Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate ...
In this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program.
References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf
Transcripts: https://docs.google.com/document/d/1VLeRozClLZAkZsusYsUn4Q9_1v7WCoN0
Chapters
00:00 Introduction to the Full Irish
01:32 Why Ireland?
02:40 Tax Avoidance Schemes
04:25 GDPR Penalties and Data Protection
05:54 Overview of the 12 Steps to Cybersecurity
07:19 Step 1: Governance and Organization
09:24 Step 2: Identify What Matters Most
10:31 Step 3: Understanding the Threats
12:35 Step 4: Defining Risk Appetite
14:10 Step 5: Education and Awareness
16:00 Step 6: Implement Basic Protections
18:00 Step 7: Detect and Attack
19:37 Step 8: Be Prepared to React
21:24 Step 9: Risk-Based Approach to Resilience
22:52 Step 10: Automated Protections
23:58 Step 11: Challenge and Test Regularly
25:29 Step 12: Cyber Risk Management Lifecycle
26:29 Conclusion and Final Thoughts
--------
28:45
#224 - The Evolution of Data Loss Prevention (DLP)
In this episode of CISO Tradecraft, host G. Mark Hardy dives into the evolution, challenges, and solutions of Data Loss Prevention (DLP). From early methods like 'dirty word lists' in the military to advanced AI and machine learning models of today, discover how DLP technologies have developed to safeguard sensitive information. Learn about different DLP phases, regulatory impacts, and modern tools like Microsoft Purview that can help manage and classify data effectively. This episode is packed with valuable insights to help you tackle data security with confidence and efficiency.
Transcripts
https://docs.google.com/document/d/1u7owNI5P3WajJvRPIXbzrUYy-PCsRcfC
References
Crash course in Microsoft Purview: A guide to securing and managing your data estate
Chapters
00:00 Introduction to Data Loss Prevention (DLP)
00:45 Early Days of DLP: Dirty Word Lists and Simple Networks
02:39 Evolution of DLP: Content Filtering and Endpoint Protection
06:05 Advanced Content Inspection and Policy Enforcement
09:19 Unified DLP and Cloud Adoption
16:04 Modern DLP: AI, Machine Learning, and Zero Trust
19:12 Implementing DLP with Microsoft Purview
28:59 Summary and Final Thoughts
--------
30:34
#223 - A CISO Primer on Agentic AI
In this episode of CISO Tradecraft, G. Mark Hardy dives deep into the world of Agentic AI and its impact on cybersecurity. The discussion covers the definition and characteristics of Agentic AI, as well as expert insights on its feasibility. Learn about its primary functions—perception, cognition, and action—and explore practical cybersecurity applications. Discover the rapid advancements made by tech giants and potential risks involved. This episode is a comprehensive guide to understanding and securely implementing Agentic AI in your enterprise.
Transcripts https://docs.google.com/document/d/1tIv2NKX0DL4NTnvqKV9rKrgrewa68m3W
References
Vladimir Putin - https://www.rt.com/news/401731-ai-rule-world-putin/
Minds and Machines - https://link.springer.com/article/10.1007/s44163-024-00216-2
Anthropic - https://www.cnbc.com/2024/10/22/anthropic-announces-ai-agents-for-complex-tasks-racing-openai.html
Convergence AI - https://convergence.ai/training-web-agents-with-web-world-models-dec-2024/
OpenAI Operator - https://openai.com/index/introducing-operator/
ByteDance UITARS - https://venturebeat.com/ai/bytedances-ui-tars-can-take-over-your-computer-outperforms-gpt-4o-and-claude/
Zapier - https://www.linkedin.com/pulse/openai-bytedance-zapier-launch-ai-agents-getcoai-l6blf/
Microsoft OmniParser - https://www.microsoft.com/en-us/research/articles/omniparser-v2-turning-any-llm-into-a-computer-use-agent/
Google Project Mariner - https://deepmind.google/technologies/project-mariner/
Rajeev Sharma - Agentic AI Architecture - https://markovate.com/blog/agentic-ai-architecture/
NIST.AI.600-1 - https://doi.org/10.6028/NIST.AI.600-1
Mitre ATLAS - https://atlas.mitre.org/
OWASP Top 10 for LLMs - https://owasp.org/www-project-top-10-for-large-language-model-applications/
ISO 42001 - https://www.iso.org/standard/81230.html
Chapters
00:00 Introduction and Intriguing Quote
01:10 Defining Agentic AI
02:01 Expert Insights on Agency
04:32 Agentic AI in Practice
06:54 Recent Developments in Agentic AI
08:20 Deep Dive into Agentic AI Infrastructure
15:35 Use Cases for Agentic AI
21:12 Challenges and Considerations
24:22 Conclusion and Recap
--------
25:43
#222 - 40 Years of Career Advice in 40 Minutes
In this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success.
Transcripts:
https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe
Chapters
01:30 Know Yourself: The First Step to Success
05:23 Develop Your Leadership Skills
07:09 Enhance Your Communication Skills
11:37 Gain Broad Experience
14:28 Pursue Advanced Education
18:13 Network with Other Professionals
20:47 The Importance of Mentorship
22:20 Building Valuable Connections
23:43 Aligning with Business Goals
25:38 Deepening Technical Expertise
26:59 Staying Current with Trends
28:03 Promoting a Security-First Culture
30:18 Addressing Skills Gaps
31:53 Becoming a Master Storyteller
33:35 Engaging with Executives
34:41 Strategic Thinking and Time Management
37:27 Mastering Political Skills
39:14 Conclusion and Final Thoughts
--------
40:11
#221 - Microsoft Majorana is Taking the Quantum Leap
In this episode of CISO Tradecraft, host G Mark Hardy discusses Microsoft's groundbreaking announcement of their new quantum chip, the Majorana. The chip harnesses properties of a topological superconductor, making quantum computing promises more tangible. The episode delves into the technical aspects of quantum bits (qubits), cryptography, and the implications of topological quantum computing. With insights on competitor advancements by Google and potential challenges, this episode provides a comprehensive overview of quantum computing's future and its cyber security implications.
Transcripts: https://docs.google.com/document/d/1O2XG47o2_6jHBtPKL2PcwGRKPe69wFvi
Link: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/
Chapters
00:00 Introduction to CISO Tradecraft
00:26 Microsoft's Quantum Chip Announcement
01:51 Understanding Quantum Bits
03:23 Quantum Computing and Cryptography
06:00 Microsoft's Quantum Leap
09:41 The Physics Behind Quantum Computing
16:48 Majorana Particle and Its Significance
20:29 Applications and Future of Quantum Computing
25:01 Conclusion and Final Thoughts
Denmark