In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls.

Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:48 Meet Thomas Ritter: Cybersecurity Lawyer
• 03:48 Legal Challenges for CISOs
• 04:54 Managing Third-Party Risks
• 13:01 Understanding Legal and Statutory Obligations
• 15:57 Supreme Court Rulings and Cybersecurity
• 32:57 Lessons from High-Profile Cyber Attacks
• 38:32 Ransomware Epidemic and Law Enforcement
• 43:30 Conclusion and Contact Information

Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and personal life.

Transcripts: https://docs.google.com/document/d/15pyhXu3XVHJ_VE1OwKjSqM73Rybjbsm0

Chapters:

• 00:00 Introduction to CISO Tradecraft
• 00:53 Understanding IQ: The Basics
• 04:08 Introduction to Emotional Intelligence
• 07:38 Models of Emotional Intelligence
• 13:06 The Importance of Emotional Intelligence in Leadership
• 25:12 Practical Steps to Improve Emotional Intelligence
• 32:42 Conclusion and Final Thoughts

Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations.

Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:40 Challenges of Cybersecurity in Small Businesses
• 01:15 Defining Small Business and Security Baselines
• 01:53 Top Cybersecurity Tools for Small Businesses
• 02:05 Hardware and Software Essentials
• 04:35 Patch Management Solutions
• 05:19 Endpoint Detection and Response (EDR) Tools
• 06:06 Secure Web Gateways and Website Security
• 11:21 Identity and Access Management (IAM)
• 12:57 Email Security Gateways
• 14:15 Managed Detection and Response (MDR) Solutions
• 14:54 Recap of Essential Cybersecurity Tools
• 15:41 Bonus Tool: Password Managers
• 18:33 Aligning with CIS Controls
• 24:48 Conclusion and Call to Action