Podcasts about cissp

How real-time security transforms ERP systems in a cloud-driven world, spotting threats instantly, leveraging AI for proactive defense, and closing common blind spots before breaches escalate. Curious about staying ahead of cyber risks?=====Mohammed Moidheen, SAP security architect at Infosys, unpacks why real-time monitoring is vital amid 2,200 daily cyber attacks costing trillions annually. He highlights blind spots like unmonitored access vulnerabilities, ignored audit logs, unsecured APIs, privileged accounts, insider threats, and poor event correlation in S/4HANA Cloud setups. AI evolves detection with predictive intelligence, automated responses, natural language queries, and cross-system pattern spotting, shifting from reactive to proactive security. Real-world cases show systems halting unusual data downloads and insider data exfiltration in minutes. Advice includes aligning with governance, prioritizing crown jewels, setting baselines, training teams, and correlating data. Infosys aids via assessments and foundational builds.Listen now and rethink what ERP can do for your organization!⁠⁠⁠⁠Download Episode Transcript⁠⁠⁠⁠Useful Links: ⁠SAP Cloud ERP⁠Infosys.comFollow Us on Social Media!SAP S/4HANA Cloud ERP: LinkedIn=====Guest: Mohammed Khan Moidheen, SAP Security Architect at Infosys ConsultingMohammed Khan Moidheen is a Senior SAP Security architect with over 12 years of experience securing and operating large scale SAP landscapes across global enterprises. His expertise spans SAP S/4HANA security, ERP platform services, DevSecOps enablement, and designing audit ready security architectures aligned with frameworks such as ISO 27001, NIST, and GDPR.Mohammed is CISSP and CISA certified and I excel at translating complex security requirements into actionable strategies that are practical , strategically aligned and strengthen organisational resilience.Host 1: Richard Howells, SAPRichard Howells has been working in the Supply Chain Management and Manufacturing space for over 30 years. He is responsible for driving the thought leadership and awareness of SAP's ERP, Finance, and Supply Chain solutions and is an active writer, podcaster, and thought leader on the topics of supply chain, Industry 4.0, digitization, and sustainability.Follow Richard Howell on ⁠⁠⁠⁠LinkedIn⁠⁠⁠⁠ and ⁠⁠⁠⁠X⁠⁠⁠⁠Host 2: Oyku Ilgar, SAPOyku Ilgar is a marketer and thought leader specializing in SAP's digital supply chain and ERP solutions since 2017. As a marketer, blogger, and podcaster, she creates engaging content that highlights innovative SAP technologies and explores key topics including business trends, AI, Industry 4.0, and sustainability.She holds dual bachelor's degrees in Finance & Accounting and English Translation, along with a master's degree in Business Administration and Foreign Trade, specializing in marketing. With her background in digital transformation, Oyku communicates technology trends and industry insights to help professionals navigate the evolving business landscape.Oyku's ⁠LinkedIn⁠ and ⁠SAP Community⁠=====Key Topics: real-time security, ERP monitoring, cloud threats, SAP S/4HANA, access management, audit logs, AI threat detection, insider threats, privileged accounts, predictive intelligence

Send a textWant a clear path from CISSP to top-tier pay without getting lost in buzzwords? We break down five high-income specialties that pair perfectly with CISSP leadership: modern GRC, cloud security as code, AI ethics and governance, advanced identity, and software supply chain security. Along the way, we unpack how AI reasoning tools like Claude Code Security are reshaping AppSec by cutting false positives and detecting logic flaws scanners miss, and we translate that shift into concrete workflows, better guardrails, and faster delivery.We start with the career pivot many leaders are making—moving from generalist security management to “decision architect.” That means pairing risk fluency with hands-on understanding of Terraform, Kubernetes, and CI/CD gates, then proving value through resilient architectures and evidence-driven dashboards for boards. You'll hear why GRC is exploding under new enforcement trends, how to automate continuous evidence to beat audit fatigue, and where vCISO opportunities command premium rates when strategy meets measurable outcomes.From there, we get practical. We walk through cloud guardrails that stop drift before it hits prod, share how to navigate shared responsibility with AWS and Azure, and outline identity-first zero trust that tames API key sprawl and enables passwordless access. On AI, we go deep on shadow AI containment, prompt-injection red teaming, model transparency, and data loss prevention tuned for embeddings—governance that accelerates, not blocks. Finally, we turn to software supply chain security: SBOM mandates, signed artifacts, dependency risk, and the DevSecOps policies that keep pipelines moving while raising assurance.If you're mapping your next move, we also compare salary bands across roles and highlight bridge certifications—CISM for program leadership, AI governance credentials for compliance depth, and CISA for audit rigor—to level up fast. Subscribe, share this with a teammate plotting their niche, and leave a quick review to tell us which specialty you're pursuing next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This week on Defender Fridays, Farshad Abasi, Founder and CEO of Forward Security and Eureka DevSecOps, discusses how AI can help us set a new standard in app and cloud security. Farshad brings over 27 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions as the Principal Security Architect for HSBC Global, and Head of IT Security for the Canadian division. Farshad's commitment to the field extends to his role as an instructor at BCIT, where he imparts his wealth of knowledge to the next generation of cybersecurity experts. His diverse experience, which spans startups to large enterprises, informs his approach to delivering adaptive and reliable solutions.Engaged actively in the cybersecurity community through roles in BSides Vancouver/MARS, OWASP Vancouver/AppSec PNW, and as a CISSP designate, Farshad's vision and leadership continue to drive the industry forward. Under his guidance, Forward Security is setting new standards in application and cloud security. Learn more at https://www.eurekadevsecops.com/ and https://forwardsecurity.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

Send a textHalf of CISSP candidates fail not because they lack knowledge, but because they answer like technicians when the exam demands a manager's mindset. We dig into the three traps that derail smart people—technical heroism, perfect security fantasies, and the confusion of multiple “right” answers—and replace them with clear mental models that work under pressure. You'll learn how to pick process over panic, see risk through the business lens, and choose the action that enables everything else.We also dive into a timely security development: researchers demonstrate how permissive AI assistants with web browsing can act as covert command and control channels. If your network blocks known C2 nodes but allows AI egress, malware can route requests through an assistant to fetch malicious URLs—slipping past controls you trust. We talk through practical countermeasures: AI governance on par with high‑risk SaaS, disciplined inventory and policy control, enterprise logging and audit features, and the hard realities of traffic inspection and packet decryption without crushing reliability.From there, we translate exam strategy into daily leadership. We outline the executive lens: decide who you are (risk manager), fix what the business cares about (continuity within risk appetite), and follow procedural DNA (assess, plan, execute). When a question asks what to do first, look for “assess the situation” or “consult the policy.” When choices seem equally solid, use a strict priority: life safety, legal and regulatory, business continuity, then assets and tech. And when tempted by the strongest control, match cost to value with proportional safeguards like full disk encryption and remote wipe for low-risk laptops.If you're ready to pass the CISSP and lead with clarity in an AI-shaped threat landscape, this conversation gives you the mindset, examples, and filters to get there. If it helped, follow the show, share it with a colleague, and leave a quick review—what trap do you see most often?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Transitioning from CISSP to the ISSAP concentration? The architecture of security isn't just about building walls; it's about the visibility of what's happening within them. In this deep-dive session, we break down the 2026 ISSAP syllabus changes moving from six domains to four and why the exam remains as rigorous as ever.We focus on the backbone of security architecture: Identity and Access Management (IAM) and Audit Strategy. From defining the roles of an AI-driven SOC to implementing "Just-in-Time" (JIT) access and advanced log management with SIM and SOAR, this episode provides the technical roadmap needed to master Domain 1 of the ISSAP.

