In this episode of CISO Tradecraft, host G Mark Hardy speaks with Brian Long, CEO and co-founder of Adaptive Security, about how AI is accelerating and scaling social engineering through deepfakes, OSINT-driven personalization, and real-time conversational attacks. Brian says people remain the biggest opportunity in cyber defense, citing rapid growth in deepfake-enabled incidents and examples including a widely reported $25M wire fraud involving a fake Zoom meeting of “peers,” plus a CFO/controller case where a deepfaked CEO pushed secrecy and urgency. They argue detection alone is unreliable due to an arms race and attackers shifting to unverified channels (phone, Teams/Slack, Signal). Key mitigations include workforce awareness, stronger organizational controls (especially for hiring and payments), verification habits, and personalized training paired with AI-powered simulations and reporting/automated email handling.

Big thanks to our sponsor Adaptive Security. Note, you can learn more about them by visiting their website:

https://www.adaptivesecurity.com/demo/security-awareness-training

In this CISO Tradecraft episode, host G Mark Hardy interviews Shahar Man of Backslash Security about the rapidly expanding attack surface created by AI-driven “vibe coding” tools like Claude Code, Cursor, and Copilot. Shahar explains how prompting is shifting software creation, affecting education and hiring, and pushing security “further left” to the prompt, agent, MCP, skills, and rules level. He discuss risks such as loss of source integrity, excessive permissions, prompt injection, data leaks, use of unauthorized tools or accounts, and the spread of coding beyond engineering to teams like marketing and finance. Shahar argues AppSec work will transform toward securing the “sausage factory” and describes Backslash’s approach: enterprise-wide visibility, component vetting, endpoint monitoring via a local proxy, guardrails and blocking, and forwarding alerts to SOC/SIEM, with deployments scaling to thousands of workstations.

Looking to get more secure on Vibe Coding? Check out the Ultimate 2026 Vibe Coding Security Buyer's Guide

https://www.backslash.security/resources/vibe-coding-security-buyers-guide?utm_campaign=354642149-ciso-tradecraft&utm_source=ross-young&utm_medium=podcast-march-2026

In this CISO Tradecraft episode, host G Mark Hardy interviews Steve Shelton (https://www.linkedin.com/in/greenshoesteve/) of Green Shoe Consulting about the “State of Stress in Cybersecurity 2025” report and why burnout is widespread among cybersecurity leaders. Shelton explains the difference between beneficial stress (eustress) and chronic distress, how threat vs challenge interpretations shape performance, and why cybersecurity’s volatile, high-stakes environment amplifies stress, especially when CISOs have responsibility without authority and limited leadership training. They discuss systemic burnout drivers such as workload, autonomy, values alignment, recognition, and leadership behaviors like trust and delegation, plus different CISO leadership styles (strategic, adaptive, tactical, operational). Shelton describes efforts to build training and measurement tools for stress and energy, comments on AI-driven uncertainty, and shares the report download link at: https://www.greenshoeconsulting.com/stateofstressreport

Your SOC is drowning in alerts, false positives, and static tuning, while attackers evolve faster than your team can respond.

Analysts burn out chasing noise. Real threats slip through. And traditional metrics reward ticket volume instead of investigation quality, creating “Swiss cheese security.”

In this CISO Tradecraft episode, G. Mark Hardy and Oren Saban break down the rise of the Wisdom-Led, AI-driven SOC, where AI agents handle investigations and humans focus on judgment, prevention, and faster containment.

Big Thanks to Mate Security for sponsoring this episode. To learn more about their offerings please check out their website at

https://mate.security/

In this episode of CISO Tradecraft, host G Mark Hardy speaks with EJ Pappas of PKWARE and Ross Young about why AI-driven threats demand a shift from platform-centric security to a data-centric strategy.

CISOs still struggle to answer, “Where is our sensitive data?” as it sprawls across AI, endpoints, cloud, SaaS, and shared environments. In this conversation, we explore:

• Why CISOs still struggle with data visibility

• How vendor sprawl and fragmented toolsets create blind spots

• The difference between structured and unstructured data risk

• Why AI accelerates both defense and mistakes

• DLP vs. encryption: complementary, not competing controls

• Commonly missed exposure areas (test/QA environments, cloud storage)

• Compliance drivers including GLBA, PCI DSS, HIPAA, HITRUST CSF, and NIST SP 800-171

Learn more at PKWARE.com/demo or contact EJ.Pappas@PKWARE.com

In this special episode of CISO Tradecraft, host G Mark Hardy welcomes Chris Inglis, former National Cyber Director and career public servant, to delve into a wide-ranging conversation about cybersecurity leadership, public service, and life lessons. Chris shares his career journey from the Air Force Academy to piloting planes and serving at the NSA, providing unique insights along the way. They discuss the importance of integrating technology with business strategy, handling insider threats, and the future of AI in cybersecurity. Plus, enjoy some heartwarming stories about the power of culture and the joys of being grandparents.

Can you still tell what’s true on the internet or does everything feel questionable now?

That confusion isn’t accidental. Disinformation, deepfakes, and cyber deception are being used deliberately to manipulate attention, erode trust, and fracture societies, often faster than truth can respond.

In this episode of CISO Tradecraft, we break down how modern information warfare actually works and what leaders can do to defend truth using critical thinking, verification strategies, and practical countermeasures for today’s digital battlefield.

Third-party risk management has become a time-consuming, frustrating exercise. Security teams and vendors alike are buried under long, repetitive TPRM questionnaires that often miss what actually matters. Buyers struggle to assess real risk, while vendors waste countless hours answering low-value questions, slowing deals and draining resources.

These bloated questionnaires don’t just waste time, they actively weaken security programs. Important risks get lost in the noise, assessments become checkbox exercises, and both sides grow cynical about the process. As supply chain attacks increase, relying on outdated, one-size-fits-all approaches leaves organizations exposed and ill-prepared to respond.

In this episode of CISO Tradecraft, G Mark Hardy sits down with Nate Lee to explore smarter, more effective approaches to TPRM. Drawing on his experience as a CISO and entrepreneur, Nate shares practical strategies for automating assessments, asking more meaningful security questions, and using AI to reduce friction while improving insight. The conversation offers actionable guidance for buyers and vendors to streamline TPRM, focus on real risk, and build stronger, more scalable security programs.

Nate Lee - https://www.linkedin.com/in/natetrustmind/

Nate Lee -  nate@trustmind.com