CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
  • 0.0 (0)
  • COURSES
  • UPDATED WEEKLY

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

  1. 1 DAY AGO

    CCT 285: Practice CISSP Questions - Evaluate and Apply Security Governance Principles (Domain 1.3)

    Send us a text The fastest way to lose trust is to let AI adoption outrun your governance. We open with a blunt look at AI sprawl and shadow AI—how unsanctioned tools slip past weak policies, create data exposure, and strain legacy controls—then lay out a practical path for teams that don’t have a big‑tech budget: continuous discovery via proxies or CASB‑like tools, real‑time monitoring through a trusted partner, and risk assessments that focus on business impact, not buzzwords. The goal isn’t to slow innovation; it’s to make it safe and repeatable. From there, we bring CISSP Domain 1.3 to life with five scenario‑based questions that mirror real leadership decisions. You’ll hear why federated governance outperforms heavy central mandates in multinationals, how defining risk appetite is the first step before any framework, and which metrics actually prove value to a board. We draw a clear line between due care (policies, accountability, legal alignment) and due diligence (testing, verification, audits), and we show why insurance can transfer residual risk but can never replace sound governance. We also get specific about executive communication. A new CEO wants alignment, accountability, and outcomes—not weekly patch timelines. Learn how to map security objectives to corporate strategy, prioritize by business risk, and present measurable progress that earns budget and buy‑in. If you’re preparing for the CISSP or leading a program under pressure, these principles help you think like a strategist and act with confidence. Want more? Explore the free resources and growing library at CISSP Cyber Training, and grab the 360 free CISSP practice questions. If this episode helps you think clearer about governance and AI, subscribe, share it with a teammate, and leave a quick review to help others find the show. Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    28 min

  2. 4 DAYS AGO

    CCT 284: Evaluate and Apply Security Governance Principles (Domain 1.3)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Security governance represents one of the most misunderstood yet critical components of any cybersecurity program. As we explore Domain 1.3 of the CISSP exam, we unpack how proper governance creates accountability and structure that protects both your organization and your career. We begin with a startling real-world example: the "Red November" campaign, where Chinese state-sponsored hackers exploited vulnerable internet-facing appliances and VPNs across defense, aerospace, and government sectors for a full year. This sophisticated operation highlights why casual approaches to security governance leave organizations exposed to devastating attacks. Security governance isn't merely a theoretical concept – it's a practical framework that defines who's responsible for what across your security landscape. We break down the crucial roles every organization must establish: from Senior Managers who hold ultimate responsibility, to Data Owners who classify information, to Data Custodians who implement protections, and the often-overlooked role of Auditors who verify everything works as intended. Understanding these distinctions protects security professionals from becoming scapegoats when incidents occur. The real value emerges when we examine how security control frameworks like NIST CSF, ISO 27001, and CRI provide structured approaches to managing risk. These aren't one-size-fits-all solutions, but rather customizable blueprints that help you systematically identify, implement, and monitor security measures appropriate to your specific needs. Framework mapping allows you to align multiple requirements efficiently, making compliance less burdensome and more effective. Finally, we demystify the concepts of due care and due diligence – the practical actions that demonstrate you've taken reasonable steps to protect your organization. These aren't just legal defenses; they're the fundamental building blocks of a mature security program that aligns with business objectives while meaningfully reducing risk. Whether you're preparing for the CISSP exam or building a more robust security program, this episode provides the practical knowledge you need to implement effective security governance that executives will support and auditors will approve. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    43 min

  3. 25 SEPT

    CCT 283: Practice CISSP Questions - Security Controls for Developers (Domain 8.3)

    Send us a text Dive into the critical world of software development security with Sean Gerber as he tackles Domain 8.3 in this knowledge-packed CISSP Question Thursday episode. We examine fifteen challenging questions that address the security controls essential for protecting code throughout the development lifecycle. Discover why static application security testing integrated directly into your CICD pipeline stands as the gold standard for catching vulnerabilities early, and why developer arguments about "unlikely" buffer overflow exploits should never persuade you to leave vulnerabilities unaddressed. The podcast breaks down the crucial difference between partial mitigations and proper vulnerability elimination, providing you with the decision-making framework you'll need both for the CISSP exam and real-world security leadership. The episode doesn't shy away from controversial topics, including the persistent myth of "security through obscurity" and why it fails as a protection strategy. You'll learn why security code reviews by senior developers remain irreplaceable for identifying business logic vulnerabilities, while generic security checklists prove ineffective against sophisticated threats. For those working with cloud platforms, open-source libraries, or outsourced development, Sean offers targeted guidance on the controls that matter most in each scenario. Beyond the technical content, Sean shares his passion for helping adoptive families through the nonprofit initiative supported by purchases at CISSPCyberTraining.com. Every training package purchased contributes to providing grants and low-interest loans to families looking to adopt children who need loving homes. Ready to strengthen your understanding of software security while preparing for your CISSP certification? This episode delivers actionable insights, exam-ready knowledge, and the confidence to tackle Domain 8.3 questions with expertise. Listen now and take another step toward mastering the crucial intersection of development and security that today's organizations desperately need. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    18 min