In this episode of Ask a CISSP, Ryan Williams Sr. interviews Wilson Bautista Jr., founder and CEO of Jun Cyber. They discuss Wilson's unique journey from being a pianist in the Marine Corps to transitioning into cybersecurity. Wilson shares insights on building his company, June Cyber, and the challenges he faced during the COVID-19 pandemic. He also talks about the creation of BSides St. Pete, a community-focused cybersecurity conference, and his commitment to mentorship and giving back to the community. The conversation highlights Wilson's innovative spirit, including his development of a pickleball training app and his plans for future initiatives in AI and cybersecurity education. Wilson's Socials: LinkedIn - https://www.linkedin.com/in/bautistawilson/ Company - https://juncyber.com/ Nonprofit - https://cyberohanaproject.org/about-us/ Please LISTEN

Send a textA router headline can feel distant until it lands in your network plan. We start with the growing chatter around possible TP-Link restrictions and what that means for ISPs, small businesses, and anyone balancing budget against risk. Then we roll up our sleeves and walk through the operational controls that actually hold the line when attackers probe, insiders slip, or vendors fail to deliver.We break down principle of least privilege with practical steps: role-based access control reviews, automated provisioning tied to HR changes, and audit-ready logging that trims lateral movement without choking productivity. From there, we layer need-to-know onto data itself—classification that means something, ABAC for context like location and time, micro-segmentation to narrow reach, and data masking to reveal only what's required. These moves reduce curiosity-driven access and keep sensitive information from leaking when an account gets compromised.Money moves and high-stakes changes demand stronger gates. That's where separation of duties and two-person control come in. We map how to split initiation and approval for transactions and admin changes, keep monitoring independent from administration, and add automation that routes approvals fast. To surface blind spots and fraud, we add job rotation and mandatory vacations—planned, documented, and measured to keep continuity while fresh eyes catch issues. For the riskiest identities, we get specific about Privileged Access Management: vaults, rotating credentials, and session recording that start with domain admins and expand carefully, with legacy integration checked up front.Because third-party risk is your risk, we close with service level agreements that matter: clear scope, measurable uptime and response times, remedies that bite, data ownership that's unambiguous, and explicit audit rights. Everything ties back to inventory discipline and a replacement roadmap, so regulatory shifts don't turn into fire drills. Subscribe, share this with a teammate who owns access controls, and leave a review with the one control you'll tighten this week.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In a podcast recorded at ITEXPO / MSP EXPO, Doug Green, Publisher of Technology Reseller News, spoke with Tomas Sjostrom, CISSP and President of Technology Services at James Moore Co., about how cybersecurity and compliance priorities are evolving for small and mid-sized businesses. Sjostrom explained that James Moore is a long-established CPA firm with more than 60 years of experience serving Florida-based organizations, and nearly three decades delivering IT managed services alongside traditional financial and audit work. As cybersecurity threats increase and regulatory requirements expand, SMBs are showing greater interest in both protecting their environments and demonstrating compliance—often driven by cyber insurance requirements, customer demands, or new business opportunities. A key theme of the discussion focused on how organizations assess and manage cybersecurity risk. Sjostrom emphasized that the process begins with understanding what is motivating a customer's concern, whether it is insurance questionnaires, data protection issues, or compliance mandates tied to industries such as defense contracting. From there, James Moore leverages onboarding and automated discovery tools to establish a baseline and support continuous compliance. “Customers want to meet new requirements as fast as possible, reliably, and without spending excessive time or money,” Sjostrom noted, highlighting the need for scalable and automated approaches. The conversation also touched on AI adoption and compliance readiness. Sjostrom observed that less mature organizations often start with questions around data protection and privacy, while more advanced companies already understand where their critical assets reside and can move more quickly toward compliant AI deployments. As cybersecurity, compliance, and AI increasingly intersect, Sjostrom positioned proactive risk monitoring as a strategic advantage for SMBs working with trusted MSP and advisory partners. Visit https://www.jmco.com/

Send a textAlarms go off, dashboards turn red, and leadership wants everything fixed yesterday—sound familiar? We dig into the real craft of vulnerability management: deciding what truly matters, when to defer safely, and how to protect customers while keeping the business moving. Along the way, we unpack the forces shaping 2025 security: AI-fueled threats, smarter cyber insurance, the edge of quantum risk, stricter privacy laws, and the rising stakes of DevOps security.We share a practical triage framework that goes beyond CVSS. Learn how to validate scanner noise, confirm versions, and use a second tool when the data looks off. When patching collides with uptime or legacy systems, we outline compensating controls that actually reduce exploitability—segmentation, allow-lists, credential tightening, and targeted monitoring—plus the documentation and triggers that prevent “temporary” exceptions from turning permanent. You'll hear how to communicate residual risk with time-bound plans and metrics leaders understand, from blast radius to downtime cost and insurance obligations.Ethical disclosure gets real, too. When a researcher's 30-day clock clashes with a 45-day fix, coordination beats confrontation. We talk through private progress updates, revised timelines, and interim mitigations that put users first. For vendors and open source, we highlight respectful escalation paths, legal prep, and why responsible disclosure typically reduces harm better than full, premature detail drops. In complex multi-cloud setups, we recommend assigning a cross-team coordinator who aligns priorities, patches the most exposed services first, and bakes checks into CI/CD so the next fix is faster.Subscribe for more CISSP-ready breakdowns, share this with a teammate who lives in the patch queue, and leave a review with your toughest triage scenario—we might feature it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe weakest link is often sitting on the edge, blinking away with expired firmware and no vendor support. We kick off with a blunt reality check on outdated firewalls, load balancers, and IoT gateways, and why waiting two years to retire them is a gift to attackers. From there, we guide you through Domain 7.7 with a practical blueprint for operating and maintaining detective and preventive measures that actually hold up under pressure.We unpack firewall fundamentals with clear, real‑world tradeoffs: when a simple packet filter is enough, when stateful inspection and deep packet inspection earn their keep, and how a WAF stops the web attacks your L3/L4 controls will miss. You'll hear how RTBH can deflect denial‑of‑service floods upstream, and why segmentation is your best friend for reducing blast radius—whether you use internal segmentation firewalls for R&D, Purdue‑style tiers for industrial networks, or controlled air gaps for the most sensitive systems. In the cloud, we separate security groups from true firewalls and show how to stitch policies across hybrid environments without creating blind spots.Detection makes prevention smarter, so we break down IDS versus IPS in plain language. Baseline first, then block with intent to avoid outages. We compare host‑based and network‑based sensors, explain where to place them, and share tactics for cutting alert noise. You'll also get straight talk on allowlists and blacklists, the right way to maintain them, and why stale entries cause the ugliest outages. We explore sandboxing for safe detonation and learning, and give an unvarnished take on honeypots and honeynets—where they help, where they waste time, and what legal lines to respect.Not every team can build a 24x7 SOC, so we outline how MSSPs can extend your coverage with clear SLAs and ownership. Endpoint anti‑malware remains non‑negotiable, but tool sprawl is a trap—choose a strong EDR and manage it well. Finally, we dive into AI and machine learning: how they supercharge detection, triage, and response—and how adversaries use them too. The throughline is simple: shrink attack surface, raise signal quality, and respond faster than threats can pivot. If this helps you secure one more edge box or tune one more control, share it with a teammate, subscribe for more practical walkthroughs, and drop a review so we can keep raising the bar together.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textA surprising number of security leaders admit they're flying blind on hardware and firmware. We start by exposing how shared BIOS passwords, slow maintenance cycles, and careless e‑waste practices create avoidable risk, then lay out the fixes: privileged vaulting, disciplined asset disposition, and practical ways to repurpose gear without leaking data. That real-world foundation sets the stage for a focused tour through CISSP Domain 5—Identity and Access Management—built for practitioners who want clarity over jargon.We break down least privilege in plain terms and show how to reduce the initial friction with cleanly defined roles and entitlement catalogs. From there, we compare RBAC and ABAC: when baseline roles are enough, and when context-aware attributes like device, location, and data sensitivity should drive policy. Authentication gets the same treatment. Multi-factor authentication, biometrics, and phishing-resistant methods raise the bar, while single sign-on and identity federation streamline access across cloud apps using standards like OAuth, OpenID Connect, and SAML. In modern cloud environments, token-based models win for scalability and security, and we explain why.Governance ties it all together. We walk through identity proofing for solid onboarding, separation of duties to curb fraud, and IGA workflows that make approvals, recertifications, and audits far less painful. Regular access reviews emerge as the unsung hero that prevents privilege creep before it becomes an incident. If you're prepping for the CISSP—or just tightening your IAM program—this episode gives you the why behind the what, with steps you can apply today.Enjoyed the conversation and want more deep dives? Subscribe, share with a teammate who needs a quick IAM refresher, and leave a review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of The Other Side of the Firewall's, Ask a CISSP, host Ryan Williams Sr. welcomes Mary N. Chaney, Esq, a multifaceted professional in cybersecurity and law. Mary shares her inspiring journey from humble beginnings in Cincinnati to becoming a special agent for the FBI, where she investigated cyber crimes. As a law professional with extensive experience in corporate cybersecurity, she transitioned into entrepreneurship, founding multiple organizations aimed at empowering minorities in the tech space. Mary discusses her current initiatives, including Minorities in Cybersecurity (MiC), which focuses on leadership development and mentorship, and the Mary N. Chaney Cybersecurity Training Center (MNC-CTC), designed to provide hands-on training for aspiring cybersecurity professionals. Throughout the conversation, Mary emphasizes the importance of business fluency in cybersecurity, arguing that technical skills alone are insufficient for career advancement. She highlights the challenges faced by entry-level professionals in the industry, particularly the unrealistic expectations for experience. Mary also discusses her vision for creating a supportive ecosystem for aspiring cybersecurity professionals, including mentorship, training, and job placement services. The episode concludes with insights into her upcoming initiatives, including the 2026 MiC Annual Conference (March 22-26, 2026) and a residency program aimed at bridging the gap between education and employment in cybersecurity. Mary N. Channey Socials: LinkedIn: https://www.linkedin.com/in/marynchaney/ Minorities in Cybersecurity (MiC): https://www.mincybsec.org/ Mary N. Chaney Cybersecurity Training Center: https://www.mnc-ctc.com/ MiC Talent Solutions: https://www.mictalent.solutions/ Buy the guide: https://www.theothersideofthefirewall.com/ Please LISTEN

