In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.

Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf

GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response

Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc

Chapters

• 00:00 Introduction to AI and Cryptocurrencies
• 00:27 Welcome to CISO Tradecraft
• 00:55 Guest Introduction: Tomas Roccia
• 01:06 Tomas Roccia's Background and Career
• 02:51 AI in Cybersecurity: Defensive Approaches
• 03:19 The Democratization of AI: Risks and Opportunities
• 06:09 AI Tools for Cyber Defense
• 08:09 Challenges and Limitations of AI in Cybersecurity
• 09:20 Microsoft's AI Tools for Defenders
• 12:13 Open Source AI Security: Project Nova
• 18:37 Community Contributions and Open Source Projects
• 19:30 Case Study: Babit Crypto Hack
• 22:12 Money Laundering Techniques in Cryptocurrency
• 23:01 AI in Tracking Cryptocurrency Transactions
• 26:09 Sophisticated Attacks and Money Laundering
• 33:50 Future of AI and Cryptocurrency
• 38:17 Final Thoughts and Advice for Security Executives
• 41:28 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Danny Jenkins, CEO and founder of ThreatLocker, live from the Black Hat conference. Danny shares insights into his technical background and explains how a customer-focused culture drives innovation and improvement at ThreatLocker. Learn about the company's unique practices, such as their 'control alt delight' sessions, 24/7 customer support, and how leadership at ThreatLocker leads by example. Danny also discusses the importance of learning from failures and removing obstacles for team members to help the company and its products continually evolve. Danny's LinkedIn - https://www.linkedin.com/in/dannyjenkinscyber/

ThreatLocker - https://www.threatlocker.com/

Transcripts -https://docs.google.com/document/d/1TOib3nTXwrWuwF6sJMlVjTFurgr-jc1b Chapters

• 00:00 Introduction and Welcome
• 00:27 Meet Danny Jenkins, CEO of Threat Locker
• 01:12 The Philosophy Behind Threat Locker
• 02:52 Customer-Centric Culture at Threat Locker
• 04:32 Technical Leadership and Personal Insights
• 08:55 Leadership Advice for Aspiring CISOs
• 11:22 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy engages in an insightful conversation with Dave Lewis, Global Advisory CISO from 1Password, about AI governance and its importance in cybersecurity. They discuss AI policy and its implications, the evolving nature of AI and cybersecurity, and the critical need for governance frameworks to manage AI safely and securely. The discussion delves into the visibility challenges, shadow AI, the role of credentials, and the importance of maintaining fundamental security practices amidst rapid technological advancements. They also touch on the potential risks associated with AI, the misconceptions about its impact on jobs, and the need for a balanced approach to leveraging AI in a beneficial manner while safeguarding against its threats. This episode provides valuable guidance for cybersecurity professionals and organizations navigating the complexities of AI governance.

Chapters

• 00:00 Introduction to AI Governance
• 00:30 Guest Introduction: Dave Lewis
• 00:49 The Importance of AI Governance
• 01:42 Challenges in AI Implementation
• 03:20 AI in the Modern Enterprise
• 03:49 Shadow AI and Security Concerns
• 04:49 AI's Impact on Jobs and Industry
• 05:27 The Gartner Hype Cycle and AI
• 05:43 AI's Influence on the Stock Market
• 06:14 Historical Context of AI
• 06:32 AI and Credential Security
• 08:29 The Role of Governance in AI
• 12:47 The Future of AI and Security
• 18:36 Governance and Policy Recommendations
• 19:26 AI Governance and Ethical Concerns
• 20:01 AI Self-Preservation and Human Safety
• 20:18 Uncontrollable AI Applications
• 21:17 Vectors of AI Trouble
• 21:58 AI Hallucinations and Data Security
• 22:53 AI Vulnerabilities and Exploits
• 26:29 Deepfakes and AI Misuse
• 27:33 Historical Cybersecurity Incidents
• 29:04 Future of AI and Job Security
• 33:47 Managing AI Identities and Credentials
• 34:21 Conclusion and Final Thoughts

In this episode of the CISO Tradecraft podcast, host G Mark Hardy speaks with Tim Brown, the CISO of SolarWinds, at the Black Hat conference in Las Vegas. They delve into the details of the infamous SolarWinds breach, discussing the timeline of events, the involvement of the Russian SVR, and the immediate and long-term responses by SolarWinds. Tim shares insights on the complexities of supply chain security, the importance of clear communication within an organization, and the evolving regulatory landscape for CISOs. Additionally, they discuss the personal and professional ramifications of dealing with such a high-profile incident, offering valuable lessons for current and future cybersecurity leaders.

