Podcasts about cissp

In this milestone episode of the Fit4Privacy podcast, host Punit Bhatia is joined by three distinguished privacy experts — Dr. Kerry Miller (AI Governance Expert, U.S.), Heidi Waem (Partner, DLA Piper, Brussels), and Dr. Valerie Lyons (COO, BH Consulting; Academic & Author) — to reflect on 7 years of GDPR and explore what lies ahead. Whether you're a privacy professional, business leader, or just curious about how data protection shapes our digital lives, this conversation offers both a critical reflection on GDPR's first seven years and foresight into its future role in AI and trust. KEY CONVERSION 00:03:25 Panelist Introductions and Initial Thoughts on GDPR 00:09:06 Significant challenge that remains in up to 7-9 years of GDPR 00:18:10 Has there been a fair amount of reporting on compliance failures over the years? 00:21:11 EU Compliance Gaps and How Companies Can Avoid Them  00:29:56 Has the GDPR has been successful in balancing the power equilibrium of organization and data subjects?  00:35:35 Role of trust after 7 years of GDPR  00:41:39 From GDPR compliance in AI World, what can be done additionally? ABOUT GUEST Heidi Waem is the head of the data protection practice at DLA Piper Belgium and specialized in data protection and privacy. She assists clients with all aspects of EU Regulatory Data Protection compliance including the ‘structuring' of data processing and sharing activities to achieve an optimal use of data, advising on data transfers and the processing of personal data by means of new technologies (AI, facial recognition,…).Dr. Cari Miller is the Principal and Lead Researcher for the Center for Inclusive Change. She is a subject matter expert in AI risk management and governance practices, an experienced corporate strategist, and a certified change manager. Dr. Miller creates and delivers AI literacy training, AI procurement guidance, AI policy coaching, and AI audit and assessment advisory services.Dr. Valerie Lyons is a globally recognized authority in privacy, cybersecurity, data protection, and AI governance. Holding a PhD in Information Privacy along with CDPSE, CISSP, and CIPP/E certifications, she serves as a trusted strategic advisor to regulatory bodies and organizations across both public and private sectors. Valerie has played an influential role in shaping EU-wide data protection frameworks and enforcement strategies, and is an active member of the European Data Protection Board's pool of experts, as well as other global cyber and data protection bodies. ABOUT HOSTPunit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals. Punit is the author of books “Be Ready for GDPR' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe. RESOURCESWebsites ⁠⁠www.fit4privacy.com⁠⁠,⁠⁠www.punitbhatia.com⁠⁠, ⁠⁠https://www.linkedin.com/in/heidiwaem/⁠⁠, ⁠⁠https://www.linkedin.com/in/cari-miller/⁠⁠, ⁠⁠https://www.linkedin.com/in/valerielyons-privsec/⁠⁠ Podcast⁠⁠ ⁠⁠⁠⁠https://www.fit4privacy.com/podcast⁠⁠ Blog ⁠⁠https://www.fit4privacy.com/blog⁠⁠ YouTube ⁠⁠http://youtube.com/fit4privacy⁠⁠

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

Preparing for the CISSP exam can feel overwhelming—but you don't have to do it alone! In this episode, top CISSP instructors share insider study hacks, proven strategies, and secret exam-day tips that have helped thousands of professionals succeed on their first attempt. From mastering the 8 domains to avoiding common pitfalls, this guide is designed to make your CISSP journey smarter and less stressful.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity governance represents one of the most misunderstood yet critical components of any cybersecurity program. As we explore Domain 1.3 of the CISSP exam, we unpack how proper governance creates accountability and structure that protects both your organization and your career.We begin with a startling real-world example: the "Red November" campaign, where Chinese state-sponsored hackers exploited vulnerable internet-facing appliances and VPNs across defense, aerospace, and government sectors for a full year. This sophisticated operation highlights why casual approaches to security governance leave organizations exposed to devastating attacks.Security governance isn't merely a theoretical concept – it's a practical framework that defines who's responsible for what across your security landscape. We break down the crucial roles every organization must establish: from Senior Managers who hold ultimate responsibility, to Data Owners who classify information, to Data Custodians who implement protections, and the often-overlooked role of Auditors who verify everything works as intended. Understanding these distinctions protects security professionals from becoming scapegoats when incidents occur.The real value emerges when we examine how security control frameworks like NIST CSF, ISO 27001, and CRI provide structured approaches to managing risk. These aren't one-size-fits-all solutions, but rather customizable blueprints that help you systematically identify, implement, and monitor security measures appropriate to your specific needs. Framework mapping allows you to align multiple requirements efficiently, making compliance less burdensome and more effective.Finally, we demystify the concepts of due care and due diligence – the practical actions that demonstrate you've taken reasonable steps to protect your organization. These aren't just legal defenses; they're the fundamental building blocks of a mature security program that aligns with business objectives while meaningfully reducing risk.Whether you're preparing for the CISSP exam or building a more robust security program, this episode provides the practical knowledge you need to implement effective security governance that executives will support and auditors will approve.