CISO Tradecraft®

• #229 - Understanding the Critical Role of CVEs and CVSS

  In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently. Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII Chapters 00:00 Introduction to CVE and CVSS 01:13 History of Vulnerability Tracking 03:07 The CVE System Explained 06:47 Understanding CVSS Scoring 13:11 Recent Funding Crisis and Its Impact 15:53 Future of the CVE Program 18:27 Conclusion and Final Thoughts

  --------  

  20:06
• #228 - CIS CSAT (with Scot Gicking)

  Join host G Mark Hardy on CISO Tradecraft as he welcomes expert Scott Gicking to discuss the Center for Internet Security's (CIS) Controls Self-Assessment Tool (CSAT). Learn what CSAT is, how to effectively use it, and how it can enhance your career in cybersecurity. Stay tuned for insights on creating effective security frameworks, measuring maturity, and improving organizational security posture using the CSAT tool.   Scott Gicking - https://www.linkedin.com/in/scottgickingus/ CIS CSAT - https://www.cisecurity.org/controls/cis-controls-self-assessment-tool-cis-csat Transcripts: https://docs.google.com/document/d/1WAI9U0WEUSJH1ZVWM1HdtFEf-O9hLJBe   Chapters 01:16 Guest Introduction: Scott Gicking 02:49 Scott's Career Journey 04:03 The Hollywood Cybersecurity Incident 07:38 Introduction to CIS and Its Importance 09:49 Understanding the CIS CSAT Tool 10:13 Implementing CIS CSAT in a Real-World Scenario 13:00 Benefits of the CIS CSAT Tool 18:38 Developing a Three-Year Roadmap with CSAT 23:25 Scoring Policies and Controls 24:20 Control Implementation and Automation 25:22 CMMC Certification Levels 27:52 Honest Self-Assessment 30:01 Quick and Dirty Assessment Approach 33:07 Building Trust and Reporting 37:38 Business Impact Analysis Tool 40:02 Reputational Damage and CISO Challenges 42:55 Final Thoughts and Contact Information

  --------  

  44:48
• #227 - The 30 Year CISO Evolution

  Ever wonder how the CISO role went from obscure techie to boardroom MVP? In this episode of CISO Tradecraft, G Mark Hardy takes you on a journey through the evolution of the Chief Information Security Officer — from Steve Katz's groundbreaking appointment at Citibank in 1995 to the high-stakes, high-impact role CISOs play today. Transcripts: https://docs.google.com/document/d/1FlKBW6zlVBqLoSTQMGZIfz--ZLD_aS9t/edit   Chapters 00:00 Introduction to the Evolution of the CISO Role 00:58 The First CISO: Steve Katz's Pioneering Journey 03:58 Rise of Security Certifications 08:39 Regulatory Wake-Up Calls and Compliance 12:23 Cybersecurity in the Age of State-Sponsored Attacks 17:58 The Impact of Major Cyber Incidents 25:07 Modern Challenges and the Future of the CISO Role 27:51 Conclusion and Final Thoughts

  --------  

  28:34
• #226 - Vulnerability Management (with Chris Hughes)

  In this episode of CISO Tradecraft, we host Chris Hughes, CEO of Aquia, cybersecurity consultant, and author. Chris shares insights on the evolving landscape of cybersecurity, discussing software supply chain threats, vulnerability management, relationships between security and development, and the future impacts of AI. Tune in to gain expert advice on becoming an effective cybersecurity leader. Chris Hughes - https://www.linkedin.com/in/resilientcyber/ Transcripts: https://docs.google.com/document/d/1j5ernS0Gk3LH-qcjhi6gOfojBqQljGhi Chapters  00:00 Introduction and Special Guest Announcement 00:55 Chris Hughes' Background and Career Journey 02:46 Government and Industry Engagement 03:42 Supply Chain Security Challenges 07:34 Vulnerability Management Insights 12:13 Navigating the Overwhelming Vulnerability Landscape 22:19 Building Positive Relationships in Cybersecurity 23:41 Empowering Risk-Informed Decisions 24:29 Aligning with Organizational Risk Appetite 25:33 Navigating Job Changes and Organizational Fit 26:32 The Role of Compliance in Security 33:27 The Impact of AI on Security 43:05 Balancing Build vs. Buy Decisions 45:05 Conclusion and Final Thoughts

  --------  

  45:53
• #225 - The Full Irish

  In this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program. References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf Transcripts: https://docs.google.com/document/d/1VLeRozClLZAkZsusYsUn4Q9_1v7WCoN0 Chapters  00:00 Introduction to the Full Irish 01:32 Why Ireland? 02:40 Tax Avoidance Schemes 04:25 GDPR Penalties and Data Protection 05:54 Overview of the 12 Steps to Cybersecurity 07:19 Step 1: Governance and Organization 09:24 Step 2: Identify What Matters Most 10:31 Step 3: Understanding the Threats 12:35 Step 4: Defining Risk Appetite 14:10 Step 5: Education and Awareness 16:00 Step 6: Implement Basic Protections 18:00 Step 7: Detect and Attack 19:37 Step 8: Be Prepared to React 21:24 Step 9: Risk-Based Approach to Resilience 22:52 Step 10: Automated Protections 23:58 Step 11: Challenge and Test Regularly 25:29 Step 12: Cyber Risk Management Lifecycle 26:29 Conclusion and Final Thoughts

  --------  

  28:45

Weitere Technologie Podcasts

Trending Technologie Podcasts

Über CISO Tradecraft®