In this discussion, G. Mark Hardy and Nishant Kaushik explore the necessity of moving beyond traditional passwords, which they define as the original sin of cybersecurity due to their vulnerability to credential stuffing and phishing attacks. Kaushik explains that the FIDO Alliance promotes a passwordless future by replacing shared secrets with asymmetric cryptography, utilizing private keys stored on smartphones or hardware tokens like YubiKeys to ensure phishing-resistant authentication. The conversation highlights that identity is the new perimeter, shifting the focus from human-memorized codes to biometric verification and device-bound passkeys that verify user presence. Ultimately, the experts warn that a secure transition must include robust account recovery flows, as failing to secure the "back door" renders even the most advanced cryptographic-based authentication vulnerable to exploitation.

FIDO Alliance - https://fidoalliance.org/

What can today’s CISOs learn from the chaos of Code Red and SQL Slammer?

In this episode, G Mark Hardy interviews Aaron Turner about what it was like responding inside Microsoft during two of the most infamous cyber outbreaks in history.

Aaron shares firsthand stories from the era when SQL Slammer infected at least 75,000 systems in roughly 10 minutes, exposing massive gaps in patch management, security QA, firewall design, and enterprise readiness. He explains how Microsoft’s early security culture operated, how major incidents and source-code theft forced change, and why many of the same mistakes are now reappearing in enterprise AI adoption.

The conversation connects the lessons of Code Red and Slammer directly to today’s AI security challenges, including:

• Unauthenticated MCP servers and weak authorization models
• AI accelerating exploit development and vulnerability discovery
• Why the traditional “patching game” no longer scales
• The growing importance of identity security, ITDR, SASE, and developer controls
• How CISOs should think about technical debt and legacy modernization
• Why serverless and cloud-native architectures may become security necessities

If you’re a CISO, deputy CISO, security architect, or aspiring security leader navigating the risks of AI-driven attacks, this episode provides practical lessons from one of the most important eras in cybersecurity history and why those lessons matter even more today.

Aaron Turner's Linkedin - https://www.linkedin.com/in/aaronrturner/

In this episode of the CISO Tradecraft podcast, host G Mark Hardy interviews early tech adopter Chris Brogan to explore the intersection of high-performance leadership and effective communication. Drawing from his interviews with Navy SEALs and his tenure as a Chief of Staff, Brogan emphasizes that leadership is essentially the management of options and the cultivation of repetitive training to build a reliable team base. The discussion highlights the necessity of aligning staff roles with business needs, which sometimes requires the difficult but professional decision to let individuals go when they no longer fit the objective. Both experts stress that fully qualifying personnel for their next level of responsibility is a vital duty for any leader aiming for organizational excellence. Ultimately, the conversation advocates for authenticity, a willingness to fail forward, and the use of technology to foster genuine human interaction.

Chris Brogan's LinkedIn - https://www.linkedin.com/in/cbrogan/