Join host G Mark Hardy on CISO Tradecraft as he welcomes expert Scott Gicking to discuss the Center for Internet Security's (CIS) Controls Self-Assessment Tool (CSAT). Learn what CSAT is, how to effectively use it, and how it can enhance your career in cybersecurity. Stay tuned for insights on creating effective security frameworks, measuring maturity, and improving organizational security posture using the CSAT tool.
Scott Gicking - https://www.linkedin.com/in/scottgickingus/
CIS CSAT - https://www.cisecurity.org/controls/cis-controls-self-assessment-tool-cis-csat
Transcripts: https://docs.google.com/document/d/1WAI9U0WEUSJH1ZVWM1HdtFEf-O9hLJBe
Chapters
01:16 Guest Introduction: Scott Gicking
02:49 Scott's Career Journey
04:03 The Hollywood Cybersecurity Incident
07:38 Introduction to CIS and Its Importance
09:49 Understanding the CIS CSAT Tool
10:13 Implementing CIS CSAT in a Real-World Scenario
13:00 Benefits of the CIS CSAT Tool
18:38 Developing a Three-Year Roadmap with CSAT
23:25 Scoring Policies and Controls
24:20 Control Implementation and Automation
25:22 CMMC Certification Levels
27:52 Honest Self-Assessment
30:01 Quick and Dirty Assessment Approach
33:07 Building Trust and Reporting
37:38 Business Impact Analysis Tool
40:02 Reputational Damage and CISO Challenges
42:55 Final Thoughts and Contact Information
--------
44:48
#227 - The 30 Year CISO Evolution
Ever wonder how the CISO role went from obscure techie to boardroom MVP? In this episode of CISO Tradecraft, G Mark Hardy takes you on a journey through the evolution of the Chief Information Security Officer — from Steve Katz's groundbreaking appointment at Citibank in 1995 to the high-stakes, high-impact role CISOs play today.
Transcripts: https://docs.google.com/document/d/1FlKBW6zlVBqLoSTQMGZIfz--ZLD_aS9t/edit
Chapters
00:00 Introduction to the Evolution of the CISO Role
00:58 The First CISO: Steve Katz's Pioneering Journey
03:58 Rise of Security Certifications
08:39 Regulatory Wake-Up Calls and Compliance
12:23 Cybersecurity in the Age of State-Sponsored Attacks
17:58 The Impact of Major Cyber Incidents
25:07 Modern Challenges and the Future of the CISO Role
27:51 Conclusion and Final Thoughts
--------
28:34
#226 - Vulnerability Management (with Chris Hughes)
In this episode of CISO Tradecraft, we host Chris Hughes, CEO of Aquia, cybersecurity consultant, and author. Chris shares insights on the evolving landscape of cybersecurity, discussing software supply chain threats, vulnerability management, relationships between security and development, and the future impacts of AI. Tune in to gain expert advice on becoming an effective cybersecurity leader.
Chris Hughes - https://www.linkedin.com/in/resilientcyber/
Transcripts: https://docs.google.com/document/d/1j5ernS0Gk3LH-qcjhi6gOfojBqQljGhi
Chapters
00:00 Introduction and Special Guest Announcement
00:55 Chris Hughes' Background and Career Journey
02:46 Government and Industry Engagement
03:42 Supply Chain Security Challenges
07:34 Vulnerability Management Insights
12:13 Navigating the Overwhelming Vulnerability Landscape
22:19 Building Positive Relationships in Cybersecurity
23:41 Empowering Risk-Informed Decisions
24:29 Aligning with Organizational Risk Appetite
25:33 Navigating Job Changes and Organizational Fit
26:32 The Role of Compliance in Security
33:27 The Impact of AI on Security
43:05 Balancing Build vs. Buy Decisions
45:05 Conclusion and Final Thoughts
--------
45:53
#225 - The Full Irish
In this episode of CSO Tradecraft, host G. Mark Hardy introduces 'The Full Irish,' a cybersecurity framework based on the '12 Steps to Cybersecurity' guidance from Ireland's National Cybersecurity Center. The episode covers comprehensive steps from governance and risk management to incident response and resilience, making it a valuable resource for cybersecurity professionals. G Mark also discusses the implications of multinational companies operating in Ireland, including tax strategies and notable GDPR fines. The episode provides pragmatic guidance and actionable insights to enhance your cybersecurity program.
References: https://www.ncsc.gov.ie/pdfs/Cybersecurity_12_steps.pdf
Transcripts: https://docs.google.com/document/d/1VLeRozClLZAkZsusYsUn4Q9_1v7WCoN0
Chapters
00:00 Introduction to the Full Irish
01:32 Why Ireland?
02:40 Tax Avoidance Schemes
04:25 GDPR Penalties and Data Protection
05:54 Overview of the 12 Steps to Cybersecurity
07:19 Step 1: Governance and Organization
09:24 Step 2: Identify What Matters Most
10:31 Step 3: Understanding the Threats
12:35 Step 4: Defining Risk Appetite
14:10 Step 5: Education and Awareness
16:00 Step 6: Implement Basic Protections
18:00 Step 7: Detect and Attack
19:37 Step 8: Be Prepared to React
21:24 Step 9: Risk-Based Approach to Resilience
22:52 Step 10: Automated Protections
23:58 Step 11: Challenge and Test Regularly
25:29 Step 12: Cyber Risk Management Lifecycle
26:29 Conclusion and Final Thoughts
--------
28:45
#224 - The Evolution of Data Loss Prevention (DLP)
In this episode of CISO Tradecraft, host G. Mark Hardy dives into the evolution, challenges, and solutions of Data Loss Prevention (DLP). From early methods like 'dirty word lists' in the military to advanced AI and machine learning models of today, discover how DLP technologies have developed to safeguard sensitive information. Learn about different DLP phases, regulatory impacts, and modern tools like Microsoft Purview that can help manage and classify data effectively. This episode is packed with valuable insights to help you tackle data security with confidence and efficiency.
Transcripts
https://docs.google.com/document/d/1u7owNI5P3WajJvRPIXbzrUYy-PCsRcfC
References
Crash course in Microsoft Purview: A guide to securing and managing your data estate
Chapters
00:00 Introduction to Data Loss Prevention (DLP)
00:45 Early Days of DLP: Dirty Word Lists and Simple Networks
02:39 Evolution of DLP: Content Filtering and Endpoint Protection
06:05 Advanced Content Inspection and Policy Enforcement
09:19 Unified DLP and Cloud Adoption
16:04 Modern DLP: AI, Machine Learning, and Zero Trust
19:12 Implementing DLP with Microsoft Purview
28:59 Summary and Final Thoughts
México