Chapters

• 00:00 Introduction and Welcome
• 00:59 The SolarWinds Incident Unfolds
• 03:13 Understanding the Attack and Response
• 04:04 The Role of SVR and Supply Chain Security
• 10:43 Technical Details of the Attack
• 14:56 Compliance and Reporting Challenges
• 19:24 Rebuilding Trust and Personal Impact
• 22:06 CISO Concerns and Company Support
• 22:14 Legal Challenges and Company Expenses
• 23:40 SEC Charges and Legal Proceedings
• 29:35 Supply Chain Security and Vendor Assurance
• 35:47 CISO Accountability and Industry Standards
• 39:41 Final Thoughts and Advice for CISOs

• 00:00 Introduction to Cybersecurity Recruitment
• 00:31 Guest Introduction: Casey Marquette
• 01:46 Casey's Career Journey
• 04:41 Hiring for Attitude vs. Skillset
• 05:30 Promoting from Within vs. Hiring Externally
• 07:34 Leadership and Morale
• 20:20 The Importance of Networking and Mentorship
• 22:19 AI in Recruitment
• 23:30 The Talent Pool and Recruitment Challenges
• 24:04 Introducing Scout: The AI Recruitment Tool
• 24:51 Security Measures in AI Recruitment
• 25:32 Addressing Fraudulent Candidates
• 26:10 Remote Hiring and Deepfake Concerns
• 28:52 Insider Threats and Tabletop Exercises
• 31:51 Enhancing Career Marketability for CISOs
• 37:47 Building Effective Networks and Relationships
• 42:04 The Importance of Specialized Recruitment
• 44:21 Final Thoughts and Contact Information

Join host G Mark Hardy in another enlightening episode of CISO Tradecraft as he speaks with special guest Christophe Foulon, a seasoned cybersecurity professional and podcast host. In this episode, Christophe delves into his journey from the help desk to cybersecurity expert, the challenges faced by newcomers, and the keys to successfully building and leading cybersecurity teams. Learn about the importance of continuous learning, managing career transitions, and the emotional rewards and challenges of being a CISO. Whether you're an aspiring CISO or looking to advance in your cybersecurity career, this episode offers invaluable insights and practical advice.

Christophe's LinkedIn: https://www.linkedin.com/in/christophefoulon/ Christophe's Website: https://christophefoulon.com/ Christophe's Podcast: https://podcasts.apple.com/us/podcast/breaking-into-cybersecurity/id1463136698

Transcripts: https://docs.google.com/document/d/1UytoyelIMezzbtxdPHo5FE_oLiXYS_58

Chapters

• 00:00 Introduction to the Episode
• 00:27 Meet the Guest: Christophe Foulon
• 01:30 Christophe's Journey into Cybersecurity
• 06:24 The Allure and Challenges of a CISO Role
• 09:55 Developing Political and Leadership Skills
• 20:30 Aligning Team Members with Their Strengths
• 31:34 Navigating HR and Diversity in Cybersecurity
• 36:29 Becoming a Fractional or Virtual CISO
• 42:27 Final Thoughts and How to Connect with Christophe

Navigating Hacker Summer Camp: A Comprehensive Guide Join host G Mark Hardy on this episode of CSO Tradecraft as he provides a detailed guide on what to expect at Hacker Summer Camp, a series of significant cybersecurity events including DEFCON, Black Hat, and BSides Las Vegas. G Mark shares historical insights, tips for first-timers, and personal anecdotes from his extensive experience attending these events over the years. Learn about the origins, key activities, and networking opportunities that make these conferences pivotal in the cybersecurity community. Stay tuned for practical advice on planning your visit and making the most out of your Hacker Summer Camp experience.

Transcripts: https://docs.google.com/document/d/1Y-MenErnVCzUga4xu20ZIz8hT9xsGSJD

Chapters

• 00:00 Introduction to Hacker Summer Camp
• 01:29 History and Significance of DEFCON
• 02:50 Spot the Fed and Early DEFCON Experiences
• 05:31 The Evolution of Black Hat
• 09:34 The Birth and Growth of BSides
• 11:19 Tips for Attending Hacker Summer Camp
• 19:57 Networking and Participation Strategies
• 25:31 Conclusion and Final Thoughts

In this episode of CISO Tradecraft, co-host G Mark Hardy and guest Ross Young explore the concept of having a personal board of directors. Learn how to leverage mentors, coaches, and role models to gain diverse perspectives and valuable advice for your professional growth as a cybersecurity leader. Discover the importance of building authentic relationships and seeking advice from experienced individuals, and understand how to make informed career decisions. Tune in to hear practical tips on creating and maintaining your own board of directors, and how it can elevate your career in cybersecurity.

Helpful Reading

https://pe.gatech.edu/blog/working-learning/personal-board-of-directors

https://career.uga.edu/uploads/documents/hireuga/PersonalBoardOfDirectors-worksheet24.pdf

Transcripts:

https://docs.google.com/document/d/1qhx38KERHAc1T0qoE6mphUODeOt2xWC4 Chapters

• 00:00 Introduction to Personal Board of Directors
• 00:27 Welcome to CISO Tradecraft
• 01:25 Understanding the Concept of a Personal Board of Directors
• 03:51 The Role of Mentorship and Feedback
• 04:38 Building Effective Mentor-Mentee Relationships
• 06:53 The Importance of Sponsorship
• 07:57 Navigating Career Paths and Organizational Culture
• 09:28 Recruiting Your Personal Board of Directors
• 15:34 Making the Most of Mentorship
• 22:17 Advice and Board of Directors
• 22:46 The Power of a Mastermind
• 23:52 Identifying Key Roles for Your Board
• 26:27 Time Commitment and Mentor Relationships
• 27:22 Grave Diggers and Organizational Insights
• 28:26 Categories of Board Members
• 29:54 Leveraging Admins and Chiefs of Staff
• 31:55 Building Trust and Influence
• 35:09 Discernment in Taking Advice
• 41:23 Career Opportunities and Emerging Technologies
• 42:57 Summary and Final Thoughts