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This episode features an in-depth conversation with Scott Alldridge Certified Chief Information Security Officer (CCISO), CISSP, AI MS Certified, ITIL Expert, Harvard Certified in Technology and Privacy, and CEO of IP Services. With 30+ years of experience in IT management and cybersecurity, Scott has become a global thought leader in modern security strategies. From starting in tech at 19 to building a successful cybersecurity services company. Scott shares powerful insights on the evolution of IT, the rise of AI-driven threats, and why businesses must embrace proactive, layered defenses. He also explains why adaptability, reinvention, and aligning technology with business goals are critical for resilience in today's fast-changing tech landscape. 

In this episode of Ask a CISSP, the Thursday episode of the Other Side of the Firewall podcast, Ryan Williams Sr. interviews Tim Tipton Jr., a cybersecurity architect, author, and Grammy-winning music producer. They discuss Tim's journey into cybersecurity, his military background, and the importance of making the field accessible to all. Tim shares insights on mentorship, community outreach, and his creative pursuits in writing and music. The conversation highlights the challenges and opportunities in cybersecurity, as well as Tim's aspirations to empower the next generation through education and support. Buy the guide: www.theothersideofthefirewall.com Please LISTEN

Send us a textDive into the critical world of software development security with Sean Gerber as he tackles Domain 8.3 in this knowledge-packed CISSP Question Thursday episode. We examine fifteen challenging questions that address the security controls essential for protecting code throughout the development lifecycle.Discover why static application security testing integrated directly into your CICD pipeline stands as the gold standard for catching vulnerabilities early, and why developer arguments about "unlikely" buffer overflow exploits should never persuade you to leave vulnerabilities unaddressed. The podcast breaks down the crucial difference between partial mitigations and proper vulnerability elimination, providing you with the decision-making framework you'll need both for the CISSP exam and real-world security leadership.The episode doesn't shy away from controversial topics, including the persistent myth of "security through obscurity" and why it fails as a protection strategy. You'll learn why security code reviews by senior developers remain irreplaceable for identifying business logic vulnerabilities, while generic security checklists prove ineffective against sophisticated threats. For those working with cloud platforms, open-source libraries, or outsourced development, Sean offers targeted guidance on the controls that matter most in each scenario.Beyond the technical content, Sean shares his passion for helping adoptive families through the nonprofit initiative supported by purchases at CISSPCyberTraining.com. Every training package purchased contributes to providing grants and low-interest loans to families looking to adopt children who need loving homes.Ready to strengthen your understanding of software security while preparing for your CISSP certification? This episode delivers actionable insights, exam-ready knowledge, and the confidence to tackle Domain 8.3 questions with expertise. Listen now and take another step toward mastering the crucial intersection of development and security that today's organizations desperately need.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

“Cybersecurity has been oversold for too long—expensive, complicated, and not user-friendly. What small and mid-sized businesses really need are affordable, effective protections delivered with education and consultation,” says Tomas Sjostrom, CISSP and President of Technology Services at James Moore Technology Services. At the MSP Summit, Sjostrom sat down with Doug Green, Publisher of Technology Reseller News, to discuss his session, Establishing a Successful Managed Security Program: The Consultation Imperative. His message to MSPs was clear: success depends on understanding both the client's business and the end user's experience. Key insights from the conversation include: Listen first, then recommend: Understanding the client's culture and user needs is as important as the technology itself. Focus on education: Solutions like multi-factor authentication (MFA) can initially feel inconvenient to users, but with training, they quickly see the security benefits. Avoid tech-first thinking: Deployments fail when MSPs expect technology alone to solve problems without preparing end users for change. Partnerships extend reach: To provide personal, local service across the Southeastern U.S., James Moore Technology Services developed a technical services partnership program, enabling trusted partners to step in as direct resources for clients. By blending consultation, training, and the right level of protection, James Moore Technology Services is helping small and mid-sized businesses stay secure without unnecessary complexity. Learn more at jmco.com.