In this episode of MSP Unplugged, host Paco Lebron sits down with Sean Inman, CISSP, Founder & CEO of Inman Technologies in Fort Worth, TX. Sean shares his journey from enterprise information security to launching his own MSP in 2018, driven by frustrations with corporate IT and a passion for serving small to mid-sized businesses. Key highlights: Turning "human firewall" training from a checkbox into real incident reduction (with surprising client stories & metrics) Shifting from break-fix to proactive, predictable monthly revenue models — pitfalls, scaling tips, and advice for hybrid MSPs Emerging cyber threats MSPs should prioritize right now (beyond phishing/ransomware basics) and how he's adapting his stack The hardest parts of scaling a high-touch boutique MSP: talent, burnout, knowledge sharing, and one change he'd make if starting over Biggest mindset traps leaving businesses (and MSPs) vulnerable — plus a quick diagnostic question to uncover gaps 3-5 year make-or-break trends for MSPs: cybersecurity, AI, compliance, and the one investment Sean urges IT pros to make today Rapid-fire: Underrated security tool/practice, biggest "wish I knew sooner" business lesson, and the one tedious MSP task he'd automate overnight Whether you're considering going independent, optimizing your MSP operations, or staying ahead in cybersecurity and AI, this episode delivers practical, timely insights from a thoughtful leader in the space. Tune in weekly on YouTube.com/MSPUnplugged for more unfiltered MSP advice. Like, subscribe, and hit the notification bell so you never miss an episode! Also available on your favorite podcast app.

The Institute of Internal Auditors Presents: All Things Internal Audit    In this special milestone episode, Terry Grafenstine sits down with Anthony Pugliese to reflect on five years of leadership at The IIA. He shares what it's meant to lead a global profession during a period of unprecedented change, from modernizing the Standards and advancing advocacy to strengthening the talent pipeline and navigating cultural complexity across more than 100 countries. The conversation discusses leadership through influence, professional judgment, integrity, and what it truly means to represent an entire profession on the world stage.    HOST: Terry Grafenstine, CIA, CPA, CGAP, CISSP, CISA Former Global Chair, The Institute of Internal Auditors GUEST: Anthony Pugliese, CIA, CPA, CGMA, CITP President & CEO, The Institute of Internal Auditors   KEY POINTS: Introduction and Five Years of Leadership [00:00:02–00:02:47] What Makes Leading a Global Professional Association Unique [00:03:03–00:06:16] Leading Through Influence, Buy-In, and Indirect Authority [00:06:27–00:08:08] The Weight of Representing an Entire Profession [00:08:15–00:10:17] Building a Truly Global Culture at The IIA [00:10:39–00:13:53] Balancing Legacy With the Changing Needs of the Profession [00:14:01–00:16:10] Advice for New and Emerging Internal Audit Leaders [00:17:01–00:19:11] What Strong Internal Audit Leadership Looks Like Today [00:19:44–00:23:13] What the CEO Role Looks Like Behind the Scenes [00:24:00–00:27:40] Managing Diverse Perspectives Across a Global Profession [00:27:48–00:29:27] How the Pace of Change Has Redefined the Role [00:30:10–00:32:16] Staying Grounded Amid Travel, Pressure, and Responsibility [00:32:23–00:34:06] What Anthony Hopes Members Feel From This Chapter of Leadership [00:34:19–00:36:35] The Most Meaningful Part of Leading The IIA [00:37:26–00:39:47] Final Reflections on the Future of the Profession [00:39:56–00:41:35] Visit The IIA's website or YouTube channel for related topics and more. IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: Vision 2035 Global Internal Audit Standards About Us: Anthony J. Pugliese Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer

Send us a textWhat happens when custom malware turns IoT into a springboard for OT, and gas pumps become levers for panic? We open with a timely look at Iranian-linked operations targeting PLCs and use that story to ground a full, practical tour of CISSP Domain 6.4: how to analyze scan output and generate reports that actually drive action.We break down the anatomy of a high-value vulnerability report—clean executive summaries, CVE and CVSS clarity, and the business context that separates theoretical risk from real-world impact. From there, we map a repeatable cadence for internal scans full of misconfigurations, default creds, and end-of-life software, plus a strategy to turn noisy findings into steady wins through prioritization, trend metrics, and small, fast fixes that build momentum.On the perimeter, we focus on external scans across web apps, APIs, cloud edges, and third parties. You'll hear hard-earned tactics for handling M&A exposure, vendor VPNs, misconfigured buckets, and certificate drift without breaking production. We share validation steps that avoid false positives and chaos in prod, then show how to formalize exceptions with risk assessments, compensating controls, and an auditable register that satisfies PCI DSS, HIPAA, SOX, and GDPR expectations.We close with ethical disclosure done right—timelines, ISO/IEC 29147 alignment, and when to coordinate versus publish—so you protect users and your organization without stepping into legal traps. If you're studying for the CISSP or building a vulnerability management program that survives contact with reality, this guide will help you prioritize what matters, communicate clearly, and keep improving.Enjoyed the show? Subscribe, share with a teammate, and leave a quick review so others can find it. Tell us: what metric best proves your remediation progress?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Traditional IT security is predictable, but AI is not. In an era where AI learns, evolves, and operates on data-centric logic, the standard playbooks for network and infrastructure security are no longer enough. Enter ISACA's Advanced in Artificial Intelligence Security Management (AISM), a framework designed to bridge the gap between traditional security and the unique risks of the AI era.In this episode, we explore the shift from application logic to data-centric AI security. We dive into the complexities of "Poisoning" attacks, prompt injections, and the critical importance of human-in-the-loop governance. Whether you're a CISSP, CISM, or an aspiring AI security leader, this is your guide to mastering the integration of AI into your enterprise strategy.

