CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
  • 4.4 (31)
  • COURSES
  • UPDATED WEEKLY

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

  1. 2D AGO

    CCT 280: Mastering Identity Lifecycle Management (Domain 5.5)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv The effective management of digital identities throughout their lifecycle is perhaps the most crucial yet overlooked aspect of organizational cybersecurity. This episode dives deep into CISSP Domain 5.5, offering practical insights on building robust identity and access management (IAM) governance frameworks that protect against insider threats while streamlining compliance efforts. We begin by examining a real-world case study of how one company transformed its third-party risk management using AI-driven consolidation of security alerts, establishing clear accountability through a security champions program. This approach demonstrates how proper governance structures can turn overwhelming data into actionable intelligence. The heart of our discussion centers on the identity lifecycle – from provisioning to deprovisioning and everything between. Learn why automated account creation processes dramatically reduce security risks while improving operational efficiency. We share cautionary tales, including one where improper deprovisioning allowed an ex-employee to deploy a devastating logic bomb costing millions in damages and legal fees. Role-based access control (RBAC) emerges as a critical strategy for maintaining least privilege principles at scale. However, we warn against common pitfalls like overly complex role structures that become unmanageable or so simplified they create security gaps. The episode provides clear guidance on achieving the right balance for organizations of any size. Perhaps most importantly, we expose the hidden dangers of service accounts – those often-forgotten credentials with extensive privileges that rarely change and receive minimal monitoring. These accounts represent prime targets for attackers seeking to escalate privileges, yet many organizations fail to properly secure them. Whether you're studying for the CISSP exam or implementing IAM best practices in your organization, this episode delivers actionable strategies to strengthen your security posture through proper identity lifecycle management. Visit CISSPCyberTraining.com for additional resources to support your cybersecurity journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    35 min

  2. 6D AGO

    CCT 279: Practice CISSP Questions - Security Models (Domain 3.2)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Dive into the complex world of security models as we unpack Domain 3.2 of the CISSP exam in this knowledge-packed episode. We begin by examining how the generative AI boom is creating significant privacy and cybersecurity challenges for organizations worldwide. Security professionals must now navigate data ownership questions, changing terms of service, and the risks of shadow AI usage – all while developing governance strategies that balance innovation with protection. The spotlight then turns to the Chinese Wall model (Brewer-Nash), a fascinating security approach that originated in financial and legal industries. Unlike static models, this dynamic access control system creates metaphorical barriers between competing clients to prevent conflicts of interest. When a consultant accesses one company's sensitive data, they're automatically blocked from accessing a competitor's information – a concept every CISSP candidate needs to understand thoroughly. The heart of the episode features five challenging practice questions that explore critical security models: Bell-LaPadula's simple security property for preventing unauthorized access to classified information; Clark-Wilson's transaction integrity controls for financial systems; Brewer-Nash for managing consultant access to competing clients; the Non-Interference model for preventing covert channel leaks; and the Take-Grant model for controlling rights distribution. Each question comes with detailed explanations that clarify these concepts in practical, real-world contexts. Whether you're preparing for the CISSP exam or expanding your cybersecurity knowledge, this episode provides valuable insights into how different security models address specific protection requirements. Ready to strengthen your understanding of these essential security frameworks? Visit CISSP Cyber Training for 360 free practice questions and additional resources to support your certification journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    19 min

