Shows
CISSP Cyber Training Podcast - CISSP Training ProgramCCT 239: Practice CISSP Questions - Assess the Effectiveness of Software Security (D8.3)Send us a textCybersecurity isn't just for enterprises—small and medium businesses face increasingly sophisticated threats with fewer resources to combat them. In this information-packed episode, Shon Gerber explores why cybersecurity matters critically for SMBs while delivering practical CISSP exam questions focused on Domain 8.3.Shon begins by examining how even non-tech businesses rely heavily on digital systems, making them vulnerable to attacks that could devastate operations. A ransomware incident targeting inventory management or employee scheduling could cripple a small business just as effectively as one targeting a financial institution. Business continuity planning—often overlooked unti...2025-04-2427 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 221: Malicious QR Codes and Advanced Digital Forensics Techniques for CISSP (D7.1)Send us a textCurious about the latest tactics cybercriminals are using to exploit vulnerabilities in messaging apps? Join me, Shon Gerber, on the CISSP Cyber Training Podcast as we unravel how Russian hackers are leveraging malicious QR codes to breach platforms like Signal, Telegram, and WhatsApp. We'll dissect this alarming trend that targets high-profile individuals including politicians and journalists, and underscore the importance of staying vigilant when interacting with QR codes. Despite fighting off a cold, I share a heartening story of collaboration with a student who helped correct errors in our study materials, reminding us...2025-02-2025 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 220: Firewall and Advanced Cybersecurity Techniques for CISSP (Domain 7.1)Send us a textUncover the secrets to mastering firewalls and advancing your cybersecurity career with insights from the CISSP Cyber Training Podcast. Ever wondered how a simple firewall can be your strongest ally against a $12 billion threat that financial firms have faced over the past two decades? Join me, Sean Gerber, as we navigate the indispensable role of firewalls within cybersecurity, especially for those gearing up for the CISSP exam. This episode promises an enriched understanding of firewalls, from regulatory compliance to integrating next-generation firewalls in cloud environments like Azure and AWS.The discussion...2025-02-1741 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 218: Design and validate assessment, test, and audit strategies for the CISSP (Domain 6.1)Send us a textUnlock the secrets to safeguarding your cloud storage from becoming a cyber attack vector in our latest episode of the CISSP Cyber Training Podcast with Shon Gerber. Discover how neglected AWS S3 buckets can pose significant threats akin to the notorious SolarWinds attack. Shon breaks down the importance of auditing and access controls while providing strategic guidance aligned with domain 6.1 of the CISSP to fortify your knowledge for the exam. This episode promises to equip you with the essential tools to protect your cloud infrastructure and maintain robust security practices.Transitioning...2025-02-1034 min
Reduce Cyber Risk Podcast - Cyber Security Made SimpleRCR 159: Quick-Start Guide for Cybersecurity Supply Chain Risk Management (C-SCRM)Unlock the secrets to safeguarding your business in today's volatile supply chain landscape. On this episode of the Reduce Cyber Risk Podcast, hosted by Shon Gerber, we take you on a journey through the intricacies of cybersecurity in supply chains. With rapid technological advancements and the rise of AI models like DeepSeek, businesses must navigate data security challenges like never before. You'll discover why countries such as Italy are limiting these AI tools and learn how to balance innovation with caution to protect sensitive data from potential threats.Embark on a comprehensive guide to establishing a robust...2025-02-0430 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 215: Practice CISSP Questions - JMAGIC Malware and Implementing Secure Design - Voice (Domain 4.3)Send us a textReady to unlock the secrets of cybersecurity and ace your CISSP exam? Tune in to the latest episode of the CISSP Cyber Training Podcast, where I, Shon Gerber, guide you through the complexities of a groundbreaking malware discovery by Black Lotus Labs. Unearthed in Juniper routers within critical sectors, JMAGIC poses a stealthy threat by lingering in memory and potentially exfiltrating data. As we dissect this sophisticated malware, we'll also address pivotal CISSP exam questions, offering insights into defending against unauthorized access to SS7 signaling systems and the risks associated with unauthorized VoIP...2025-01-3021 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 209: Practice CISSP Questions - Digital Evidence, Forensics, and Investigation (Domain 1.6)Send us a textUnlock the secrets to mastering cybersecurity and prepare yourself for the CISSP exam with our latest episode of the CISSP Cyber Training Podcast. Ever wondered how a simple API misstep could lead to a major breach? We dive into a recent incident