Podcasts about cissp

A slow-rolling holiday episode featuring CISO at DataSite, Ted Peterson! Transitioning from a Director Role, Ted shares his journey to the CISO title and how his unique background informs his work approach.Tune in for insights on:Realities to navigating organizational leadership as a CISOImportance of diverse perspectives and backgrounds in the security space Establishing pathway to career goalsLike, subscribe, and share with your network to stay informed about the latest in cybersecurity! We want to hear from you! Reach out at unsecurity@frsecure.com and follow us for more:LinkedIn: https://www.linkedin.com/company/frsecure/ Instagram: https://www.instagram.com/frsecureofficial/ Facebook: https://www.facebook.com/frsecure/ BlueSky: https://bsky.app/profile/frsecure.bsky.social About FRSecure: https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Send us a textA neighboring Wi‑Fi, a handful of stolen credentials, and a quiet leap into a high‑value network—the kind of pivot that sounds cinematic until you realize how practical it is. We unpack that playbook and turn it into concrete defenses you can deploy across your environment, from client endpoints and browsers to databases, servers, and industrial control systems.We start at the edge, where phishing, drive‑by downloads, and man‑in‑the‑middle still win far too often. You'll get a clear blueprint for upgrading endpoint security with EDR, strict patching, and browser hardening, plus when to retire or sandbox legacy applets and how to stop sensitive data bleeding from local caches. From there we map the landscape of modern data platforms: the internal, conceptual, and external layers of databases; the resilience of distributed DBs; the interoperability and pitfalls of ODBC; and the security tradeoffs between NoSQL flexibility and relational ACID guarantees. Expect practical guardrails like TLS on every link, parameterized queries for SQLi defense, and role‑based access with tight segregation of duties.Finally, we focus on servers and ICS, where downtime costs real money and, in OT, can impact safety. Learn how to prioritize hardening and patching without breaking legacy apps, isolate critical services to reduce blast radius, centralize logging to a SIEM, and apply the Purdue model to segment OT from IT. We share tested moves for OT environments—firewalls and DMZs, constrained remote access, realistic backup and recovery plans—and explain how to integrate safety and cybersecurity so alarms, procedures, and people work as one.If you find this valuable, subscribe, share it with a teammate who owns Wi‑Fi or databases, and leave a quick review telling us the first control you'll implement this week. Your feedback helps more practitioners discover tools that actually reduce risk.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Encryption is often described as the "gold standard" of security, but what happens when the gold itself is targeted? Welcome to the world of cryptanalysis—the high-stakes science of deciphering encrypted data without the key. In 2025, as quantum computing and AI become more accessible, the battle between those who hide secrets and those who hunt them is reaching a fever pitch.In this episode, we break down the most sophisticated techniques hackers use to break even the toughest modern ciphers. We move beyond simple "password guessing" and dive into the mathematical and physical vulnerabilities that can render even AES-256 or RSA vulnerable if not implemented perfectly.

Send us a textOne unauthenticated request should not be all it takes to compromise your app—but with React-To-Shell, that's the reality many teams are facing. We unpack what this vulnerability hits across React server components and Next.js app router setups, why default configs can be enough to fall, and how active threat actors are already abusing it. From construction to entertainment to cloud-native platforms, the exposure is broad, the proofs are reliable and the window for safe procrastination has closed.We share a clear action plan: upgrade affected versions now, rotate secrets that touch your React servers, and turn on relevant WAF protections from providers like Cloudflare and Microsoft. Then we widen the lens to the bigger lesson: security testing that looks mature on paper can still miss API edges and misconfigurations for months. You'll hear why credentialed vulnerability scans with passive monitoring are the lowest-impact way to surface issues in production, how “medium” findings can chain into critical compromise, and when external assessors deliver the most value for resilience rather than routine compliance.To make testing count without breaking customer-facing services, we walk through purple teaming—pairing red team attacks with blue team collaboration—to validate both technical controls and security awareness. We cover scoping rules that prevent disruption, scenarios that mirror current tradecraft, and practical CISSP takeaways for domain coverage on assessments, software security and third-party risk. If your web stack touches React, or your program relies on scans and annual pen tests alone, this is your checklist and your nudge to act.If this helped you prioritize what to fix first, subscribe, share with a teammate and leave a quick review—it helps more security folks find us and harden faster.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

On this week's Ask a CISSP special episode of The Other Side of the Firewall, I talk with Air Force veteran and cybersecurity leader Ahmad Rashaan Austin about his journey from zero computer skills to founder of Cy3 Security, LLC. We explore risk management, responsible AI adoption, leadership communication, and his new book, The Boundaryless Enterprise. If you're building a cyber career or leading tech teams, this episode delivers actionable insights straight from the front lines. Check it out on your favorite podcast platform! Buy Ahmad R. Austin's The Boundaryless Enterprise: Redesigning Oversight for the Age of Intelligent Systems https://a.co/d/dfCToig Please LISTEN

Send us a textA single convincing email can move real money. We break down how Scripted Sparrow and other BEC crews spoof reply chains, impersonate trusted service providers, and slip under approval thresholds to nudge finance teams into wiring funds. The threat isn't flashy malware; it's pressure, process gaps, and the illusion of internal approval. We talk through the red flags that matter, from sudden vendor banking changes to realistic W9 attachments and urgent payment timelines, and then lay out the safeguards that stop these scams cold.From there, we zoom out to the full incident management lifecycle and make it practical. You'll hear how we define an incident by its impact on confidentiality, integrity, and availability, and why that clarity speeds action. We map the steps—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—and explain what they look like in a real company: one-click phishing reporting for employees, prepared legal statements for regulators, isolation choices that protect revenue, and documentation habits that pay off when auditors and insurers start asking questions.We also get honest about today's attack surface. Cloud sharing, APIs, and over-permissive identities push sensitive data to the edge, making containment harder if an attacker lands. Expect persistence: backdoors, credential reuse, and lateral movement thrive when local admin rights and flat networks remain. The antidote is a blend of stronger finance workflows, pre-briefed legal and communications teams, and regular tabletop drills that involve everyone who touches money, systems, or messaging.If you're serious about preventing wire fraud and surviving security incidents with your business intact, this conversation gives you a focused plan you can adopt today. Subscribe, share with your finance and HR leaders, and leave a review with the one control you'll implement first.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

**The vCISO In The Green Glass Corner Office Podcast has been re-branded to The Blak Cyber Podcast presents The CISSP Dojo Series**

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines say the talent shortage is easing, yet nearly half of UK businesses still lack basic cyber skills. That disconnect sets the stage for a frank, practical tour through what actually reduces risk—no buzzwords required. We open with real takeaways from the UK's international cyber skills initiatives and move quickly to the daily decisions that shape resilience: encryption in the cloud, least privilege by default, and how to keep role-based access control from collapsing under credential creep.We make the identity layer tangible. Single sign-on can simplify life and lower password reuse, but it also centralizes risk. We share how to counterbalance SSO with MFA, conditional access, and strong monitoring. Cloud-based IAM accelerates deployment and gives flexibility, yet brings ongoing costs and integration challenges with legacy systems; outsourcing introduces a loss of control that must be offset by airtight requirements, auditability, and vendor transparency. Phishing remains the most reliable social engineering vector, so security awareness training isn't optional—it's the routine that turns policy into behavior.Zero trust becomes manageable when you stop treating it like a switch and start treating it like a program. We outline a phased path: define protect surfaces, segment by sensitivity, apply continuous verification where the impact is highest, and expand deliberately. Vendor access deserves the same precision: NDAs for legal guardrails, least privilege for scope, monitoring for assurance, and scheduled reviews to remove stale permissions. Along the way, we talk mentorship, pro bono work, and competitions as concrete ways to grow talent while delivering real security outcomes.We also road-test your knowledge with a focused Domain 1.9 CISSP question set, reinforcing the core ideas with scenario-based reasoning. If you're preparing for the CISSP or leading a security program, you'll walk away with a clear playbook: encrypt by default, minimize access, verify continuously, and measure what matters. If this resonates, subscribe, share with a teammate, and leave a review so others can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

How exposed is your trucking operation to cybercrime right now, and are you relying too much on trust and automation? Listen to our guest today, Artie Crawford of NMFTA, breaking down the real cybersecurity threats facing transportation. The biggest takeaway is simple: no fleet, broker, or carrier is too small to be targeted! We discuss how AI-driven cyber fraud, business email compromise, and fake load schemes are hitting trucking companies hard, why small companies are often the most vulnerable, and how multi-person verification, cybersecurity training, and multi-factor authentication can dramatically reduce risk! 2026 NMFTA Cybersecurity Trends Report: https://bit.ly/4oYPTds   About Artie Crawford Artie Crawford, CISSP, CISM, is the Director of Cybersecurity at the National Motor Freight Traffic Association, Inc. (NMFTA)™. Artie is a seasoned professional with extensive experience in cybersecurity strategy and deep technical expertise in addressing complex cybersecurity challenges. He possesses a thorough understanding of the tools, techniques, procedures, and attack vectors employed by cyber adversaries. Artie has a proven track record of providing strategic guidance, collaboration, and engineering support to a wide range of organizations, including state and local governments, educational institutions, intelligence agencies, transportation authorities, and the Department of Defense, all in support of their cybersecurity missions. Throughout his distinguished career, Artie has held pivotal roles at organizations such as the Cybersecurity & Infrastructure Security Agency (CISA), Microsoft, MITRE, and others. His work has been centered on developing advanced techniques and tools for real-world operations. A 27-year veteran of the U.S. Marine Corps, Artie retired in 2011 as the Cybersecurity Chief of the Marine Corps, where he served as the Senior Technical Advisor to the CIO and Director of C4.  