Send us a textReady to master the critical domain of Identity and Access Management for your CISSP exam? This comprehensive rapid review demystifies Domain 5, which accounts for 13% of all exam questions—knowledge you absolutely cannot skip.Dive deep into the fundamentals as we explore controlling physical and logical access to assets—from information systems to facilities. Discover how properly implemented controls protect your most sensitive data through classification, encryption, and permissions. As one cybersecurity veteran wisely notes, "It's all about the data," and this episode equips you with the frameworks to protect it.The podcast meticulously unpacks identity management implementation, breaking down authentication types, session management, and credential systems. You'll grasp the differences between single-factor and multi-factor authentication and understand why accountability through proper logging and auditing is non-negotiable in today's security landscape.We explore deployment models that fit various organizational needs—from on-premise solutions offering complete control to cloud-based options providing scalability, along with the increasingly popular hybrid approach. The episode clarifies authorization mechanisms including role-based access control (RBAC), rule-based access control, mandatory access controls (MAC), and discretionary access controls (DAC)—essential knowledge for implementing proper security boundaries.Particularly valuable is our breakdown of authentication systems and protocols—OAuth, OpenID Connect, SAML, Kerberos, RADIUS, and TACACS+—demystifying their purposes and applications in real-world scenarios. Whether you're a seasoned security professional or preparing for your certification, this episode delivers the practical knowledge you need.Ready to accelerate your CISSP journey? Visit CISSPcybertraining.com for free resources including podcasts, study plans, and 360 practice questions—plus premium content with over 50 hours of focused training. This episode isn't just exam prep; it's a masterclass in identity and access management principles you'll apply throughout your cybersecurity career.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe cybersecurity landscape is evolving rapidly with AI development creating unprecedented challenges for organizations, security professionals, and insurance providers alike. How do we manage these emerging risks while maintaining fundamental security governance principles?Sean Gerber tackles this question head-on by examining why liability insurance alone won't solve the AI security equation. Drawing from a fascinating Lawfare article, he unpacks how cyber insurance has failed to drive meaningful security improvements due to poor data collection, shallow assessments, and inadequate risk measurement. As AI systems increasingly generate their own code, determining liability becomes extraordinarily complex. Insurance companies may soon require more rigorous security evaluations before providing coverage for AI implementations, placing additional burden on businesses to demonstrate robust security practices.Moving from theory to practice, Sean delivers five deep-dive questions on CISSP Domain 5.5 that demonstrate how security professionals must "think like managers" rather than just memorizing answers. Each scenario—from dealing with orphaned accounts after mergers to implementing role-based access controls in healthcare—illustrates the critical importance of governance, proper access management, and security process improvement. The questions challenge listeners to move beyond tactical thinking and embrace strategic security management approaches that balance business needs with risk mitigation.The episode also unveils Sean's upcoming 7-day and 14-day CISSP bootcamp blueprints—intensive training plans designed for candidates who need to prepare efficiently without spending thousands on traditional bootcamps. These structured approaches provide a cost-effective alternative while still covering the comprehensive knowledge required to pass the challenging CISSP exam.Ready to strengthen your CISSP preparation? Visit CISSPCyberTraining.com for free practice questions, video content, and specialized training materials designed to help you pass the exam on your first attempt. The combination of conceptual understanding and practical application demonstrated in this episode is exactly what distinguishes successful CISSP candidates from those who merely memorize practice tests.