Send us a textRansomware isn't always after your data anymore—sometimes the goal is to burn your operations down. We open with a hard look at the Stoli bankruptcy and what it teaches about ERP paralysis, regulatory deadlines, and why “we'll restore soon” is not a resilience plan. From there, we shift into a high-impact CISSP Domain 4 walkthrough that connects real-world failures to the protocols and controls that actually reduce risk.We break down HTTPS beyond the lock icon—what it secures, what metadata remains exposed, and how certificate trust can be subverted. You'll get a clear mental model for DNS defenses: why DNSSEC protects integrity but not confidentiality, and how DoH and DoT encrypt queries while complicating DNS filtering. We compare SFTP over SSH with FTPS, clarify LDAP StartTLS on port 389 vs LDAPS on 636, and explain the practical differences between IPsec transport and tunnel modes, including when ESP's symmetric encryption is the right fit.We also zoom in on TLS hygiene: why enabling TLS 1.0 or 1.1 invites downgrade and deprecated cipher risks, what HSTS really does (and doesn't do), and why Perfect Forward Secrecy matters when adversaries stockpile encrypted traffic. And we call out a critical truth for both practitioners and exam-takers: HTTPS can't stop phishing, so user trust and certificate validation remain frontline defenses.If you're preparing for the CISSP or leading security strategy, this episode gives you crisp explanations, memorable heuristics, and business-first context to improve your decisions. Subscribe, share with a teammate who handles compliance filings, and leave a review with the toughest crypto or network security question you want us to unpack next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvPodcast Link(s): https://www.securityweek.com/cyber-insights-2026-api-security/Agentic AI doesn't just call your APIs; it creates them, connects them, and expands your attack surface faster than most teams can map it. We open with a frank look at autonomous agents, the Model Context Protocol (MCP), and why weak authentication, misconfigurations, and shadow APIs are still the easiest doors to pry open. Then we get tactical: continuous discovery, behavioral analytics, context-driven access, and the governance you need to monitor what AI spins up and revoke what shouldn't exist.From there, we shift to the CISSP core: end of life, end of support, and the asset retention practices that keep you compliant and resilient. We define the terms, share real-world pitfalls, and outline practical sunsetting plans that include data migration, isolation when necessary, and rock-solid disposal. Documentation is the quiet hero—config backups, change logs, destruction certificates, and retention schedules shaped with legal and compliance. Over-retention inflates breach impact and cost; under-retention invites fines and operational gaps. We walk through legal holds, immutable backups, and the cost conversations that stop data hoarding.By the end, you'll have a clear blueprint: integrate lifecycle management into procurement, track vendor notices, consider extended or third-party support when needed, and use compensating controls for what must linger. Train your teams, audit your process, and map ownership so you can prove what you keep, why you keep it, and when you delete it. If you're ready to tighten API security and retire legacy systems without breaking the business, this one's for you. Subscribe, share with your team, and leave a quick review to help others find the show. What legacy system will you decommission first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvPodcast Link(s):  https://www.cisa.gov/news-events/news/dhs-launches-over-100-million-funding-strengthen-communities-cyber-defensesCyber attacks don't skip small towns, and today we dig into how local governments can turn policy into protection. We start with the new funding landscape for state, local, tribal, and territorial agencies—what's approved, where the dollars flow, and why alignment with CISA and the NIST Cybersecurity Framework is the difference between good intentions and measurable risk reduction. From staffing gaps to critical infrastructure dependencies, we break down a practical way to prioritize controls, track progress, and build lightweight governance that keeps projects moving and leaders informed.Then we pivot into CISSP Domain 1.8 with real scenarios that security teams face every week. What do you do when phishing simulations stall at a 40% click rate? We outline how to redesign awareness with role-based content, immediate coaching, and the right technical controls to lower human-driven risk. What's the right response when a new admin refuses to sign an NDA? Bring legal in, set the standard, and be ready to stand firm on conditions for sensitive access. We also unpack training repayment disputes during offboarding and why access revocation, asset return, and exfiltration monitoring must come before chasing dollars.We don't stop there. An employee's personal cybersecurity blog can be a liability or an asset—depending on how you set guidelines and review content. And when insider risk hits hard—a soon-to-be-terminated analyst copying files to a USB drive—the immediate play is decisive: disable access, secure devices, preserve evidence, and coordinate with HR and legal. Throughout, we keep the focus on clear policy, consistent enforcement, and actionable steps that work for resource-constrained teams as well as larger enterprises.If you're a security leader, an aspiring CISSP, or the de facto defender for a small community, you'll leave with concrete actions to raise your defenses, educate your people, and respond fast when signals turn red. Subscribe, share this with a teammate who needs a sharper playbook, and leave a review to help more practitioners find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA quiet identity revolution is underway, and it's not about people. CrowdStrike's move to acquire Signal shines a light on the fastest‑growing attack surface in modern environments: non‑human identities. From AI agents and APIs to service and machine accounts, these credentials outnumber employees, hold powerful permissions, and often live outside traditional IAM hygiene. We unpack why this matters now, how it reshapes identity security strategy, and what it means for your Business Impact Analysis and continuity planning.We walk through a clear, exam‑ready BIA flow that translates risk into action. You'll learn how to frame impact categories, build time‑based escalation paths, and set realistic RTO, RPO, and maximum tolerable downtime in partnership with the business. We dig into prioritization drivers—safety of life, legal mandates, revenue exposure, and customer obligations—and show how to avoid the trap of “non‑essential” processes that quietly block recovery. Along the way, we map threats, vulnerabilities, and controls, then score risk with likelihood and impact using real sources like historical incidents and threat intelligence.From there, we get practical: process workarounds, technology redundancy, workforce continuity, and supply chain resilience with alternate vendors and stockpiles. We compare hot, warm, and cold sites to cloud‑based recovery, and we stress selection criteria like cost, risk tolerance, and whether strategies actually hit your recovery targets. Finally, we cover governance and communication: executive approvals, confidentiality of plans, testing from tabletop to full interruption, vital records protection, and smooth transitions from life safety to business operations. The throughline is simple and powerful: business impact drives recovery priorities, not technology. Subscribe, share with a teammate who owns service accounts, and leave a quick review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of Ask a CISSP, Ryan Williams Sr. welcomes Trey Robinson, CEO of T.A.S. Technical Solutions, to discuss his journey in cybersecurity, the challenges faced by small businesses and nonprofits, and the importance of mental health and community support. They explore the role of technology in business, the transition to entrepreneurship, and the significance of time management in balancing work and personal life. Trey shares insights on his nonprofit, The Men's Corner, which aims to support young men in developing social skills and mental health awareness. Buy my guide: https://www.theothersideofthefirewall.com/ Please LISTEN

