CISO Tradecraft®
286 episodes - English - Latest episode: 7 days ago - ★★★★★ - 46 ratingsWelcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
CISO Tradecraft: Executive Presence
February 26, 2021 12:28 - 48 minutes - 44.2 MBHaving the ability to inspire confidence is crucial to lead others and allows you the opportunity to gain access to executive roles. On this episode G Mark Hardy and Ross Young discuss executive presence: What is it Why you need it How to get it We will discuss Gerry Valentine's 7 Key Steps to building Your executive presence: Have a vision, and articulate it well Understand how others experience you Build your communication skills Become an excellent listener Cultivate your networ...
#17 - Global War on Email
February 19, 2021 12:31 - 47 minutes - 43.4 MBIf you use email, this episode is for you. Attackers leverage email for ransomware, Business Email Compromise (BEC), account takeover, and other threats that can be reduced with effective technical controls (as well as user education.) These three tools all involve placing simple entries in your DNS records. To work effectively, the recipient also needs to be checking entries. They are: SPF = sender policy framework; designates only mail from designated IP address(es) or mail server(s) ...
CISO Tradecraft: Global War on Email
February 19, 2021 12:31 - 47 minutes - 43.4 MBIf you use email, this episode is for you. Attackers leverage email for ransomware, Business Email Compromise (BEC), account takeover, and other threats that can be reduced with effective technical controls (as well as user education.) These three tools all involve placing simple entries in your DNS records. To work effectively, the recipient also needs to be checking entries. They are: SPF = sender policy framework; designates only mail from designated IP address(es) or mail server(s) ...
CISO Tradecraft: The Essential Eight
February 12, 2021 10:23 - 47 minutes - 43.1 MBThe Australian Cyber Security Center (ACSC) believes that not all cyber security controls are created equal. The have assessed various strategies to mitigate cyber security incidents and determined there are eight essential cyber security controls which safeguard any organization more than another control. These controls are commonly known as, "The Essential Eight" are highly recommended. Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts...
#16 - The Essential Eight
February 12, 2021 10:23 - 47 minutes - 43.1 MBThe Australian Cyber Security Center (ACSC) believes that not all cyber security controls are created equal. The have assessed various strategies to mitigate cyber security incidents and determined there are eight essential cyber security controls which safeguard any organization more than another control. These controls are commonly known as, "The Essential Eight" are highly recommended. Application control to prevent execution of unapproved/malicious programs including .exe, DLL, scripts...
#15 - IT Governance
February 05, 2021 12:10 - 46 minutes - 42.2 MBAs a CISO, one of the key functions you will be responsible for is IT Governance. On this episode we discuss what the intent is for a wide variety of cybersecurity documentation that you can leverage, influence, and enforce. Examples include: Policies Control Objectives Standards Guidelines Controls Procedures ... Helpful visual from ComplianceForge which shows how various documentation standards can be integrated Link
CISO Tradecraft: IT Governance
February 05, 2021 12:10 - 46 minutes - 42.2 MBAs a CISO, one of the key functions you will be responsible for is IT Governance. On this episode we discuss what the intent is for a wide variety of cybersecurity documentation that you can leverage, influence, and enforce. Examples include: Policies Control Objectives Standards Guidelines Controls Procedures ... Helpful visual from ComplianceForge which shows how various documentation standards can be integrated Link
CISO Tradecraft: How to Compare Software
January 29, 2021 12:02 - 47 minutes - 43.7 MBAt some point in time, a CISO will need to purchase new security technology. Whether it's antivirus, firewalls, or SIEMs you need to understand how to choose a product that will benefit your organization for years to come. This podcast discusses 5 different techniques that CISOs can apply to help with product selection Perform Market Research to learn the players Gartner Magic Quadrant Forrester Wave Leverage Vendor Comparison Tools to spot the features Mitre ATT&CK Evaluation AV-Co...
CISO Tradecraft: How to compare software
January 29, 2021 12:02 - 47 minutes - 43.7 MBAt some point in time, a CISO will need to purchase new security technology. Whether it's antivirus, firewalls, or SIEMs you need to understand how to choose a product that will benefit your organization for years to come. This podcast discusses 5 different techniques that CISOs can apply to help with product selection Perform Market Research to learn the players Gartner Magic Quadrant Forrester Wave Leverage Vendor Comparison Tools to spot the features Mitre ATT&CK Evaluation AV-Co...