Cybersecurity threats are growing - and municipalities across Oklahoma are not immune. In this episode of OMAG All Access, host Matt Jacobson sits down with Mark Kirby, CISA's Cybersecurity Advisor for Oklahoma and Arkansas, to talk about real-world risks facing cities and towns, from phishing scams to ransomware attacks.Mark shares practical, no-cost resources available through CISA, offers guidance on how to improve cybersecurity with limited budgets, and explains why regular training and layered defenses matter more than ever. If you serve in local government and want to better protect your community's digital infrastructure, this episode is for you.Contact informaiton for CISA staff:Mark Kirby, CISSP, PMP & A|CISOSupervisor Cybersecurity Advisor (Arkansas & Oklahoma)Cybersecurity and Infrastructure Security AgencyIntegrated Operations Division / Region 6 Office: 501-519-2680E-Mail: mark.kirby@cisa.dhs.govCalvin HarleyCybersecurity State Coordinator (Oklahoma)Cybersecurity and Infrastructure Security AgencyIntegrated Operations Division / Region 6Office: 405-568-5843Email: calvin.harley@cisa.dhs.gov

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvWhat happens when cybersecurity meets the engine room of the business? We dig into the partnership between the CISO and COO and show how shared risk, clear language about money, and practical tabletop drills turn security into operational resilience. Ransomware, supply chain delays, and customer impact aren't just IT issues—they're revenue issues—so we map exactly how to build alignment before a crisis hits.We break down CISSP Domain 1.5 with a plain-English tour of law categories and the statutes you actually need to know: CFAA and NIIPA for unauthorized access and critical infrastructure, FISMA and the NIST standards for federal-grade security programs, and the federal modernization that centralized oversight under DHS. Then we go deeper into intellectual property: what copyrights, trademarks, patents, and trade secrets protect; how DMCA and AI complicate ownership; and how licensing and click-through terms can quietly put your data and code at risk if you don't read them with counsel.Cross-border data is now daily business, so we unpack export controls on chips and encryption, transborder data flow obligations, and privacy regimes that carry real teeth: GDPR's 72-hour notification, China's PIPL and local representation, and state laws like CCPA that mirror EU rights. The practical takeaway is a tighter incident playbook: define “breach” with evidence-based thresholds, pre-wire stakeholder communications, and use tabletop exercises to test both technical recovery and regulatory reporting.If you're studying for the CISSP or leading a security program, this is the legal-ops blueprint you can use today. Subscribe, share this with your ops and legal teams, and leave a review to tell us which regulation gives you the biggest headache—we'll tackle it next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines about eight Chrome zero days aren't just noise—they're a prompt to act with precision. We open with the fastest, most reliable steps to reduce exposure: force updates with MDM, restart browsers to trigger patches, narrow to a hardened enterprise browser, and brief your SOC to tune EDR for active exploit patterns. You'll get a focused checklist that's quick to run and easy to defend to leadership.From there, we turn the lens to CISSP Domain 8 with five questions that teach more than they test. We explain why strict schema validation for JSON beats blanket escaping, and how misuse and abuse case analysis during requirements gives you the strongest assurance that security is built into design, not bolted on. We also break down supply chain risk in CI/CD with a practical recipe: software composition analysis, cryptographic signature checks, internal artifact repositories, and policy gates that block malicious or license-violating packages before they ship.Design flaws are the silent killers. We highlight a common mistake—putting sensitive business logic in the browser—and show how to move decisions server-side, validate every request, and protect against client tampering. Finally, we get tactical about containerized microservices: image signing plus runtime verification, read-only filesystems, minimal base images, and network policies that enforce least privilege. These are the controls that turn incident response into a manageable drill, not a firestorm.If you're preparing for the CISSP or leading an engineering team, you'll leave with strategies you can apply today: browser patching that sticks, threat modeling that finds real risks, SCA that calms your pipeline, and container security that proves runtime trust. Enjoyed this conversation? Subscribe, share with a teammate, and leave a quick review to help more people find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA single malicious insider flipped Disney menus to Wingdings and tampered with allergy labels—proof that weak offboarding and sloppy access can turn small privileges into big threats. We take that lesson and translate it into a practical roadmap for secure software: clear requirements, security controls in design, disciplined code reviews, honest UAT, and change management that prevents chaos and rollback roulette.From there, we compare the major development models through a security lens. Waterfall shines when predictability and compliance evidence are non‑negotiable, with strong documentation and defined testing phases. Spiral brings a risk-first mindset, iterating through planning, analysis, engineering, and evaluation so teams can learn early and pivot with purpose. Agile and DevSecOps embed security into user stories, definition of done, and sprint reviews, using short cycles, prioritized backlogs, and continuous testing to catch vulnerabilities before they calcify into technical debt.We also put structure around improvement. The Capability Maturity Model shows how to move from ad hoc heroics to standardized, measurable, and optimized practices that satisfy auditors and reduce incidents. The IDEAL model guides change itself—initiate with sponsorship, diagnose gaps, establish plans and metrics, act through implementation and training, and learn via feedback and retrospectives—so security improvements stick. Throughout, we share practical tips: how to weigh security controls against usability, why executive support unlocks real progress, and how to choose the right lifecycle for your risk, regulation, and release cadence.If you're preparing for the CISSP or leading teams that ship software, this is your playbook for building security into every step without slowing down what matters. Enjoyed the conversation? Subscribe, share with a teammate, and leave a review with your biggest SDLC win—or your most painful lesson.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA headline about hacked nanny cams is more than a cautionary tale—it's a mirror for how easily convenience eclipses security. We start with the Korean IP camera case to highlight simple, high-impact steps anyone can take: change default credentials, use unique passwords, turn off remote access unless you truly need it, and keep firmware current. Then we ask the harder question: how do you prove security works when the stakes are higher than a living room feed?Shifting into CISSP Domain 6, we break down audit readiness, independence, and risk-based assurance. If you're eyeing ISO 27001, the smartest first move is an internal audit program aligned with the standard's control objectives. It validates design and operating effectiveness before an external auditor walks in, and it surfaces the documentation and evidence gaps that slow teams down. We also unpack governance: when boards want independent assurance, the audit function should report outside IT. Self-assessments still help, but they don't replace a real audit.Risk should lead, not scanner severity. Consider a “medium” vulnerability on a critical payment system that demands authenticated access and precise timing. Rather than knee-jerk patching or dismissal, a structured risk analysis weighs business impact, likelihood, and compensating controls like monitoring and segregation of duties. That approach drives better prioritization and stronger outcomes.For ongoing evaluation, snapshots alone aren't enough. Instead of doubling costly SOC 2s, blend risk-based self-assessments, targeted internal audits, and continuous monitoring to maximize coverage and value. And when your cloud provider won't allow pen tests on shared PaaS, you can still gain assurance: request SOC 2 Type II, ISO 27001, and pen test summaries under NDA, then map their scope and results to your control requirements and risk appetite. Close gaps with compensating controls and a clear shared responsibility matrix.If you're preparing for the CISSP or modernizing your assurance program, this conversation will help you cut noise, focus effort, and build confidence where it counts. Subscribe, share with a teammate who handles audits, and leave a review to tell us what assurance challenge you want solved next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvIf audits feel like paperwork purgatory, this conversation will change your mind. We unpack Domain 6 with a clear, practical path: how to scope a security audit that executives will fund, teams will follow, and regulators will respect. Along the way, we touch on a fresh angle in the news—an open source LLM tool sniffing out Python zero days—and connect it to what development shops can do right now to lower risk without slowing delivery.We start by demystifying what a security audit is and how it differs from an assessment. Then we get into the decisions that matter: choosing one framework to anchor your work (NIST CSF, ISO 27001, or PCI DSS where applicable), keeping policies lean enough to use under pressure, and building a scope that targets high-value processes like account provisioning or privileged access. You'll hear why internal audits build muscle, external audits unlock credibility, and third-party audits protect your supply chain when a vendor stalls or gets breached. We talk straight about cost, bias, and the communication gaps that derail progress—and how to fix them.From there we focus on outcomes. You'll learn to prioritize incident response and third-party risk for the biggest return, write right-to-audit clauses that actually help, and map findings to business impact so leaders say yes to headcount and tooling. We share ways to pair tougher controls with enablement—like deploying a password manager before lengthening passphrases—so adoption sticks. Expect practical reminders on interview planning, evidence collection, and keeping stakeholders aligned without burning goodwill. It's a playbook for turning findings into funding and audits into forward motion.If this helped you reframe how you approach Domain 6 and security audits, subscribe, leave a review, and share it with a teammate who's staring down their next audit. Your support helps more people find CISSP Cyber Training.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Erik and Jeffrey Freeman bring over 30 years of combined real estate experience and manage more than $20M in multifamily assets as strategic partners. Erik, a U.S. Navy veteran with a B.S. in Marine Engineering, has two decades of experience as a real estate agent, investor, hard-money lending specialist, and project manager. Jeffrey, a U.S. Army veteran with degrees in IT and Cyber Security and a CISSP certification, adds 15 years of real estate investing and 12 years of leadership expertise. Together, their military backgrounds and deep experience in lending, investing, project management, and networking create a powerful foundation for delivering exceptional results and they proudly joined Rod's Warrior Group in late 2024.   Here's some of the topics we covered:   From Military Service to Real Estate Power Players From Single-Family Hustle to Multifamily Empire Building The Truth About Working With Family in Real Estate The Tax Play That Slashes Your Operating Expenses Must-Read Books That Supercharge Your Growth The One Factor That Skyrockets Your Multifamily Learning Curve Relentless Ambition and the Hunt for Killer Deals Where Game-Changing Ideas Are Really Born   If you'd like to apply to the warrior program and do deals with other rockstars in this business: Text crush to 72345 and we'll be speaking soon.   For more about Rod and his real estate investing journey go to www.rodkhleif.com

