CISO Tradecraft®

<p>Most cybersecurity programs are built on rigid “best practices” that assume people will behave rationally, consistently, and exactly as policy dictates; even under stress, time pressure, and uncertainty. In reality, humans don’t work that way. Cognitive bias, fatigue, incentives, and real-world constraints cause well-intentioned employees, analysts, and leaders to make decisions that quietly undermine security. The result? Incident response stalls, SOCs drown in noise, and organizations continue to repeat the same failures, even while believing they’re “doing everything right.” In this episode of CISO Tradecraft, host G. Mark Hardy and Dr. Dustin Sachs demonstrate how applying behavioral science and human decision-making can radically improve cybersecurity outcomes. By designing security around how people actually think and operate, not how policies assume they do, leaders can build adaptable, resilient programs that work in the real world. </p><p></p><p>Check out Dustin's new book: <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.amazon.com/Behavioral-Insights-Cybersecurity-Security-Leadership/dp/1032998539">https://www.amazon.com/Behavioral-Insights-Cybersecurity-Security-Leadership/dp/1032998539</a> </p><p></p><p>Dustin Sachs's Linkedin Profile: <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.linkedin.com/in/dustinsachs/">https://www.linkedin.com/in/dustinsachs/</a></p>

<p>In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Rajan Kapoor, VP of Security at Material Security, to discuss critical topics in cloud workspace security. From discussing the increased attack surfaces in cloud environments like Google Workspace and Microsoft 365 to practical solutions for mitigating these risks, Rajan provides invaluable insights into creating a secure cloud office environment. Tune in for expert advice on improving security maturity, managing cloud security tools efficiently, and leveraging modern technology for enhanced protection and reduced dwell time. Whether you're a small enterprise or a large corporation, this episode has actionable insights to help you strengthen your security posture.</p><p></p><p>Check out the Material Security Scorecard to measure your Cloud Office Security</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://material.security/workspace-security-scorecard">https://material.security/workspace-security-scorecard</a></p><p></p><p>Rajan Kapoor</p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://www.linkedin.com/in/rajankkapoor/">https://www.linkedin.com/in/rajankkapoor/</a></p><p></p><p>MITRE ATT&amp;CK® Office Suite platform </p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://attack.mitre.org/matrices/enterprise/cloud/officesuite/">https://attack.mitre.org/matrices/enterprise/cloud/officesuite/</a></p>

<p>Dive into the rapidly evolving world of AI with G Mark Hardy and Ross Young in this episode of CISO Tradecraft. Explore how AI is transforming business processes, the critical need for cybersecurity leadership in AI deployments, and the importance of setting clear goals, monitoring performance, and ensuring data quality. Learn about the different types of AI from traditional to generative and agentic AI, and understand the frameworks and risk assessments shaping the future of AI integration in organizations. Don't miss this essential conversation for cybersecurity leaders looking to stay ahead of the curve. </p><p></p><p>Generative Artificial Intelligence Risk Assessment SIMM 5305-F: </p><p><a target="_blank" rel="noopener noreferrer nofollow" href="https://cdt.ca.gov/wp-content/uploads/2025/08/SIMM-5305-F-Generative-Artificial-Intelligence-Risk-Assessment-20250822FINAL.pdf">https://cdt.ca.gov/wp-content/uploads/2025/08/SIMM-5305-F-Generative-Artificial-Intelligence-Risk-Assessment-20250822FINAL.pdf</a> </p>

<p>In this episode of CISO Tradecraft, host G Mark Hardy is joined by Neatsun Ziv from Ox Security to discuss the evolving landscape of vibe coding and its security implications. The conversation delves into the risks and opportunities surrounding vibe coding, how it can enhance productivity while maintaining security, and the importance of embedding security into the entire lifecycle. They also explore the concept of VibeSec, why traditional shift-left security approaches might be failing, and what new methodologies can be adopted to ensure robust security in a rapidly changing tech world. Tune in to gain valuable insights into how you can future-proof your code, leverage modern IDEs and MCP, and maintain a strong security posture in the era of AI-driven development.</p><p></p><p>Ox Security's Website - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.ox.security/">https://www.ox.security/</a></p><p>Are AI App Builders Secure - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.ox.security/resource-category/whitepapers-and-reports/are-ai-app-builders-secure-we-tested-lovable-base44-and-bolt-to-find-out/">https://www.ox.security/resource-category/whitepapers-and-reports/are-ai-app-builders-secure-we-tested-lovable-base44-and-bolt-to-find-out/</a></p><p>The AI Code Security Crisis - <a target="_blank" rel="noopener noreferrer nofollow" href="https://www.ox.security/resource-category/whitepapers-and-reports/army-of-juniors/">https://www.ox.security/resource-category/whitepapers-and-reports/army-of-juniors/</a></p>

<p>In this episode of CISO Tradecraft, host G Mark Hardy is joined by Yuriy Tsibere from ThreatLocker to discuss an essential topic for cybersecurity leaders: Defense Against Configurations (DAC). With a focus on the significant risks posed by misconfigurations, Yuriy shares insights on how ThreatLocker's new DAC tool helps organizations identify and rectify vulnerabilities in OS configurations, ensuring a higher degree of security. They explore the critical role of maintaining proper endpoint configurations, Zero Trust principles, and how DAC seamlessly integrates into ThreatLocker’s platform to provide real-time monitoring and reporting. Yuriy also touches on how DAC supports various security frameworks and compliance standards, making it a valuable asset for any organization aiming to enhance its cybersecurity posture. </p><p>Big Thanks to Threatlocker for supporting this episode. Register to attend Zero Trust World 2026: <a target="_blank" rel="noopener noreferrer nofollow" href="https://ztw.com/?utm_source=ciso_tradecraft&amp;utm_medium=sponsor&amp;utm_campaign=dac_yuriy_q4_25&amp;utm_content=dac_yuriy-&amp;utm_term=video">https://ztw.com/?utm_source=ciso_tradecraft&amp;utm_medium=sponsor&amp;utm_campaign=dac_yuriy_q4_25&amp;utm_content=dac_yuriy-&amp;utm_term=video</a> </p><p></p><p>Use discount code ZTWCISOTRADECRAFT26 for $200 off</p>