In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape.

Horizon3 - https://www.horizon3.ai

Snehal Antani - https://www.linkedin.com/in/snehalantani/

Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo

Chapters:

• 00:00 Introduction and Guest Welcome
• 01:43 Background and Experience of Snehal Antani
• 03:09 Challenges and Limitations of Traditional Pen Testing
• 14:47 The Future of Pen Testing: Autonomous Systems
• 23:10 Leveraging Data for Cybersecurity Insights
• 24:02 Expanding the Attack Surface: Cloud and Supply Chain
• 24:46 Third-Party Risk Management Evolution
• 44:37 Future of Cyber Warfare: Algorithms vs. Humans

In this episode of CISO Tradecraft, host G Mark Hardy delves into the intricate world of Identity and Access Management (IAM). Learn the essentials and best practices of IAM, including user registration, identity proofing, directory services, identity federation, credential issuance, and much more. Stay informed about the latest trends like proximity-based MFA and behavioral biometrics. Understand the importance of effective IAM implementation for safeguarding sensitive data, compliance, and operational efficiency. Plus, hear real-world examples and practical advice on improving your IAM strategy for a secure digital landscape.

Transcripts: https://docs.google.com/document/d/15zUupqhCQz9llwy21GW5cam8qXgK80JB

Chapters

• 00:00 Introduction to CISO Tradecraft
• 01:24 Understanding Identity and Access Management (IAM)
• 01:54 Gartner's Magic Quadrant and IAM Vendors
• 03:29 The Importance of IAM in Enterprises
• 04:28 User Registration and Verification
• 06:48 Password Policies and Best Practices
• 09:53 Identity Proofing Techniques
• 14:53 Directory Services and Role Management
• 18:27 Identity Federation and Credential Issuance
• 22:22 Profile and Role Management
• 26:17 Identity Lifecycle Management
• 29:23 Access Management Essentials
• 35:05 Review and Conclusion

In this comprehensive episode of CISO Tradecraft, host G Mark Hardy sits down with Christian Hyatt, author of 'The Security Team Operating System'. Together, they delve into the five essential components needed to transform your cyber security team from reactive to unstoppable. From defining purpose and values to establishing clear roles, rhythms, and goals, this podcast offers practical insights and tools that can improve the efficacy and culture of your security team. If you're looking for strategic frameworks to align your team with business objectives and create a resilient security culture, you won't want to miss this episode!

Christian Hyatt's LinkedIn Profile: https://www.linkedin.com/in/christianhyatt/

Link to the Book: https://a.co/d/aHpXXfr

Transcripts: https://docs.google.com/document/d/1ogBdtJolBJTOVtqyFLO5onuLxBsfqqQP

Chapters

• 00:00 Introduction and Guest Welcome
• 01:31 Overview of the Security Team Operating System
• 03:31 Deep Dive into the Five Elements
• 07:53 Aligning Security with Business Objectives
• 21:59 Defining Core Values for Security Teams
• 25:03 Aligning Organizational and Team Values
• 26:05 Establishing Clear Roles and Responsibilities
• 30:58 Implementing Effective Rhythms and Goals

Join host G Mark Hardy in this episode of CISO Tradecraft as he welcomes Olivia Rose, an experienced CISO and founder of the Rose CISO Group. Olivia discusses her journey in cybersecurity from her start in marketing to becoming a VCISO. They delve into key topics including the transition from CISO to VCISO, strategies for managing time and stress, the importance of understanding board dynamics, and practical advice on mentoring new entrants in the cybersecurity field. Olivia also shares her insights on maintaining business alignment, handling insurance as a contractor, and building a personal brand in the cybersecurity community.

Olivia Rose: https://www.linkedin.com/in/oliviarosecybersecurity/

Transcripts: https://docs.google.com/document/d/1S42BepIh1QQHVWsdhhgx6x99U188q5eL

Chapters

• 00:00 Introduction and Guest Welcome
• 01:14 Olivia Rose's Career Journey
• 06:42 Challenges in Cybersecurity Careers
• 15:47 Communicating with the Board
• 22:57 Navigating Compliance and Legal Challenges
• 24:10 Building Strategic Relationships
• 25:46 Aligning Security with Business Goals
• 35:05 The Importance of Reputation and Branding

In this episode of CISO Tradecraft, host G Mark Hardy continues an in-depth discussion with cybersecurity attorney Thomas Ritter on the legal considerations for cybersecurity leaders. The episode touches on essential topics such as immediate legal steps after a data breach, the importance of using correct terminology, understanding attorney-client privilege and discovery, GDPR's impact, data localization, and proactive measures CISOs should take. The conversation also explores the implications of evolving cybersecurity laws and regulations like the Digital Operations Resilience Act and the potential criminal liabilities for CISOs.