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvZero trust isn't a checkbox or a buzzword; it's a mindset shift that changes how we design networks, ship code, and protect data. We dig into what “never trust, always verify” actually looks like when you have a messy reality: hybrid clouds, legacy apps living next to microservices, and users hopping on through VPNs that still grant too much access after MFA.We start with a timely lesson from an AI analytics supplier breach to show why third-party integrations can be your Achilles heel. From there, we map out where policy should live and how it should be enforced: near the workload, with PEPs at gateways or in a service mesh, and a central PDP to keep logic consistent while decisions happen at wire speed. You'll hear why relying on VLANs, static ACLs, or a “trusted subnet” breaks the zero trust promise, and how to move toward per-request evaluation that accounts for identity, device posture, location, and behavior.Then we go data-first. Labels, encryption, and rights management let policies travel with sensitive files, so access and usage rules hold even off-network. We contrast ZTNA with legacy VPNs, explain how to avoid turning MFA into a broad hall pass, and share a realistic migration path: start with one critical application, microsegment around it, validate performance and usability, and expand. This is the playbook that reduces lateral movement, shrinks blast radius, and helps you pass the CISSP with real-world understanding.If this resonates, subscribe, share with a teammate who's designing access controls, and leave a review with your biggest zero trust roadblock. Your feedback helps shape future deep dives and study guides.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity programs fail when they try to do everything at once. We walk through a clear three-phase plan that keeps you focused and effective: start with a real gap assessment anchored in leadership's risk tolerance, convert findings into decisions to mitigate, accept, or transfer risk, and then implement with a balanced mix of people, process, and tools. Along the way, we share what to look for when hiring a virtual CISO and how to turn that engagement into actionable momentum instead of another shelfware report.From there, we tighten the perimeter by defining bounds that keep systems within safe lanes: role-based access control, data classification, DLP, segmentation, encryption, and change management that shrinks blast radius. We get tactical with process isolation, sandboxing, capability-based security, and application whitelisting, plus a grounded comparison of MAC vs DAC and when a hybrid model makes sense. Defense in depth ties it together with physical safeguards, network protections, EDR and patching, application security practices, and data security. We keep the human layer practical with targeted awareness training and a tested incident response plan.Resilience is the throughline. We advocate for secure defaults and least privilege by design, logging that's actually reviewed, and updates that apply on a measured cadence. When things break, fail safely: graceful degradation, clean error handling, separation of concerns, redundancy, and real-world drills that expose weak spots early. Governance keeps the program honest with separation of duties, dual control, job rotation, and change boards that prevent unilateral risk. Finally, we demystify zero trust: start small, micro-segment your crown jewels, verify continuously, and respect cloud nuances without overcomplicating your stack.If this helps you clarify your next move, follow the show, share it with a teammate, and leave a quick review so others can find it. Tell us: which phase are you tackling first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textWords can trigger audits, budget panic, or calm execution, and few words carry more weight than “leak” and “breach.” We unpack the real differences, the legal and regulatory implications of each, and how precise language shapes incident response. From there, we get hands-on with CISSP-ready concepts—data states, DLP, CASB, DRM, minimization, sovereignty, and sensitivity labels—and translate them into moves you can make this week.We start by mapping data states—at rest, in transit, in use—and explaining why data in use often deserves the strongest controls. You'll hear how teams over-index on storage encryption while under-protecting live workflows, and how to fix that with device posture checks, least privilege, just-in-time access, and application-layer monitoring. Then we dive into data minimization: setting clear retention rules, automating deletion, and killing the “we might need it someday” habit that inflates breach impact and eDiscovery pain. Along the way, sensitivity labels become the glue for governance, tying classification to access, encryption, and audit.Next, we stress-test common tools. DLP is great at stopping careless exfiltration but struggles with insiders who have legitimate access, so we show how to tune policies, coach users, and add approvals for mass exports. DRM protects intellectual property but introduces compatibility and friction; we outline how to pilot it with high-value content and measure productivity impact. For cloud journeys, CASB delivers visibility into sanctioned and shadow SaaS, enforces consistent policies, and even helps manage data egress costs—vital for budgets and compliance. Finally, we navigate data sovereignty, cross-border flows, and practical tactics like regional storage, masking, and pseudonymization to keep regulators satisfied and data safe.Whether you're studying for the CISSP or leading security strategy, you'll leave with clear definitions, sharper communication, and a toolkit for governing what you keep, protecting what you use, and deleting what you don't. If you found this helpful, subscribe, leave a review, and share it with a teammate who still calls every incident a breach.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA graphing calculator running ChatGPT might make headlines, but our real job is keeping sensitive data from walking out the door. We break down the data states that matter most—at rest, in transit, and in use—and show how to pair encryption, access control, and monitoring without drowning in complexity. Along the way, we share a pragmatic blueprint for classification and labeling that teams actually follow, from visual tags and watermarks to tightly governed upgrade and downgrade paths that keep owners accountable.From there, we zoom out to strategy. Risk tolerance drives control selection, so we talk through scoping and tailoring: how to apply NIST and ISO 27001 sensibly, where GDPR and HIPAA come into play, and why focused logging beats “collect everything” fantasies. You'll hear the real differences between DRM and DLP—licensing and usage enforcement versus data path control—and when each tool earns its keep. We also lay out transfer procedures that work in the wild: SFTP with verified keys, email encryption, FIPS‑validated USBs, and restricted cloud shares with time‑boxed access.Cloud isn't a blind spot when a CASB sits between your users and SaaS. We explain how a CASB delivers visibility into shadow IT, enforces policy across apps, integrates with identity for conditional access, and even helps you rein in egress costs. Tie it all together and you get a layered, test‑ready approach that helps you pass the CISSP while protecting what matters most. If this helped sharpen your plan, follow the show, share it with a teammate, and leave a quick review so we can keep building tools that move you forward.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA single compromised API key can undo months of hard work. We open with a clear-eyed look at a reported Treasury-related incident tied to a privileged access platform and use it to expose a bigger problem: API governance that lags behind development speed. If an API is a doorway into your environment, why do so many teams leave it unlocked, unlogged, and unmanaged? We share a practical blueprint for centralizing API traffic through gateways, tightening authentication, rotating keys, and getting real visibility into what flows in and out.From there, we dive into CISSP Domain 1.6 with crisp, exam-style questions that double as leadership lessons. We compare civil and criminal standards of proof, explain where regulatory investigations fit, and show how penalties differ across case types. You'll hear why chain of custody can make or break a criminal data theft case, how direct and circumstantial evidence complement each other, and what lawful collection requires under search and seizure laws. Along the way, we clarify GDPR's reach, the role of the SEC in insider trading probes, and how ECPA, CFAA, and FISMA divide responsibilities across privacy, computer crime, and federal system security.We also make the case for forensic readiness as a standing control, not a post-breach scramble. Centralized logging, synchronized time, packet capture on critical paths, immutable storage, and clear retention policies give you faster answers and stronger footing with regulators. Inside the organization, administrative investigations live or die by policy clarity, and whistleblower protections keep truth-tellers safe enough to speak. By the end, you'll have tangible steps to harden APIs, gather admissible evidence, and navigate the maze of legal and regulatory expectations with confidence.If this helped sharpen your thinking, follow the show, share it with a teammate who owns APIs or incident response, and leave a quick review so others can find us. Your feedback guides what we tackle next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA tiny payload hidden in a legitimate-looking NuGet package can sit inside an industrial network for years, then trigger cascading failures in minutes. That chilling scenario sets the stage for a hands-on tour of CISSP Domain 1.4, where we show how to turn high-level rules into clear, defensible security controls that protect real systems and pass tough audits. We connect the dots between contracts that demand fast breach notifications, laws with sector-specific obligations, and frameworks that teach you how to structure your program.We break down the essentials: identify the data in scope, pick a backbone framework (ISO 27001 or NIST CSF), and map each requirement to specific controls and evidence. You'll hear practical mappings for HIPAA, GLBA, COPPA, FERPA, NYDFS, DORA, SOX, FISMA, and PCI DSS, plus how to handle extraterritorial reach under GDPR and data localization that shapes your cloud strategy. We also highlight why contractual terms often outrun statutes and how to build a requirements register so operations knows exactly what to log, how fast to notify, and which controls must exist.Then we get tactical. Learn how to create a regulatory register, assemble audit-ready proof (policies, procedures, configs, logs, training, attestations), and run incident tabletop exercises that include vendors and clarify when the notification clock starts. For industrial environments with rare patch windows, we offer pragmatic steps: maintain a software bill of materials, verify package sources, enforce code signing where possible, document every change, and compensate with monitoring and segmentation when upgrades are risky. By the end, you'll have a blueprint to translate compliance into resilience—fast enough for 72-hour breach clocks, strong enough to handle delayed threats, and simple enough to sustain.Subscribe for more CISSP-ready training, share this episode with your security team, and leave a review to help others find the show. What framework are you mapping to today?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textRansomware doesn't wait for your change window, and neither do we. This episode takes you inside the decisions that matter when privileged accounts start hopping across systems, Exchange servers attract fresh exploits, and the clock is running on recovery. We open with the newest CISA guidance on Microsoft Exchange and translate it into moves you can apply today: enforce least privilege with a real PAM, choose stronger MFA than SMS, disable basic auth, and lock in transport protections that withstand downgrade tricks.From there, we get practical about TLS and HSTS. Rolling TLS everywhere sounds simple until certificates, ciphers, and legacy services push back. We map a staged path that starts with critical links, reduces misconfigurations, and grows coverage without breaking internal apps. HSTS then adds a policy backbone that reduces user error, blocks session hijacking, and tightens browser behavior, with clear notes on latency, preload lists, and subdomain scope.When incidents hit, priorities flip. We break down the right call when lateral movement continues during a ransomware event: disable privileged accounts and switch to preapproved emergency access. On evidence handling, we reinforce the nonnegotiable step for integrity—cryptographic hashing before and after imaging—plus secondary measures for custody and confidentiality. Disaster recovery gets the same scrutiny: meeting RTO while missing RPO means your backup cadence or replication policy failed, not your failover drill. We also cover immutable logs with WORM storage to prevent admin tampering and why emergency patches should be followed by a retrospective CAB review to keep governance intact after the fire is out.If you're preparing for the CISSP or sharpening day-to-day security operations, this session delivers clear, actionable guidance you can put to work immediately. Subscribe, share with your team, and leave a review to help more practitioners find these practical playbooks. What's the one control you'd implement tomorrow to cut lateral movement in half?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textA single Windows shortcut can open the door to espionage—and that's exactly where we begin. We break down a fresh LNK exploit campaign to show how hidden command execution and DLL sideloading slip past busy teams, then pivot into the core defense most organizations underuse: disciplined configuration management. From baselines and version control to change boards and rapid rollback, we map the habits and tools that turn chaos into control.We walk through building secure, realistic baselines with CIS Benchmarks and NIST 800‑128, and why “simple and enforceable” beats “perfect and ignored.” You'll hear how least privilege for change stops shadow tweaks, how EDR and application firewalls catch command and control, and how automation with Ansible, SCCM, and Terraform keeps fleets consistent. We spotlight the CMDB as a living source of truth—only valuable if you maintain ownership, automate updates, and report on drift so leadership and risk teams can act.Change governance becomes your stabilizer. A change control board aligns IT, security, operations, risk, and compliance before big moves, while an emergency change advisory board authorizes fast action for zero‑days and incidents with a strict post‑implementation review. We break down the full change lifecycle—request, impact analysis, staging, implementation, verification, CMDB updates—and the common pitfalls to avoid, including undocumented changes, brittle rollbacks, and ignoring post‑change scan results. Expect practical guidance on when to auto‑patch Windows, how to iterate quarterly without overengineering, and what metrics prove progress.If you're aiming to master CISSP Domain 7 or just want fewer outages and faster recovery, this conversation gives you a clear blueprint to reduce attack surface and increase stability. If it helps, share it with a teammate, subscribe for more deep dives, and leave a quick review so we can keep improving for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

