CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
  • 4.7 (3)
  • पाठ्यक्रम
  • सप्ताह में अपडेट होता है

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

  1. 21 घं॰ पहले

    CCT 289: Practice CISSP Questions - Role Based, Mandatory, Discretionary and ABAC (Domain 5)

    Send us a text Quantum isn’t a distant sci‑fi threat—it's shaping security decisions right now. We open with what NIST’s new post‑quantum FIPS 203/204/205 actually mean for your crypto roadmap, why “harvest now, decrypt later” raises the stakes for long‑lived data, and how the 2035 federal mandate will ripple through contractors, audits, and CMMC. Then we get practical, translating policy pressure into the access decisions you make every day and the concepts you’ll see on the CISSP exam. We break down mandatory access control (labels, clearance, strict need‑to‑know), discretionary access control (owner grants, permission creep), role‑based access control (job functions, least privilege at scale), attribute‑based access control (context, dynamic conditions), and rule‑based control (fine‑grained logic and exceptions). Along the way, we highlight the keywords that unlock tricky multiple‑choice items—“classification,” “owner,” “job role,” “attributes,” “rules”—so you can map questions to the correct model fast. More importantly, we explain how to combine models without creating chaos: use RBAC for baseline entitlements, layer ABAC for context and risk signals, lean on rule-based policies for surgical exceptions, and reserve MAC for highly classified domains where enforcement must be absolute. If attackers are stockpiling ciphertext for a quantum tomorrow, the answer is a two‑track plan: crypto agility to adopt quantum‑resistant algorithms and disciplined access governance to limit blast radius today. We share actionable cues for exam success, practical design tips for avoiding privilege escalation, and a reminder that good security is repeatable security—clear roles, auditable policies, and continuous review. Subscribe for weekly CISSP prep you can use on the job, share this with a teammate who’s wrangling access models, and leave a review to help others find the show. Your support also fuels our charity‑funded training that gives back while you level up. Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    18 मिनट

  2. 3 दिन पहले

    CCT 288: CISSP Rapid Review (Domain 6)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv https://www.jeffersonfisher.com/ A spike in ransomware on the factory floor isn’t just a headline; it’s a stress test for how we design, segment, and measure our defenses. We open with the realities of manufacturing risk—legacy OT, flat networks, and high stakes for uptime—then translate that urgency into a practical walkthrough of CISSP Domain 6: the assessments, testing, and metrics that actually prove security works. Along the way, we share a surprising leadership edge from a trial lawyer’s communication book that helps you argue less, align faster, and get executive buy‑in when the first vuln report lights up like a Christmas tree. We break down internal vs external audits and when each makes sense, plus a smart cadence for third‑party and supply chain reviews that acknowledges your perimeter now includes APIs and vendor tunnels. From vulnerability scans and scoped penetration tests to SIEM‑driven log reviews and synthetic transactions, we map out a toolkit that catches issues before users do. We go deeper on secure code reviews, unit/integration testing, and interface testing for APIs, because the quiet paths between services are often where real risk hides. Then we shift to the machinery of proof: breach and attack simulation for continuous validation, compliance checks to spot drift, and the metrics that matter—MTTD, MTTR, patch rates, vuln density, mean time to report. We lay out how to run account reviews, verify backups you can trust, and exercise DR/BC so recovery is muscle memory. Finally, we tackle remediation prioritization, exception handling with compensating controls, and ethical disclosure that minimizes harm while nudging vendors to act. If you’re preparing for the CISSP or elevating your program, you’ll leave with a clearer map and concrete next steps. If this helped, follow the show, share it with a teammate, and drop a review—what’s one control or metric you’re upgrading this quarter? Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    50 मिनट

  3. 9 अक्टू॰

    CCT 287: Practice CISSP Questions - Deep Dive (Domain 5)

    Send us a text Leadership churn is reshaping security from the top down. We open the door on why CISO tenures are shrinking to 18–26 months and what that says about pressure, culture, compensation, and board-level risk literacy. From startups that stretch leaders thin to enterprises that treat security as a cost center until the breach, we map the real incentives behind the “revolving door”—and share what actually extends tenure: clear mandates, aligned executives, and measurable outcomes. Then we flip to hands-on security with a crisp CISSP Domain 5 deep dive. You’ll hear real-world IAM scenarios and how to reason through them: federated identity where users authenticate but can’t access apps (hint: attribute-to-role mapping at the service provider), RBAC implementations that quietly violate least privilege, and when mandatory access control beats RBAC or ABAC for classified environments. We also dissect deprovisioning gaps that leave terminated users active in SaaS platforms and outline the operational fixes—source-of-truth integration, event-driven provisioning, and reconciliation from the SaaS side. To cap it off, we tackle a red-team classic: static admin creds in scripts. The modern answer isn’t longer passwords; it’s just-in-time privilege through PAM and secret vaulting so nothing sensitive sits on disk. If you’re a senior technologist eyeing the CISO seat—or a CISO seeking sustainability—you’ll get a blueprint for aligning authority, resources, and risk. And if you’re prepping for the CISSP exam, these identity and access patterns will sharpen your instincts for both test day and production. Enjoy the conversation, and if it helps, subscribe, share it with a teammate, and leave a quick review so others can find it too. Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    23 मिनट