  3. SEP 8

    CCT 278: Security Models Demystified - CISSP Domain 3.2

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Security models can be one of the most challenging concepts for CISSP candidates to grasp, yet they form the bedrock of how we implement and understand security controls. In this comprehensive episode, we break down Domain 3.2's security models in plain, accessible language with real-world examples that will finally make these abstract concepts click. We start with an analysis of the recent TransUnion data breach affecting 4.4 million individuals, using it as a practical reminder of why proper security architecture matters. This breach, occurring through a third-party application, perfectly illustrates the dangers when security models aren't properly implemented. The episode then demystifies the Trusted Computing Base (TCB), explaining its role as the foundation of creating secure code. We explore key components including the Security Kernel, Reference Monitor, Trusted Path, and TCB Boundary, translating these complex concepts into understandable terms. The heart of the episode focuses on the "Big Eight" security models you need to know for the CISSP exam. From Bell-LaPadula's "no read up, no write down" confidentiality focus to Biba's integrity-centered approach, we provide clear explanations and memorable scenarios for each model. You'll learn how Clark-Wilson enforces business integrity through separation of duties, how Brewer-Nash prevents conflicts of interest, and how the remaining models address specific security concerns. Rather than simply memorizing names and concepts, this episode gives you a framework for understanding each model's purpose, category (confidentiality, integrity, information flow, or access), and practical application. We conclude with exam preparation tips, highlighting which models deserve the most attention during your studies. Whether you're preparing for the CISSP exam or simply want to deepen your cybersecurity knowledge, this episode transforms abstract security models into practical tools you can apply to real-world security challenges. Visit CISSPCyberTraining.com for free questions and additional resources to support your certification journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    32 min

  4. SEP 4

    CCT 277: Practice CISSP Questions - Data Security Controls (Domain 2.6)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Dive into the multifaceted world of data security controls with Sean Gerber as he unpacks CISSP Domain 2.6. The episode opens with a fascinating glimpse into the creative ingenuity of technology users—a student who managed to hack a TI-84 calculator to access ChatGPT during exams. This real-world example perfectly illustrates why robust data security controls are more crucial than ever in our interconnected world. Sean meticulously breaks down the three fundamental data states—data at rest, data in transit, and data in use—providing clear explanations of the unique protection mechanisms each requires. You'll discover why data is rarely truly "at rest" unless completely powered off and disconnected, and why this understanding is vital for comprehensive protection strategies. The discussion extends to emerging technologies like homomorphic encryption, which promises to keep data encrypted throughout all states, though it's still evolving. The heart of effective data protection lies in classification and labeling, and Sean offers practical advice on implementing these systems. Starting small with clearly defined data sets, standardizing nomenclature, and utilizing visual cues like color-coding are just a few of the actionable strategies shared. You'll gain insights into Digital Rights Management (DRM), Data Loss Prevention (DLP), and Cloud Access Security Brokers (CASBs)—three critical components of a comprehensive data security framework. Perhaps most valuable is Sean's emphasis on understanding organizational risk tolerance. As he eloquently puts it, "If you don't know the risk for your company, find out somebody who does." This perspective shift from pure protection to risk-aligned security can transform how security professionals approach their role and communicate with leadership. Whether you're studying for the CISSP exam or looking to enhance your organization's data protection strategy, this episode delivers practical wisdom drawn from real-world experience. Visit CISSP Cyber Training for additional resources, and remember—understanding data security isn't just about passing an exam; it's about becoming a more effective guardian of your organization's most valuable assets. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    36 min

  5. SEP 1

    CCT 276: Data Lifecycle and the CISSP (Domain 2.4)

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv From insecure code causing breaches to proper data destruction, this episode dives deep into the critical world of data lifecycle management—a cornerstone of the CISSP certification and modern cybersecurity practice. A shocking 74% of organizations have experienced security incidents from insecure code, highlighting why proper data management matters more than ever. Whether you're preparing for the CISSP exam or strengthening your organization's security posture, understanding who's responsible for what is essential. We break down the sometimes confusing differences between data owners (who bear legal liability), data custodians (handling day-to-day operations), data controllers (determining what gets processed and how), and data processors (who handle the actual processing). The stakes couldn't be higher. With GDPR violations potentially costing organizations up to 4% of global annual revenue, misunderstanding these roles can lead to catastrophic financial consequences. We explore the eight principles driving transborder data flows and why understanding your data's journey matters for compliance and security. When it comes to data destruction, I share practical wisdom about what really works. While methods like degaussing and various overwriting techniques exist, I explain why physical destruction (the "jaws of death" approach) often makes the most practical and economic sense in today's world of inexpensive storage media. Throughout the episode, I provide real-world examples from my decades of experience as a CISO and security professional. Whether you're dealing with classified information requiring specialized handling or simply trying to implement sensible data governance in a commercial environment, these principles will help protect your organization's most valuable asset—its information. Ready to continue your cybersecurity journey? Visit CISSP Cyber Training for free resources, sign up for my email list, or check out my YouTube channel for additional content to help you pass the CISSP exam the first time. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    47 min