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Dewayne Hart is a distinguished cybersecurity leader whose insights bridge military precision and corporate strategy. A retired U.S. Navy Chief Petty Officer, he laid the groundwork for his expert mindset in technology defence before founding Secure Managed Instructional Systems (SEMAIS) in 2014, advising clients such as PwC, Kaiser Permanente, and U.S. federal agencies. Beyond his consultancy, Dewayne has earned recognition as an author and thought leader. His 2022 book, The Cybersecurity Mindset: A Virtual and Transformational Thinking Mode, and his podcast The Chief of Cybersecurity showcase his talent for translating complex threats into actionable, human-centred guidance. Represented by The Champions Speakers Agency, Dewayne is also a leading keynote speaker who continues to inspire global audiences. Alongside his ongoing work as CEO and Founder, he delivers cutting-edge insights on leadership, AI, workforce readiness, and cyber resilience. Q1. What inspired your transition from military service to cybersecurity, and how has that background shaped your approach to the field? Dewayne Hart: "When I retired from the military about 15 years ago, I was supposed to be a leadership coach. And then during the time I was studying for my master's degree programme, I walked into the office and I noticed that a friend of mine was studying for his CISSP certification. "I picked up the book, browsed through it a couple of times and said, "You know what? I think that I want to branch into the cybersecurity industry." "And so after that I started to study the CISSP certification, passed it, and then from there I became one of the people that were interested in cybersecurity. But later on I started to do some other things such as writing, starting the podcast, and here I am today working in the cybersecurity industry. It has been very rewarding. "But I thank my friend for leaving that book on the desk because if he had not left that book there, I would probably have been a leadership coach today. Now, there's nothing wrong about being a leadership coach, but I think that the cybersecurity industry is much more rewarding." Q2. Many organisations ask, "How can we become proactive rather than reactive?" From your experience, how should businesses assess and build their security capabilities to stay ahead of threats? Dewayne Hart: "As I have walked through the industry and met a great number of people working from all walks of life, the number one question they always ask me is: how can we become proactive? "My answer is always standard and it's always the same. You need to understand your security capabilities. Your security capabilities make a determination on whether you know what's on your enterprise or whether you do not know what's on your enterprise. It can also branch into cyber visibility. Do you have visible indication of where your weaknesses are? "There are some intricate programmes that must work in tandem in order for leaders to understand their security capabilities. One is your asset management programmes. Two is your configuration management programme. "Three is your vulnerability management programme. If you can take those three programmes and have them work in tandem, you can understand your security capabilities. But also, too, adding in your cyber tools and your cyber threat intelligence programmes - those are going to help you out as well. "If you add those into your asset management, your configuration management and your vulnerability management programme, you will have an accurate indication of your security capabilities. Because if you don't have an accurate indication of your security capabilities, then this is how you create those blind spots. "Blind spots are those areas of your enterprise that are sneaking under the radar. They only become active when hackers find out where they are. So if you understand your security capabilities, then you can beat hackers to the finish line." Q3. Traditionally, the 'human el...