  4. 22 SEPT

    CCT 282: CISSP Rapid Review (Domain 5)

    Send us a text Ready to master the critical domain of Identity and Access Management for your CISSP exam? This comprehensive rapid review demystifies Domain 5, which accounts for 13% of all exam questions—knowledge you absolutely cannot skip. Dive deep into the fundamentals as we explore controlling physical and logical access to assets—from information systems to facilities. Discover how properly implemented controls protect your most sensitive data through classification, encryption, and permissions. As one cybersecurity veteran wisely notes, "It's all about the data," and this episode equips you with the frameworks to protect it. The podcast meticulously unpacks identity management implementation, breaking down authentication types, session management, and credential systems. You'll grasp the differences between single-factor and multi-factor authentication and understand why accountability through proper logging and auditing is non-negotiable in today's security landscape. We explore deployment models that fit various organizational needs—from on-premise solutions offering complete control to cloud-based options providing scalability, along with the increasingly popular hybrid approach. The episode clarifies authorization mechanisms including role-based access control (RBAC), rule-based access control, mandatory access controls (MAC), and discretionary access controls (DAC)—essential knowledge for implementing proper security boundaries. Particularly valuable is our breakdown of authentication systems and protocols—OAuth, OpenID Connect, SAML, Kerberos, RADIUS, and TACACS+—demystifying their purposes and applications in real-world scenarios. Whether you're a seasoned security professional or preparing for your certification, this episode delivers the practical knowledge you need. Ready to accelerate your CISSP journey? Visit CISSPcybertraining.com for free resources including podcasts, study plans, and 360 practice questions—plus premium content with over 50 hours of focused training. This episode isn't just exam prep; it's a masterclass in identity and access management principles you'll apply throughout your cybersecurity career. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    30 min

  5. 18 SEPT

    CCT 281: Practice CISSP Questions - Deep Dive - Identity and Access Provisioning Lifecycle (Domain 5.5)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv The cybersecurity landscape is evolving rapidly with AI development creating unprecedented challenges for organizations, security professionals, and insurance providers alike. How do we manage these emerging risks while maintaining fundamental security governance principles? Sean Gerber tackles this question head-on by examining why liability insurance alone won't solve the AI security equation. Drawing from a fascinating Lawfare article, he unpacks how cyber insurance has failed to drive meaningful security improvements due to poor data collection, shallow assessments, and inadequate risk measurement. As AI systems increasingly generate their own code, determining liability becomes extraordinarily complex. Insurance companies may soon require more rigorous security evaluations before providing coverage for AI implementations, placing additional burden on businesses to demonstrate robust security practices. Moving from theory to practice, Sean delivers five deep-dive questions on CISSP Domain 5.5 that demonstrate how security professionals must "think like managers" rather than just memorizing answers. Each scenario—from dealing with orphaned accounts after mergers to implementing role-based access controls in healthcare—illustrates the critical importance of governance, proper access management, and security process improvement. The questions challenge listeners to move beyond tactical thinking and embrace strategic security management approaches that balance business needs with risk mitigation. The episode also unveils Sean's upcoming 7-day and 14-day CISSP bootcamp blueprints—intensive training plans designed for candidates who need to prepare efficiently without spending thousands on traditional bootcamps. These structured approaches provide a cost-effective alternative while still covering the comprehensive knowledge required to pass the challenging CISSP exam. Ready to strengthen your CISSP preparation? Visit CISSPCyberTraining.com for free practice questions, video content, and specialized training materials designed to help you pass the exam on your first attempt. The combination of conceptual understanding and practical application demonstrated in this episode is exactly what distinguishes successful CISSP candidates from those who merely memorize practice tests. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    23 min

