Web 3.0 Explained: Business Cases, Security, and Future Prospects | CISO Tradecraft In this episode of CISO Tradecraft, host G Mark Hardy welcomes special guest Aaron Markell to discuss the intricacies of Web 3.0. They explore the evolution from Web 1.0 and Web 2.0 to the decentralized structure of Web 3.0, describing its application in various industries like finance, healthcare, and supply chain. The conversation dives into blockchain technology, the role of tokens, smart contracts, and consensus mechanisms like proof of work and proof of stake. They also touch on potential future developments involving AI in Web 3.0, offering valuable insights for business leaders and cybersecurity professionals looking to understand and leverage this emerging technology.
Chapters
00:00 Introduction to Web 3.0
00:31 Meet the Expert: Aaron Markell
01:39 Aaron's Journey into Web 3.0
03:51 Understanding Web 1.0, 2.0, and 3.0
04:36 Decentralization and Blockchain Basics
05:51 The SETI Project and Distributed Workloads
08:09 Proof of Work and Blockchain Security
17:22 Smart Contracts Explained
20:10 Proof of Stake vs. Proof of Work
23:51 The Role of Tokens in Web 3.0
24:22 Understanding Microtransactions and Ownership
25:05 What is an NFT?
26:40 The Rise and Fall of NFTs
28:36 Web 3.0 and Its Impact on Industries
30:10 Blockchain in Finance and Commerce
30:55 Private Blockchains and Government Transparency
34:09 Blockchain in Legal and Healthcare Sectors
36:59 Supply Chain Transformation with Web 3.0
39:59 The Future of Web 3.0 and AI Integration
41:03 Final Thoughts and Security Tips
--------
45:03
#232 - Inside The 2025 Verizon Data Breach Investigations Report
Join G Mark Hardy, host of CISO Tradecraft, as he breaks down the latest insights from the 2025 Verizon Data Breach Investigations Report (DBIR). In this episode, discover the top 10 takeaways for cybersecurity leaders including the surge in third-party breaches, the persistence of ransomware, and the human factors in security incidents. Learn actionable strategies to enhance your organization's security posture, from improving vendor risk management to understanding industry-specific threats. Stay ahead of cybercriminals and secure your data with practical, data-driven advice straight from one of the industry's most anticipated reports.
Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/
Transcripts - https://docs.google.com/document/d/1h_YMpJvhAMB9wRyx92WkPYiKpFYyW2qz
Chapters
00:35 Verizon Data Breach Investigations Report (DBIR) Introduction
01:16 Accessing the DBIR Report
02:38 Key Takeaways from the DBIR
03:15 Third-Party Breaches
04:32 Ransomware Insights
08:08 Exploitation of Vulnerabilities
09:39 Credential Abuse
12:25 Espionage Attacks
14:04 System Intrusions in APAC
15:04 Business Email Compromise (BEC)
18:07 Human Risk and Security Awareness
19:19 Industry-Specific Trends
20:06 Multi-Layered Defense Strategy
21:08 Data Leakage to Gen AI
--------
26:25
#231 - Tackle Your Technical Debt
Join G Mark Hardy in this eye-opening episode of CISO Tradecraft as he shares a personal story about his dog Shelby's near-fatal experience and the costly lesson it taught him about technical debt. Discover how small overlooked issues in cybersecurity can compound and lead to significant risks and learn actionable steps to tackle technical debt before it turns into a crisis.
Pictures of Dog https://drive.google.com/file/d/1nBc9e3bBJVW0BQt5inGryhP3ahBz4XsQ/view?usp=drive_link https://drive.google.com/file/d/12V_DuwhgNBKgxJL0yqNq9Fopa4dauJfd/view?usp=drive_link
Transcripts https://docs.google.com/document/d/1-_X_9RQrurOLKRvbXyMjgbygESsabcCK
Chapters
00:21 Welcome to CISO Tradecraft
00:36 RSAC 2025 Conference Experience
01:22 Shelby's Health Scare
02:08 Understanding Technical Debt
02:41 The Consequences of Technical Debt
04:09 Shelby's Story as a Technical Debt Analogy
09:28 Lessons Learned from Shelby's Story
13:09 Conclusion and Call to Action
--------
14:00
#230 - How To Make Your AI Less Chatty (with Sounil Yu)
In this episode of CISO Tradecraft, host G Mark Hardy and guest Sounil Yu delve into the dual-edged sword of implementing Microsoft 365 Copilot in enterprises. While this productivity tool has transformative potential, it introduces significant oversharing risks that can be mitigated with the right strategies. Discover how Sounil and his team at Knostic have been tackling these challenges for over a year, presenting innovative solutions to ensure both productivity and security. They discuss the importance of 'need to know' principles and knowledge segmentation, providing insight into how organizations can harness the power of Microsoft 365 Copilot safely and effectively. Tune in to learn how to avoid becoming the 'department of no' and start being the 'department of know.'
Transcripts https://docs.google.com/document/d/1CT9HXdDmKojuXzWTbNYUE4Kgp_D64GyB
Knostic's Website - https://www.knostic.ai/solution-brief-request
Chapters
00:00 Introduction to Microsoft Copilot Risks
00:32 Meet the Guest: Sounil Yu
02:51 Understanding Microsoft 365 Copilot
06:09 The DIKW Pyramid and Knowledge Management
08:34 Challenges of Data Permissions and Oversharing
19:01 Need to Know: A New Approach to Access Control
35:10 Measuring and Mitigating Risks with Copilot
39:46 Conclusion and Next Steps
--------
44:46
#229 - Understanding the Critical Role of CVEs and CVSS
In this episode of CISO Tradecraft, host G Mark Hardy delves into the crucial topic of Common Vulnerabilities and Exposures (CVE) and the Common Vulnerability Scoring System (CVSS). Learn about the history, structure, and significance of the CVE database, the recent funding crisis, and what it means for the future of cybersecurity. We also explore the intricacies of CVE scoring and how it aids in prioritizing vulnerabilities. Tune in to understand how as a CISO, you can better prepare your organization against cyber threats and manage vulnerabilities efficiently.
Transcripts: https://docs.google.com/document/d/13VzyzG5uUVLGVhPA5Ws0UFbHPnfHbsII
Chapters
00:00 Introduction to CVE and CVSS
01:13 History of Vulnerability Tracking
03:07 The CVE System Explained
06:47 Understanding CVSS Scoring
13:11 Recent Funding Crisis and Its Impact
15:53 Future of the CVE Program
18:27 Conclusion and Final Thoughts