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvCybercrime now runs like a tech startup—with roles, KPIs, and customer support—while most defenders are stuck in annual review cycles. We dive into how this underground economy operates as a service chain, why ransomware-as-a-service lowers the barrier to entry, and what leaders can do to close the agility gap. From faster iteration to data-driven decisions, we map out a defense that keeps pace with attackers rather than reacting months later.We also shift into CISSP Domain 1.8 with scenario-driven insights you can apply today. You'll hear how to design an insider threat program that respects privacy while delivering real defense in depth, including behavior analytics, transparent monitoring policies, and legal and HR oversight. We break down the executive-level risk when background checks slip during mergers, the right first move when a senior developer with admin access gives notice to join a competitor, and how to navigate employment gaps without crossing legal or ethical lines. Then we take on a thorny integrity case: a cloud security architect who lied about a required certification. Policy clarity, culture, and legal risk all collide—and we walk through the reasoning.Throughout, we connect the AI arms race to practical security outcomes. Attackers are using AI to craft better phishing and faster exploits; defenders need AI for correlation, anomaly detection, and automation—without sacrificing governance. The throughline is speed with discipline: shorten feedback loops, harden the human layer, and align security operations to measurable risk reduction.If you're preparing for the CISSP or leveling up your security leadership, this episode blends strategy with concrete steps you can implement now. Subscribe, share with your team, and leave a review to tell us which scenario challenged your thinking most.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvStart with the reality check: today's AI-enabled businesses face nine fast-evolving risks—data poisoning, model tampering, tool poisoning, prompt injection, adversarial inputs, model theft, model inversion, supply chain exposures, and jailbreak techniques. We break each one down in plain terms to show how attackers manipulate training data, models, and the pipelines around them, then connect those threats to the operational stakes leaders care about: safety, brand, legal exposure, and customer trust.From there, we shift gears into a practical continuity blueprint. We clarify the difference between BCM, BCP, and DRP—governance, process continuity, and tech recovery—so you can prioritize business outcomes before buying tools. You'll hear a clear approach for scoping by criticality, setting a planning horizon for short disruptions and long outages, and aligning with enterprise risk management so recovery targets match risk appetite and mission. We also walk through organizational analysis, stakeholder roles, and the often-missed step of mapping upstream suppliers and downstream distributors alongside cloud, SaaS, and utilities.The middle third focuses on execution. We outline how to build the BCP team with real decision authority, ensure succession and time-zone coverage, and run tabletops that expose single points of failure—like that forgotten server in a closet or a license that blocks failover. Then we cover resource planning across people, technology, facilities, vendors, and funding, including emergency spend, insurance alignment, and utility commitments for alternate sites. We close with regulatory expectations, SLAs, and the need for documented testing and continuous improvement so audits and real incidents both go better.If you found this helpful, subscribe, leave a quick review, and share it with a teammate who owns risk, compliance, or operations. Your support helps more CISSP candidates and security leaders build resilience that actually works when it counts.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when your “helper” becomes your riskiest insider? We dig into the fast-approaching reality of AI agents acting with superuser access, approving transactions, and even signing contracts—creating doppelganger identities that expand attack surfaces in unexpected ways. Drawing from recent headlines and real operations experience, we break down how least privilege, identity governance, and auditable workflows can keep autonomy from turning into an open door.From there, we get tactical with CISSP-grade scenarios that force hard choices under pressure. An unauthorized “emergency” firewall change takes down a service—how do you keep agility without chaos? A SOC drowns in 10,000 alerts a day—what truly cuts noise while catching multi-stage attacks? We make the case for SOAR playbooks that enrich, correlate, and act, turning acronym soup into a coherent response engine. When teams push back on PAM, we show how to implement full recording and vaulting without slowing incidents by using auto-approved, time-bound emergency access and strict post-incident review.Then we navigate the thorniest problem in modern defense: patching during active exploitation when fixes break critical APIs. Instead of hair-on-fire deployments or risky delays, we map compensating controls—WAF hardening, segmentation, and targeted monitoring—while working toward a compatible patch path. And when a high-value database shows 45 days of persistence, we explain how to capture live memory and disk snapshots, coordinate isolation during a maintenance window, and communicate risk tradeoffs to leadership without tipping attackers or losing evidence.If you want clear, applied guidance on AI insider risk, emergency change control, alert fatigue, PAM adoption, patch strategy, and forensics versus uptime, this conversation delivers practical answers you can put to work today. Subscribe, share with your team, and leave a review—what decision here changed how you'll handle your next incident?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvYour TV, camera, or even a smart bird feeder can be a beachhead for attackers. We dive into the Kimwolf botnet and expose how low-cost IoT turns into residential proxies that scan, DDoS, and quietly pivot across your home or enterprise network. From weak defaults and exposed ADB to shady apps, we call out the telltale signs and the simple architecture changes that shut the door: dedicated IoT VLANs, strict egress controls, and logging that actually sees what leaves your network.Then we switch gears into CISSP Domain 7.1 and break down what a defensible investigation looks like when the alarms go off. Evidence collection starts with a mindset: don't touch originals, document everything, and assume you'll need to defend the process in court. We cover IOCE-aligned practices, creating bit-for-bit copies with hashes, and when to engage a forensic retainer so you are not building a plan mid-incident. Memory captures, media recovery, network telemetry, and software analysis all play a role in reconstructing the timeline and proving what happened.Legal readiness sits at the core. We talk about involving counsel early, understanding insurer-approved panels, and mapping out rules of engagement for interviews and device access in your IR policy and onboarding. We clarify evidence authorities—voluntary surrender, subpoenas, and search warrants—plus the three evidence types and how chain of custody preserves admissibility. By the end, you'll have a clear blueprint: segment IoT, monitor outbound traffic, and run investigations that survive scrutiny.If this helped sharpen your security playbook, subscribe, share with your team, and leave a quick review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

When Hackers Target Schools: Defending K–12 from Cyber ThreatsPart of ZeroNow's Conversations expert panel discussion series, this session examines the growing cybersecurity threats facing today's schools—and how education leaders can defend against them. As districts become increasingly digital, they've also become prime targets for ransomware, phishing, and data breaches that can disrupt learning and compromise sensitive student information.Our panel of cybersecurity specialists, technology directors, and public safety experts will explore real-world attacks, lessons learned, and proactive strategies to build cyber resilience across K–12 systems. Attendees will gain actionable insights on risk assessment, incident response planning, staff training, and leveraging federal resources to protect networks and data.GuestsAntoinette KingAntoinette King, CISSP, PSP, has more than two decades of experience in the security industry, working in integration, manufacturing, and consulting. Antoinette founded Credo Cyber Consulting in 2020 with the goal of providing her clients with a holistic perspective on security, bridging the gap between the physical and cybersecurity domains with a focus on data privacy and protection. Her first book, The Digital Citizen's Guide to Cybersecurity: How to Stay Safe and Empowered Online, hit the Amazon Best Sellers list for all its categories in the first 48 hours of release. Her latest book, co-authored with Michelle Kreiger and released in October 2025, From Chalk Dust to Digital Trust: A Guide in Data Privacy and Security for K-12 Leaders, was #1 in Cloud-Based Computing books in the first week of release.Nathan Shanks Nathan Shanks is a seasoned executive and visionary leader with over two decades of experience in the technology and cybersecurity sectors. Currently serving as the General Manager of Global Cyber, Video, Software, and Access Management (VS&A) Professional Services at Motorola Solutions, Nathan drives the strategy and growth of mission-critical services, with a strong emphasis on protecting and securing software that protects communities and empowersenterprises worldwide. This requires leveraging the latest use of AI along with traditional proven techniques.Dr. Marnie HazeltonDr. Marnie Hazelton is a nationally recognized leader in educational equity, civic engagement, and transformative district leadership. She is the proud recipient of the NJ Visionary Superintendent Award and Leading Now's Civic Leadership in the Superintendency Award (2025), honoring her innovative and community-centered approach to student success.Under Dr. Hazelton's leadership, Englewood has accelerated post-pandemic academic recovery, with reading proficiency rising and all student subgroups exceeding growth targets. She has strengthened partnerships with community organizations and city agencies, created a District Community Liaison role, and launched inclusive initiatives such as the annual Back to School Fair.Her visionary efforts include the creation of a Cyber Café to enhance digital access and collaboration, and a state-of-the-art CTE Cosmetology Room that expands hands-on career readiness opportunities for students.With over $17 million in competitive grants secured throughout her career, Dr. Hazelton has led initiatives that close achievement gaps, expand advanced coursework, and promote restorative and dual-language learning. Recognized by the NAACP and as a NASS Superintendent of the Year finalist, Dr. Hazelton's leadership reflects excellence, equity, and the transformative power of education.

Send us a textReady to turn CISSP Domain 3.5 into practical moves you can deploy on Monday? We unpack how real SOC teams apply microsegmentation, identity-aware controls, and targeted inspection to crush lateral movement without dragging performance. Along the way, we demystify AI's role: where detection engineering benefits from crisp use cases, how Tier 1 triage speeds up, and why models still need human oversight and rigorous validation to stay trustworthy.We also step through common network design traps that drain budgets and weaken defenses. VLAN sprawl looks tidy on paper but collapses under hybrid cloud dynamics. Central chokepoints promise control yet introduce latency and single failure domains. The smarter path is selective inline inspection where risk is highest, strong encryption everywhere else, and host-based enforcement that understands identity and context after decryption. If you've been tempted to collapse controls into one “do-everything” appliance, we lay out the hidden cost: a fragile core that turns into a single point of failure when you need it most.To ground the theory, we walk through scenario-style questions that mirror real decisions security leaders face: stopping east-west movement, balancing HA with inspection, drawing zero trust boundaries that don't assume implicit trust, and enforcing policy on encrypted traffic. You'll leave with patterns you can adapt immediately: start small, define use cases, validate outputs like code, and iterate with tight feedback loops. Whether you run a SOC, partner with an MSP, or are targeting a first-time CISSP pass, this conversation gives you a clear map from concept to control. If this helped, follow the show, share it with a teammate, and leave a quick review so others can find it too.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

