In this episode of CISO Tradecraft, G. Mark Hardy shares 15 crucial characteristics to help you succeed in your cybersecurity career and become an effective CISO. From knowing yourself and developing leadership skills to enhancing communications and staying current with trends, Hardy distills decades of wisdom into practical advice. Learn how to navigate career transitions, build technical credibility, become an effective storyteller, and master political skills essential for C-level success.

Transcripts: https://docs.google.com/document/d/1MpjXD8LqnHS_Lj1S-6T7vxcclxzUjEhe

In this episode of CISO Tradecraft, host G Mark Hardy discusses Microsoft's groundbreaking announcement of their new quantum chip, the Majorana. The chip harnesses properties of a topological superconductor, making quantum computing promises more tangible. The episode delves into the technical aspects of quantum bits (qubits), cryptography, and the implications of topological quantum computing. With insights on competitor advancements by Google and potential challenges, this episode provides a comprehensive overview of quantum computing's future and its cyber security implications.

Transcripts: https://docs.google.com/document/d/1O2XG47o2_6jHBtPKL2PcwGRKPe69wFvi

Link: https://azure.microsoft.com/en-us/blog/quantum/2025/02/19/microsoft-unveils-majorana-1-the-worlds-first-quantum-processor-powered-by-topological-qubits/

Chapters

• 00:00 Introduction to CISO Tradecraft
• 00:26 Microsoft's Quantum Chip Announcement
• 01:51 Understanding Quantum Bits
• 03:23 Quantum Computing and Cryptography
• 06:00 Microsoft's Quantum Leap
• 09:41 The Physics Behind Quantum Computing
• 16:48 Majorana Particle and Its Significance
• 20:29 Applications and Future of Quantum Computing
• 25:01 Conclusion and Final Thoughts

This podcast episode discusses the formation of a professional association for CISOs, driven by increasing personal liability risks faced by these executives. The conversation centers on establishing a formal definition and accreditation process for the CISO role, moving beyond existing certifications to demonstrate operational and theoretical expertise. This professionalization effort aims to reduce personal liability through a tailored insurance product, negotiated collectively by the association, and preempt potentially ill-defined government regulations. Ultimately, the goal is to create a structured, respected profession for CISOs, offering benefits such as insurance, professional development, and a unified voice within the industry.

Professional Association of CISOs - https://theciso.org/

Transcripts - https://docs.google.com/document/d/1BNeUzSyPYX-vAYwQl9qCi0GhknYhKnWF/

Chapters

• 00:00 Introduction to Professionalizing the CISO Role
• 00:52 The Genesis of a Professional Association
• 03:39 Challenges and Legal Liabilities for CISOs
• 04:43 The Value of Joining the Association
• 06:24 Accreditation and Certification Process
• 10:38 Insurance and Risk Management for CISOs
• 18:45 Future Directions and Getting Involved

In this episode of CISO Tradecraft, host G. Mark Hardy and special guest Colleen Lennox dive into the transformative power of AI in HR. Discover how AI can revolutionize identifying, attracting, and retaining cybersecurity talent. They discuss the challenges of finding the right personnel in the cybersecurity field, the innovative AI-driven solutions that can streamline recruitment processes, and how these tools can help in talent management and career progression. Stay tuned as they explore the potential of AI in creating a more effective and bias-free hiring process, while also discussing the future implications for HR and recruiters in the evolving landscape. Big Thanks to our

Sponsors: CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

Transcripts: https://docs.google.com/document/d/1f6B9Ye02WHWo7q15avBm0359pxGNqnVu

Chapters

• 00:00 Introduction: AI and Workforce Concerns
• 00:28 Welcome to CISO Tradecraft
• 01:01 Meet Colleen Lennox: AI in HR
• 01:27 Challenges in Cybersecurity Recruitment
• 03:11 AI-Powered Recruitment Solutions
• 07:07 Improving Talent Management with AI
• 13:36 Addressing Bias in AI Recruitment
• 17:20 Future of AI in HR and Recruitment
• 21:04 Conclusion and Contact Information

In this episode of CISO Tradecraft, host G. Mark Hardy sits down with Bill Dougherty, CISO of Omada Health, to discuss a groundbreaking threat model called 'Includes No Dirt'. This comprehensive model integrates security, privacy, and compliance considerations, aiming to streamline and enhance threat modeling processes. The conversation covers the origin and principles of the model, its applicability across different sectors, and the essential aspects of threat modeling. Listeners are also treated to insights on handling third-party risks and adapting to emerging AI challenges. The episode provides practical advice for cybersecurity leaders looking to effectively manage and mitigate risks while reducing redundancy.

