Send us a textThe cybersecurity landscape grows more complex each day, especially when it comes to protecting critical infrastructure. In this essential episode of the CISSP Cyber Training Podcast, Sean Gerber breaks down Domain 2 of the CISSP certification - a vital area representing approximately 10% of the exam questions that every security professional must master.Sean begins with a timely discussion of the recently discovered Honeywell Experion PKS vulnerability that could allow remote manipulation of industrial processes. This real-world example perfectly illustrates why understanding industrial control security is crucial across all sectors - from energy and water treatment to manufacturing and healthcare. The vulnerability serves as a sobering reminder that patching isn't always straightforward in environments that operate 24/7/365.Diving into Domain 2.1, Sean meticulously explains data classification fundamentals - how sensitivity levels are assigned based on business value, regulatory requirements, and potential compromise impact. He walks through the relationship between classification levels (public through highly confidential) and corresponding handling procedures. The podcast builds logically through ownership concepts, introducing essential roles like data owners, custodians, stewards, and asset owners.Perhaps most valuable is Sean's practical exploration of asset inventory management. Drawing from his extensive experience, he shares surprising stories of servers found in bathroom closets and emphasizes why knowing your asset locations isn't just good practice - it's essential for incident response and vulnerability management.The episode thoroughly covers the complete data lifecycle from collection through destruction. Sean explains data minimization principles, location considerations for sovereignty compliance, maintenance requirements, and proper destruction techniques. His discussion of data remnants highlights why simply deleting files is never sufficient for sensitive information.Sean wraps up with crucial insights on end-of-life system management and data protection technologies including encryption, DRM, DLP, and Cloud Access Security Brokers. His rapid review approach efficiently condenses critical knowledge while maintaining depth where it matters most.Whether you're preparing for the CISSP exam or seeking to strengthen your security program, this episode delivers actionable knowledge you can immediately apply. Visit CISSP Cyber Training for free study resources and take the next step in your cybersecurity journey today!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
--------
41:20
--------
41:20
CCT 267: Practice CISSP Questions - Security Assessments, Account Management and Backup Verification (Domain 6.3)
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvSecuring SaaS environments and mastering security assessment techniques are critical skills for today's cybersecurity professionals. This episode delivers a powerful examination of Domain 6.3 of the CISSP certification, focusing on security testing methodologies that can make or break your organization's defensive posture.Sean Gerber begins with a startling statistic: 96.7% of organizations now use at least one SaaS application, yet many fail to properly secure these cloud-based services. When you migrate from on-premises solutions to SaaS offerings, your sensitive data moves from environments protected by your security infrastructure to those secured by third parties. This fundamental shift demands rigorous risk assessment processes. Sean provides practical guidance on evaluating SaaS providers, emphasizing critical areas like data encryption practices, multi-factor authentication implementation, account access controls, and comprehensive backup strategies.The heart of this episode explores essential testing methodologies every security professional should master. Black box testing techniques like penetration testing simulate real-world attacks without prior knowledge of system internals. Vulnerability assessments evaluate risk exposure by systematically identifying weaknesses. Dynamic analysis tests systems during operation, while code reviews catch vulnerabilities before deployment. Each approach serves a unique purpose in a comprehensive security program. Sean clarifies the crucial distinction between false positives (incorrectly identified vulnerabilities) and false negatives (missed vulnerabilities), explaining why the latter pose a significantly greater risk to organizations.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode provides the knowledge you need to implement effective security assessment strategies. Join our growing community of security professionals at CISSP Cyber Training, where you'll find additional resources to accelerate your cybersecurity journey while supporting a worthy cause – all proceeds go to a nonprofit supporting adoptive families. Take your security knowledge to the next level and make a difference!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
--------
23:22
--------
23:22
CCT 266: Collect Security Process Data (CISSP Domain 6.3)
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvA shocking cybersecurity case recently hit the headlines—a 50-year-old IT contractor sentenced to over 8 years in prison for acting as a mule for North Korean hackers. What makes this story particularly alarming? Companies were unknowingly shipping laptops directly to her, providing legitimate access credentials that she then shared with foreign adversaries. This case serves as a powerful reminder of why third-party risk management isn't just a compliance exercise but a critical security function.Diving into CISSP Domain 6.3, we explore the fundamental security processes that could prevent such compromises. User account lifecycle management forms the backbone of organizational security, from proper identity verification during onboarding to the principle of least privilege and role-based access controls. We examine the critical differences between disabling and deleting accounts during deprovisioning, and