  6. 15 SEPT

    CCT 280: Mastering Identity Lifecycle Management (Domain 5.5)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv The effective management of digital identities throughout their lifecycle is perhaps the most crucial yet overlooked aspect of organizational cybersecurity. This episode dives deep into CISSP Domain 5.5, offering practical insights on building robust identity and access management (IAM) governance frameworks that protect against insider threats while streamlining compliance efforts. We begin by examining a real-world case study of how one company transformed its third-party risk management using AI-driven consolidation of security alerts, establishing clear accountability through a security champions program. This approach demonstrates how proper governance structures can turn overwhelming data into actionable intelligence. The heart of our discussion centers on the identity lifecycle – from provisioning to deprovisioning and everything between. Learn why automated account creation processes dramatically reduce security risks while improving operational efficiency. We share cautionary tales, including one where improper deprovisioning allowed an ex-employee to deploy a devastating logic bomb costing millions in damages and legal fees. Role-based access control (RBAC) emerges as a critical strategy for maintaining least privilege principles at scale. However, we warn against common pitfalls like overly complex role structures that become unmanageable or so simplified they create security gaps. The episode provides clear guidance on achieving the right balance for organizations of any size. Perhaps most importantly, we expose the hidden dangers of service accounts – those often-forgotten credentials with extensive privileges that rarely change and receive minimal monitoring. These accounts represent prime targets for attackers seeking to escalate privileges, yet many organizations fail to properly secure them. Whether you're studying for the CISSP exam or implementing IAM best practices in your organization, this episode delivers actionable strategies to strengthen your security posture through proper identity lifecycle management. Visit CISSPCyberTraining.com for additional resources to support your cybersecurity journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    35 min

  7. 11 SEPT

    CCT 279: Practice CISSP Questions - Security Models (Domain 3.2)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Dive into the complex world of security models as we unpack Domain 3.2 of the CISSP exam in this knowledge-packed episode. We begin by examining how the generative AI boom is creating significant privacy and cybersecurity challenges for organizations worldwide. Security professionals must now navigate data ownership questions, changing terms of service, and the risks of shadow AI usage – all while developing governance strategies that balance innovation with protection. The spotlight then turns to the Chinese Wall model (Brewer-Nash), a fascinating security approach that originated in financial and legal industries. Unlike static models, this dynamic access control system creates metaphorical barriers between competing clients to prevent conflicts of interest. When a consultant accesses one company's sensitive data, they're automatically blocked from accessing a competitor's information – a concept every CISSP candidate needs to understand thoroughly. The heart of the episode features five challenging practice questions that explore critical security models: Bell-LaPadula's simple security property for preventing unauthorized access to classified information; Clark-Wilson's transaction integrity controls for financial systems; Brewer-Nash for managing consultant access to competing clients; the Non-Interference model for preventing covert channel leaks; and the Take-Grant model for controlling rights distribution. Each question comes with detailed explanations that clarify these concepts in practical, real-world contexts. Whether you're preparing for the CISSP exam or expanding your cybersecurity knowledge, this episode provides valuable insights into how different security models address specific protection requirements. Ready to strengthen your understanding of these essential security frameworks? Visit CISSP Cyber Training for 360 free practice questions and additional resources to support your certification journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    19 min

  8. 8 SEPT

    CCT 278: Security Models Demystified - CISSP Domain 3.2

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Security models can be one of the most challenging concepts for CISSP candidates to grasp, yet they form the bedrock of how we implement and understand security controls. In this comprehensive episode, we break down Domain 3.2's security models in plain, accessible language with real-world examples that will finally make these abstract concepts click. We start with an analysis of the recent TransUnion data breach affecting 4.4 million individuals, using it as a practical reminder of why proper security architecture matters. This breach, occurring through a third-party application, perfectly illustrates the dangers when security models aren't properly implemented. The episode then demystifies the Trusted Computing Base (TCB), explaining its role as the foundation of creating secure code. We explore key components including the Security Kernel, Reference Monitor, Trusted Path, and TCB Boundary, translating these complex concepts into understandable terms. The heart of the episode focuses on the "Big Eight" security models you need to know for the CISSP exam. From Bell-LaPadula's "no read up, no write down" confidentiality focus to Biba's integrity-centered approach, we provide clear explanations and memorable scenarios for each model. You'll learn how Clark-Wilson enforces business integrity through separation of duties, how Brewer-Nash prevents conflicts of interest, and how the remaining models address specific security concerns. Rather than simply memorizing names and concepts, this episode gives you a framework for understanding each model's purpose, category (confidentiality, integrity, information flow, or access), and practical application. We conclude with exam preparation tips, highlighting which models deserve the most attention during your studies. Whether you're preparing for the CISSP exam or simply want to deepen your cybersecurity knowledge, this episode transforms abstract security models into practical tools you can apply to real-world security challenges. Visit CISSPCyberTraining.com for free questions and additional resources to support your certification journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    32 min
See All (288)

About

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

Information

You Might Also Like