G Mark Hardy & Ross Young

CISO Tradecraft®

You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved

Author

G Mark Hardy & Ross Young

Category

Technology

Podcast website

www.cisotradecraft.com

Latest episode

Jul 6, 2026

Where to listen?

Podcasts in the app Replaio Radio Coming soon

Podcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts

Get it on Google Play Install for free Android 5M+ downloads · 4.8 rating iOS soon

Episodes

The CISO Mind Map Has Evolved for the AI Era - #291 06.07.2026

How has the role of the CISO changed over the last 15 years? In this episode of CISO Tradecraft, G. Mark Hardy interviews Rafeeq Rehman, creator of the CISO Mind Map, to discuss its latest update and the biggest challenges facing cybersecurity leaders today. You'll learn: Why the CISO Mind Map was updated after 15 years How AI security is reshaping cybersecurity leadership Why the remote work cate...

Harvest Now, Decrypt Later (with Marcus Sachs) - #290 29.06.2026

Nation-state adversaries are vacuuming up encrypted traffic today, waiting for quantum computers to decrypt it tomorrow. This attack strategy, "Harvest Now, Decrypt Later," isn't theoretical. It's happening right now. G Mark Hardy sits down with Marcus Sachs (former White House cyber advisor, CSO of NERC, now SVP and Chief Engineer at CIS) to break down two executive orders just signed by the Whit...

#289 - What's the Best Career Move After Being a CISO? (with Gary Hayslip) 22.06.2026

On this episode of CISO Tradecraft, host G Mark Hardy talks with Gary Hayslip about cybersecurity career growth beyond the traditional CISO “apex,” drawing on Hayslip’s 25+ years across military service, US Navy civil service, the City of San Diego as its first CISO, Webroot (CISO/CIO), SoftBank (including cyber and physical security), and most recently a field CISO role before being laid off. The...

#288 - How to Break Into Cybersecurity Through GRC (with Steve McMichael) 15.06.2026

In this CISO Tradecraft episode, host G Mark Hardy interviews Steve McMichael, author of "How to Break into GRC: Mindset, Methods, and Skills," about entering cybersecurity through governance, risk, and compliance. McMichael shares his transition from accounting and explains GRC’s role as decision support and the interface between business and technical teams, breaking down governance, risk manage...

#287 - Cybersecurity Insights You'll Want to Hear (with Michael Hammer) 08.06.2026

Want to move from "security expert" to "trusted business leader"? Join G. Mark Hardy and Michael Hammer. The mind behind the core of DMARC , for 40 years of hard-won wisdom on navigating the CISO role, This episode is a masterclass in evolving from a technical gatekeeper to a strategic influencer who changes the environment,. Inside this episode: Modern Email Security: Why DMARC and SPF aren't "se...

#286 - AI-Native Security (with Nishant Doshi & Saro Subbiah) 01.06.2026

What if your next breach isn't caused by a human... but by an AI agent acting exactly as instructed? Cyberhaven's CEO (Nishant Doshi) and SVP of Engineering (Saro Subbiah) reveal why AI is a true zero-to-one shift, why every employee is building agents, and why traditional security controls are struggling to keep up with machine-speed workflows. The most interesting question for CISOs isn't whethe...

#285 - Passwordless Authentication (with Nishant Kaushik) 25.05.2026

In this discussion, G. Mark Hardy and Nishant Kaushik explore the necessity of moving beyond traditional passwords, which they define as the original sin of cybersecurity due to their vulnerability to credential stuffing and phishing attacks. Kaushik explains that the FIDO Alliance promotes a passwordless future by replacing shared secrets with asymmetric cryptography, utilizing private keys store...

#284 - Lessons Learned from SQL Slammer to AI Agents (with Aaron Turner) 18.05.2026

What can today’s CISOs learn from the chaos of Code Red and SQL Slammer? In this episode, G Mark Hardy interviews Aaron Turner about what it was like responding inside Microsoft during two of the most infamous cyber outbreaks in history. Aaron shares firsthand stories from the era when SQL Slammer infected at least 75,000 systems in roughly 10 minutes, exposing massive gaps in patch management, se...