#14 - How to Compare Software
January 29, 2021 12:02 - 47 minutes - 43.7 MBAt some point in time, a CISO will need to purchase new security technology. Whether it's antivirus, firewalls, or SIEMs you need to understand how to choose a product that will benefit your organization for years to come. This podcast discusses 5 different techniques that CISOs can apply to help with product selection Perform Market Research to learn the players Gartner Magic Quadrant Forrester Wave Leverage Vendor Comparison Tools to spot the features Mitre ATT&CK Evaluation AV-Co...
#13 - Executive Competencies
January 22, 2021 13:12 - 47 minutes - 43.2 MBHave you ever wanted to become an executive, but didn’t know what skills to focus on? On this episode of CISO Tradecraft, G Mark Hardy and Ross Young provide guidance from the Office of Personnel Management (Chief Human Resources Agency and personnel policy manager for the US government). The podcast discusses the 6 Fundamental Competencies and the 5 Executive Core Qualifications required by all federal executives. Fundamental Competencies: Interpersonal Skills Oral Communication In...
CISO Tradecraft: Executive Competencies
January 22, 2021 13:12 - 47 minutes - 43.2 MBHave you ever wanted to become an executive, but didn’t know what skills to focus on? On this episode of CISO Tradecraft, G Mark Hardy and Ross Young provide guidance from the Office of Personnel Management (Chief Human Resources Agency and personnel policy manager for the US government). The podcast discusses the 6 Fundamental Competencies and the 5 Executive Core Qualifications required by all federal executives. Fundamental Competencies: Interpersonal Skills Oral Communication In...
CISO Tradecraft: The Three Ways of DevOps
January 15, 2021 12:31 - 45 minutes - 41.3 MBMaking things cheaper, faster, and better is the key to gaining competitive advantage. If you can gain a competitive advantage in cyber, then you will reduce risk to the business and protect key revenue streams. This episode discusses the three ways of DevOps and how you can use them to improve information security. The three ways of DevOps consist of: The First Way: Principles of Flow The Second Way: Principles of Feedback The Third Way: Principles of Continuous Learning If you would ...
#12 - The Three Ways of DevOps
January 15, 2021 12:31 - 45 minutes - 41.3 MBMaking things cheaper, faster, and better is the key to gaining competitive advantage. If you can gain a competitive advantage in cyber, then you will reduce risk to the business and protect key revenue streams. This episode discusses the three ways of DevOps and how you can use them to improve information security. The three ways of DevOps consist of: The First Way: Principles of Flow The Second Way: Principles of Feedback The Third Way: Principles of Continuous Learning If you would ...
CISO Tradecraft: Cryptography
January 08, 2021 11:14 - 49 minutes - 44.9 MBMost organizations generate revenue by hosting online transactions. Cryptography is a key enabler to securing online transactions in untrusted spaces. Therefore it's important for CISOs to understand how it works. This episode discusses the fundamentals of cryptography: What are the requirements for cryptography? How long has cryptography been around? Are there differences between legacy and modern cryptography? Differences between symmetric and asymmetric encryption Common use of en...
#11 - Cryptography
January 08, 2021 11:14 - 49 minutes - 44.9 MBMost organizations generate revenue by hosting online transactions. Cryptography is a key enabler to securing online transactions in untrusted spaces. Therefore it's important for CISOs to understand how it works. This episode discusses the fundamentals of cryptography: What are the requirements for cryptography? How long has cryptography been around? Are there differences between legacy and modern cryptography? Differences between symmetric and asymmetric encryption Common use of en...
CISO Tradecraft: Securing the Cloud
January 01, 2021 17:50 - 45 minutes - 41.5 MBUnderstanding how to secure the cloud is a crucial piece of tradecraft that every CISO needs to understand. This episode provides an in depth discussion of AWS's 7 design principles for securing the cloud: Implement a strong identity foundation Enable traceability Apply security at all layers Automate security best practices Protect data in transit and rest Keep people away from data Prepare for security events Please note the AWS Well-Architected Framework Security Design Principle...
#10 - Securing the Cloud
January 01, 2021 17:50 - 45 minutes - 41.5 MBUnderstanding how to secure the cloud is a crucial piece of tradecraft that every CISO needs to understand. This episode provides an in depth discussion of AWS's 7 design principles for securing the cloud: Implement a strong identity foundation Enable traceability Apply security at all layers Automate security best practices Protect data in transit and rest Keep people away from data Prepare for security events Please note the AWS Well-Architected Framework Security Design Principle...
CISO Tradecraft: Introduction to the Cloud
December 25, 2020 13:39 - 44 minutes - 40.9 MBHave you ever wanted to learn the basic fundamentals of the cloud? This podcast provides a 50,000 foot view of the cloud. Specific discussions include: What is the cloud? What types of clouds are there and what are the differences? What is the term shared responsibility model and what does that mean for securing the cloud?
#9 - Introduction to the Cloud
December 25, 2020 13:39 - 44 minutes - 40.9 MBHave you ever wanted to learn the basic fundamentals of the cloud? This podcast provides a 50,000 foot view of the cloud. Specific discussions include: What is the cloud? What types of clouds are there and what are the differences? What is the term shared responsibility model and what does that mean for securing the cloud? Chapters 00:00 Introduction 02:10 The Basics of Cloud Computing 06:20 Cloud Computing and Infrastructure as a Service Model 10:17 The different levels of respons...
CISO Tradecraft: Crucial Conversations
December 18, 2020 12:01 - 56 minutes - 52 MBCISOs often encounter situations where everyone has a different opinion, it's a high stakes decision, and emotions are running high. These situations create crucial conversations opportunities where a CISO needs to be effective. This podcast discusses how to turn disagreement into dialogue, surface any subject, and make it safe to discuss. Please listen as G Mark Hardy and Ross Young discuss the 8 step process from the book, "Crucial Conversations." Get Unstuck Start With Heart Master ...
#8 - Crucial Conversations
December 18, 2020 12:01 - 56 minutes - 52 MBCISOs often encounter situations where everyone has a different opinion, it's a high stakes decision, and emotions are running high. These situations create crucial conversations opportunities where a CISO needs to be effective. This podcast discusses how to turn disagreement into dialogue, surface any subject, and make it safe to discuss. Please listen as G Mark Hardy and Ross Young discuss the 8 step process from the book, "Crucial Conversations." Get Unstuck Start With Heart Master ...
CISO Tradecraft: DevOps
December 11, 2020 11:15 - 49 minutes - 45.1 MBOn this Episode we will explore DevOps as a topic and discuss why you need to care as a CISO. Key discussions include: What are the key principles behind DevOps? What benefits does security see from DevOps? What is a CI/CD pipeline? What are common types of DevOps tools that I need to understand as a CISO? Where does DevSecOps fit in? What are 4 types of Application Security Testing tools we see in DevOps Pipelines? What are 3 common ways to make DevOps / DevSecOps go viral in any or...
#7 - DevOps
December 11, 2020 11:15 - 49 minutes - 45.1 MBOn this Episode we will explore DevOps as a topic and discuss why you need to care as a CISO. Key discussions include: What are the key principles behind DevOps? What benefits does security see from DevOps? What is a CI/CD pipeline? What are common types of DevOps tools that I need to understand as a CISO? Where does DevSecOps fit in? What are 4 types of Application Security Testing tools we see in DevOps Pipelines? What are 3 common ways to make DevOps / DevSecOps go viral in any or...
CISO Tradecraft: Change Management
December 04, 2020 11:57 - 49 minutes - 45.4 MBIf you want to make impact as a leader, then you need to understand how to lead change. This episode overviews Dr. John Kotter's 8-Step process to accelerating change. Create a sense of urgency Build a guiding coalition Form a strategic vision and initiatives Enlist a volunteer army Enable action by removing barriers Generate short-term wins Sustain acceleration Institute change We highly recommend you read Kotter's ebook to learn more: https://www.kotterinc.com/8-steps-process-fo...
#6 - Change Management
December 04, 2020 11:57 - 49 minutes - 45.4 MBIf you want to make impact as a leader, then you need to understand how to lead change. This episode overviews Dr. John Kotter's 8-Step process to accelerating change. Create a sense of urgency Build a guiding coalition Form a strategic vision and initiatives Enlist a volunteer army Enable action by removing barriers Generate short-term wins Sustain acceleration Institute change We highly recommend you read Kotter's ebook to learn more: https://www.kotterinc.com/8-steps-process-fo...
#5 - Cyber Frameworks
November 27, 2020 11:51 - 57 minutes - 52.7 MBCyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them. Chapters 00:00 Introductions 03:29 Creating a Framework for Cyber Security Programs 06:48 What are the Most Important Controls 11:08 Havin...
CISO Tradecraft: Cyber Frameworks
November 27, 2020 11:51 - 57 minutes - 52.7 MBCyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.
CISO Tradecraft: Asset Management
November 20, 2020 12:10 - 38 minutes - 35.5 MBIf you want to assess your current level of security, then you should start with an asset management program. Asset management provides the basic building blocks to enable vulnerability management and remediation programs. This podcast provides key lessons learned on what is required for effective asset management as well as discuss how asset management evolves with the cloud. Listeners will also learn important steps to take to create a world class asset management program.
#4 - Asset Management
November 20, 2020 12:10 - 38 minutes - 35.5 MBIf you want to assess your current level of security, then you should start with an asset management program. Asset management provides the basic building blocks to enable vulnerability management and remediation programs. This podcast provides key lessons learned on what is required for effective asset management as well as discuss how asset management evolves with the cloud. Listeners will also learn important steps to take to create a world class asset management program. Chapters 0...
#3 - How to Read Your Boss
November 13, 2020 12:21 - 38 minutes - 35.5 MBThe ability to persuade others is a core tradecraft for every CISO. This podcast discusses the most common styles of executive decision making (Charismatics, Thinkers, Skeptics, Followers, and Controllers). After listening to this podcast, you will understand how to more effectively tailor your message to best influence each style of executive. If you would like to learn more about this topic, we strongly recommend you read the Harvard Business Review article, “Change the Way You Persuad...
CISO Tradecraft: How to Read Your Boss
November 13, 2020 12:21 - 38 minutes - 35.5 MBThe ability to persuade others is a core tradecraft for every CISO. This podcast discusses the most common styles of executive decision making (Charismatics, Thinkers, Skeptics, Followers, and Controllers). After listening to this podcast, you will understand how to more effectively tailor your message to best influence each style of executive. If you would like to learn more about this topic, we strongly recommend you read the Harvard Business Review article, “Change the Way You Persuad...
CISO Tradecraft: Principles of Persuasion
November 06, 2020 12:02 - 46 minutes - 42.6 MBTo become an effective CISO you need influence skills. On this episode we explore Robert Cialdini's book, "Influence" and discuss the psychology of persuasion. We will explore 6 key areas of influence: Liking- If people like you - because they sense that you like them, or because of things you have in common - they're more apt to say yes to you Reciprocity- People tend to return favors. If you help people, they'll help you. If you behave in a certain way (cooperatively, for example), t...
#2 - Principles of Persuasion
November 06, 2020 12:02 - 46 minutes - 42.6 MBTo become an effective CISO you need influence skills. On this episode we explore Robert Cialdini's book, "Influence" and discuss the psychology of persuasion. We will explore 6 key areas of influence: Liking- If people like you - because they sense that you like them, or because of things you have in common - they're more apt to say yes to you Reciprocity- People tend to return favors. If you help people, they'll help you. If you behave in a certain way (cooperatively, for example), t...
#1 - What is a CISO?
October 30, 2020 11:04 - 50 minutes - 46.5 MBOn this pilot episode you will get to meet the hosts of the show (G Mark Hardy & Ross Young) and learn a little bit about their backgrounds. Chapters 00:00 Introductions 04:47 What is a CISO? 07:24 Enable the Rock Climber to Take Risks 13:32 What do CISOs need to know? 18:07 Compliance is a C- 21:23 What functions and services do CISOs oversee? 25:48 The importance of a Purple Team 29:45 Is your Security Office a Red Team or a Blue Team? 34:50 Which organization in security is most...
CISO Tradecraft: What is a CISO?
October 30, 2020 11:04 - 50 minutes - 46.5 MBOn this Pilot episode you will get to meet the hosts of the show (G Mark Hardy & Ross Young) and learn a little bit about their backgrounds. The show also discusses: What is a CISO? CISO role and responsibilities Organizations reporting to the CISO CISO career paths