  4. 6 अक्टू॰

    CCT 286: Access Controls - Role Based, Rule Based and Many More Controls (Domain 5.4)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv A headline‑grabbing data leak is the wake‑up call; what you do next is the difference between panic and control. We start with concrete actions you can take today—check exposure with Have I Been Pwned, lock down your credit with freezes, turn on MFA, and keep meticulous records so you have proof when it counts. From there, we switch gears into the playbook every CISSP candidate and security leader needs: a clear path through the access control maze that actually maps to real work. We break down Discretionary Access Control (DAC) and why it’s fast but fragile, then show how non‑discretionary models keep large environments consistent. Role‑Based Access Control (RBAC) gets the spotlight with practical guidance: define roles by job function, automate approvals, prevent role explosion, and audit entitlements so inheritance doesn’t hand out surprise privileges. We separate role‑based from rule‑based—one tied to people and jobs, the other to conditions like time, location, and transaction type—using examples you can adopt immediately. For high‑assurance scenarios, we dig into Mandatory Access Control (MAC): labels, clearances, compartments, and the uncompromising policies that protect the most sensitive data. Finally, we look ahead with Attribute‑Based Access Control (ABAC), where context drives decisions in cloud and zero trust architectures. User attributes, device posture, data sensitivity, time, and geo all combine to answer the crucial question: should this subject access this object, right now? You’ll walk away with exam‑ready cues, battle‑tested pros and cons, and a mental model to pick the right approach for your team. If this helped, subscribe, share it with a teammate who keeps mixing up role‑based and rule‑based, and leave a quick review so others can find us. Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    40 मिनट

  5. 2 अक्टू॰

    CCT 285: Practice CISSP Questions - Evaluate and Apply Security Governance Principles (Domain 1.3)

    Send us a text The fastest way to lose trust is to let AI adoption outrun your governance. We open with a blunt look at AI sprawl and shadow AI—how unsanctioned tools slip past weak policies, create data exposure, and strain legacy controls—then lay out a practical path for teams that don’t have a big‑tech budget: continuous discovery via proxies or CASB‑like tools, real‑time monitoring through a trusted partner, and risk assessments that focus on business impact, not buzzwords. The goal isn’t to slow innovation; it’s to make it safe and repeatable. From there, we bring CISSP Domain 1.3 to life with five scenario‑based questions that mirror real leadership decisions. You’ll hear why federated governance outperforms heavy central mandates in multinationals, how defining risk appetite is the first step before any framework, and which metrics actually prove value to a board. We draw a clear line between due care (policies, accountability, legal alignment) and due diligence (testing, verification, audits), and we show why insurance can transfer residual risk but can never replace sound governance. We also get specific about executive communication. A new CEO wants alignment, accountability, and outcomes—not weekly patch timelines. Learn how to map security objectives to corporate strategy, prioritize by business risk, and present measurable progress that earns budget and buy‑in. If you’re preparing for the CISSP or leading a program under pressure, these principles help you think like a strategist and act with confidence. Want more? Explore the free resources and growing library at CISSP Cyber Training, and grab the 360 free CISSP practice questions. If this episode helps you think clearer about governance and AI, subscribe, share it with a teammate, and leave a quick review to help others find the show. Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    28 मिनट

  6. 29 सित॰

    CCT 284: Evaluate and Apply Security Governance Principles (Domain 1.3)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Security governance represents one of the most misunderstood yet critical components of any cybersecurity program. As we explore Domain 1.3 of the CISSP exam, we unpack how proper governance creates accountability and structure that protects both your organization and your career. We begin with a startling real-world example: the "Red November" campaign, where Chinese state-sponsored hackers exploited vulnerable internet-facing appliances and VPNs across defense, aerospace, and government sectors for a full year. This sophisticated operation highlights why casual approaches to security governance leave organizations exposed to devastating attacks. Security governance isn't merely a theoretical concept – it's a practical framework that defines who's responsible for what across your security landscape. We break down the crucial roles every organization must establish: from Senior Managers who hold ultimate responsibility, to Data Owners who classify information, to Data Custodians who implement protections, and the often-overlooked role of Auditors who verify everything works as intended. Understanding these distinctions protects security professionals from becoming scapegoats when incidents occur. The real value emerges when we examine how security control frameworks like NIST CSF, ISO 27001, and CRI provide structured approaches to managing risk. These aren't one-size-fits-all solutions, but rather customizable blueprints that help you systematically identify, implement, and monitor security measures appropriate to your specific needs. Framework mapping allows you to align multiple requirements efficiently, making compliance less burdensome and more effective. Finally, we demystify the concepts of due care and due diligence – the practical actions that demonstrate you've taken reasonable steps to protect your organization. These aren't just legal defenses; they're the fundamental building blocks of a mature security program that aligns with business objectives while meaningfully reducing risk. Whether you're preparing for the CISSP exam or building a more robust security program, this episode provides the practical knowledge you need to implement effective security governance that executives will support and auditors will approve. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    43 मिनट