"Contemplative thought is the key to solving really hard problems, and you cannot rush that." – John Rossman Today's international bestselling author is keynote speaker, leadership development coach, business transformation advisor, a former Amazon leader, and Managing Partner at Rossman Partners, John Rossman. John and I had a fun on a bun chat about his book, "Big Bet Leadership: Your Transformation Playbook for Winning in the Hyper-Digital Era", why everyone needs unproductive productive time, his experience at Amazon, and tons more!! Key Things You'll Learn: The concept of writing a future press release The 3 critical habits for big bet success Why organizations have trouble maintaining velocity Why books play an essential role in improving your thinking and accelerating your development John's Site: https://johnrossman.com/ John's Books: https://www.amazon.com/stores/author/B015X2OGGS/allbooks The opening track is titled "Kareru R Daichi Q-MIX" by Rukunetsu AKA Project R (@Rukunetsu). Use the following link to hear the full track and support his craft. https://on.soundcloud.com/62w8X Please support today's podcast to keep this content coming! CashApp: $DomBrightmon Donate on PayPal: @DBrightmon Buy Me a Coffee: https://www.buymeacoffee.com/dombrightmon Get Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmon You Might Also Like… 47 - "Black Belt Wealth" with Damion Lupo (@damionlupo): https://www.goingnorthpodcast.com/47-black-belt-wealth-with-damion-lupo-damionlupo/ Ep. 327 – "The Go-Giver Way of Elite Performance" with Bob Burg (@BobBurg): https://www.goingnorthpodcast.com/ep-327-the-go-giver-way-of-elite-performance-with-bob-burg-bobburg/ Ep. 509 - "Exit Rich" With Michelle Seiler Tucker (@MSeilerTucker): https://www.goingnorthpodcast.com/ep-509-exit-rich-with-michelle-seiler-tucker-mseilertucker/ Ep. 493 – "The Three R's of Business Growth" with Edwin Dearborn (@edwindearborn): https://www.goingnorthpodcast.com/ep-493-the-three-rs-of-business-growth-with-edwin-dearborn-edwindearborn/ 261.5 (Host 2 Host Special) – "The Outsourcing Playbook" with Kris Ward (@krisward): https://www.goingnorthpodcast.com/2615-host-2-host-special-the-outsourcing-playbook-with-kris-ward-krisward/ 179 - "Indistractable" with Nir Eyal (@nireyal): https://www.goingnorthpodcast.com/179-indistractable-with-nir-eyal-nireyal/ Ep. 322.5 (H2H Special) – "Burnout Proof" with Michael Levitt (@bfastleadership): https://www.goingnorthpodcast.com/ep-3225-h2h-special-burnout-proof-with-michael-levitt-bfastleadership/ Ep. 438 – "Acoustic Leadership" with Rick Lozano, CSP (@rick_lozano): https://www.goingnorthpodcast.com/ep-438-acoustic-leadership-with-rick-lozano-csp-rick_lozano/ 270 – "Forever Employable" with Jeff Gothelf (@jboogie): https://www.goingnorthpodcast.com/270-forever-employable-with-jeff-gothelf-jboogie/ Ep. 373.5 – "Business Secrets for Walking on Water" with Frank Zaccari (@FZaccari): https://www.goingnorthpodcast.com/ep-3735-business-secrets-for-walking-on-water-with-frank-zaccari-fzaccari/ Ep. 356 – "The Relentless Pursuit of Greatness" with Thomas R. Williams (@MrTRWilliams): https://www.goingnorthpodcast.com/ep-356-the-relentless-pursuit-of-greatness-with-thomas-r-williams-mrtrwilliams/ Ep. 348 – "Bring Inner Greatness Out" with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/ Ep. 336.5 (H2H Special) – "Own Your Career Own Your Life" with Andy Storch (@AndyStorch): https://www.goingnorthpodcast.com/ep-3365-h2h-special-own-your-career-own-your-life-with-andy-storch-andystorch/ Ep. 435 – "Breaking the Code" with Rusty Gailliard (@RustyGaillard): https://www.goingnorthpodcast.com/ep-435-breaking-the-code-with-rusty-gailliard-rustygaillard/ Ep. 426 – "Success Left a Clue" with Robert Raymond Riopel (@RobRox69): https://www.goingnorthpodcast.com/ep-426-success-left-a-clue-with-robert-raymond-riopel-robrox69/ Ep. 418 – "Breaking Free & Overcoming Self-Doubt" with Traci Duez (@traciduez): https://www.goingnorthpodcast.com/ep-418-breaking-free-overcoming-self-doubt-with-traci-duez-traciduez/ Ep. 405 – "Leadership Lessons From The Pub" with Dr. Irvine Nugent (@irvinenugent): https://www.goingnorthpodcast.com/ep-405-leadership-lessons-from-the-pub-with-dr-irvine-nugent-irvinenugent/ Ep. 315 – "Elevate Your Network & Beyond" with Jake Kelfer (@jakekelfer): https://www.goingnorthpodcast.com/ep-315-elevate-your-network-beyond-with-jake-kelfer-jakekelfer/ Ep. 488.5 – "Create, Innovate & Dominate" with Tracy Hazzard (@hazzdesign): https://www.goingnorthpodcast.com/ep-4885-create-innovate-dominate-with-tracy-hazzard-hazzdesign/ 288.5 (Host 2 Host Bonus) – "Choose the Right Mountain; Climb Faster!" with David Wood (@_playforreal): https://www.goingnorthpodcast.com/DavidWood2/

