In this episode of CISO Tradecraft, G Mark Hardy and Ross Young dive into part two of their series on cybersecurity budgets. Continuing from where they left off, they discuss the OWASP Threat and Safeguard Matrix (TaSM), effective protection scoring, and practical strategies to enhance your budget management as a CISO. Learn about the importance of understanding material threats, leveraging AI, and employing tools like murder boards to optimize security practices. Ross also shares inside tips for negotiating master service agreements and improving organizational processes, all aimed at making you a more effective security leader.

Welcome to another episode of CISO Tradecraft! Join G Mark Hardy and Ross Young as they dive deep into strategies for maximizing your security budget while minimizing waste. Ross, the author of the soon-to-be-released 'Cybersecurity's Dirty Secret,' shares insights from his 20-year career, including his time at the CIA, Capital One, and Caterpillar Financial. Get expert tips on zero-based budgeting, total cost of ownership, avoiding meeting waste, and more. Don't miss this episode if you want to learn how to make every cybersecurity dollar count!

Free Templates: https://www.cisotradecraft.com/store

Course: https://www.cisotradecraft.com/course-master-the-budget-game-in-cybersecurity

Welcome to another insightful episode of CISO Tradecraft! In this episode, host G Mark Hardy engages with Aimee Cardwell, an accomplished cybersecurity expert with an impressive portfolio including UnitedHealth Group, AMEX, eBay, and more. Tune in as they dive deep into the increasing concerns of privacy, the evolving role of AI in cybersecurity, and the importance of data governance. Learn practical strategies for managing the complexities of AI and privacy, explore the intersections between cybersecurity and privacy, and get invaluable tips for aspiring CISOs. Don't miss this episode packed with expert advice and forward-thinking perspectives!

Aimee Cardwell's Linkedin - https://www.linkedin.com/in/acardwell/

Dive into an exciting discussion on CISO Tradecraft as host G Mark Hardy engages with DARPA's AI Cyber Challenge director, Andrew Carney. Learn about the world of autonomous systems capable of identifying and fixing vulnerabilities at an unprecedented speed and scale. Discover the highs and lows of AIxCC's two-year journey, its groundbreaking impact on cybersecurity, and the potential it holds for the future. Whether you're a seasoned CISO or just passionate about cybersecurity, this episode is packed with insights on leveraging AI to protect critical infrastructure and defend against cyber threats. Don't miss it! https://aicyberchallenge.com/

Join us in this captivating episode of CISO Tradecraft as host G Mark Hardy sits down with storytelling maestro Neal Foard. Learn the secrets of impactful storytelling straight from Neal, who shares an engaging story about an unforgettable lesson at the New Jersey State Fair. Delve into the importance of emotions in storytelling, glean tips for effective communication, and discover how being an inspiring leader can propel your cybersecurity career. Don't miss this opportunity to enhance your storytelling prowess and become a more effective cybersecurity leader!

Learn how to elevate Data Protection in the Age of AI with Ronan Murphy In this episode of CISO Tradecraft, host G Mark Hardy and guest Ronan Murphy, Chief Strategy Officer at Forcepoint, discuss the critical importance of data protection for enterprises in the age of AI. Discover expert insights on common mistakes CISOs make, how AI revolutionizes data security, and the evolving role of CISOs from enforcers to strategists. Learn about effective data governance, AI’s impact on data, and leveraging tools like DLP & CASB for robust cybersecurity.

Plus, hear about Forcepoint Aware 2025 and actionable strategies for elevating your organization's data security posture. https://www.forcepoint.com/aware

Join host G Mark Hardy on CISO Tradecraft as he welcomes Patrick Garrity from VulnCheck and Tod Beardsley from Run Zero to discuss the latest in cybersecurity vulnerabilities, exploits, and defense strategies. Learn about their backgrounds, the complexities of security research, and strategies for effective communication within enterprises. The discussion delves into vulnerabilities, the significant risks posed by ransomware, and actionable steps for CISOs and security executives to protect their organizations. Stay tuned for invaluable insights on cybersecurity leadership and management.

Chapters

• 00:00 Introduction and Guest Welcome
• 00:57 Meet Patrick Garrity: Security Researcher and Skateboard Enthusiast
• 02:12 Meet Todd Beardsley: From Hacker to Security Research VP
• 03:58 The Evolution of Vulnerabilities and Patching
• 07:06 Understanding CVE Numbering and Exploitation
• 14:01 The Role of Attribution in Cybersecurity
• 16:48 Cyber Warfare and Global Threat Landscape
• 20:18 The Rise of International Hacking
• 22:01 Delegation of Duties in Offensive Warfare
• 22:25 The Role of Companies in Cyber Defense
• 23:00 Attack Vectors and Exploits
• 24:25 Real-World Scenarios and Threats
• 28:46 The Importance of Communication Skills for CISOs
• 31:42 Ransomware: A Divisive Topic
• 38:39 Actionable Steps for Security Executives

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Tomas Roccia, a senior threat researcher at Microsoft, to delve into the evolving landscape of AI and cybersecurity. From AI-enhanced threat detection to the complexities of tracking cryptocurrency used in cybercrime, Tomas shares his extensive experience and insights. Discover how AI is transforming both defensive and offensive strategies in cybersecurity, learn about innovative tools like Nova for adversarial prompt detection, and explore the sophisticated techniques used by cybercriminals in high-profile crypto heists. This episode is packed with valuable information for cybersecurity professionals looking to stay ahead in a rapidly changing field.

Defcon presentation: Where is my crypto Dude? https://media.defcon.org/DEF%20CON%2033/DEF%20CON%2033%20presentations/Thomas%20Roccia%20-%20Where%E2%80%99s%20My%20Crypto%2C%20Dude%20The%20Ultimate%20Guide%20to%20Crypto%20Money%20Laundering%20%28and%20How%20to%20Track%20It%29.pdf

GenAI Breaches Generative AI Breaches: Threats, Investigations, and Response - Speaker Deck https://speakerdeck.com/fr0gger/generative-ai-breaches-threats-investigations-and-response

Transcripts: https://docs.google.com/document/d/1ZPkJ9P7Cm7D_JdgfgNGMH8O_2oPAbnlc

Chapters

• 00:00 Introduction to AI and Cryptocurrencies
• 00:27 Welcome to CISO Tradecraft
• 00:55 Guest Introduction: Tomas Roccia
• 01:06 Tomas Roccia's Background and Career
• 02:51 AI in Cybersecurity: Defensive Approaches
• 03:19 The Democratization of AI: Risks and Opportunities
• 06:09 AI Tools for Cyber Defense
• 08:09 Challenges and Limitations of AI in Cybersecurity
• 09:20 Microsoft's AI Tools for Defenders
• 12:13 Open Source AI Security: Project Nova
• 18:37 Community Contributions and Open Source Projects
• 19:30 Case Study: Babit Crypto Hack
• 22:12 Money Laundering Techniques in Cryptocurrency
• 23:01 AI in Tracking Cryptocurrency Transactions
• 26:09 Sophisticated Attacks and Money Laundering
• 33:50 Future of AI and Cryptocurrency
• 38:17 Final Thoughts and Advice for Security Executives
• 41:28 Conclusion and Farewell