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe effective management of digital identities throughout their lifecycle is perhaps the most crucial yet overlooked aspect of organizational cybersecurity. This episode dives deep into CISSP Domain 5.5, offering practical insights on building robust identity and access management (IAM) governance frameworks that protect against insider threats while streamlining compliance efforts.We begin by examining a real-world case study of how one company transformed its third-party risk management using AI-driven consolidation of security alerts, establishing clear accountability through a security champions program. This approach demonstrates how proper governance structures can turn overwhelming data into actionable intelligence.The heart of our discussion centers on the identity lifecycle – from provisioning to deprovisioning and everything between. Learn why automated account creation processes dramatically reduce security risks while improving operational efficiency. We share cautionary tales, including one where improper deprovisioning allowed an ex-employee to deploy a devastating logic bomb costing millions in damages and legal fees.Role-based access control (RBAC) emerges as a critical strategy for maintaining least privilege principles at scale. However, we warn against common pitfalls like overly complex role structures that become unmanageable or so simplified they create security gaps. The episode provides clear guidance on achieving the right balance for organizations of any size.Perhaps most importantly, we expose the hidden dangers of service accounts – those often-forgotten credentials with extensive privileges that rarely change and receive minimal monitoring. These accounts represent prime targets for attackers seeking to escalate privileges, yet many organizations fail to properly secure them.Whether you're studying for the CISSP exam or implementing IAM best practices in your organization, this episode delivers actionable strategies to strengthen your security posture through proper identity lifecycle management. Visit CISSPCyberTraining.com for additional resources to support your cybersecurity journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvDive into the complex world of security models as we unpack Domain 3.2 of the CISSP exam in this knowledge-packed episode. We begin by examining how the generative AI boom is creating significant privacy and cybersecurity challenges for organizations worldwide. Security professionals must now navigate data ownership questions, changing terms of service, and the risks of shadow AI usage – all while developing governance strategies that balance innovation with protection.The spotlight then turns to the Chinese Wall model (Brewer-Nash), a fascinating security approach that originated in financial and legal industries. Unlike static models, this dynamic access control system creates metaphorical barriers between competing clients to prevent conflicts of interest. When a consultant accesses one company's sensitive data, they're automatically blocked from accessing a competitor's information – a concept every CISSP candidate needs to understand thoroughly.The heart of the episode features five challenging practice questions that explore critical security models: Bell-LaPadula's simple security property for preventing unauthorized access to classified information; Clark-Wilson's transaction integrity controls for financial systems; Brewer-Nash for managing consultant access to competing clients; the Non-Interference model for preventing covert channel leaks; and the Take-Grant model for controlling rights distribution. Each question comes with detailed explanations that clarify these concepts in practical, real-world contexts.Whether you're preparing for the CISSP exam or expanding your cybersecurity knowledge, this episode provides valuable insights into how different security models address specific protection requirements. Ready to strengthen your understanding of these essential security frameworks? Visit CISSP Cyber Training for 360 free practice questions and additional resources to support your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The ISSAP (Information Systems Security Architecture Professional) exam is evolving in 2025—and if you're aiming to specialize beyond CISSP, you'll want to know exactly what's new. In this InfosecTrain session, we break down the latest syllabus changes and what they mean for your certification journey.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity models can be one of the most challenging concepts for CISSP candidates to grasp, yet they form the bedrock of how we implement and understand security controls. In this comprehensive episode, we break down Domain 3.2's security models in plain, accessible language with real-world examples that will finally make these abstract concepts click.We start with an analysis of the recent TransUnion data breach affecting 4.4 million individuals, using it as a practical reminder of why proper security architecture matters. This breach, occurring through a third-party application, perfectly illustrates the dangers when security models aren't properly implemented.The episode then demystifies the Trusted Computing Base (TCB), explaining its role as the foundation of creating secure code. We explore key components including the Security Kernel, Reference Monitor, Trusted Path, and TCB Boundary, translating these complex concepts into understandable terms.The heart of the episode focuses on the "Big Eight" security models you need to know for the CISSP exam. From Bell-LaPadula's "no read up, no write down" confidentiality focus to Biba's integrity-centered approach, we provide clear explanations and memorable scenarios for each model. You'll learn how Clark-Wilson enforces business integrity through separation of duties, how Brewer-Nash prevents conflicts of interest, and how the remaining models address specific security concerns.Rather than simply memorizing names and concepts, this episode gives you a framework for understanding each model's purpose, category (confidentiality, integrity, information flow, or access), and practical application. We conclude with exam preparation tips, highlighting which models deserve the most attention during your studies.Whether you're preparing for the CISSP exam or simply want to deepen your cybersecurity knowledge, this episode transforms abstract security models into practical tools