Send us a textQuantum threats aren't waiting politely on the horizon, and neither should we. We kick off with Signal's bold move to deploy post-quantum encryption, unpacking the “belt and suspenders” approach that blends classical cryptography with quantum-resistant algorithms. No jargon traps—just clear takeaways on why this matters for privacy, resilience, and the pressure it puts on other messaging platforms to evolve. We point you to smart reads from Ars Technica and Bruce Schneier that make the technical guts approachable and actionable.From there, we switch gears into a focused CISSP Domain 8 walkthrough: how to weave security into every phase of the software development lifecycle. We talk practical integration across waterfall, agile, and DevOps; show why change management, continuous monitoring, and application-aware incident response are non-negotiable; and explain how maturity models like CMMI and BSIMM help teams move from reactive to repeatable. We also break down the developer's toolbox—secure language choices, vetted libraries with SCA, hardened runtimes, and IDE plugins that surface issues in real time—so teams can ship faster without trading away safety.Speed meets rigor in the CI/CD pipeline, where shift-left security comes alive with SAST, DAST, and SOAR-driven checks. We cover repository hygiene, secret scanning, and how to measure effectiveness with audit trails and risk analysis that map code issues to business impact. You'll get a clear view of third-party risk across COTS and open source, the shared responsibility model for SaaS, PaaS, and IaaS, and the daily practices that keep APIs from leaking data: least privilege, strict authorization, input validation, and rate limiting. We close with software-defined security—policies as code—bringing consistency, versioning, and automation to your defenses. Subscribe, share with a teammate who owns your pipeline, and leave a review to tell us the next Domain 8 topic you want us to deep-dive.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

How well do you really know your vendors? Are your cybersecurity defenses keeping up with modern freight threats? Listen to Ben Wilkens for Day 2 of the 2025 NMFTA Cybersecurity Conference as he talks about the growing overlap between cybersecurity, cargo theft, and vendor management in transportation! We cover why third-party vendors are often the weakest link, how simple steps like multi-factor authentication (MFA) can stop most attacks, and why using the NMFTA's vendor checklist should be a standard practice for every carrier and broker. Ben also breaks down how cybercriminals are blending digital scams with physical theft, using tactics like phishing and fake carrier setups to exploit gaps in vetting and process discipline, why technology alone can't fix broken operations, and how consistent vetting, digital hygiene, and collaboration across the industry are key to protecting freight! About Ben Wilkens Ben Wilkens, CISSP, CCSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™. In his role at NMFTA, Ben spearheads research initiatives and leads teams dedicated to developing cutting-edge cybersecurity technologies, methodologies, and strategies to safeguard information systems and networks. He collaborates extensively with academic institutions, industry partners, and government agencies to advance cybersecurity practices and knowledge. Ben provides expert insights and recommendations to organizations, enhancing their security posture and helping them navigate the constantly evolving landscape of cyber threats. Before joining NMFTA, Ben was a key executive at a third-generation family-owned trucking and logistics company. There, he focused on the strategic integration of technology to improve operational efficiency while ensuring adherence to cybersecurity best practices. With a rare combination of CISSP, CCSP, and CISM certifications alongside an active Class A CDL, Ben brings a unique perspective to the intersection of cybersecurity and transportation. In addition to his extensive experience as an over-the-road driver, he has held roles in dispatch operations, driver management, and brokerage sales. Ben later transitioned to IT and operations support, where he honed his expertise in cybersecurity.