A slow-rolling holiday episode featuring CISO at DataSite, Ted Peterson! Transitioning from a Director Role, Ted shares his journey to the CISO title and how his unique background informs his work approach.Tune in for insights on:Realities to navigating organizational leadership as a CISOImportance of diverse perspectives and backgrounds in the security space Establishing pathway to career goalsLike, subscribe, and share with your network to stay informed about the latest in cybersecurity! We want to hear from you! Reach out at unsecurity@frsecure.com and follow us for more:LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textOne unauthenticated request should not be all it takes to compromise your app—but with React-To-Shell, that's the reality many teams are facing. We unpack what this vulnerability hits across React server components and Next.js app router setups, why default configs can be enough to fall, and how active threat actors are already abusing it. From construction to entertainment to cloud-native platforms, the exposure is broad, the proofs are reliable and the window for safe procrastination has closed.We share a clear action plan: upgrade affected versions now, rotate secrets that touch your React servers, and turn on relevant WAF protections from providers like Cloudflare and Microsoft. Then we widen the lens to the bigger lesson: security testing that looks mature on paper can still miss API edges and misconfigurations for months. You'll hear why credentialed vulnerability scans with passive monitoring are the lowest-impact way to surface issues in production, how “medium” findings can chain into critical compromise, and when external assessors deliver the most value for resilience rather than routine compliance.To make testing count without breaking customer-facing services, we walk through purple teaming—pairing red team attacks with blue team collaboration—to validate both technical controls and security awareness. We cover scoping rules that prevent disruption, scenarios that mirror current tradecraft, and practical CISSP takeaways for domain coverage on assessments, software security and third-party risk. If your web stack touches React, or your program relies on scans and annual pen tests alone, this is your checklist and your nudge to act.If this helped you prioritize what to fix first, subscribe, share with a teammate and leave a quick review—it helps more security folks find us and harden faster.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

On this week's Ask a CISSP special episode of The Other Side of the Firewall, I talk with Air Force veteran and cybersecurity leader Ahmad Rashaan Austin about his journey from zero computer skills to founder of Cy3 Security, LLC. We explore risk management, responsible AI adoption, leadership communication, and his new book, The Boundaryless Enterprise. If you're building a cyber career or leading tech teams, this episode delivers actionable insights straight from the front lines. Check it out on your favorite podcast platform! Buy Ahmad R. Austin's The Boundaryless Enterprise: Redesigning Oversight for the Age of Intelligent Systems https://a.co/d/dfCToig Please LISTEN

Send us a textA single convincing email can move real money. We break down how Scripted Sparrow and other BEC crews spoof reply chains, impersonate trusted service providers, and slip under approval thresholds to nudge finance teams into wiring funds. The threat isn't flashy malware; it's pressure, process gaps, and the illusion of internal approval. We talk through the red flags that matter, from sudden vendor banking changes to realistic W9 attachments and urgent payment timelines, and then lay out the safeguards that stop these scams cold.From there, we zoom out to the full incident management lifecycle and make it practical. You'll hear how we define an incident by its impact on confidentiality, integrity, and availability, and why that clarity speeds action. We map the steps—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—and explain what they look like in a real company: one-click phishing reporting for employees, prepared legal statements for regulators, isolation choices that protect revenue, and documentation habits that pay off when auditors and insurers start asking questions.We also get honest about today's attack surface. Cloud sharing, APIs, and over-permissive identities push sensitive data to the edge, making containment harder if an attacker lands. Expect persistence: backdoors, credential reuse, and lateral movement thrive when local admin rights and flat networks remain. The antidote is a blend of stronger finance workflows, pre-briefed legal and communications teams, and regular tabletop drills that involve everyone who touches money, systems, or messaging.If you're serious about preventing wire fraud and surviving security incidents with your business intact, this conversation gives you a focused plan you can adopt today. Subscribe, share with your finance and HR leaders, and leave a review with the one control you'll implement first.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

**The vCISO In The Green Glass Corner Office Podcast has been re-branded to The Blak Cyber Podcast presents The CISSP Dojo Series**

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines say the talent shortage is easing, yet nearly half of UK businesses still lack basic cyber skills. That disconnect sets the stage for a frank, practical tour through what actually reduces risk—no buzzwords required. We open with real takeaways from the UK's international cyber skills initiatives and move quickly to the daily decisions that shape resilience: encryption in the cloud, least privilege by default, and how to keep role-based access control from collapsing under credential creep.We make the identity layer tangible. Single sign-on can simplify life and lower password reuse, but it also centralizes risk. We share how to counterbalance SSO with MFA, conditional access, and strong monitoring. Cloud-based IAM accelerates deployment and gives flexibility, yet brings ongoing costs and integration challenges with legacy systems; outsourcing introduces a loss of control that must be offset by airtight requirements, auditability, and vendor transparency. Phishing remains the most reliable social engineering vector, so security awareness training isn't optional—it's the routine that turns policy into behavior.Zero trust becomes manageable when you stop treating it like a switch and start treating it like a program. We outline a phased path: define protect surfaces, segment by sensitivity, apply continuous verification where the impact is highest, and expand deliberately. Vendor access deserves the same precision: NDAs for legal guardrails, least privilege for scope, monitoring for assurance, and scheduled reviews to remove stale permissions. Along the way, we talk mentorship, pro bono work, and competitions as concrete ways to grow talent while delivering real security outcomes.We also road-test your knowledge with a focused Domain 1.9 CISSP question set, reinforcing the core ideas with scenario-based reasoning. If you're preparing for the CISSP or leading a security program, you'll walk away with a clear playbook: encrypt by default, minimize access, verify continuously, and measure what matters. If this resonates, subscribe, share with a teammate, and leave a review so others can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

How exposed is your trucking operation to cybercrime right now, and are you relying too much on trust and automation? Listen to our guest today, Artie Crawford of NMFTA, breaking down the real cybersecurity threats facing transportation. The biggest takeaway is simple: no fleet, broker, or carrier is too small to be targeted! We discuss how AI-driven cyber fraud, business email compromise, and fake load schemes are hitting trucking companies hard, why small companies are often the most vulnerable, and how multi-person verification, cybersecurity training, and multi-factor authentication can dramatically reduce risk! 2026 NMFTA Cybersecurity Trends Report: https://bit.ly/4oYPTds   About Artie Crawford Artie Crawford, CISSP, CISM, is the Director of Cybersecurity at the National Motor Freight Traffic Association, Inc. (NMFTA)™. Artie is a seasoned professional with extensive experience in cybersecurity strategy and deep technical expertise in addressing complex cybersecurity challenges. He possesses a thorough understanding of the tools, techniques, procedures, and attack vectors employed by cyber adversaries. Artie has a proven track record of providing strategic guidance, collaboration, and engineering support to a wide range of organizations, including state and local governments, educational institutions, intelligence agencies, transportation authorities, and the Department of Defense, all in support of their cybersecurity missions. Throughout his distinguished career, Artie has held pivotal roles at organizations such as the Cybersecurity & Infrastructure Security Agency (CISA), Microsoft, MITRE, and others. His work has been centered on developing advanced techniques and tools for real-world operations. A 27-year veteran of the U.S. Marine Corps, Artie retired in 2011 as the Cybersecurity Chief of the Marine Corps, where he served as the Senior Technical Advisor to the CIO and Director of C4.  