#283 - Leadership Lessons and the Art of the Performance (with Chris Brogan) 11.05.2026

In this episode of the CISO Tradecraft podcast, host G Mark Hardy interviews early tech adopter Chris Brogan to explore the intersection of high-performance leadership and effective communication. Drawing from his interviews with Navy SEALs and his tenure as a Chief of Staff, Brogan emphasizes that leadership is essentially the management of options and the cultivation of repetitive training to bu...

#282 - Top 10 Agentic AI Attacks (with Rock Lambros) 04.05.2026

In this CISO Tradecraft episode, host G Mark Hardy interviews recovering CISO Rock Lambros (Zenity) about securing Agentic AI and the emerging risks beyond LLM hallucinations. Lambros recounts his path from Oracle developer to CISO and AI standards work, then explains how agentic AI increases risk by connecting models to tools and actions. They discuss agentic AI supply chain attacks, including ba...

#281 - SIEM Secrets They Don’t Tell You (with Anton Chuvakin & Alex Hurtado) 27.04.2026

In this CISO Tradecraft episode, host G Mark Hardy talks with Anton Chuvakin and Alex Hurtado about how SIEM programs fail and how organizations overspend when implementations prioritize dashboards or compliance over actionable detection engineering and collecting the right data. They share costly war stories ranging from multi-million and eight-figure deployments that became expensive “log toilet...

#280 - Mythos and the Future of Vulnerability Operations (with Gadi Evron) 20.04.2026

In this episode of CISO Tradecraft, host G Mark Hardy speaks with Gadi Evron about the paper “The AI Vulnerability Storm Building: A Mythos Ready Security Program,” a community-driven draft produced in days with extensive input from security leaders. Evron explains how advances in LLMs and agents are accelerating vulnerability discovery and exploitation, shrinking time-to-exploit assumptions and l...

#279 - AI Readiness (with JP Bourget) 13.04.2026

On CISO Tradecraft, host G Mark Hardy welcomes back JP Bourgeet to discuss what “AI readiness” means for organizations, framing it as both a data governance challenge and a change-management problem. JP defines readiness for CISOs as strong threat protection, data security/governance, and device management, with the biggest gaps typically in labeling, DLP/DSPM, and poor information architecture (e...

#278 - RSAC Takeaways: AI SOC, Agent Security, and What Cyber Marketing Gets Wrong 07.04.2026

In this CISO Tradecraft episode, G Mark Hardy, Ross Young, and Andy Ellis share RSAC insights from the vendor floor, including Andy’s effort to visit about 607 booths. They highlight dominant themes like AI SOC offerings and agentic/agent security messaging, noting that many booths used unclear marketing or even failed to describe what they do. The discussion critiques activity-based metrics like...

#277 - From SaaS to AI Agents: Gone in 60 Seconds 30.03.2026

In this CISO Tradecraft episode, co-hosts G Mark Hardy and Ross Young discuss how large language models are transforming software development and shifting cybersecurity from buying Software as a Service to “Service as Software,” and ultimately to "Systems of AI agents". They explain how writing code in English enables rapid prototyping, changing cost models by reducing labor hours and increasing s...

#276 - How is AI Reshaping Fraud (with Brian Long) 23.03.2026

In this episode of CISO Tradecraft, host G Mark Hardy speaks with Brian Long, CEO and co-founder of Adaptive Security, about how AI is accelerating and scaling social engineering through deepfakes, OSINT-driven personalization, and real-time conversational attacks. Brian says people remain the biggest opportunity in cyber defense, citing rapid growth in deepfake-enabled incidents and examples incl...