Send us a textOne DNS bug shouldn't take your business offline—but it did for thousands. We open with the AWS East outage to show how a single point of failure in DNS can cascade through critical systems, then get tactical about building resilience that actually holds up under stress. From multi‑region architecture and failover planning to budget trade‑offs leaders often dodge, we make the case for redundancy you can defend to finance and prove with tests, not promises.From there, we translate CISSP Domain 6.4 into actionable steps. You'll hear how to structure vulnerability reports that leaders read and teams use: crisp executive summaries, deep technical details, and remediation plans with owners and timelines. We contrast internal and external scans—what they find, where they break, and how to plan windows that won't knock over production. Expect practical guidance on ranking findings by business impact, taming false positives, and using trend analysis to show improvement over time.Validation and exception handling take center stage as we walk through verifying exploitability, aligning CVSS with real risk, and documenting exceptions the right way. When patching isn't possible, we outline compensating controls like segmentation, WAFs, logging, and virtual patching that reduce exposure without halting operations. We close with ethical disclosure best practices—coordinated timelines, bug bounty channels, and the legal safeguards that keep researchers and organizations on the same team.If you want resilient architectures, credible reporting, and a vulnerability program that leadership trusts, this conversation gives you the blueprint. Subscribe, share this with your team, and leave a quick review with your top takeaway—what's the first resilience fix you'll prioritize this quarter?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textYou can harden your network and still miss the front door: aging edge devices with elevated access, thin logging, and long‑ignored firmware. We dig into the uncomfortable truth behind “set it and forget it” firewalls, VPNs, and gateways, then lay out a practical Domain 7 playbook that helps you detect faster, respond cleaner, and recover without chaos.We start with the incident management sequence that actually works under pressure—detection, response, mitigation, reporting, recovery, remediation, and lessons learned—showing how legal timelines, stakeholder updates, and RTO/RPO planning fit together. From there, we map the controls that pull their weight: next‑gen firewalls and WAFs, IDS/IPS, smart whitelisting and blacklisting, sandboxing that anticipates time‑bomb malware, and when to lean on EDR, MDR, and UEBA to cut through alert fatigue.Then we get hands‑on with vulnerability and patch management, focusing on asset inventory, critical‑first prioritization, scanning automation, and staged deployments with real rollback plans. We connect the dots to change management so fixes don't become outages. Resilience gets its due: backup integrity and rotation, hot/warm/cold recovery sites, multi‑region processing, HA pairs, QoS to preserve critical traffic, and fault‑tolerant design that keeps services running when parts fail.Finally, we round out security operations with disaster recovery drills—from tabletop to full cutover—plus business continuity planning that aligns cyber recovery with revenue‑critical processes. Physical security and personal safety close the loop: layered access, surveillance, environmental controls, and travel and duress protocols that protect your people as well as your data. If you're preparing for the CISSP or sharpening a real program, you'll leave with concrete steps to reduce risk now and a roadmap to mature over time.Enjoyed this deep dive? Subscribe, share with a teammate who owns Domain 7, and leave a quick review to help others find the show. Your feedback shapes future topics and tools we build for you.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textHeadlines about a massive F5 Big-IP exposure aren't noise—they're a masterclass in why Security Operations must be disciplined, fast, and auditable. We open with what the F5 situation means for enterprise risk, patch urgency, and long-term persistence threats, then shift into a practical, exam-ready walkthrough of CISSP Domain 7. The goal: help you think like an operator and answer like a pro when pressure spikes.We map investigations from preparation to presentation, showing how evidence collection, handling, and chain of custody turn raw logs into defensible findings. You'll hear how live versus dead forensics trade-offs play out, which artifacts matter across endpoints, networks, and mobile, and why standardized procedures keep teams synchronized. From there, we connect visibility to action: IDS and IPS for detection and control, SIEM for correlation and retention, and egress monitoring to catch data theft and command-and-control that slip past perimeter thinking. Threat intelligence and UEBA add context and behavior baselines so you find the meaningful anomalies without drowning in alerts.We also dig into the operational backbone that keeps environments stable: configuration management, security baselines, and automation to eliminate drift and reduce manual error. Then we anchor on foundational principles—least privilege, need-to-know, separation of duties, job rotation, and PAM—to limit blast radius when credentials or processes fail. Finally, we close with resource protection and media management: classification, encryption, verifiable backups, and secure disposal and transport, so your controls hold up under legal scrutiny and real-world adversaries.Whether you're tightening controls after the F5 news or sharpening focus for the CISSP, this guide to Domain 7 gives you a clear, actionable path. If this was helpful, follow the show, share it with a teammate, and leave a quick review—what Security Operations topic should we explore next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Breaking into Cybersecurity with Eric Stride: From Air Force to Private SectorIn this episode of Breaking into Cybersecurity, host Christoph interviews Eric Stride from Huntress Security. Eric shares his journey from being a Communications Computer Systems Officer in the Air Force to becoming the Chief Security Officer at Huntress. He discusses his extensive experience in cybersecurity, including roles at the NSA and in the private sector. Eric emphasizes the importance of continual learning, certifications, and deliberate career growth. He also touches on the implications of AI in cybersecurity and provides insights into developing and recruiting the next generation of cybersecurity talent.00:00 Introduction to the Episode00:49 Eric Stride's Journey into Cybersecurity01:11 Military Experience and Transition to Cybersecurity06:08 Continuous Learning and Staying Updated09:41 Certifications and Career Growth11:49 Leadership and Management Principles15:23 AI in Cybersecurity22:02 Recruiting and Developing Cybersecurity Talenthttps://www.huntress.com/company/careers 26:22 Conclusion and Final Thoughtshttps://www.linkedin.com/in/ericstride/Eric Stride is the Chief Security Officer at Huntress, where he oversees the company's 24/7 Global Security Operations Center, Detection Engineering, Adversary Tactics, IT Operations, and Internal Security. A 20+ year cybersecurity leader, Eric has held senior roles spanning the U.S. Air Force, NSA, and private sector.During his 12 years on active duty, Eric helped architect the Air Force's first cyber combat mission team, co-authored its first offensive cyber operations manual, and rose to Deputy Chief for Cyber Operations at NSA Georgia. He continues to serve as a Colonel in the Air Force Reserve, where he established its first cyber range squadron.In the private sector, Eric co-founded Atlas Cybersecurity, advised defense and enterprise clients as an independent consultant, led Deloitte's Advanced Cyber Training portfolio, and led the generation of $135M+ in new cyber business. He holds an M.S. in Information Technology Management, a B.S. in Computer Science, and multiple cybersecurity certifications (CISSP, GCIH, CEH).Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUIHack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/

Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 338 Deep Dive: Eric Stride | Securing the Aviation Industry in the Modern AgePub date: 2025-10-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Eric Stride, Chief Security Officer at Huntress, to discuss the escalating cybersecurity challenges facing the aviation industry. Eric highlights the alarming 600% year-over-year surge in cyberattacks targeting the sector, emphasising how attackers are exploiting the interconnected and fragile aviation supply chain—most notably seen in recent incidents like the ransomware strike on Collins Aerospace. He explores the growing risk posed by both IT and OT system convergence, the shift in regulation tying cybersecurity readiness directly to airworthiness, and the increasing adoption of robust frameworks to mitigate operational disruptions and data breaches. Eric also highlights the critical need for holistic supply chain security, the importance of regulatory enforcement, and a cultural shift in the industry toward prioritising safety and cyber resilience to restore public trust in air travel. Eric Stride is the Chief Security Officer at Huntress, where he oversees the company's 24/7 Global Security Operations Center, Detection Engineering, Adversary Tactics, IT Operations, and Internal Security. A 20+ year cybersecurity leader, Eric has held senior roles spanning the U.S. Air Force, NSA, and private sector.  During his 12 years on active duty, Eric helped architect the Air Force's first cyber combat mission team, co-authored its first offensive cyber operations manual, and rose to Deputy Chief for Cyber Operations at NSA Georgia. He continues to serve as a Colonel in the Air Force Reserve, where he established its first cyber range squadron.  In the private sector, Eric co-founded Atlas Cybersecurity, advised defense and enterprise clients as an independent consultant, and led Deloitte's Advanced Cyber Training portfolio, generating $135M+ in new business. He holds an M.S. in Information Technology Management, a B.S. in Computer Science, and multiple cybersecurity certifications (CISSP, GCIH, CEH). The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Send us a textQuantum isn't a distant sci‑fi threat—it's shaping security decisions right now. We open with what NIST's new post‑quantum FIPS 203/204/205 actually mean for your crypto roadmap, why “harvest now, decrypt later” raises the stakes for long‑lived data, and how the 2035 federal mandate will ripple through contractors, audits, and CMMC. Then we get practical, translating policy pressure into the access decisions you make every day and the concepts you'll see on the CISSP exam.We break down mandatory access control (labels, clearance, strict need‑to‑know), discretionary access control (owner grants, permission creep), role‑based access control (job functions, least privilege at scale), attribute‑based access control (context, dynamic conditions), and rule‑based control (fine‑grained logic and exceptions). Along the way, we highlight the keywords that unlock tricky multiple‑choice items—“classification,” “owner,” “job role,” “attributes,” “rules”—so you can map questions to the correct model fast. More importantly, we explain how to combine models without creating chaos: use RBAC for baseline entitlements, layer ABAC for context and risk signals, lean on rule-based policies for surgical exceptions, and reserve MAC for highly classified domains where enforcement must be absolute.If attackers are stockpiling ciphertext for a quantum tomorrow, the answer is a two‑track plan: crypto agility to adopt quantum‑resistant algorithms and disciplined access governance to limit blast radius today. We share actionable cues for exam success, practical design tips for avoiding privilege escalation, and a reminder that good security is repeatable security—clear roles, auditable policies, and continuous review.Subscribe for weekly CISSP prep you can use on the job, share this with a teammate who's wrangling access models, and leave a review to help others find the show. Your support also fuels our charity‑funded training that gives back while you level up.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvhttps://www.jeffersonfisher.com/A spike in ransomware on the factory floor isn't just a headline; it's a stress test for how we design, segment, and measure our defenses. We open with the realities of manufacturing risk—legacy OT, flat networks, and high stakes for uptime—then translate that urgency into a practical walkthrough of CISSP Domain 6: the assessments, testing, and metrics that actually prove security works. Along the way, we share a surprising leadership edge from a trial lawyer's communication book that helps you argue less, align faster, and get executive buy‑in when the first vuln report lights up like a Christmas tree.We break down internal vs external audits and when each makes sense, plus a smart cadence for third‑party and supply chain reviews that acknowledges your perimeter now includes APIs and vendor tunnels. From vulnerability scans and scoped penetration tests to SIEM‑driven log reviews and synthetic transactions, we map out a toolkit that catches issues before users do. We go deeper on secure code reviews, unit/integration testing, and interface testing for APIs, because the quiet paths between services are often where real risk hides.Then we shift to the machinery of proof: breach and attack simulation for continuous validation, compliance checks to spot drift, and the metrics that matter—MTTD, MTTR, patch rates, vuln density, mean time to report. We lay out how to run account reviews, verify backups you can trust, and exercise DR/BC so recovery is muscle memory. Finally, we tackle remediation prioritization, exception handling with compensating controls, and ethical disclosure that minimizes harm while nudging vendors to act. If you're preparing for the CISSP or elevating your program, you'll leave with a clearer map and concrete next steps.If this helped, follow the show, share it with a teammate, and drop a review—what's one control or metric you're upgrading this quarter?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The Institute of Internal Auditors Presents: All Things Internal Audit Tech Sponsored by Grant Thornton Cloud security has become a top board-level concern and a permanent fixture on audit plans. In this companion episode to the Global Best Practices' A Roadmap to Auditing Cloud Security, Adam Ross talks with Vik Rai and Aadesh Gandhre about the challenges of auditing in multi-cloud environments, regulatory requirements, and the importance of governance and shared responsibility. They explore skill gaps, third-party risk, frameworks, and practical approaches to building a phased cloud security audit program, helping internal auditors strengthen resilience and provide real value. HOST: Adam Ross, CIA, CISA Partner, Grant Thornton Advisors, LLC GUEST:Vik Rai, CISSP, CISA Managing Director, Grant Thornton Advisors, LLC Aadesh Gandhre, CISA, CAMS (Sanctions), ITIL 4, Certified Cryptocurrency Auditor, Certified in Cybersecurity Chief Audit Executive, DTCC KEY POINTS: Introduction [00:00–00:00:47] Why Cloud Security Matters Now [00:00:51–00:03:10] Board-Level Visibility and Audit's Role [00:03:12–00:05:51] Regulatory Expectations and Frameworks [00:05:54–00:10:28] Skills and Governance at the Board Level [00:11:14–00:13:49] Shared Responsibility and Security Models [00:14:05–00:17:51] Resiliency, Outages, and Accountability [00:17:13–00:18:57] Starting a Cloud Security Audit [00:19:08–00:21:46] Upskilling Auditors for Cloud Environments [00:22:14–00:23:05] Cloud Security Posture Management (CSPM) [00:23:15–00:27:54] Phased and Risk-Based Audit Planning [00:29:07–00:35:42] Final Thoughts [00:37:02–00:40:43] Closing [00:41:28–00:41:46] IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: Global Best Practices: A Roadmap To Auditing Cloud Security Webinar: Hybrid Cloud Security: A Primer for Internal Auditors Tech: Control in the Cloud 2025 Financial Services Exchange Conference   Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

