In this episode of CISO Tradecraft, host G Mark Hardy speaks with gamification pioneer Yu-Kai Chou about his new book, '10,000 Hours of Play: Unlock Your Real Life Legendary Success.' Explore key concepts such as aligning your passions, skills, and goals through six essential steps: choosing your game, knowing your attributes, selecting your role, enhancing your skills, building alliances, and achieving your quest. Discover how gamification can lead to personal and professional success. Tune in for an insightful conversation that could change the way you approach your career and life.

Yu-Kai Chou - https://www.linkedin.com/in/yukaichou/

Actionable Gamification Book - https://a.co/d/isv7K0W

10,000 Hours of Play Book - https://a.co/d/3L88jTs

Transcripts: https://docs.google.com/document/d/1gPxWVeS8QYNsgGpXt3EDQy5zGcCYH7hL

Chapters

• 00:00 Introduction: The Power of Play
• 00:34 Meet Yu-Kai Chou: Gamification Pioneer
• 04:16 Understanding the Octalysis Framework
• 07:34 10,000 Hours of Play: A New Perspective
• 09:24 Choosing Your Game: Discovering Your Life's Mission
• 16:49 Knowing Your Attributes: Identifying Your Strengths
• 22:14 Selecting Your Role: Layers of Your Role Sphere
• 23:12 Aspiration and Identity: Defining Who You Want to Be
• 24:46 Occupation and Specialization: Aligning Your Roles
• 26:48 The Importance of Direction and Continuous Growth
• 28:05 The Concept of Ikigai and Skill Enhancement
• 30:38 Creating a Skill Triangle and Role Models
• 31:39 Gamification in Cybersecurity and Beyond
• 32:50 The Role of Determination and Passion
• 37:50 Building Alliances for Success
• 41:27 Recap and Final Thoughts

In this episode of CISO Tradecraft, host G Mark Hardy discusses the ongoing Israel-Iran conflict and its potential cyber implications with cybersecurity expert Nathan Case. They delve into lessons learned from the Russia-Ukraine conflict, discuss the effectiveness of cyber warfare, and evaluate Iran's cyber capabilities. The conversation also covers the ethical implications of cyber attacks, dual-use targets, and the danger of supply chain vulnerabilities. Practical advice is provided on improving cybersecurity measures, including the importance of MFA, network segmentation, and evaluating internal threats. Join us for an in-depth look at how current geopolitical tensions can impact global cybersecurity.

Nathan Case - https://www.linkedin.com/in/nathancase/

Chapters

• 00:00 Introduction to the Israel-Iran Conflict
• 00:52 Meet the Expert: Nate Case
• 01:51 Cyber Warfare Insights from Russia-Ukraine Conflict
• 03:36 The Impact of Cyber on Critical Infrastructure
• 08:00 Ethics and Rules of Cyber Warfare
• 15:01 Iran's Cyber Capabilities and Strategies
• 16:56 Historical Context and Modern Cyber Threats
• 23:28 Foreign Cyber Threats: The Iranian Example
• 24:06 Israel's Cyber Capabilities
• 25:39 The Role of Cyber Command
• 26:23 Challenges in Cyber Defense
• 27:11 The Complexity of Cyber Warfare
• 32:21 Ransomware and Attribution Issues
• 36:13 Defensive Cyber Operations
• 39:39 Final Thoughts and Recommendations

Join G Mark Hardy and Carson Zimmerman, the author of '11 Strategies of a World-Class Cybersecurity Operations Center,' in this insightful episode of CISO Tradecraft. Carson shares his career journey, the evolution from the 10 to 11 strategies, and delves into the future needs of Security Operations Centers (SOCs). They discuss critical topics such as the importance of continuous improvement, AI's impact on SOCs, and the value of embracing neurodiversity in cybersecurity teams. Whether you're a seasoned cybersecurity leader or an aspiring professional, get actionable advice on how to enhance and revolutionize your SOC operations.

11 Strategies of a World Class Cybersecurity Operations Center https://www.mitre.org/sites/default/files/2022-04/11-strategies-of-a-world-class-cybersecurity-operations-center.pdf

14 Questions are all you need - https://www.first.org/resources/papers/conf2024/1445-14-Questions-Carson-Zimmerman.pdf

Transcripts - https://docs.google.com/document/d/1WVJi9WkxOG7yedQYWSooiqRFjBERd9kV

Chapters

• 00:00 Introduction and Guest Welcome
• 00:53 Background and Book Discussion
• 03:33 SOC Challenges and Stagnation
• 06:10 Managing SOC Alerts and Burnout
• 09:26 SOC Evolution and Neurodiversity
• 23:50 Career Progression in Cybersecurity
• 30:28 Impact of AI on SOC Operations
• 40:07 Final Thoughts and Conclusion

In this episode of CISO Tradecraft, host G Mark Hardy sits down with Matt Hillary, the Chief Information Security Officer of Drata, to discuss governance, risk, and compliance (GRC) and trust management. They explore key topics such as the evolution of GRC, trust management, compliance automation, and the advent of AI in compliance processes. Matt shares insights on building a world-class GRC program, the challenges and opportunities in modern-day compliance, and the mental health aspects of being a cybersecurity leader. This episode is a must-watch for any cybersecurity professional looking to enhance their GRC strategies and compliance operations.

