Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis.

Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link

Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK

Chapters

• 00:21 Welcome to CISO Tradecraft
• 00:36 RSAC 2025 Conference Experience
• 01:22 Shelby's Health Scare
• 02:08 Understanding Technical Debt
• 02:41 The Consequences of Technical Debt
• 04:09 Shelby's Story as a Technical Debt Analogy
• 09:28 Lessons Learned from Shelby's Story
• 13:09 Conclusion and Call to Action

In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.'

Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB

Knostic's Website - https://www.knostic.ai/solution-brief-request

Chapters

• 00:00 Introduction to Microsoft Copilot Risks
• 00:32 Meet the Guest: Sounil Yu
• 02:51 Understanding Microsoft 365 Copilot
• 06:09 The DIKW Pyramid and Knowledge Management
• 08:34 Challenges of Data Permissions and Oversharing
• 19:01 Need to Know: A New Approach to Access Control
• 35:10 Measuring and Mitigating Risks with Copilot
• 39:46 Conclusion and Next Steps

In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently.

Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII

Chapters

• 00:00 Introduction to CVE and CVSS
• 01:13 History of Vulnerability Tracking
• 03:07 The CVE System Explained
• 06:47 Understanding CVSS Scoring
• 13:11 Recent Funding Crisis and Its Impact
• 15:53 Future of the CVE Program
• 18:27 Conclusion and Final Thoughts