  6. AUG 28

    CCT 275: CISSP Rapid Review (Domain 4) - Part 2

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv The digital world has opened up unprecedented opportunities for scammers, and seniors have become prime targets. In this alarming and informative episode, we dive deep into the FBI's recent warning about AI-driven "Phantom Hacker" scams that have already stolen over a billion dollars from American seniors through sophisticated three-stage attacks. What makes these scams particularly devastating is the deployment of AI voice cloning technology. With just a small sample of someone's speech, scammers can create perfect voice replicas that sound exactly like trusted family members or financial advisors. This technology has advanced to the point where distinguishing between real and AI-generated voices is nearly impossible for most people. As cybersecurity professionals, we have a responsibility to protect vulnerable populations through education and clear verification protocols. The episode transitions into a comprehensive review of CISSP Domain 4, covering essential communication and network security concepts. We explore voice communications security for both traditional telephone networks and modern VoIP systems, email security protocols including SPF, DKIM, and DMARC, and remote access considerations with VPNs. The discussion covers critical decisions between split and full tunneling, network address translation complexities, and third-party risk management through formal agreements and vendor assessments. Whether you're preparing for the CISSP exam or looking to strengthen your organization's communication security posture, this episode provides actionable insights on protecting against today's most sophisticated threats. The convergence of AI technology with traditional social engineering tactics demands a new approach to security awareness and technical controls—one that acknowledges voice is no longer a reliable authentication factor on its own. Ready to continue your CISSP journey? Visit CISSPCyberTraining.com for free resources including practice questions, rapid review videos, and a comprehensive study plan designed to help you pass the exam on your first attempt. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    33 min

  7. AUG 25

    CCT 274: CISSP Rapid Review (Domain 4) - Part 1

    Send us a text Check us out at:  https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv Network security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions. The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent. Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture. Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities." Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities. Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    28 min

  8. AUG 21

    CCT 273: Mastering CISSP Exam Questions - Five Challenging Scenarios

    Send us a text Check us out at:  https://www.cisspcybertraining.com  Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv A catastrophic data loss incident involving South Yorkshire Police serves as a powerful security lesson in today's episode. We examine how 96,174 pieces of body-worn video evidence vanished during an IT upgrade, affecting 126 criminal cases. This real-world security failure highlights the critical importance of proper data management, backups, and third-party oversight—fundamental concepts that directly apply to your CISSP exam preparation. The heart of this episode tackles five challenging CISSP exam questions spanning multiple security domains. We methodically work through complex scenarios involving encryption algorithm selection, mitigating Single Sign-On risks in healthcare environments, containing Advanced Persistent Threats, addressing cross-border data protection compliance, and handling SQL injection vulnerabilities in government applications. For each question, I break down the critical thinking process that helps you eliminate incorrect answers and identify the best solution. You'll understand why AES-256 balances security and performance for financial data, how multi-factor authentication strengthens SSO implementations, when network segmentation becomes crucial for APT containment, why Data Loss Prevention systems address insider threats, and the importance of parameterized queries in secure software development. This episode demonstrates how to approach scenario-based questions methodically, turning what seems overwhelming into manageable decision points. By breaking down complex questions step-by-step, you dramatically improve your chances of success on the CISSP exam while building practical security knowledge that translates directly to real-world challenges. Visit CISSP Cyber Training for more resources, including 360 free practice questions to accelerate your certification journey. Remember, a methodical approach to security problems is your path to passing the CISSP exam the first time. Support the show Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

    26 min
See All (283)

4.4
out of 5
31 Ratings

About

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

Information

You Might Also Like