 SEC Charges and Legal Proceedings 29:35 Supply Chain Security and Vendor Assurance 35:47 CISO Accountability and Industry Standards 39:41 Final Thoughts and Advice for CISOs

In this episode of CISO Tradecraft, host G Mark Hardy is joined by cybersecurity expert Casey Marquette to discuss effective HR and recruiting strategies for building a top-notch cybersecurity team. They dive into career development, the importance of networking, and how to navigate the challenges of hiring in cybersecurity. Casey shares his personal journey from law enforcement to becoming a leading figure in the cybersecurity world, highlighting the role of mentorship and continuous learning. The episode also covers innovative uses of AI in the hiring process and provides practical advice for both hiring managers and job seekers in the cybersecurity field. Tune in for valuable insights on how to hire the best talent and advance your career in cybersecurity.   Transcripts https://docs.google.com/document/d/1c-3qy6KkQuhjuHquycQ3rRwMdSlZBfz4    Chapters 00:00 Introduction to Cybersecurity Recruitment 00:31 Guest Introduction: Casey Marquette 01:46 Casey's Career Journey 04:41 Hiring for Attitude vs. Skillset 05:30 Promoting from Within vs. Hiring Externally 07:34 Leadership and Morale 20:20 The Importance of Networking and Mentorship 22:19 AI in Recruitment 23:30 The Talent Pool and Recruitment Challenges 24:04 Introducing Scout: The AI Recruitment Tool 24:51 Security Measures in AI Recruitment 25:32 Addressing Fraudulent Candidates 26:10 Remote Hiring and Deepfake Concerns 28:52 Insider Threats and Tabletop Exercises 31:51 Enhancing Career Marketability for CISOs 37:47 Building Effective Networks and Relationships 42:04 The Importance of Specialized Recruitment 44:21 Final Thoughts and Contact Information

Join host G Mark Hardy in another enlightening episode of CISO Tradecraft as he speaks with special guest Christophe Foulon, a seasoned cybersecurity professional and podcast host. In this episode, Christophe delves into his journey from the help desk to cybersecurity expert, the challenges faced by newcomers, and the keys to successfully building and leading cybersecurity teams. Learn about the importance of continuous learning, managing career transitions, and the emotional rewards and challenges of being a CISO. Whether you're an aspiring CISO or looking to advance in your cybersecurity career, this episode offers invaluable insights and practical advice. Christophe's LinkedIn: https://www.linkedin.com/in/christophefoulon/  Christophe's Website: https://christophefoulon.com/ Christophe's Podcast: https://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698  Transcripts: https://docs.google.com/document/d/1UytoyelIMezzbtxdPHo5FE_oLiXYS_58 Chapters 00:00 Introduction to the Episode 00:27 Meet the Guest: Christophe Foulon 01:30 Christophe's Journey into Cybersecurity 06:24 The Allure and Challenges of a CISO Role 09:55 Developing Political and Leadership Skills 20:30 Aligning Team Members with Their Strengths 31:34 Navigating HR and Diversity in Cybersecurity 36:29 Becoming a Fractional or Virtual CISO 42:27 Final Thoughts and How to Connect with Christophe

Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out of your Hacker Summer Camp experience. Transcripts: https://docs.google.com/document/d/1Y-MenErnVCzUga4xu20ZIz8hT9xsGSJD   Chapters 00:00 Introduction to Hacker Summer Camp 01:29 History and Significance of DEFCON 02:50 Spot the Fed and Early DEFCON Experiences 05:31 The Evolution of Black Hat 09:34 The Birth and Growth of BSides 11:19 Tips for Attending Hacker Summer Camp 19:57 Networking and Participation Strategies 25:31 Conclusion and Final Thoughts

In this episode of CISO Tradecraft, co-host G Mark Hardy and guest Ross Young explore the concept of having a personal board of directors. Learn how to leverage mentors, coaches, and role models to gain diverse perspectives and valuable advice for your professional growth as a cybersecurity leader. Discover the importance of building authentic relationships and seeking advice from experienced individuals, and understand how to make informed career decisions. Tune in to hear practical tips on creating and maintaining your own board of directors, and how it can elevate your career in cybersecurity. Helpful Reading https://pe.gatech.edu/blog/working-learning/personal-board-of-directors https://career.uga.edu/uploads/documents/hireuga/PersonalBoardOfDirectors-worksheet24.pdf   Transcripts: https://docs.google.com/document/d/1qhx38KERHAc1T0qoE6mphUODeOt2xWC4 Chapters  00:00 Introduction to Personal Board of Directors 00:27 Welcome to CISO Tradecraft 01:25 Understanding the Concept of a Personal Board of Directors 03:51 The Role of Mentorship and Feedback 04:38 Building Effective Mentor-Mentee Relationships 06:53 The Importance of Sponsorship 07:57 Navigating Career Paths and Organizational Culture 09:28 Recruiting Your Personal Board of Directors 15:34 Making the Most of Mentorship 22:17 Advice and Board of Directors 22:46 The Power of a Mastermind 23:52 Identifying Key Roles for Your Board 26:27 Time Commitment and Mentor Relationships 27:22 Grave Diggers and Organizational Insights 28:26 Categories of Board Members 29:54 Leveraging Admins and Chiefs of Staff 31:55 Building Trust and Influence 35:09 Discernment in Taking Advice 41:23 Career Opportunities and Emerging Technologies 42:57 Summary and Final Thoughts