545 episodes
- What separates great CISOs from everyone else? It isn't knowing more about CVEs, ransomware, or the latest security tools. It's understanding the business. In this episode of CISO Tradecraft, Ross Young and G Mark Hardy reveal why many cybersecurity leaders spend too much time protecting systems and not enough time protecting the capabilities that generate revenue, keep operations running, and create shareholder value.
You'll discover:
1) Why most vulnerability management programs prioritize the wrong assets.
2) The six business capabilities every CISO should understand before making security decisions.
3) How executive leaders evaluate cyber risk differently than security teams.
4) A practical framework for aligning cybersecurity investments with business priorities.
5) Why traditional third-party risk questionnaires often fail—and the questions that actually predict ransomware risk.
6) Lessons learned from real-world breaches, mergers & acquisitions, business resilience, and executive decision making. Free Resources Mentioned
• Ransomware Risk Assessment Questionnaire - https://drive.google.com/file/d/1L4spXwrB7nFgdSP5at2uJfFKvG_7ppmz/
• Mission-Critical Business Capability Framework - https://docs.google.com/presentation/d/1zHjxcJXvAkJNQKXCVbVoR7yzexD3KKEu - How has the role of the CISO changed over the last 15 years? In this episode of CISO Tradecraft, G. Mark Hardy interviews Rafeeq Rehman, creator of the CISO Mind Map, to discuss its latest update and the biggest challenges facing cybersecurity leaders today.
You'll learn:
Why the CISO Mind Map was updated after 15 years
How AI security is reshaping cybersecurity leadership
Why the remote work category was removed
How a RACI matrix helps CISOs delegate while staying accountable
Why consolidating security tools reduces complexity and risk How to support your team's mental health in a high-stress industry
What tomorrow's cybersecurity leaders need to succeed
Whether you're an aspiring CISO or an experienced security executive, this episode provides practical insights to help you lead more effectively in the AI era.
Link to the Mind Map - https://rafeeqrehman.com/2026/04/11/ciso-mindmap-2026-what-do-infosec-professionals-really-do/ - Nation-state adversaries are vacuuming up encrypted traffic today, waiting for quantum computers to decrypt it tomorrow. This attack strategy, "Harvest Now, Decrypt Later," isn't theoretical. It's happening right now.
G Mark Hardy sits down with Marcus Sachs (former White House cyber advisor, CSO of NERC, now SVP and Chief Engineer at CIS) to break down two executive orders just signed by the White House on post-quantum cryptography and what every security leader needs to do before the clock runs out.
What you'll learn:
Why TLS, VPNs, and PKI are your most urgent exposure
The Harvest Now, Decrypt Later threat model and what it means for your data retention policies
How to build a Cryptographic Bill of Materials (CBOM)
What cryptographic agility means and why hard-coded crypto is a ticking time bomb
Lessons from Y2K that apply directly to the quantum migration
You can't name a date certain. But your adversaries are already running the clock.
Links, NIST resources, and both executive orders in the show notes.
https://www.nist.gov/cybersecurity-and-privacy/what-post-quantum-cryptography
https://www.nist.gov/pqc - On this episode of CISO Tradecraft, host G Mark Hardy talks with Gary Hayslip about cybersecurity career growth beyond the traditional CISO “apex,” drawing on Hayslip’s 25+ years across military service, US Navy civil service, the City of San Diego as its first CISO, Webroot (CISO/CIO), SoftBank (including cyber and physical security), and most recently a field CISO role before being laid off. They discuss how the CISO role is evolving into merged executive positions (technology, risk, and AI), why continuous learning is essential as security changes rapidly, and why humans remain accountable even as AI reshapes teams. Hayslip outlines alternative paths like field CISO, data center security leadership, and VC/PE operating partner roles, and shares practical ways organizations used AI to speed legal review and automate security reporting while highlighting cost, risk, and workforce concerns.
- In this CISO Tradecraft episode, host G Mark Hardy interviews Steve McMichael, author of "How to Break into GRC: Mindset, Methods, and Skills," about entering cybersecurity through governance, risk, and compliance. McMichael shares his transition from accounting and explains GRC’s role as decision support and the interface between business and technical teams, breaking down governance, risk management, and compliance (including audits and third-party/supply-chain assurance). They discuss misconceptions that GRC is “just paperwork,” barriers like imposter syndrome, and strategies such as building T-shaped skills, targeting about 20% technical depth across domains, and developing credibility through a deep specialty. McMichael also describes an immersion mindset driven by emotional engagement, and showcases an open-source NIST Cybersecurity Framework Profile Assessment Database project on GitHub to help newcomers build skills and portfolio contributions.
More Business podcasts
Trending Business podcasts
About CISO Tradecraft®
You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved
Podcast websiteListen to CISO Tradecraft®, The Prof G Pod with Scott Galloway and many other podcasts from around the world with the radio.net app

Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features
Get the free radio.net app
- Stations and podcasts to bookmark
- Stream via Wi-Fi or Bluetooth
- Supports Carplay & Android Auto
- Many other app features


CISO Tradecraft®
Scan code,
download the app,
start listening.
download the app,
start listening.


























