Send us a text We begin by exploring foundational security principles that drive effective system design. Threat modeling emerges as a proactive approach for identifying vulnerabilities before implementation, while least privilege ensures users have only the access they absolutely need. Defense in depth creates those crucial security layers that prevent single points of failure from becoming catastrophic breaches. The podcast clarifies how secure defaults and fail-secure mechanisms ensure s...

Send us a text The cybersecurity landscape grows more complex each day, especially when it comes to protecting critical infrastructure. In this essential episode of the CISSP Cyber Training Podcast, Sean Gerber breaks down Domain 2 of the CISSP certification - a vital area representing approximately 10% of the exam questions that every security professional must master. Sean begins with a timely discussion of the recently discovered Honeywell Experion PKS vulnerability that could allow remot...

Send us a text Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv Securing SaaS environments and mastering security assessment techniques are critical skills for today's cybersecurity professionals. This episode delivers a powerful examination of Domain 6.3 of the CIS...

Send us a text Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv A shocking cybersecurity case recently hit the headlines—a 50-year-old IT contractor sentenced to over 8 years in prison for acting as a mule for North Korean hackers. What makes this story particular...

Send us a text Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv The cybersecurity landscape is rapidly evolving, and AI stands at the forefront of this transformation. In this thought-provoking episode, Shon Gerber explores the projected $450 billion impact AI will ...

Send us a text Looking to strengthen your organization's defenses against unauthorized access? This episode dives deep into CISSP Domain 5.1, exploring the critical components of physical and logical access controls that protect your most valuable assets. We begin with a startling discussion about China's "Maciantool" - sophisticated software secretly deployed at security checkpoints to extract SMS messages, GPS data, and images from travelers' phones. You'll learn practical strategies for p...

Send us a text Security vulnerabilities lurk in the most unexpected places – even in your home internet modem. Today we kick off with breaking news about a security flaw discovered in Cox modems that could potentially allow unauthorized access to run malicious commands on connected devices. While Cox reports fixing the issue within 24 hours, this real-world example perfectly illustrates a critical concept we explore further: how exposed APIs often become significant data exfiltration points b...

Send us a text The medieval castle with its moat, high walls, and sentries provides the perfect metaphor for modern cybersecurity. Just as each defensive element served a specific purpose in protecting the castle, today's information security requires multiple layers working in concert to safeguard digital assets. Shon Gerber opens this episode with a timely discussion of the UnitedHealthcare ransomware attack, which reportedly cost $22 million and sparked controversy around the CISO's quali...

Send us a text Microsoft recently released 137 security patches, with 14 critical vulnerabilities that could allow attackers to seize control of Windows systems with minimal user interaction. Among these, the Windows authentication negotiation flaw rated at 9.8 severity poses a significant threat to all current Windows versions. For security professionals, this underscores the crucial importance of effective patch management strategies—balancing timely updates against thorough testing procedu...

Send us a text Ready to conquer CISSP Domain 1? This rapid review episode delivers essential knowledge on security and risk management fundamentals that form the cornerstone of information security practice. We begin with a timely discussion on preventing ransomware through exfiltration controls, noting the alarming shift where 90% of ransomware attacks now involve data theft. The practical advice on implementing zero trust architecture acknowledges real-world challenges while providing acti...

Send us a text Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Ready to master data classification for your CISSP exam? This episode delivers exactly what you need through fifteen practical questions that mirror real exam scenarios, all focused on Domain 2.1.1. The cybersecurity world is constantly evolving, and our discussion of the newly formed ARPA-H demonstrates this perfe...

Send us a text Effective data classification isn't just about regulatory compliance—it's the foundation of your entire security program. Whether you're preparing for the CISSP exam or leading security initiatives at your organization, understanding how to identify, categorize, and protect sensitive information is critical to your success. This episode dives deep into the world of sensitive data management, breaking down the fundamental frameworks and approaches you need to master. Data class...

Send us a text Check us out at: https://www.cisspcybertraining.com/ Ethical dilemmas lurk around every corner in cybersecurity, ready to challenge even the most technically competent professionals. Sean Gerber tackles these moral minefields head-on in this thought-provoking episode focused on CISSP Domain 1.1, presenting fifteen real-world ethical scenarios that will test your professional judgment. The episode opens with crucial context about the New York Department of Financial Services (N...

Send us a text Ethical leadership lies at the heart of effective cybersecurity practice. In this episode, we dive deep into Domain 1.1 of the CISSP certification, exploring professional ethics and their critical importance for security professionals. The episode opens with a sobering look at the current landscape of cyber warfare, examining how Israeli-linked hackers are actively targeting Iran's financial systems. This real-world example serves as a stark reminder that cyber conflicts aren'...

Send us a text The pursuit of AI expertise has reached staggering heights in the cybersecurity world. Meta reportedly offering "billion-dollar salaries" and $100 million sign-on bonuses to lure OpenAI talent reveals just how valuable the intersection of AI and security has become. This episode explores why security professionals should seriously consider developing AI skills while highlighting that most organizations are still figuring out their AI security strategy – creating massive opportu...

Send us a text Cybersecurity vulnerabilities continue to emerge in unexpected places, as evidenced by the recent Iranian-backed attacks on U.S. water treatment facilities through poorly secured Unitronics PLCs. This alarming development sets the stage for our deep dive into API security - a critical yet often overlooked aspect of modern cybersecurity strategy. APIs form the connective tissue of our digital world, enabling seamless communication between different software systems. However, th...

Send us a text Security professionals face a constant battle to keep up with evolving threats, and our latest CISSP Question Thursday podcast delivers critical insights into one of the most fundamental cybersecurity capabilities: effective logging and monitoring. The episode begins with a warning about a sophisticated attack campaign targeting recruiters. The hacker group FIN6 (Skeleton Spiders) has been creating fake candidate profiles with malware-laced resume attachments, tricking HR prof...

Send us a text Dive deep into the critical world of security logging and monitoring as we explore Domain 7.2 of the CISSP certification. This episode unpacks the strategic considerations behind effective logging practices that balance comprehensive visibility with practical resource management. We begin with a thought-provoking look at Anthropic's new AI chatbot designed specifically for classified government environments. Could this be the beginning of something like Skynet? While AI offers...

Send us a text The boundaries between digital vulnerabilities and physical warfare are dissolving before our eyes. Ukrainian forces have dramatically shifted military paradigms by marrying cybersecurity breaches with commercial drone attacks against strategic Russian targets like Tupolev aircraft manufacturers. This evolution demands security professionals develop capabilities far beyond traditional network defense – a stark reminder that our field continues expanding into unexpected territor...

Send us a text Vulnerability assessments serve as the frontline defense against cybersecurity threats, yet many professionals struggle to understand the terminology and methodologies that make them effective. In this comprehensive episode, we demystify the critical components of vulnerability management that every security practitioner should master – whether you're preparing for the CISSP exam or strengthening your organization's security posture. We begin by examining recent ransomware att...