#275 - How to Secure Vibe Code (with Shahar Man) 16.03.2026

In this CISO Tradecraft episode, host G Mark Hardy interviews Shahar Man of Backslash Security about the rapidly expanding attack surface created by AI-driven “vibe coding” tools like Claude Code, Cursor, and Copilot. Shahar explains how prompting is shifting software creation, affecting education and hiring, and pushing security “further left” to the prompt, agent, MCP, skills, and rules level. H...

#274 - The State of Stress in Cyber (with Steve Shelton) 09.03.2026

In this CISO Tradecraft episode, host G Mark Hardy interviews Steve Shelton ( https://www.linkedin.com/in/greenshoesteve/ ) of Green Shoe Consulting about the “State of Stress in Cybersecurity 2025” report and why burnout is widespread among cybersecurity leaders. Shelton explains the difference between beneficial stress (eustress) and chronic distress, how threat vs challenge interpretations shap...

#273 - Creating a Wisdom-Led SOC (with Oren Saban) 02.03.2026

Your SOC is drowning in alerts, false positives, and static tuning, while attackers evolve faster than your team can respond. Analysts burn out chasing noise. Real threats slip through. And traditional metrics reward ticket volume instead of investigation quality, creating “Swiss cheese security.” In this CISO Tradecraft episode, G. Mark Hardy and Oren Saban break down the rise of the Wisdom-Led,...

#272 - Data Centric Platform Play (with EJ Pappas) 23.02.2026

In this episode of CISO Tradecraft, host G Mark Hardy speaks with EJ Pappas of PKWARE and Ross Young about why AI-driven threats demand a shift from platform-centric security to a data-centric strategy . CISOs still struggle to answer, “Where is our sensitive data?” as it sprawls across AI, endpoints, cloud, SaaS, and shared environments. In this conversation, we explore: Why CISOs still struggle...

#271 - A Life of Service (with Chris Inglis) 16.02.2026

In this special episode of CISO Tradecraft, host G Mark Hardy welcomes Chris Inglis, former National Cyber Director and career public servant, to delve into a wide-ranging conversation about cybersecurity leadership, public service, and life lessons. Chris shares his career journey from the Air Force Academy to piloting planes and serving at the NSA, providing unique insights along the way. They d...

#270 - And What is Truth? 03.02.2026

Can you still tell what’s true on the internet or does everything feel questionable now? That confusion isn’t accidental. Disinformation, deepfakes, and cyber deception are being used deliberately to manipulate attention, erode trust, and fracture societies, often faster than truth can respond. In this episode of CISO Tradecraft, we break down how modern information warfare actually works and what...

#269 - Changing Third Party Risk Management (with Nate Lee) 26.01.2026

Third-party risk management has become a time-consuming, frustrating exercise. Security teams and vendors alike are buried under long, repetitive TPRM questionnaires that often miss what actually matters. Buyers struggle to assess real risk, while vendors waste countless hours answering low-value questions, slowing deals and draining resources. These bloated questionnaires don’t just waste time, t...

#268 - Zero Trust isn't a product (with George Finney) 19.01.2026

Everyone talks about Zero Trust — but very few organizations actually know how to implement it successfully. In this episode of CISO Tradecraft , host G. Mark Hardy is joined by George Finney , a practicing CISO who literally wrote the book on Zero Trust and has implemented it in one of the most challenging environments imaginable: higher education. Together, they break down: Why Zero Trust is a s...

#267 - Busy is the New Stupid (with Ross Young) 12.01.2026

You’re working longer hours than ever… yet somehow getting less done. Sound familiar? In this episode of CISO Tradecraft, we break down why busy has become the enemy of effectiveness and why “Busy is the New Stupid.” This isn’t about working harder or faster. It’s about understanding how your time gets attacked, how distractions persist, and how even high-performing leaders fall into productivity...

Listen to the CISO Tradecraft® podcast in Replaio

Radio and podcasts in one app - free, with no sign-up. Install today and do not miss the launch

Get it on Google Play

Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.