CISO Tradecraft®

In this episode of CISO Tradecraft, host G Mark Hardy speaks with EJ Pappas of PKWARE and Ross Young about why AI-driven threats demand a shift from platform-centric security to a data-centric strategy.
CISOs still struggle to answer, “Where is our sensitive data?” as it sprawls across AI, endpoints, cloud, SaaS, and shared environments. In this conversation, we explore:
Why CISOs still struggle with data visibility
How vendor sprawl and fragmented toolsets create blind spots
The difference between structured and unstructured data risk
Why AI accelerates both defense and mistakes
DLP vs. encryption: complementary, not competing controls
Commonly missed exposure areas (test/QA environments, cloud storage)
Compliance drivers including GLBA, PCI DSS, HIPAA, HITRUST CSF, and NIST SP 800-171
Learn more at PKWARE.com/demo or contact [email protected]

In this special episode of CISO Tradecraft, host G Mark Hardy welcomes Chris Inglis, former National Cyber Director and career public servant, to delve into a wide-ranging conversation about cybersecurity leadership, public service, and life lessons. Chris shares his career journey from the Air Force Academy to piloting planes and serving at the NSA, providing unique insights along the way. They discuss the importance of integrating technology with business strategy, handling insider threats, and the future of AI in cybersecurity. Plus, enjoy some heartwarming stories about the power of culture and the joys of being grandparents.

Can you still tell what’s true on the internet or does everything feel questionable now?

That confusion isn’t accidental. Disinformation, deepfakes, and cyber deception are being used deliberately to manipulate attention, erode trust, and fracture societies, often faster than truth can respond.

In this episode of CISO Tradecraft, we break down how modern information warfare actually works and what leaders can do to defend truth using critical thinking, verification strategies, and practical countermeasures for today’s digital battlefield.

Third-party risk management has become a time-consuming, frustrating exercise. Security teams and vendors alike are buried under long, repetitive TPRM questionnaires that often miss what actually matters. Buyers struggle to assess real risk, while vendors waste countless hours answering low-value questions, slowing deals and draining resources.
These bloated questionnaires don’t just waste time, they actively weaken security programs. Important risks get lost in the noise, assessments become checkbox exercises, and both sides grow cynical about the process. As supply chain attacks increase, relying on outdated, one-size-fits-all approaches leaves organizations exposed and ill-prepared to respond.
In this episode of CISO Tradecraft, G Mark Hardy sits down with Nate Lee to explore smarter, more effective approaches to TPRM. Drawing on his experience as a CISO and entrepreneur, Nate shares practical strategies for automating assessments, asking more meaningful security questions, and using AI to reduce friction while improving insight. The conversation offers actionable guidance for buyers and vendors to streamline TPRM, focus on real risk, and build stronger, more scalable security programs.
Nate Lee - https://www.linkedin.com/in/natetrustmind/
Nate Lee -  [email protected]

Everyone talks about Zero Trust — but very few organizations actually know how to implement it successfully.
In this episode of CISO Tradecraft, host G. Mark Hardy is joined by George Finney, a practicing CISO who literally wrote the book on Zero Trust and has implemented it in one of the most challenging environments imaginable: higher education.
Together, they break down:
Why Zero Trust is a strategy, not a product
Why most Zero Trust initiatives fail due to people and politics, not technology
How attackers exploit trust and lateral movement
How to implement Zero Trust without destroying culture or productivity
What changes when AI enters the trust model
Why AI is effectively “100% trust” — and how to reduce the blast radius
How CISOs should explain Zero Trust and AI risk to the board
George also shares practical analogies (including his now-famous restaurant model for AI) that make Zero Trust and AI security understandable for executives, IT teams, and non-technical leaders alike.
If you’re serious about:
Preventing breaches instead of just responding to them
Limiting lateral movement
Securing AI-driven systems
Turning Zero Trust from buzzword into business strategy
👉 This episode is a must-watch.

George's Books:
Rise of the Machine: https://www.amazon.com/Rise-Machines-Project-Trust-Story/dp/1394303718
Project Zero Trust: https://www.amazon.com/Project-Zero-Trust-Strategy-Aligning/dp/1119884845/