CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
  • 0.0 (0)
  • COURSES
  • UPDATED WEEKLY

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

  1. 3 DAYS AGO

    CCT 311: Practice CISSP Questions and AI In The SOC (Domain 3)

    Send us a text Ready to turn CISSP Domain 3.5 into practical moves you can deploy on Monday? We unpack how real SOC teams apply microsegmentation, identity-aware controls, and targeted inspection to crush lateral movement without dragging performance. Along the way, we demystify AI’s role: where detection engineering benefits from crisp use cases, how Tier 1 triage speeds up, and why models still need human oversight and rigorous validation to stay trustworthy. We also step through common network design traps that drain budgets and weaken defenses. VLAN sprawl looks tidy on paper but collapses under hybrid cloud dynamics. Central chokepoints promise control yet introduce latency and single failure domains. The smarter path is selective inline inspection where risk is highest, strong encryption everywhere else, and host-based enforcement that understands identity and context after decryption. If you’ve been tempted to collapse controls into one “do-everything” appliance, we lay out the hidden cost: a fragile core that turns into a single point of failure when you need it most. To ground the theory, we walk through scenario-style questions that mirror real decisions security leaders face: stopping east-west movement, balancing HA with inspection, drawing zero trust boundaries that don’t assume implicit trust, and enforcing policy on encrypted traffic. You’ll leave with patterns you can adapt immediately: start small, define use cases, validate outputs like code, and iterate with tight feedback loops. Whether you run a SOC, partner with an MSP, or are targeting a first-time CISSP pass, this conversation gives you a clear map from concept to control. If this helped, follow the show, share it with a teammate, and leave a quick review so others can find it too. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    29 min

  2. 6 DAYS AGO

    CCT 310: Wi-Fi Hopping And Database Defense - CISSP Training

    Send us a text A neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems. We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You’ll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties. Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one. If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you’ll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    44 min

  3. 25/12/2025

    CCT 309: Practice CISSP Questions and React-To-Shell (Domain 7.6)

    Send us a text One unauthenticated request should not be all it takes to compromise your app—but with React-To-Shell, that’s the reality many teams are facing. We unpack what this vulnerability hits across React server components and Next.js app router setups, why default configs can be enough to fall, and how active threat actors are already abusing it. From construction to entertainment to cloud-native platforms, the exposure is broad, the proofs are reliable and the window for safe procrastination has closed. We share a clear action plan: upgrade affected versions now, rotate secrets that touch your React servers, and turn on relevant WAF protections from providers like Cloudflare and Microsoft. Then we widen the lens to the bigger lesson: security testing that looks mature on paper can still miss API edges and misconfigurations for months. You’ll hear why credentialed vulnerability scans with passive monitoring are the lowest-impact way to surface issues in production, how “medium” findings can chain into critical compromise, and when external assessors deliver the most value for resilience rather than routine compliance. To make testing count without breaking customer-facing services, we walk through purple teaming—pairing red team attacks with blue team collaboration—to validate both technical controls and security awareness. We cover scoping rules that prevent disruption, scenarios that mirror current tradecraft, and practical CISSP takeaways for domain coverage on assessments, software security and third-party risk. If your web stack touches React, or your program relies on scans and annual pen tests alone, this is your checklist and your nudge to act. If this helped you prioritize what to fix first, subscribe, share with a teammate and leave a quick review—it helps more security folks find us and harden faster. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    28 min

  4. 22/12/2025

    CCT 308: Scripted Sparrow BEC and CISSP Incident Response - Domain 7.6

    Send us a text A single convincing email can move real money. We break down how Scripted Sparrow and other BEC crews spoof reply chains, impersonate trusted service providers, and slip under approval thresholds to nudge finance teams into wiring funds. The threat isn’t flashy malware; it’s pressure, process gaps, and the illusion of internal approval. We talk through the red flags that matter, from sudden vendor banking changes to realistic W9 attachments and urgent payment timelines, and then lay out the safeguards that stop these scams cold. From there, we zoom out to the full incident management lifecycle and make it practical. You’ll hear how we define an incident by its impact on confidentiality, integrity, and availability, and why that clarity speeds action. We map the steps—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—and explain what they look like in a real company: one-click phishing reporting for employees, prepared legal statements for regulators, isolation choices that protect revenue, and documentation habits that pay off when auditors and insurers start asking questions. We also get honest about today’s attack surface. Cloud sharing, APIs, and over-permissive identities push sensitive data to the edge, making containment harder if an attacker lands. Expect persistence: backdoors, credential reuse, and lateral movement thrive when local admin rights and flat networks remain. The antidote is a blend of stronger finance workflows, pre-briefed legal and communications teams, and regular tabletop drills that involve everyone who touches money, systems, or messaging. If you’re serious about preventing wire fraud and surviving security incidents with your business intact, this conversation gives you a focused plan you can adopt today. Subscribe, share with your finance and HR leaders, and leave a review with the one control you’ll implement first. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    47 min