Thomas Ritter: https://www.linkedin.com/in/thomas-ritter-2b91014a/

Transcripts: https://docs.google.com/document/d/15xQINUOdziGdcEFfh5SN8lS7svtK0JCT

Chapters

• 00:00 Introduction and Recap of Part 1
• 01:43 Starting the Discussion: Data Breaches
• 02:22 Legal Steps After a Data Breach
• 07:19 Understanding Attorney-Client Privilege
• 08:21 Discovery in Legal Cases
• 13:31 Staying Updated on Cybersecurity Laws
• 19:38 Impact of GDPR on Cybersecurity
• 32:00 Data Localization Challenges
• 34:55 Proactive Legal Preparedness
• 37:23 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy interviews cybersecurity lawyer Thomas Ritter. They discuss key legal topics for CISOs, including regulatory compliance, managing third-party risk, responding to data breaches, and recent legislative impacts. Thomas shares his journey into cybersecurity law and provides practical advice and real-world examples. Key points include the challenges of keeping up with evolving regulations, the intricacies of vendor management, and the implications of recent Supreme Court rulings. They also touch on major breaches like SolarWinds and Colonial Pipeline, exploring lessons learned and the importance of implementing essential security controls.

Thomas Ritter - https://www.linkedin.com/in/thomas-ritter-2b91014a/ Transcripts: https://docs.google.com/document/d/1EvZ_dOpFOLCSSv5ffqxCoMnLZDOnUv_K

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:48 Meet Thomas Ritter: Cybersecurity Lawyer
• 03:48 Legal Challenges for CISOs
• 04:54 Managing Third-Party Risks
• 13:01 Understanding Legal and Statutory Obligations
• 15:57 Supreme Court Rulings and Cybersecurity
• 32:57 Lessons from High-Profile Cyber Attacks
• 38:32 Ransomware Epidemic and Law Enforcement
• 43:30 Conclusion and Contact Information

Emotional Intelligence for Cybersecurity Leaders | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy delves into the essential topic of emotional intelligence (EI) for cybersecurity leaders. He explores the difference between IQ and EI, the origins and significance of emotional intelligence, and its impact on leadership effectiveness. The episode covers various models of EI, including the Ability Model, the Trait Model, and the Mixed Model, and emphasizes practical actions to enhance EI, such as self-awareness, self-regulation, empathy, and social skills. Tune in to understand how developing emotional intelligence can significantly benefit your career, leadership performance, and personal life.

Transcripts: https://docs.google.com/document/d/15pyhXu3XVHJ_VE1OwKjSqM73Rybjbsm0

Chapters:

• 00:00 Introduction to CISO Tradecraft
• 00:53 Understanding IQ: The Basics
• 04:08 Introduction to Emotional Intelligence
• 07:38 Models of Emotional Intelligence
• 13:06 The Importance of Emotional Intelligence in Leadership
• 25:12 Practical Steps to Improve Emotional Intelligence
• 32:42 Conclusion and Final Thoughts

Securing Small Businesses: Essential Cybersecurity Tools and Strategies In this episode of CISO Tradecraft, host G Mark Hardy discusses cybersecurity challenges specific to small businesses. He provides insights into key tools and strategies needed for effective cybersecurity management in small enterprises, including endpoint management, patch management, EDR tools, secure web gateways, IAM solutions, email security gateways, MDR services, and password managers. Hardy also evaluates these tools against the CIS Critical Security Controls to highlight their significance in safeguarding small business operations.

Transcripts: https://docs.google.com/document/d/1Hon3h950myI7A3jzGmj7YIwRXow5W1V5

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:40 Challenges of Cybersecurity in Small Businesses
• 01:15 Defining Small Business and Security Baselines
• 01:53 Top Cybersecurity Tools for Small Businesses
• 02:05 Hardware and Software Essentials
• 04:35 Patch Management Solutions
• 05:19 Endpoint Detection and Response (EDR) Tools
• 06:06 Secure Web Gateways and Website Security
• 11:21 Identity and Access Management (IAM)
• 12:57 Email Security Gateways
• 14:15 Managed Detection and Response (MDR) Solutions
• 14:54 Recap of Essential Cybersecurity Tools
• 15:41 Bonus Tool: Password Managers
• 18:33 Aligning with CIS Controls
• 24:48 Conclusion and Call to Action