Send us a textLeadership churn is reshaping security from the top down. We open the door on why CISO tenures are shrinking to 18–26 months and what that says about pressure, culture, compensation, and board-level risk literacy. From startups that stretch leaders thin to enterprises that treat security as a cost center until the breach, we map the real incentives behind the “revolving door”—and share what actually extends tenure: clear mandates, aligned executives, and measurable outcomes.Then we flip to hands-on security with a crisp CISSP Domain 5 deep dive. You'll hear real-world IAM scenarios and how to reason through them: federated identity where users authenticate but can't access apps (hint: attribute-to-role mapping at the service provider), RBAC implementations that quietly violate least privilege, and when mandatory access control beats RBAC or ABAC for classified environments. We also dissect deprovisioning gaps that leave terminated users active in SaaS platforms and outline the operational fixes—source-of-truth integration, event-driven provisioning, and reconciliation from the SaaS side. To cap it off, we tackle a red-team classic: static admin creds in scripts. The modern answer isn't longer passwords; it's just-in-time privilege through PAM and secret vaulting so nothing sensitive sits on disk.If you're a senior technologist eyeing the CISO seat—or a CISO seeking sustainability—you'll get a blueprint for aligning authority, resources, and risk. And if you're prepping for the CISSP exam, these identity and access patterns will sharpen your instincts for both test day and production. Enjoy the conversation, and if it helps, subscribe, share it with a teammate, and leave a quick review so others can find it too.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Columbia Technology Partners (CTP) fosters a vibrant, competitive culture that blends professional growth with a fun, engaging workplace, shares Allen Scott, the Director of People & Culture. CTP seeks cleared professionals, particularly those with CISSP and ISSEP certifications, for roles in cybersecurity, cloud engineering, and systems engineering. The company supports continuous education with paid training and exams to fuel career advancement. Beyond work, CTP's new office boasts 75-inch TVs, video game tournaments, cornhole, and regular happy hours, creating a welcoming environment where coworkers can connect. With opportunities in Maryland, Aberdeen, and Wright-Patterson Air Force Base, CTP offers prospective employees both challenging missions and a lively, supportive culture.Find complete show notes at: https://clearedjobs.net/columbia-technology-partners-upskilling-from-certs-to-cornhole-podcast_ This show is brought to you by ClearedJobs.Net. Have feedback or questions for us? Email us at rriggins@clearedjobs.net. Sign up for our cleared job seeker newsletter. Create a cleared job seeker profile on ClearedJobs.Net. Engage with us on LinkedIn, Facebook, Instagram, X, or YouTube. _

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA headline‑grabbing data leak is the wake‑up call; what you do next is the difference between panic and control. We start with concrete actions you can take today—check exposure with Have I Been Pwned, lock down your credit with freezes, turn on MFA, and keep meticulous records so you have proof when it counts. From there, we switch gears into the playbook every CISSP candidate and security leader needs: a clear path through the access control maze that actually maps to real work.We break down Discretionary Access Control (DAC) and why it's fast but fragile, then show how non‑discretionary models keep large environments consistent. Role‑Based Access Control (RBAC) gets the spotlight with practical guidance: define roles by job function, automate approvals, prevent role explosion, and audit entitlements so inheritance doesn't hand out surprise privileges. We separate role‑based from rule‑based—one tied to people and jobs, the other to conditions like time, location, and transaction type—using examples you can adopt immediately.For high‑assurance scenarios, we dig into Mandatory Access Control (MAC): labels, clearances, compartments, and the uncompromising policies that protect the most sensitive data. Finally, we look ahead with Attribute‑Based Access Control (ABAC), where context drives decisions in cloud and zero trust architectures. User attributes, device posture, data sensitivity, time, and geo all combine to answer the crucial question: should this subject access this object, right now?You'll walk away with exam‑ready cues, battle‑tested pros and cons, and a mental model to pick the right approach for your team. If this helped, subscribe, share it with a teammate who keeps mixing up role‑based and rule‑based, and leave a quick review so others can find us.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this milestone episode of the Fit4Privacy podcast, host Punit Bhatia is joined by three distinguished privacy experts — Dr. Kerry Miller (AI Governance Expert, U.S.), Heidi Waem (Partner, DLA Piper, Brussels), and Dr. Valerie Lyons (COO, BH Consulting; Academic & Author) — to reflect on 7 years of GDPR and explore what lies ahead. Whether you're a privacy professional, business leader, or just curious about how data protection shapes our digital lives, this conversation offers both a critical reflection on GDPR's first seven years and foresight into its future role in AI and trust. KEY CONVERSION 00:03:25 Panelist Introductions and Initial Thoughts on GDPR 00:09:06 Significant challenge that remains in up to 7-9 years of GDPR 00:18:10 Has there been a fair amount of reporting on compliance failures over the years? 00:21:11 EU Compliance Gaps and How Companies Can Avoid Them  00:29:56 Has the GDPR has been successful in balancing the power equilibrium of organization and data subjects?  00:35:35 Role of trust after 7 years of GDPR  00:41:39 From GDPR compliance in AI World, what can be done additionally? ABOUT GUEST Heidi Waem is the head of the data protection practice at DLA Piper Belgium and specialized in data protection and privacy. She assists clients with all aspects of EU Regulatory Data Protection compliance including the ‘structuring' of data processing and sharing activities to achieve an optimal use of data, advising on data transfers and the processing of personal data by means of new technologies (AI, facial recognition,…).Dr. Cari Miller is the Principal and Lead Researcher for the Center for Inclusive Change. She is a subject matter expert in AI risk management and governance practices, an experienced corporate strategist, and a certified change manager. Dr. Miller creates and delivers AI literacy training, AI procurement guidance, AI policy coaching, and AI audit and assessment advisory services.Dr. Valerie Lyons is a globally recognized authority in privacy, cybersecurity, data protection, and AI governance. Holding a PhD in Information Privacy along with CDPSE, CISSP, and CIPP/E certifications, she serves as a trusted strategic advisor to regulatory bodies and organizations across both public and private sectors. Valerie has played an influential role in shaping EU-wide data protection frameworks and enforcement strategies, and is an active member of the European Data Protection Board's pool of experts, as well as other global cyber and data protection bodies. ABOUT HOSTPunit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals. Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCESWebsites ⁠⁠www.fit4privacy.com⁠⁠,⁠⁠www.punitbhatia.com⁠⁠, ⁠⁠https://www.linkedin.com/in/heidiwaem/⁠⁠, ⁠⁠https://www.linkedin.com/in/cari-miller/⁠⁠, ⁠⁠https://www.linkedin.com/in/valerielyons-privsec/⁠⁠ Podcast⁠⁠ ⁠⁠⁠⁠https://www.fit4privacy.com/podcast⁠⁠ Blog ⁠⁠https://www.fit4privacy.com/blog⁠⁠ YouTube ⁠⁠http://youtube.com/fit4privacy⁠⁠

