Skip to content
PodcastsBusinessCISO Tradecraft®

CISO Tradecraft®

G Mark Hardy & Ross Young
CISO Tradecraft®
Latest episode

545 episodes

  • CISO Tradecraft®

    The Business Risk Playbook CISOs Use to Win - #292

    2026-07-13 | 41 mins.
    What separates great CISOs from everyone else? It isn't knowing more about CVEs, ransomware, or the latest security tools. It's understanding the business. In this episode of CISO Tradecraft, Ross Young and G Mark Hardy reveal why many cybersecurity leaders spend too much time protecting systems and not enough time protecting the capabilities that generate revenue, keep operations running, and create shareholder value.

    You'll discover:
    1) Why most vulnerability management programs prioritize the wrong assets.
    2) The six business capabilities every CISO should understand before making security decisions.
    3) How executive leaders evaluate cyber risk differently than security teams.
    4) A practical framework for aligning cybersecurity investments with business priorities.
    5) Why traditional third-party risk questionnaires often fail—and the questions that actually predict ransomware risk.
    6) Lessons learned from real-world breaches, mergers & acquisitions, business resilience, and executive decision making. Free Resources Mentioned

    • Ransomware Risk Assessment Questionnaire - https://drive.google.com/file/d/1L4spXwrB7nFgdSP5at2uJfFKvG_7ppmz/
    • Mission-Critical Business Capability Framework - https://docs.google.com/presentation/d/1zHjxcJXvAkJNQKXCVbVoR7yzexD3KKEu
  • CISO Tradecraft®

    The CISO Mind Map Has Evolved for the AI Era - #291

    2026-07-06 | 41 mins.
    How has the role of the CISO changed over the last 15 years? In this episode of CISO Tradecraft, G. Mark Hardy interviews Rafeeq Rehman, creator of the CISO Mind Map, to discuss its latest update and the biggest challenges facing cybersecurity leaders today.
    You'll learn:
    Why the CISO Mind Map was updated after 15 years
    How AI security is reshaping cybersecurity leadership
    Why the remote work category was removed
    How a RACI matrix helps CISOs delegate while staying accountable
    Why consolidating security tools reduces complexity and risk How to support your team's mental health in a high-stress industry
    What tomorrow's cybersecurity leaders need to succeed
    Whether you're an aspiring CISO or an experienced security executive, this episode provides practical insights to help you lead more effectively in the AI era.
    Link to the Mind Map - https://rafeeqrehman.com/2026/04/11/ciso-mindmap-2026-what-do-infosec-professionals-really-do/
  • CISO Tradecraft®

    Harvest Now, Decrypt Later (with Marcus Sachs) - #290

    2026-06-29 | 41 mins.
    Nation-state adversaries are vacuuming up encrypted traffic today, waiting for quantum computers to decrypt it tomorrow. This attack strategy, "Harvest Now, Decrypt Later," isn't theoretical. It's happening right now.
    G Mark Hardy sits down with Marcus Sachs (former White House cyber advisor, CSO of NERC, now SVP and Chief Engineer at CIS) to break down two executive orders just signed by the White House on post-quantum cryptography and what every security leader needs to do before the clock runs out.
    What you'll learn:
    Why TLS, VPNs, and PKI are your most urgent exposure
    The Harvest Now, Decrypt Later threat model and what it means for your data retention policies
    How to build a Cryptographic Bill of Materials (CBOM)
    What cryptographic agility means and why hard-coded crypto is a ticking time bomb
    Lessons from Y2K that apply directly to the quantum migration
    You can't name a date certain. But your adversaries are already running the clock.
    Links, NIST resources, and both executive orders in the show notes.
    https://www.nist.gov/cybersecurity-and-privacy/what-post-quantum-cryptography
    https://www.nist.gov/pqc
  • CISO Tradecraft®

    #289 - What's the Best Career Move After Being a CISO? (with Gary Hayslip)

    2026-06-22 | 43 mins.
    On this episode of CISO Tradecraft, host G Mark Hardy talks with Gary Hayslip about cybersecurity career growth beyond the traditional CISO “apex,” drawing on Hayslip’s 25+ years across military service, US Navy civil service, the City of San Diego as its first CISO, Webroot (CISO/CIO), SoftBank (including cyber and physical security), and most recently a field CISO role before being laid off. They discuss how the CISO role is evolving into merged executive positions (technology, risk, and AI), why continuous learning is essential as security changes rapidly, and why humans remain accountable even as AI reshapes teams. Hayslip outlines alternative paths like field CISO, data center security leadership, and VC/PE operating partner roles, and shares practical ways organizations used AI to speed legal review and automate security reporting while highlighting cost, risk, and workforce concerns.
  • CISO Tradecraft®

    #288 - How to Break Into Cybersecurity Through GRC (with Steve McMichael)

    2026-06-15 | 39 mins.
    In this CISO Tradecraft episode, host G Mark Hardy interviews Steve McMichael, author of "How to Break into GRC: Mindset, Methods, and Skills," about entering cybersecurity through governance, risk, and compliance. McMichael shares his transition from accounting and explains GRC’s role as decision support and the interface between business and technical teams, breaking down governance, risk management, and compliance (including audits and third-party/supply-chain assurance). They discuss misconceptions that GRC is “just paperwork,” barriers like imposter syndrome, and strategies such as building T-shaped skills, targeting about 20% technical depth across domains, and developing credibility through a deep specialty. McMichael also describes an immersion mindset driven by emotional engagement, and showcases an open-source NIST Cybersecurity Framework Profile Assessment Database project on GitHub to help newcomers build skills and portfolio contributions.
More Business podcasts
About CISO Tradecraft®
You are not years away from accomplishing your career goals, you are skills away. Learn the Tradecraft to Take Your Cybersecurity Skills to the Executive Level. © Copyright 2025, National Security Corporation. All Rights Reserved
Podcast website

Listen to CISO Tradecraft®, The Prof G Pod with Scott Galloway and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features