Big Thanks to our Sponsors:

ZeroPath - https://zeropath.com/

CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

The No DIRT Threat Model can be found here: http://www.includesnodirt.com/nodirt.pdf

Transcripts: https://docs.google.com/document/d/1vWq4Zx7pzM_B65W933m8_TE0fLKaUw3X

Chapters

• 03:27 The Genesis of Includes No Dirt
• 05:05 Combining Security, Privacy, and Compliance
• 07:24 Implementing the No Dirt Model
• 11:42 Scoring and Evaluating Risks
• 17:41 Third-Party Risk Management
• 25:49 Evaluating SaaS Requests Based on Risk
• 27:55 Adapting Threat Models for AI
• 31:24 Principles of Minimum Necessary Data
• 33:42 General Applicability of Security Principles
• 35:12 Includes No Dirt: A Comprehensive Threat Model
• 40:15 Final Thoughts and Recommendations

Join G. Mark Hardy in a riveting episode of CISO Tradecraft as he sits down with Dustin Lehr to uncover strategies for creating security champions among developers. Explore effective techniques to inspire culture change, leverage AI tools for security, and discover the difference between leadership and management. This insightful discussion includes actionable steps to establish a robust security champions program, from defining a vision to executing with gamification. Whether you’re an aspiring champion or a seasoned cybersecurity leader, this episode is packed with valuable insights to elevate your organization’s security practices.

Big Thanks to our Sponsors:

ZeroPath - https://zeropath.com/

CruiseCon - Use code CISOTRADECRAFT10 at https://cruisecon.com/ for 10% off registration!

Transcripts - https://docs.google.com/document/d/1IgPbmnNaEF_1GIQTRxHStOoUKtZM4azH

Learn more about this topic by reading Justin's Website - https://securitychampionsuccessguide.org/

Justin Lehr's Company - https://www.katilyst.com/

Chapters

• 01:05 Meet Dustin Lair
• 04:05 Leadership vs. Management
• 06:17 The Role of Security Champions
• 17:20 Recruiting Security Champions
• 24:42 Exploring the Framework: Vision and Goals
• 26:25 Defining Participants and Their Roles
• 28:37 Understanding the Current Setting
• 33:27 Conceptualizing Ideal Actions
• 35:20 Designing with Gamification in Mind
• 40:30 Effective Delivery and Continuous Tuning
• 41:30 Overcoming Challenges and Final Thoughts

In this episode of CISO Tradecraft, host G Mark Hardy explores the top 10 cybersecurity predictions for 2025. From the rise of AI influencers to new standards in encryption, Hardy discusses significant trends and changes expected in the cybersecurity landscape. The episode delves into topics such as branding, application security, browser-based security, and post-quantum cryptography, aiming to prepare listeners for future challenges and advancements in the field.

Big Thanks to our Sponsor

CruiseCon - https://cruisecon.com/

CruiseCon Discount Code: CISOTRADECRAFT10

Team8 Fixing AppSec Paper - https://bunny-wp-pullzone-pqzn4foj9c.b-cdn.net/wp-content/uploads/2024/11/Fixing-AppSec-Paper.pdf

Terraform and Open Policy Agent Example - https://spacelift.io/blog/terraform-best-practices#8-introduce-policy-as-code

Transcripts - https://docs.google.com/document/d/1u6B2PrkJ1D14d9HjQQHSg7Fan3M6n4dy

Chapters

• 01:19 1) AI Influencers become normalized
• 03:17 2) The Importance of Production Quality in Branding
• 05:19 3) Google and Apple Collaboration for Enhanced Security
• 06:28 4) Consolidation in Application Security and Vulnerability Management
• 08:36 5) The Rise of Models Committees
• 09:09 6) Formalizing the CISO Role
• 11:03 7) Exclusive CISO Retreats: The New Trend
• 12:12 8) Automating Cybersecurity Tasks with Agentic AI
• 13:10 9) Browser-Based Security Solutions
• 14:22 10) Post-Quantum Cryptography: Preparing for the Future