Cybersecurity threats are growing - and municipalities across Oklahoma are not immune. In this episode of OMAG All Access, host Matt Jacobson sits down with Mark Kirby, CISA's Cybersecurity Advisor for Oklahoma and Arkansas, to talk about real-world risks facing cities and towns, from phishing scams to ransomware attacks.Mark shares practical, no-cost resources available through CISA, offers guidance on how to improve cybersecurity with limited budgets, and explains why regular training and layered defenses matter more than ever. If you serve in local government and want to better protect your community's digital infrastructure, this episode is for you.Contact informaiton for CISA staff:Mark Kirby, CISSP, PMP & A|CISOSupervisor Cybersecurity Advisor (Arkansas & Oklahoma)Cybersecurity and Infrastructure Security AgencyIntegrated Operations Division / Region 6 Office: 501-519-2680E-Mail: mark.kirby@cisa.dhs.govCalvin HarleyCybersecurity State Coordinator (Oklahoma)Cybersecurity and Infrastructure Security AgencyIntegrated Operations Division / Region 6Office: 405-568-5843Email: calvin.harley@cisa.dhs.gov

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines about eight Chrome zero days aren't just noise—they're a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You'll get a focused checklist that's quick to run and easy to defend to leadership.From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship.Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm.If you're preparing for the CISSP or leading an engineering team, you'll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA single malicious insider flipped Disney menus to Wingdings and tampered with allergy labels—proof that weak offboarding and sloppy access can turn small privileges into big threats. We take that lesson and translate it into a practical roadmap for secure software: clear requirements, security controls in design, disciplined code reviews, honest UAT, and change management that prevents chaos and rollback roulette.From there, we compare the major development models through a security lens. Waterfall shines when predictability and compliance evidence are non‑negotiable, with strong documentation and defined testing phases. Spiral brings a risk-first mindset, iterating through planning, analysis, engineering, and evaluation so teams can learn early and pivot with purpose. Agile and DevSecOps embed security into user stories, definition of done, and sprint reviews, using short cycles, prioritized backlogs, and continuous testing to catch vulnerabilities before they calcify into technical debt.We also put structure around improvement. The Capability Maturity Model shows how to move from ad hoc heroics to standardized, measurable, and optimized practices that satisfy auditors and reduce incidents. The IDEAL model guides change itself—initiate with sponsorship, diagnose gaps, establish plans and metrics, act through implementation and training, and learn via feedback and retrospectives—so security improvements stick. Throughout, we share practical tips: how to weigh security controls against usability, why executive support unlocks real progress, and how to choose the right lifecycle for your risk, regulation, and release cadence.If you're preparing for the CISSP or leading teams that ship software, this is your playbook for building security into every step without slowing down what matters. Enjoyed the conversation? Subscribe, share with a teammate, and leave a review with your biggest SDLC win—or your most painful lesson.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA headline about hacked nanny cams is more than a cautionary tale—it's a mirror for how easily convenience eclipses security. We start with the Korean IP camera case to highlight simple, high-impact steps anyone can take: change default credentials, use unique passwords, turn off remote access unless you truly need it, and keep firmware current. Then we ask the harder question: how do you prove security works when the stakes are higher than a living room feed?Shifting into CISSP Domain 6, we break down audit readiness, independence, and risk-based assurance. If you're eyeing ISO 27001, the smartest first move is an internal audit program aligned with the standard's control objectives. It validates design and operating effectiveness before an external auditor walks in, and it surfaces the documentation and evidence gaps that slow teams down. We also unpack governance: when boards want independent assurance, the audit function should report outside IT. Self-assessments still help, but they don't replace a real audit.Risk should lead, not scanner severity. Consider a “medium” vulnerability on a critical payment system that demands authenticated access and precise timing. Rather than knee-jerk patching or dismissal, a structured risk analysis weighs business impact, likelihood, and compensating controls like monitoring and segregation of duties. That approach drives better prioritization and stronger outcomes.For ongoing evaluation, snapshots alone aren't enough. Instead of doubling costly SOC 2s, blend risk-based self-assessments, targeted internal audits, and continuous monitoring to maximize coverage and value. And when your cloud provider won't allow pen tests on shared PaaS, you can still gain assurance: request SOC 2 Type II, ISO 27001, and pen test summaries under NDA, then map their scope and results to your control requirements and risk appetite. Close gaps with compensating controls and a clear shared responsibility matrix.If you're preparing for the CISSP or modernizing your assurance program, this conversation will help you cut noise, focus effort, and build confidence where it counts. Subscribe, share with a teammate who handles audits, and leave a review to tell us what assurance challenge you want solved next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvIf audits feel like paperwork purgatory, this conversation will change your mind. We unpack Domain 6 with a clear, practical path: how to scope a security audit that executives will fund, teams will follow, and regulators will respect. Along the way, we touch on a fresh angle in the news—an open source LLM tool sniffing out Python zero days—and connect it to what development shops can do right now to lower risk without slowing delivery.We start by demystifying what a security audit is and how it differs from an assessment. Then we get into the decisions that matter: choosing one framework to anchor your work (NIST CSF, ISO 27001, or PCI DSS where applicable), keeping policies lean enough to use under pressure, and building a scope that targets high-value processes like account provisioning or privileged access. You'll hear why internal audits build muscle, external audits unlock credibility, and third-party audits protect your supply chain when a vendor stalls or gets breached. We talk straight about cost, bias, and the communication gaps that derail progress—and how to fix them.From there we focus on outcomes. You'll learn to prioritize incident response and third-party risk for the biggest return, write right-to-audit clauses that actually help, and map findings to business impact so leaders say yes to headcount and tooling. We share ways to pair tougher controls with enablement—like deploying a password manager before lengthening passphrases—so adoption sticks. Expect practical reminders on interview planning, evidence collection, and keeping stakeholders aligned without burning goodwill. It's a playbook for turning findings into funding and audits into forward motion.If this helped you reframe how you approach Domain 6 and security audits, subscribe, leave a review, and share it with a teammate who's staring down their next audit. Your support helps more people find CISSP Cyber Training.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Erik and Jeffrey Freeman bring over 30 years of combined real estate experience and manage more than $20M in multifamily assets as strategic partners. Erik, a U.S. Navy veteran with a B.S. in Marine Engineering, has two decades of experience as a real estate agent, investor, hard-money lending specialist, and project manager. Jeffrey, a U.S. Army veteran with degrees in IT and Cyber Security and a CISSP certification, adds 15 years of real estate investing and 12 years of leadership expertise. Together, their military backgrounds and deep experience in lending, investing, project management, and networking create a powerful foundation for delivering exceptional results and they proudly joined Rod's Warrior Group in late 2024.   Here's some of the topics we covered:   From Military Service to Real Estate Power Players From Single-Family Hustle to Multifamily Empire Building The Truth About Working With Family in Real Estate The Tax Play That Slashes Your Operating Expenses Must-Read Books That Supercharge Your Growth The One Factor That Skyrockets Your Multifamily Learning Curve Relentless Ambition and the Hunt for Killer Deals Where Game-Changing Ideas Are Really Born   If you'd like to apply to the warrior program and do deals with other rockstars in this business: Text crush to 72345 and we'll be speaking soon.   For more about Rod and his real estate investing journey go to www.rodkhleif.com

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvZero trust isn't a checkbox or a buzzword; it's a mindset shift that changes how we design networks, ship code, and protect data. We dig into what “never trust, always verify” actually looks like when you have a messy reality: hybrid clouds, legacy apps living next to microservices, and users hopping on through VPNs that still grant too much access after MFA.We start with a timely lesson from an AI analytics supplier breach to show why third-party integrations can be your Achilles heel. From there, we map out where policy should live and how it should be enforced: near the workload, with PEPs at gateways or in a service mesh, and a central PDP to keep logic consistent while decisions happen at wire speed. You'll hear why relying on VLANs, static ACLs, or a “trusted subnet” breaks the zero trust promise, and how to move toward per-request evaluation that accounts for identity, device posture, location, and behavior.Then we go data-first. Labels, encryption, and rights management let policies travel with sensitive files, so access and usage rules hold even off-network. We contrast ZTNA with legacy VPNs, explain how to avoid turning MFA into a broad hall pass, and share a realistic migration path: start with one critical application, microsegment around it, validate performance and usability, and expand. This is the playbook that reduces lateral movement, shrinks blast radius, and helps you pass the CISSP with real-world understanding.If this resonates, subscribe, share with a teammate who's designing access controls, and leave a review with your biggest zero trust roadblock. Your feedback helps shape future deep dives and study guides.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