involving the Department of Treasury and Beyond Trust, showcasing the critical importance of API security. As we navigate through domain 1.6, we promise to enhance your understanding of key concepts like the preponderance of evidence in civil investigations and the main objectives of regulatory probes. This episode is packed with insights that...2025-01-0920 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 205: Practice CISSP Questions - Apply Foundational Security Operations Concepts (Domain 7.4)Send us a textUnlock the secrets of cybersecurity mastery with me, Sean Gerber, on this week's episode of the CISSP Cyber Training Podcast. Discover why the U.S. government is investing a staggering $3 billion to replace TP-Link routers and the strategic implications for telecom companies nationwide. We'll also dissect the National Defense Authorization Act, which aims to fortify AI adoption and tackle emerging threats through an AI Security Center. This isn't just a glimpse into current events—it's your roadmap to staying ahead in the ever-evolving world of cybersecurity. Explore critical security practices, like the...2024-12-2622 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 203: Practice CISSP Questions - Understanding Vulnerability Scans, Risk Management, and Cyber Threat Mitigation Strategies (Domain 6.4)Send us a textCan AI-driven technologies reshape the way we secure our digital world? Join me, Sean Gerber, as we navigate the fascinating landscape of cybersecurity challenges anticipated by 2025. Our latest podcast episode promises to shed light on the emerging threats posed by AI, particularly within the finance and e-commerce sectors. We explore the necessity of incorporating AI into security frameworks and examine the shifting dynamics of cybersecurity insurance powered by AI-driven risk assessments. The conversation takes a thought-provoking turn with the exploration of quantum-resilient encryption's impact on global privacy laws and an increased focus on...2024-12-1927 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 202: Understanding Vulnerability Scans, Risk Management, and Cyber Threat Mitigation Strategies (Domain 6.4)Send us a textUnlock the secrets to safeguarding your organization against cyber threats as we explore critical components of cybersecurity. Join me, Sean Gerber, on this enlightening episode of the CISSP Cyber Training Podcast, where we dissect domain 6.4 of the CISSP exam. Discover the latest insights into cyber threats that target U.S. critical infrastructure, with a particular focus on an Iranian-linked group's custom cyber weapon. Learn how understanding your organization's technology, both hardware and software, can be pivotal in mitigating potential threats, especially in industries like oil and gas.Navigate the labyrinth of...2024-12-1641 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 201: Practice CISSP Questions - Hardware and Firmware Knowledge Gap and Access Controls (Domain 5)Send us a textCould the lack of hardware and firmware knowledge be the Achilles' heel of today's cybersecurity efforts? Join me, Sean Gerber, on the CISSP Cyber Training Podcast as we unpack the critical challenges faced by IT and security leaders, particularly in hardware-intensive sectors like manufacturing. We expose the concerning gaps in understanding that are leaving organizations vulnerable, and propose actionable solutions like fostering stronger collaboration between IT teams, security personnel, and suppliers. Tackling the prevalent issue of BIOS password sharing, we recommend secure password management tools, like CyberArk, and advocate for a shift from...2024-12-1222 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 200: Understanding Account Provisioning (CISSP Domain 5)Send us a textUnlock the secrets of safeguarding your digital empire with an urgent cybersecurity update from Sean Gerber on the CISSP Cyber Training Podcast. Imagine a vulnerability so severe it's rated at a critical level of 10—this is the reality for Atlassian Confluence users, and immediate action is non-negotiable. Arm yourself with strategies from CISSP domain 5.5.1 that shape the provisioning, onboarding, and maintenance of systems. Learn how to craft robust account management plans that are the keystone in your organization's defense against breaches.Transform your team into a frontline defense force with our in...2024-12-0939 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 198: IPv4, IPv6, and Key Protocols for CISSP Success (Domain 4)Send us a textUnlock the secrets to mastering core networking concepts crucial for your CISSP exam and cybersecurity career with Sean Gerber on the CISSP Cyber Training Podcast. Ever wondered how the intricate dance between IPv4 and IPv6 affects your daily online interactions? Get ready to explore these foundational Internet protocols, their histories, and the innovative transition mechanisms bridging them. We kick off with a discussion on the eye-opening Mega Breach Database, spotlighting the staggering exposure of around 26 billion records. This breach serves as a cautionary tale of our digital age, underscoring the necessity for