  5. 18/12/2025

    CCT 307: Practice CISSP Questions - Security Policies and Procedures

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Headlines say the talent shortage is easing, yet nearly half of UK businesses still lack basic cyber skills. That disconnect sets the stage for a frank, practical tour through what actually reduces risk—no buzzwords required. We open with real takeaways from the UK’s international cyber skills initiatives and move quickly to the daily decisions that shape resilience: encryption in the cloud, least privilege by default, and how to keep role-based access control from collapsing under credential creep. We make the identity layer tangible. Single sign-on can simplify life and lower password reuse, but it also centralizes risk. We share how to counterbalance SSO with MFA, conditional access, and strong monitoring. Cloud-based IAM accelerates deployment and gives flexibility, yet brings ongoing costs and integration challenges with legacy systems; outsourcing introduces a loss of control that must be offset by airtight requirements, auditability, and vendor transparency. Phishing remains the most reliable social engineering vector, so security awareness training isn’t optional—it’s the routine that turns policy into behavior. Zero trust becomes manageable when you stop treating it like a switch and start treating it like a program. We outline a phased path: define protect surfaces, segment by sensitivity, apply continuous verification where the impact is highest, and expand deliberately. Vendor access deserves the same precision: NDAs for legal guardrails, least privilege for scope, monitoring for assurance, and scheduled reviews to remove stale permissions. Along the way, we talk mentorship, pro bono work, and competitions as concrete ways to grow talent while delivering real security outcomes. We also road-test your knowledge with a focused Domain 1.9 CISSP question set, reinforcing the core ideas with scenario-based reasoning. If you’re preparing for the CISSP or leading a security program, you’ll walk away with a clear playbook: encrypt by default, minimize access, verify continuously, and measure what matters. If this resonates, subscribe, share with a teammate, and leave a review so others can find the show. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    20 min

  6. 15/12/2025

    CCT 306: CISSP Domain 1.5: Understanding Legal, Regulatory, and Compliance Requirements

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv What happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren’t just IT issues—they’re revenue issues—so we map exactly how to build alignment before a crisis hits. We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don’t read them with counsel. Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR’s 72-hour notification, China’s PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting. If you’re studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we’ll tackle it next. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    52 min

  7. 11/12/2025

    CCT 305: Practice CISSP Questions - Chrome Zero Days And Domain Eight Deep Dive

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Headlines about eight Chrome zero days aren’t just noise—they’re a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You’ll get a focused checklist that’s quick to run and easy to defend to leadership. From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship. Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm. If you’re preparing for the CISSP or leading an engineering team, you’ll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    20 min

  8. 08/12/2025

    CCT 304: Software Development Security (CISSP Domain 8)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv A single malicious insider flipped Disney menus to Wingdings and tampered with allergy labels—proof that weak offboarding and sloppy access can turn small privileges into big threats. We take that lesson and translate it into a practical roadmap for secure software: clear requirements, security controls in design, disciplined code reviews, honest UAT, and change management that prevents chaos and rollback roulette. From there, we compare the major development models through a security lens. Waterfall shines when predictability and compliance evidence are non‑negotiable, with strong documentation and defined testing phases. Spiral brings a risk-first mindset, iterating through planning, analysis, engineering, and evaluation so teams can learn early and pivot with purpose. Agile and DevSecOps embed security into user stories, definition of done, and sprint reviews, using short cycles, prioritized backlogs, and continuous testing to catch vulnerabilities before they calcify into technical debt. We also put structure around improvement. The Capability Maturity Model shows how to move from ad hoc heroics to standardized, measurable, and optimized practices that satisfy auditors and reduce incidents. The IDEAL model guides change itself—initiate with sponsorship, diagnose gaps, establish plans and metrics, act through implementation and training, and learn via feedback and retrospectives—so security improvements stick. Throughout, we share practical tips: how to weigh security controls against usability, why executive support unlocks real progress, and how to choose the right lifecycle for your risk, regulation, and release cadence. If you’re preparing for the CISSP or leading teams that ship software, this is your playbook for building security into every step without slowing down what matters. Enjoyed the conversation? Subscribe, share with a teammate, and leave a review with your biggest SDLC win—or your most painful lesson. Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    45 min
See All (314)

About

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

Information

You Might Also Like