why service accounts deserve special attention as high-value targets for attackers.Security assessments and audits provide the verification mechanisms needed to ensure your controls are both properly designed and effectively operating. Understanding the distinction between vulnerability assessments, penetration tests, and formal audits helps you build a comprehensive evaluation strategy. We clarify the differences between SOC Type 1 and Type 2 reports when evaluating service providers, and explain why metrics must be measurable, actionable, relevant, timely, and attributional (SMARTA) to drive meaningful security improvements.Perhaps most critically, we address backup verification strategies—because discovering your backups are corrupted during a recovery situation is a career-limiting event. Through practical guidance on security training approaches, enforcement mechanisms, and measurement techniques, this episode provides both CISSP candidates and practicing security professionals with actionable insights to strengthen their security programs. Ready to transform your security posture? Listen now, then visit CISSPCyberTraining.com for more resources to accelerate your cybersecurity journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
--------
39:30
--------
39:30
CCT 265: Practice CISSP Questions - Mastering the Questions (Domain 1)
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvThe cybersecurity landscape is rapidly evolving, and AI stands at the forefront of this transformation. In this thought-provoking episode, Shon Gerber explores the projected $450 billion impact AI will have by 2028 and what this means for security professionals today.With only 2% of companies having fully deployed AI solutions and 39% not yet exploring them, we're at the beginning of a massive shift that will fundamentally change how organizations approach security. Shon provides a candid assessment of why cybersecurity roles haven't yet been automated (risk aversion) and why this protection is temporary—predicting significant changes within the next five years.For CISSP candidates, the episode delivers exceptional value through a detailed breakdown of five Domain 1 questions. Rather than simply providing correct answers, Shon dissects each question to reveal the underlying principles and reasoning. This approach helps listeners develop the critical thinking needed to succeed not just on the exam, but in real-world security scenarios.The questions cover essential security concepts including risk treatment strategies, due diligence versus due care, professional ethics, policy versus procedure distinctions, and governance structures. Each explanation includes common points of confusion and practical workplace applications, bridging the gap between exam preparation and professional practice.Perhaps most valuable is Shon advice on navigating ethical dilemmas in security consulting. His guidance on how to inform clients of regulatory violations while maintaining professional relationships demonstrates the nuanced people skills that separate truly effective security leaders from technical practitioners.Ready to future-proof your cybersecurity career while preparing for CISSP certification? This episode delivers actionable insights for both immediate exam success and long-term career viability in an AI-transformed landscape. Check out CISSPCyberTraining.com for additional resources, including 360 free practice questions to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
--------
31:47
--------
31:47
CCT 264: Control Physical and Logical Access to Assets (CISSP Domain 5.1)
Send us a textCheck us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouvLooking to strengthen your organization's defenses against unauthorized access? This episode dives deep into CISSP Domain 5.1, exploring the critical components of physical and logical access controls that protect your most valuable assets.We begin with a startling discussion about China's "Maciantool" - sophisticated software secretly deployed at security checkpoints to extract SMS messages, GPS data, and images from travelers' phones. You'll learn practical strategies for protecting executive devices during international travel, including recommendations for burner phones and proper security protocols at checkpoints.The foundation of effective access control starts with proper identity proofing and registration processes. We examine how to match verification rigor with resource sensitivity and explore the four authentication factors: something you know (passwords), something you have (tokens), something you are (biometrics), and something you do (keystroke patterns). Understanding how multi-factor authentication leverages these factors is essential for building robust security layers.From preventative controls that stop unauthorized actions before they occur to detective measures that identify incidents after the fact, we break down each access control type with real-world examples. You'll discover how physical barriers like fences and man traps work alongside compensating controls when primary measures aren't feasible, plus strategies for implementing corrective actions after security breaches occur.The principle of least privilege emerges as a central theme throughout our discussion - granting users only the minimum access necessary prevents credential creep while maintaining operational efficiency. We also emphasize the critical importance of documentation, regular testing, and effective communication channels for all access control measures.Visit CISSP Cyber Training for free resources including practice questions, study plans, and additional podcasts. Ready to advance your cybersecurity career? Check out our mentoring programs designed to help you maximize both job fulfillment and income potential.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!
About CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
Listen to CISSP Cyber Training Podcast - CISSP Training Program, Finding Freedom with Peter Crone and many other podcasts from around the world with the radio.net app
Ireland