robust...2024-12-0228 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 197: Practice CISSP Questions - Security Architectures, Design, and Solution Elements for the CISSPSend us a textWhat if quantum computing could unravel today's most secure encryption methods? Discover the potential future of cryptography on the CISSP Cyber Training Podcast, as we explore the profound impact of advanced quantum capabilities on public key systems like RSA and elliptic curve algorithms. This episode breaks down the "harvest now, decrypt later" strategy, revealing how adversaries might exploit encrypted data in the future. Cybersecurity professionals will gain essential insights into transforming their organization's cryptography practices to anticipate and counteract these emerging threats effectively. Our deep dive into cryptographic concepts and best p...2024-11-2819 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 195: Practice CISSP Questions - End-of-Life Systems: Balancing Cost, Compliance, and Security for CISSP Success (Domain 2.5)Send us a textEver wondered about the hidden dangers lurking in outdated systems? Join me, Sean Gerber, as we tackle the pressing issues surrounding end-of-life assets on the CISSP Cyber Training Podcast. This episode unpacks the critical risks of holding onto systems that no longer receive manufacturer support and the security implications that follow. We'll explore the fine balance between managing costs and ensuring compliance when extending the life of these aging systems, all through a risk-based approach. Discover why secure data disposal should be at the forefront of your strategy, and learn about the industry...2024-11-2114 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 191: Practice CISSP Questions - SDLC, Agile, and DevSecOps (Domain 8.1)Send us a textDiscover the hidden threats lurking in your kitchen appliances and learn why your next air fryer might be spying on you. On this episode of the CISSP Cyber Training Podcast, we unravel the alarming findings from Infosecurity Magazine about Chinese IoT devices and their potential to invade your privacy. We emphasize the critical importance of educating ourselves and others about the risks of IoT devices and the vast amounts of data they can collect. Additionally, we highlight new ICO regulations that aim to bolster data protection, especially for international companies, ensuring they uphold...2024-11-0717 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 183: Practice CISSP Questions for the OSI and TCP/IP Models for the CISSP (Domain 4)Send us a textUnlock the secrets of the OSI and TCP/IP models with Sean Gerber as your guide on the CISSP Cyber Training Podcast. Ever wondered how the presentation layer manages to format and translate data seamlessly for the application layer? Or how the network layer deftly routes packets across networks? Prepare to gain a comprehensive understanding of these essential concepts, crucial for acing the CISSP exam. Plus, dive into the intriguing details of the TCP/IP model's transport layer, from error checking to flow control, all while uncovering the mystery of the SYN flag...2024-10-1009 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 181: Practice CISSP Questions - Bell-LaPadula, Biba, and Clark-Wilson for the CISSP (Domain 3)Send us a textCrack the code of security architecture and engineering with this episode of the CISSP Cyber Training Podcast! Ever wondered how different security models apply to real-world scenarios? We'll give you the insights and knowledge you need to discuss these models confidently with senior leaders and implement robust security controls. We promise you'll walk away with a mastery of foundational models like Bell-LaPadula and Biba, essential for any cybersecurity professional.Join us as we dissect the origins and key principles of these models, highlighting "no read up" and "no write down" from...2024-10-0340 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 180: Failing Securely, Separation of Duties, and System Resilience for the CISSP (Domain 3.5-8)Send us a textWhat if your organization's security posture could withstand any cyber threat? This episode of the CISSP Cyber Training Podcast promises to equip you with actionable insights from CISSP Domain 3, emphasizing the critical principle of failing securely. We tackle the intricacies of separation of duties, zero trust, and the benefits of maintaining simplicity in your systems. Plus, I share my firsthand experience with virtual CISO roles, providing a roadmap for hiring a security professional, from conducting gap assessments to understanding risk profiles and developing robust mitigation strategies.Next, we dive deep into...2024-09-3044 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 179: Practice CISSP Questions - Data Security Controls, Labeling, and Cloud Access Security (CISSP Domain 2.6)Send us a textEver wondered about the real difference between a data leak and a data breach? Join me, Sean Gerber, on the latest episode of the CISSP Cyber Training Podcast as we unpack the nuances between these two critical cybersecurity concepts. Learn how data leaks often result from human