  7. 25 सित॰

    CCT 283: Practice CISSP Questions - Security Controls for Developers (Domain 8.3)

    Send us a text Dive into the critical world of software development security with Sean Gerber as he tackles Domain 8.3 in this knowledge-packed CISSP Question Thursday episode. We examine fifteen challenging questions that address the security controls essential for protecting code throughout the development lifecycle. Discover why static application security testing integrated directly into your CICD pipeline stands as the gold standard for catching vulnerabilities early, and why developer arguments about "unlikely" buffer overflow exploits should never persuade you to leave vulnerabilities unaddressed. The podcast breaks down the crucial difference between partial mitigations and proper vulnerability elimination, providing you with the decision-making framework you'll need both for the CISSP exam and real-world security leadership. The episode doesn't shy away from controversial topics, including the persistent myth of "security through obscurity" and why it fails as a protection strategy. You'll learn why security code reviews by senior developers remain irreplaceable for identifying business logic vulnerabilities, while generic security checklists prove ineffective against sophisticated threats. For those working with cloud platforms, open-source libraries, or outsourced development, Sean offers targeted guidance on the controls that matter most in each scenario. Beyond the technical content, Sean shares his passion for helping adoptive families through the nonprofit initiative supported by purchases at CISSPCyberTraining.com. Every training package purchased contributes to providing grants and low-interest loans to families looking to adopt children who need loving homes. Ready to strengthen your understanding of software security while preparing for your CISSP certification? This episode delivers actionable insights, exam-ready knowledge, and the confidence to tackle Domain 8.3 questions with expertise. Listen now and take another step toward mastering the crucial intersection of development and security that today's organizations desperately need. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    18 मिनट

  8. 22 सित॰

    CCT 282: CISSP Rapid Review (Domain 5)

    Send us a text Ready to master the critical domain of Identity and Access Management for your CISSP exam? This comprehensive rapid review demystifies Domain 5, which accounts for 13% of all exam questions—knowledge you absolutely cannot skip. Dive deep into the fundamentals as we explore controlling physical and logical access to assets—from information systems to facilities. Discover how properly implemented controls protect your most sensitive data through classification, encryption, and permissions. As one cybersecurity veteran wisely notes, "It's all about the data," and this episode equips you with the frameworks to protect it. The podcast meticulously unpacks identity management implementation, breaking down authentication types, session management, and credential systems. You'll grasp the differences between single-factor and multi-factor authentication and understand why accountability through proper logging and auditing is non-negotiable in today's security landscape. We explore deployment models that fit various organizational needs—from on-premise solutions offering complete control to cloud-based options providing scalability, along with the increasingly popular hybrid approach. The episode clarifies authorization mechanisms including role-based access control (RBAC), rule-based access control, mandatory access controls (MAC), and discretionary access controls (DAC)—essential knowledge for implementing proper security boundaries. Particularly valuable is our breakdown of authentication systems and protocols—OAuth, OpenID Connect, SAML, Kerberos, RADIUS, and TACACS+—demystifying their purposes and applications in real-world scenarios. Whether you're a seasoned security professional or preparing for your certification, this episode delivers the practical knowledge you need. Ready to accelerate your CISSP journey? Visit CISSPcybertraining.com for free resources including podcasts, study plans, and 360 practice questions—plus premium content with over 50 hours of focused training. This episode isn't just exam prep; it's a masterclass in identity and access management principles you'll apply throughout your cybersecurity career. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    30 मिनट
सभी देखें (292)

रेटिंग और समीक्षाएँ

4.7
5 में से
3 रेटिंग

परिचय

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

जानकारी

  • निर्माता
    Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
  • सक्रिय वर्ष
    2023 - 2025
  • एपिसोड
    292
  • रेटिंग
    श्लील
  • कॉपीराइट
    © 2025 CISSP Cyber Training Podcast - CISSP Training Program
  • कार्यक्रम की वेबसाइट
    CISSP Cyber Training Podcast - CISSP Training Program

शायद आपको ये भी पसंद आएँ