"Contemplative thought is the key to solving really hard problems, and you cannot rush that." – John Rossman Today's international bestselling author is keynote speaker, leadership development coach, business transformation advisor, a former Amazon leader, and Managing Partner at Rossman Partners, John Rossman. John and I had a fun on a bun chat about his book, "Big Bet Leadership: Your Transformation Playbook for Winning in the Hyper-Digital Era", why everyone needs unproductive productive time, his experience at Amazon, and tons more!! Key Things You'll Learn: The concept of writing a future press release The 3 critical habits for big bet success Why organizations have trouble maintaining velocity Why books play an essential role in improving your thinking and accelerating your development John's Site: https://johnrossman.com/ John's Books: https://www.amazon.com/stores/author/B015X2OGGS/allbooks The opening track is titled "Kareru R Daichi Q-MIX" by Rukunetsu AKA Project R (@Rukunetsu). Use the following link to hear the full track and support his craft. https://on.soundcloud.com/62w8X Please support today's podcast to keep this content coming! CashApp: $DomBrightmon Donate on PayPal: @DBrightmon Buy Me a Coffee: https://www.buymeacoffee.com/dombrightmon Get Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmon You Might Also Like… 47 - "Black Belt Wealth" with Damion Lupo (@damionlupo): https://www.goingnorthpodcast.com/47-black-belt-wealth-with-damion-lupo-damionlupo/ Ep. 327 – "The Go-Giver Way of Elite Performance" with Bob Burg (@BobBurg): https://www.goingnorthpodcast.com/ep-327-the-go-giver-way-of-elite-performance-with-bob-burg-bobburg/ Ep. 509 - "Exit Rich" With Michelle Seiler Tucker (@MSeilerTucker): https://www.goingnorthpodcast.com/ep-509-exit-rich-with-michelle-seiler-tucker-mseilertucker/ Ep. 493 – "The Three R's of Business Growth" with Edwin Dearborn (@edwindearborn): https://www.goingnorthpodcast.com/ep-493-the-three-rs-of-business-growth-with-edwin-dearborn-edwindearborn/ 261.5 (Host 2 Host Special) – "The Outsourcing Playbook" with Kris Ward (@krisward): https://www.goingnorthpodcast.com/2615-host-2-host-special-the-outsourcing-playbook-with-kris-ward-krisward/ 179 - "Indistractable" with Nir Eyal (@nireyal): https://www.goingnorthpodcast.com/179-indistractable-with-nir-eyal-nireyal/ Ep. 322.5 (H2H Special) – "Burnout Proof" with Michael Levitt (@bfastleadership): https://www.goingnorthpodcast.com/ep-3225-h2h-special-burnout-proof-with-michael-levitt-bfastleadership/ Ep. 438 – "Acoustic Leadership" with Rick Lozano, CSP (@rick_lozano): https://www.goingnorthpodcast.com/ep-438-acoustic-leadership-with-rick-lozano-csp-rick_lozano/ 270 – "Forever Employable" with Jeff Gothelf (@jboogie): https://www.goingnorthpodcast.com/270-forever-employable-with-jeff-gothelf-jboogie/ Ep. 373.5 – "Business Secrets for Walking on Water" with Frank Zaccari (@FZaccari): https://www.goingnorthpodcast.com/ep-3735-business-secrets-for-walking-on-water-with-frank-zaccari-fzaccari/ Ep. 356 – "The Relentless Pursuit of Greatness" with Thomas R. Williams (@MrTRWilliams): https://www.goingnorthpodcast.com/ep-356-the-relentless-pursuit-of-greatness-with-thomas-r-williams-mrtrwilliams/ Ep. 348 – "Bring Inner Greatness Out" with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/ Ep. 336.5 (H2H Special) – "Own Your Career Own Your Life" with Andy Storch (@AndyStorch): https://www.goingnorthpodcast.com/ep-3365-h2h-special-own-your-career-own-your-life-with-andy-storch-andystorch/ Ep. 435 – "Breaking the Code" with Rusty Gailliard (@RustyGaillard): https://www.goingnorthpodcast.com/ep-435-breaking-the-code-with-rusty-gailliard-rustygaillard/ Ep. 426 – "Success Left a Clue" with Robert Raymond Riopel (@RobRox69): https://www.goingnorthpodcast.com/ep-426-success-left-a-clue-with-robert-raymond-riopel-robrox69/ Ep. 418 – "Breaking Free & Overcoming Self-Doubt" with Traci Duez (@traciduez): https://www.goingnorthpodcast.com/ep-418-breaking-free-overcoming-self-doubt-with-traci-duez-traciduez/ Ep. 405 – "Leadership Lessons From The Pub" with Dr. Irvine Nugent (@irvinenugent): https://www.goingnorthpodcast.com/ep-405-leadership-lessons-from-the-pub-with-dr-irvine-nugent-irvinenugent/ Ep. 315 – "Elevate Your Network & Beyond" with Jake Kelfer (@jakekelfer): https://www.goingnorthpodcast.com/ep-315-elevate-your-network-beyond-with-jake-kelfer-jakekelfer/ Ep. 488.5 – "Create, Innovate & Dominate" with Tracy Hazzard (@hazzdesign): https://www.goingnorthpodcast.com/ep-4885-create-innovate-dominate-with-tracy-hazzard-hazzdesign/ 288.5 (Host 2 Host Bonus) – "Choose the Right Mountain; Climb Faster!" with David Wood (@_playforreal): https://www.goingnorthpodcast.com/DavidWood2/

How well do you really know your vendors? Are your cybersecurity defenses keeping up with modern freight threats? Listen to Ben Wilkens for Day 2 of the 2025 NMFTA Cybersecurity Conference as he talks about the growing overlap between cybersecurity, cargo theft, and vendor management in transportation! We cover why third-party vendors are often the weakest link, how simple steps like multi-factor authentication (MFA) can stop most attacks, and why using the NMFTA's vendor checklist should be a standard practice for every carrier and broker. Ben also breaks down how cybercriminals are blending digital scams with physical theft, using tactics like phishing and fake carrier setups to exploit gaps in vetting and process discipline, why technology alone can't fix broken operations, and how consistent vetting, digital hygiene, and collaboration across the industry are key to protecting freight! About Ben Wilkens Ben Wilkens, CISSP, CCSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™. In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies, and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners, and government agencies to advance cybersecurity practices and knowledge. Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats. Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices. With a rare combination of CISSP, CCSP, and CISM certifications alongside an active Class A CDL, Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.

Breaking into Cybersecurity with Eric Stride: From Air Force to Private SectorIn this episode of Breaking into Cybersecurity, host Christoph interviews Eric Stride from Huntress Security. Eric shares his journey from being a Communications Computer Systems Officer in the Air Force to becoming the Chief Security Officer at Huntress. He discusses his extensive experience in cybersecurity, including roles at the NSA and in the private sector. Eric emphasizes the importance of continual learning, certifications, and deliberate career growth. He also touches on the implications of AI in cybersecurity and provides insights into developing and recruiting the next generation of cybersecurity talent.00:00 Introduction to the Episode00:49 Eric Stride's Journey into Cybersecurity01:11 Military Experience and Transition to Cybersecurity06:08 Continuous Learning and Staying Updated09:41 Certifications and Career Growth11:49 Leadership and Management Principles15:23 AI in Cybersecurity22:02 Recruiting and Developing Cybersecurity Talenthttps://www.huntress.com/company/careers 26:22 Conclusion and Final Thoughtshttps://www.linkedin.com/in/ericstride/Eric Stride is the Chief Security Officer at Huntress, where he oversees the company's 24/7 Global Security Operations Center, Detection Engineering, Adversary Tactics, IT Operations, and Internal Security. A 20+ year cybersecurity leader, Eric has held senior roles spanning the U.S. Air Force, NSA, and private sector.During his 12 years on active duty, Eric helped architect the Air Force's first cyber combat mission team, co-authored its first offensive cyber operations manual, and rose to Deputy Chief for Cyber Operations at NSA Georgia. He continues to serve as a Colonel in the Air Force Reserve, where he established its first cyber range squadron.In the private sector, Eric co-founded Atlas Cybersecurity, advised defense and enterprise clients as an independent consultant, led Deloitte's Advanced Cyber Training portfolio, and led the generation of $135M+ in new cyber business. He holds an M.S. in Information Technology Management, a B.S. in Computer Science, and multiple cybersecurity certifications (CISSP, GCIH, CEH).Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape.