In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs.

Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/

Transcripts: https://docs.google.com/document/d/15xQINUOdziGdcEFfh5SN8lS7svtK0JCT

Chapters

• 00:00 Introduction and Recap of Part 1
• 01:43 Starting the Discussion: Data Breaches
• 02:22 Legal Steps After a Data Breach
• 07:19 Understanding Attorney-Client Privilege
• 08:21 Discovery in Legal Cases
• 13:31 Staying Updated on Cybersecurity Laws
• 19:38 Impact of GDPR on Cybersecurity
• 32:00 Data Localization Challenges
• 34:55 Proactive Legal Preparedness
• 37:23 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls.

Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:48 Meet Thomas Ritter: Cybersecurity Lawyer
• 03:48 Legal Challenges for CISOs
• 04:54 Managing Third-Party Risks
• 13:01 Understanding Legal and Statutory Obligations
• 15:57 Supreme Court Rulings and Cybersecurity
• 32:57 Lessons from High-Profile Cyber Attacks
• 38:32 Ransomware Epidemic and Law Enforcement
• 43:30 Conclusion and Contact Information

Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and personal life.

Transcripts: https://docs.google.com/document/d/15pyhXu3XVHJ_VE1OwKjSqM73Rybjbsm0

Chapters:

• 00:00 Introduction to CISO Tradecraft
• 00:53 Understanding IQ: The Basics
• 04:08 Introduction to Emotional Intelligence
• 07:38 Models of Emotional Intelligence
• 13:06 The Importance of Emotional Intelligence in Leadership
• 25:12 Practical Steps to Improve Emotional Intelligence
• 32:42 Conclusion and Final Thoughts

Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations.

Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:40 Challenges of Cybersecurity in Small Businesses
• 01:15 Defining Small Business and Security Baselines
• 01:53 Top Cybersecurity Tools for Small Businesses
• 02:05 Hardware and Software Essentials
• 04:35 Patch Management Solutions
• 05:19 Endpoint Detection and Response (EDR) Tools
• 06:06 Secure Web Gateways and Website Security
• 11:21 Identity and Access Management (IAM)
• 12:57 Email Security Gateways
• 14:15 Managed Detection and Response (MDR) Solutions
• 14:54 Recap of Essential Cybersecurity Tools
• 15:41 Bonus Tool: Password Managers
• 18:33 Aligning with CIS Controls
• 24:48 Conclusion and Call to Action

Welcome to another episode of CISO Tradecraft with your host, G. Mark Hardy! In this episode, we dive into how CISOs can drive the profitable growth of their company's products and services. Breaking the traditional view of security as a cost center, Mark illustrates ways CISOs can support business objectives like customer outreach, service enablement, operational resilience, and cost reduction. Tune in for insightful strategies to improve your impact as a cybersecurity leader and a sneak peek at our upcoming CISO training class! If you would like to learn more about our class, drop us a comment: https://www.cisotradecraft.com/comment

Transcripts: https://docs.google.com/document/d/19SDBdQSTLc58sP5ynwzhuedNHzk7QPKj

Chapters

• 00:00 Introduction to Profitable Growth for CISOs
• 01:16 Understanding Profit and Business Objectives
• 03:24 Enhancing Customer Experience through Cybersecurity
• 08:51 Service Enablement and Upselling Strategies
• 11:39 Ensuring Operational Resilience
• 13:36 Cost Reduction and Efficiency Improvements
• 18:31 Recap and Final Thoughts
• 19:10 Exciting Announcement: CISO Training Course

Exploring AI in Cybersecurity: Insights from an Expert - CISO Tradecraft with Tom Bendien In this episode of CISO Tradecraft, host G Mark Hardy sits down with AI expert Tom Bendien to delve into the impact of artificial intelligence on cybersecurity. They discuss the basics of AI, large language models, and the differences between public and private AI models. Tom shares his journey from New Zealand to the U.S. and how he became involved in AI consulting. They also cover the importance of education in AI, from executive coaching to training programs for young people. Tune in to learn about AI governance, responsible use, and how to prepare for the future of AI in cybersecurity.

Transcripts: https://docs.google.com/document/d/1x0UTLiQY7hWWUdfPE6sIx7l7B0ip7CZo

Chapters

• 00:00 Introduction and Guest Welcome
• 00:59 Tom Bendien's Background and Journey
• 02:30 Diving into AI and ChatGPT
• 04:29 Understanding AI Models and Neural Networks
• 07:11 The Role of Agents in AI
• 10:10 Challenges and Ethical Considerations in AI
• 13:47 Open Source AI and Security Concerns
• 18:32 Apple's AI Integration and Compliance Issues
• 24:01 Navigating AI in Cybersecurity
• 25:09 Ethical Dilemmas in AI Usage
• 27:59 AI Coaching and Its Importance
• 32:20 AI in Education and Youth Engagement
• 35:55 Career Coaching in the Age of AI
• 39:20 The Future of AI and Its Saturation Point
• 42:07 Final Thoughts and Contact Information

In this episode of CISO Tradecraft, host G Mark Hardy delves into the complex intersection of ethics and artificial intelligence. The discussion covers the seven stages of AI, from rule-based systems to the potential future of artificial superintelligence. G Mark explores ethical frameworks, such as rights-based ethics, justice and fairness, utilitarianism, common good, and virtue ethics, and applies them to AI development and usage. The episode also highlights ethical dilemmas, including privacy concerns, bias, transparency, accountability, and the impacts of AI on societal norms and employment. Learn about the potential dangers of AI and how to implement and control AI systems ethically in your organization.

Transcripts: https://docs.google.com/document/d/10AhefqdhkT0PrEbh8qBZVn9wWS6wABO6

Chapters

• 00:00 Introduction to CISO Tradecraft
• 01:01 Stages of Artificial Intelligence
• 03:33 Ethical Implications of AI
• 05:24 Business Models and Data Security
• 13:52 Ethical Frameworks Explained
• 23:18 AI and Human Behavior
• 25:44 The TikTok Feedback Loop and Digital Addiction
• 26:54 AI's Unpredictable Capabilities
• 28:25 The Ethical Dilemmas of AI
• 30:57 Generative AI and Its Implications
• 42:10 The Role of Government and Society in AI Regulation
• 45:49 Conclusion and Ethical Considerations

In this episode of CISO Tradecraft, host G Mark Hardy explores the challenges complexity introduces to cybersecurity, debunking the myth that more complex systems are inherently more secure. Through examples ranging from IT support issues to the intricacies of developing a web application with Kubernetes, the discussion highlights how complexity can obscure vulnerabilities, increase maintenance costs, and expand the attack surface. The episode also offers strategies to tackle complexity, including standardization, minimization, automation, and feedback-driven improvements, aiming to guide cybersecurity leaders toward more effective and less complex security practices.

Transcripts: https://docs.google.com/document/d/1J0rPr0HxULpeVJMIwXKXqHuCfnXn4gDu

Chapters

• 00:00 Introduction
• 01:03 The Misconception of Complexity in Cybersecurity
• 02:41 Real-World Complexities and Their Impact on IT
• 10:06 Simplifying Cybersecurity: Strategies and Solutions
• 14:48 Conclusion: Embracing Simplicity in Cybersecurity