In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape.

Horizon3 - https://www.horizon3.ai

Snehal Antani - https://www.linkedin.com/in/snehalantani/

Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo

Chapters:

• 00:00 Introduction and Guest Welcome
• 01:43 Background and Experience of Snehal Antani
• 03:09 Challenges and Limitations of Traditional Pen Testing
• 14:47 The Future of Pen Testing: Autonomous Systems
• 23:10 Leveraging Data for Cybersecurity Insights
• 24:02 Expanding the Attack Surface: Cloud and Supply Chain
• 24:46 Third-Party Risk Management Evolution
• 44:37 Future of Cyber Warfare: Algorithms vs. Humans

In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape.

Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5cam8qXgK80JB

Chapters

• 00:00 Introduction to CISO Tradecraft
• 01:24 Understanding Identity and Access Management (IAM)
• 01:54 Gartner's Magic Quadrant and IAM Vendors
• 03:29 The Importance of IAM in Enterprises
• 04:28 User Registration and Verification
• 06:48 Password Policies and Best Practices
• 09:53 Identity Proofing Techniques
• 14:53 Directory Services and Role Management
• 18:27 Identity Federation and Credential Issuance
• 22:22 Profile and Role Management
• 26:17 Identity Lifecycle Management
• 29:23 Access Management Essentials
• 35:05 Review and Conclusion

In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode!

Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/

Link to the Book: https://a.co/d/aHpXXfr

Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP

Chapters

• 00:00 Introduction and Guest Welcome
• 01:31 Overview of the Security Team Operating System
• 03:31 Deep Dive into the Five Elements
• 07:53 Aligning Security with Business Objectives
• 21:59 Defining Core Values for Security Teams
• 25:03 Aligning Organizational and Team Values
• 26:05 Establishing Clear Roles and Responsibilities
• 30:58 Implementing Effective Rhythms and Goals