Big Thanks to our Sponsor Drata. You can learn more about them at https://drata.com/

Connect with Matt Hillary at https://www.linkedin.com/in/matthewhillary/

Transcripts - https://docs.google.com/document/d/1VzRQSEvgUwenDERlNn2bwlIpnz4QPQ15/

Chapters

• 01:39 Meet Matt Hillary: CISO of Drata
• 06:06 The Evolution of GRC and Trust Management
• 14:48 Continuous Compliance and Automation
• 19:26 Compliance as Code: The Future of GRC
• 22:18 The Importance of Getting It Right the First Time
• 23:15 Customer Compliance Challenges
• 24:21 Vendor Risk Management and Trust Building
• 26:26 Leveraging AI for Compliance and Risk Management
• 31:43 Evaluating Credibility of Third-Party Evidence
• 41:09 Common Mistakes in GRC Programs
• 43:56 Final Thoughts and Industry Call to Action

Join G Mark Hardy at THOTCON in Chicago for an insightful podcast episode on building a successful cybersecurity career. Featuring guest Ryan Gooler, they discuss the non-linear paths to success, the value of mentorship, financial planning, and the importance of continuous learning and adapting. Learn how to navigate career transitions, embrace risks, and find joy in teaching and learning from others in the cybersecurity community.

Transcripts: https://docs.google.com/document/d/1nsd61mkIWbmIL1qube0-cdqINsDujAVH

Chapters

• 00:00 Welcome to THOTCON: Meeting Amazing People
• 00:26 Introducing Ryan Gooler: A Journey into Cybersecurity
• 04:09 The Value of Mentorship in Cybersecurity
• 06:22 Career Management and Setting Goals
• 09:33 Financial Planning for Cybersecurity Professionals
• 16:40 Automating Finances and Smart Spending
• 21:25 Financial Sophistication and Mutual Funds
• 22:07 Automating Life Tasks
• 22:41 The Concept of a Finishing Stamp
• 24:17 Leadership and Delegation in the Navy
• 26:06 Building and Maintaining Culture
• 27:21 Surviving Toxic Environments
• 29:55 Taking Risks and Finding Joy
• 34:34 Advice for Cybersecurity Careers
• 39:01 The Importance of Teaching and Learning
• 40:29 Conclusion and Farewell

In this episode of CISO Tradecraft, host G Mark Hardy delves into the emerging concept of Model Context Protocol (MCP) and its significance in AI and enterprise security. Launched by Anthropic in November 2024, MCP is designed to standardize how AI systems interact with external data sources and applications. Hardy explores how MCP differs from traditional APIs, its implications for security, and the steps organizations need to take to prepare for its adoption. Key topics include the stateful nature of MCP, security risks such as prompt injection and tool poisoning, and the importance of developing a robust governance framework. By the end of the episode, listeners will have a comprehensive understanding of MCP and practical recommendations for safeguarding their AI-driven workflows.

Transcripts https://docs.google.com/document/d/1vyfFJgTbsH73CcQhtBBkOfDoTrJYqzl_

References

Model Context Protocol specification and security best practices, https://modelcontextprotocol.io ⁠

Security risks of MCP, https://pillar.security ⁠ ⁠

MCP security considerations, https://writer.com

Chapters

• 00:00 Introduction to Model Context Protocol (MCP)
• 00:27 Understanding MCP and Its Importance
• 01:41 How MCP Works and Its Security Implications
• 04:23 Comparing MCP to Traditional APIs
• 08:41 MCP Architecture and Security Benefits
• 12:07 Top Security Risks of MCP
• 18:00 Implementing Security Controls for MCP
• 25:00 Governance Framework for MCP
• 28:03 Future Trends and Strategic Recommendations
• 30:34 Conclusion and Next Steps

Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology.

Chapters

• 00:00 Introduction to Web 3.0
• 00:31 Meet the Expert: Aaron Markell
• 01:39 Aaron's Journey into Web 3.0
• 03:51 Understanding Web 1.0, 2.0, and 3.0
• 04:36 Decentralization and Blockchain Basics
• 05:51 The SETI Project and Distributed Workloads
• 08:09 Proof of Work and Blockchain Security
• 17:22 Smart Contracts Explained
• 20:10 Proof of Stake vs. Proof of Work
• 23:51 The Role of Tokens in Web 3.0
• 24:22 Understanding Microtransactions and Ownership
• 25:05 What is an NFT?
• 26:40 The Rise and Fall of NFTs
• 28:36 Web 3.0 and Its Impact on Industries
• 30:10 Blockchain in Finance and Commerce
• 30:55 Private Blockchains and Government Transparency
• 34:09 Blockchain in Legal and Healthcare Sectors
• 36:59 Supply Chain Transformation with Web 3.0
• 39:59 The Future of Web 3.0 and AI Integration
• 41:03 Final Thoughts and Security Tips

Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports.

Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/

Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz

Chapters

• 00:35 Verizon Data Breach Investigations Report (DBIR) Introduction
• 01:16 Accessing the DBIR Report
• 02:38 Key Takeaways from the DBIR
• 03:15 Third-Party Breaches
• 04:32 Ransomware Insights
• 08:08 Exploitation of Vulnerabilities
• 09:39 Credential Abuse
• 12:25 Espionage Attacks
• 14:04 System Intrusions in APAC
• 15:04 Business Email Compromise (BEC)
• 18:07 Human Risk and Security Awareness
• 19:19 Industry-Specific Trends
• 20:06 Multi-Layered Defense Strategy
• 21:08 Data Leakage to Gen AI