mistakes like weak passwords, while data breaches involve deliberate cyber attacks. We'll walk through different types of sensitive data—including PII, financial information, PHI, and intellectual property—and emphasize the need for precise language to help cybersecurity leaders communicate more effectively and avoid unnecessary panic. Plus, get...2024-09-2619 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 178: Data Security Controls, Labeling, and Cloud Access Security (CISSP Domain 2.6)Send us a textEver wondered how a TI-84 calculator can be transformed into a powerful tool for ChatGPT? Join me, Sean Gerber, on this thrilling episode of the CISSP Cyber Training Podcast as we uncover this fascinating tale and explore the evolving landscape of data security. We'll dissect the crucial elements of Domain 2.6 of the CISSP exam, from protecting data-at-rest to data-in-motion, and delve into the significance of Digital Rights Management (DRM) and Data Loss Prevention (DLP). This episode promises to enlighten you on the challenges and solutions of safeguarding data in today's tech-driven world.2024-09-2336 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 177: Practice CISSP Questions - Policies and Procedures - Candidate Screening, Employment Agreements (Domain 1.9.1-4)Send us a textHow can we effectively bridge the cybersecurity skills gap and protect sensitive data in the cloud? In this action-packed episode of the CISSP Cyber Training Podcast, we kick things off by analyzing insights from a recent UK international cyber skills conference. We discuss the UK's innovative initiatives to enhance cybersecurity education and talent, including support schemes and competitions, and emphasize the importance of gaining practical experience, even through pro bono work. We also delve into a critical CISSP practice question, exploring the best methods to prevent unauthorized access to sensitive data in cloud...2024-09-1920 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 176: Policies and Procedures - Candidate Screening, Employment Agreements, and Background Checks for the CISSP (Domain 1.9.1-4)Send us a textAre you ready to uncover the secrets behind successful candidate screening and robust employment agreements in cybersecurity? Join us on this episode of the CISSP Cyber Training Podcast, where we promise to equip you with essential techniques to vet the right candidates for sensitive security roles. From structured interviews to behavioral questions and technical assessments, we cover the full spectrum of best practices. Plus, we'll discuss the critical importance of maintaining up-to-date systems and managing end-of-life devices, spotlighting recent vulnerabilities in the Ivanti Cloud Services Appliance.Next, we tackle the nuanced...2024-09-1638 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 175: Practice CISSP Questions - API Security, Gateways, and Risk Reduction Partnerships for the CISSP (Domain 8.5)Send us a textCan API gateways really be the ultimate shield against cyber threats? Prepare to uncover the secrets of API security as we dissect CISSP Domain 8.5 in this episode of the CISSP Cyber Training Podcast. We'll walk you through practice questions that decode the most common API vulnerabilities and why denial of service isn't always the primary threat. Discover how an API gateway centralizes security and learn about essential authentication mechanisms like OAuth for secure token-based exchanges. We’ll also discuss best practices for securely managing API keys and the critical role of input validation in...2024-09-1215 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 174: Exploring Application Programming Interfaces (APIs) and Security for the CISSP (Domain 8.5)Send us a textWant to stay ahead in the rapidly evolving world of IT? Join Sean Gerber on the CISSP Cyber Training Podcast as he discusses the essential skills you need to thrive in this dynamic field. You'll get a personal peek into Sean's consulting career and his family business ventures before diving into the nuts and bolts of Domain 8.5 with a focus on Application Programming Interfaces (APIs). Learn how APIs serve as the backbone of modern software applications, facilitating seamless data exchange and communication, and discover why mastering this technology can be a game-changer for...2024-09-0940 minCISSP Cyber Training Podcast - CISSP Training ProgramCCT 173: Practice CISSP Questions - Media Protection, Encryption, and Mobile Security for the CISSP (Domain 7.5)Send us a textUnlock the secrets to safeguarding your organization's most sensitive data and enhance your cybersecurity acumen. Join us on the CISSP Cyber Training Podcast as I, Sean Gerber, break down the critical importance of managing secrets within popular collaboration tools like Slack, Jira, and Confluence. Discover practical methods such as real-time monitoring and swift remediation to secure API keys and encryption tokens. Learn how fostering a culture of security awareness through educational initiatives can significantly mitigate risks and enhance overall security posture.Next, we turn our attention to data sanitization and media...2024-09-0518 min