Third-party risk management has become a time-consuming, frustrating exercise. Security teams and vendors alike are buried under long, repetitive TPRM questionnaires that often miss what actually matters. Buyers struggle to assess real risk, while vendors waste countless hours answering low-value questions, slowing deals and draining resources.

These bloated questionnaires don’t just waste time, they actively weaken security programs. Important risks get lost in the noise, assessments become checkbox exercises, and both sides grow cynical about the process. As supply chain attacks increase, relying on outdated, one-size-fits-all approaches leaves organizations exposed and ill-prepared to respond.

In this episode of CISO Tradecraft, G Mark Hardy sits down with Nate Lee to explore smarter, more effective approaches to TPRM. Drawing on his experience as a CISO and entrepreneur, Nate shares practical strategies for automating assessments, asking more meaningful security questions, and using AI to reduce friction while improving insight. The conversation offers actionable guidance for buyers and vendors to streamline TPRM, focus on real risk, and build stronger, more scalable security programs.

Nate Lee - https://www.linkedin.com/in/natetrustmind/

Nate Lee -  nate@trustmind.com

Everyone talks about Zero Trust — but very few organizations actually know how to implement it successfully.

In this episode of CISO Tradecraft, host G. Mark Hardy is joined by George Finney, a practicing CISO who literally wrote the book on Zero Trust and has implemented it in one of the most challenging environments imaginable: higher education.

Together, they break down:

• Why Zero Trust is a strategy, not a product
• Why most Zero Trust initiatives fail due to people and politics, not technology
• How attackers exploit trust and lateral movement
• How to implement Zero Trust without destroying culture or productivity
• What changes when AI enters the trust model
• Why AI is effectively “100% trust” — and how to reduce the blast radius
• How CISOs should explain Zero Trust and AI risk to the board

George also shares practical analogies (including his now-famous restaurant model for AI) that make Zero Trust and AI security understandable for executives, IT teams, and non-technical leaders alike.

If you’re serious about:

• Preventing breaches instead of just responding to them
• Limiting lateral movement
• Securing AI-driven systems
• Turning Zero Trust from buzzword into business strategy

👉 This episode is a must-watch.

George's Books:

Rise of the Machine: https://www.amazon.com/Rise-Machines-Project-Trust-Story/dp/1394303718

Project Zero Trust: https://www.amazon.com/Project-Zero-Trust-Strategy-Aligning/dp/1119884845/

You’re working longer hours than ever… yet somehow getting less done. Sound familiar?

In this episode of CISO Tradecraft, we break down why busy has become the enemy of effectiveness and why “Busy is the New Stupid.” This isn’t about working harder or faster. It’s about understanding how your time gets attacked, how distractions persist, and how even high-performing leaders fall into productivity traps.

We introduce a practical framework inspired by MITRE ATT&CK to show: How meetings, emails, and interruptions gain initial access to your day Why multitasking and constant context-switching kill execution How “always-on” culture and people-pleasing create persistence What effective CISOs do to defend their time and focus on impact, not noise

If you’re a CISO, security leader, or executive who feels constantly busy but strategically behind, this episode will challenge how you think about productivity—and give you a better way forward.

👉 Grab the Busy Is the New Stupid template for free https://www.cisotradecraft.com/bitns

👉 Share what’s missing and help us evolve the framework

👉 Follow CISO Tradecraft for more insights on leadership, strategy, and security

Because being busy isn’t the goal. Being effective is.