Send us a textThe fastest way to lose trust is to let AI adoption outrun your governance. We open with a blunt look at AI sprawl and shadow AI—how unsanctioned tools slip past weak policies, create data exposure, and strain legacy controls—then lay out a practical path for teams that don't have a big‑tech budget: continuous discovery via proxies or CASB‑like tools, real‑time monitoring through a trusted partner, and risk assessments that focus on business impact, not buzzwords. The goal isn't to slow innovation; it's to make it safe and repeatable.From there, we bring CISSP Domain 1.3 to life with five scenario‑based questions that mirror real leadership decisions. You'll hear why federated governance outperforms heavy central mandates in multinationals, how defining risk appetite is the first step before any framework, and which metrics actually prove value to a board. We draw a clear line between due care (policies, accountability, legal alignment) and due diligence (testing, verification, audits), and we show why insurance can transfer residual risk but can never replace sound governance.We also get specific about executive communication. A new CEO wants alignment, accountability, and outcomes—not weekly patch timelines. Learn how to map security objectives to corporate strategy, prioritize by business risk, and present measurable progress that earns budget and buy‑in. If you're preparing for the CISSP or leading a program under pressure, these principles help you think like a strategist and act with confidence.Want more? Explore the free resources and growing library at CISSP Cyber Training, and grab the 360 free CISSP practice questions. If this episode helps you think clearer about governance and AI, subscribe, share it with a teammate, and leave a quick review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 72: Does a CISSP Certification Make Sense For OT?Pub date: 2025-09-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCertification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape. 

In this episode of Ask a CISSP, the Thursday episode of the Other Side of the Firewall podcast, Ryan Williams Sr. interviews Tim Tipton Jr., a cybersecurity architect, author, and Grammy-winning music producer. They discuss Tim's journey into cybersecurity, his military background, and the importance of making the field accessible to all. Tim shares insights on mentorship, community outreach, and his creative pursuits in writing and music. The conversation highlights the challenges and opportunities in cybersecurity, as well as Tim's aspirations to empower the next generation through education and support. Buy the guide: www.theothersideofthefirewall.com Please LISTEN

“Cybersecurity has been oversold for too long—expensive, complicated, and not user-friendly. What small and mid-sized businesses really need are affordable, effective protections delivered with education and consultation,” says Tomas Sjostrom, CISSP and President of Technology Services at James Moore Technology Services. At the MSP Summit, Sjostrom sat down with Doug Green, Publisher of Technology Reseller News, to discuss his session, Establishing a Successful Managed Security Program: The Consultation Imperative. His message to MSPs was clear: success depends on understanding both the client's business and the end user's experience. Key insights from the conversation include: Listen first, then recommend: Understanding the client's culture and user needs is as important as the technology itself. Focus on education: Solutions like multi-factor authentication (MFA) can initially feel inconvenient to users, but with training, they quickly see the security benefits. Avoid tech-first thinking: Deployments fail when MSPs expect technology alone to solve problems without preparing end users for change. Partnerships extend reach: To provide personal, local service across the Southeastern U.S., James Moore Technology Services developed a technical services partnership program, enabling trusted partners to step in as direct resources for clients. By blending consultation, training, and the right level of protection, James Moore Technology Services is helping small and mid-sized businesses stay secure without unnecessary complexity. Learn more at jmco.com.

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

When security becomes more than a checkbox, the conversation shifts from “how much” to “how well.” At Black Hat USA 2025, Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Viktor Petersson, Founder of an SBOM artifact platform, unpack how regulatory forces, cultural change, and AI innovation are reshaping how organizations think about security.Viktor points to the growing role of Software Bill of Materials (SBOMs) as not just a best practice, but a likely requirement in future compliance frameworks. The shift, he notes, is driven largely by regulation—especially in Europe—where security is no longer a “nice to have” but a mandated operational function. Sean connects this to a market reality: companies increasingly see transparent security practices as a competitive differentiator, though the industry still struggles with the hollow claim of simply being “secure.”AI naturally dominates discussions, but the focus is nuanced. Rather than chasing hype, both stress the need for strong guardrails before scaling AI-driven development. Viktor envisions engineers supervising fleets of specialized AI agents—handling tasks from UX to code auditing—while Sean sees AI as a way to rethink entire operational models. Yet both caution that without foundational security practices, AI only amplifies existing risks.The conversation extends to IoT and supply chain security, where market failures allow insecure, end-of-life devices to persist in critical environments. The infamous “smart fish tank” hack in a Las Vegas casino serves as a reminder: the weakest link often isn't the target itself, but the entry point it provides.DEFCON, Viktor notes, offers a playground for challenging assumptions—whether it's lock-picking to illustrate perceived versus actual security, or examining the human factor in breaches. For both hosts, events like Black Hat and DEFCON aren't just about the latest vulnerabilities or flashy demos—they're about the human exchange of ideas, the reframing of problems, and the collaboration that fuels more resilient security strategies.___________Guest:Viktor Petersson, Founder, sbomify | On LinkedIn: https://www.linkedin.com/in/vpetersson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Black Hat USA 2025 has wrapped, and for Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Marco Ciappelli, Co-Founder of ITSPmagazine, the end of the event is both an exhale and a moment to reflect on what was learned, heard, and felt. After days of conversations with industry leaders, CISOs, vendors, and attendees from around the globe, one recurring message stands out: cybersecurity decision-makers are tired of buzzwords and hungry for real solutions.Sean shares that during sessions and informal meetups, CISOs expressed frustration with marketing pitches that fail to connect to their real challenges. Sitting across from security leaders, marketers heard it directly—stop with the jargon and explain how your solution genuinely makes their lives easier, reduces stress, and improves security outcomes. In other words, trust and honesty carry far more weight than flashy claims.Marco emphasizes that hype not only wastes time but also adds “noise” to the already complex job of running a security program. The more a vendor can be direct about what they do—and what they don't do—the more likely they are to earn a lasting relationship with a CISO and their team. Both agree that connecting the dots between a product and an organization's operational reality is key: what does adoption require, how will it fit into existing systems, and will it force a major operational shift?Beyond the messaging critique, the duo reflects on the community element of Black Hat. They reconnected with peers, met new contacts from as far as Toronto, and discussed future events in places like Melbourne, Barcelona, and Amsterdam. They also teased the upcoming “Transatlantic Broadcast” podcast series, which will explore cybersecurity voices from across Europe while maintaining a global view.While the Black Hat booths are now dismantled and the floors mopped, the conversations are far from over. Sean and Marco head back to Los Angeles ready to produce interviews, publish articles, and share the many stories captured during the week—stories that cut through the noise and get to the heart of what matters in cybersecurity.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Studio: https://www.itspmagazine.studio/Learn more about ITSPmagazine Europe: https://www.itspmagazine.com/europeCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceWant to tell your Brand Story Briefing as part of our event coverage? Learn More