you can apply to real-world security challenges. Visit CISSPCyberTraining.com for free questions and additional resources to support your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvDive into the multifaceted world of data security controls with Sean Gerber as he unpacks CISSP Domain 2.6. The episode opens with a fascinating glimpse into the creative ingenuity of technology users—a student who managed to hack a TI-84 calculator to access ChatGPT during exams. This real-world example perfectly illustrates why robust data security controls are more crucial than ever in our interconnected world.Sean meticulously breaks down the three fundamental data states—data at rest, data in transit, and data in use—providing clear explanations of the unique protection mechanisms each requires. You'll discover why data is rarely truly "at rest" unless completely powered off and disconnected, and why this understanding is vital for comprehensive protection strategies. The discussion extends to emerging technologies like homomorphic encryption, which promises to keep data encrypted throughout all states, though it's still evolving.The heart of effective data protection lies in classification and labeling, and Sean offers practical advice on implementing these systems. Starting small with clearly defined data sets, standardizing nomenclature, and utilizing visual cues like color-coding are just a few of the actionable strategies shared. You'll gain insights into Digital Rights Management (DRM), Data Loss Prevention (DLP), and Cloud Access Security Brokers (CASBs)—three critical components of a comprehensive data security framework.Perhaps most valuable is Sean's emphasis on understanding organizational risk tolerance. As he eloquently puts it, "If you don't know the risk for your company, find out somebody who does." This perspective shift from pure protection to risk-aligned security can transform how security professionals approach their role and communicate with leadership.Whether you're studying for the CISSP exam or looking to enhance your organization's data protection strategy, this episode delivers practical wisdom drawn from real-world experience. Visit CISSP Cyber Training for additional resources, and remember—understanding data security isn't just about passing an exam; it's about becoming a more effective guardian of your organization's most valuable assets.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvFrom insecure code causing breaches to proper data destruction, this episode dives deep into the critical world of data lifecycle management—a cornerstone of the CISSP certification and modern cybersecurity practice.A shocking 74% of organizations have experienced security incidents from insecure code, highlighting why proper data management matters more than ever. Whether you're preparing for the CISSP exam or strengthening your organization's security posture, understanding who's responsible for what is essential. We break down the sometimes confusing differences between data owners (who bear legal liability), data custodians (handling day-to-day operations), data controllers (determining what gets processed and how), and data processors (who handle the actual processing).The stakes couldn't be higher. With GDPR violations potentially costing organizations up to 4% of global annual revenue, misunderstanding these roles can lead to catastrophic financial consequences. We explore the eight principles driving transborder data flows and why understanding your data's journey matters for compliance and security.When it comes to data destruction, I share practical wisdom about what really works. While methods like degaussing and various overwriting techniques exist, I explain why physical destruction (the "jaws of death" approach) often makes the most practical and economic sense in today's world of inexpensive storage media.Throughout the episode, I provide real-world examples from my decades of experience as a CISO and security professional. Whether you're dealing with classified information requiring specialized handling or simply trying to implement sensible data governance in a commercial environment, these principles will help protect your organization's most valuable asset—its information.Ready to continue your cybersecurity journey? Visit CISSP Cyber Training for free resources, sign up for my email list, or check out my YouTube channel for additional content to help you pass the CISSP exam the first time.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe digital world has opened up unprecedented opportunities for scammers, and seniors have become prime targets. In this alarming and informative episode, we dive deep into the FBI's recent warning about AI-driven "Phantom Hacker" scams that have already stolen over a billion dollars from American seniors through sophisticated three-stage attacks.What makes these scams particularly devastating is the deployment of AI voice cloning technology. With just a small sample of someone's speech, scammers can create perfect voice replicas that sound exactly like trusted family members or financial advisors. This technology has advanced to the point where distinguishing between real and AI-generated voices is nearly impossible for most people. As cybersecurity professionals, we have a responsibility to protect vulnerable populations through education and clear verification protocols.The episode transitions into a comprehensive review of CISSP Domain 4, covering essential communication and network security concepts. We explore voice communications security for both traditional telephone networks and modern VoIP systems, email security protocols including SPF, DKIM, and DMARC, and remote access considerations with VPNs. The discussion covers critical decisions between split and full tunneling, network address translation complexities, and third-party risk management through formal agreements and vendor assessments.Whether you're preparing for the CISSP exam or looking to strengthen your organization's communication security posture, this episode provides actionable insights on protecting against today's most sophisticated threats. The convergence of AI technology with traditional social engineering tactics demands a new approach to security awareness and technical controls—one that acknowledges voice is no longer a reliable authentication factor on its own.Ready to continue your CISSP journey? Visit CISSPCyberTraining.com for free resources including practice questions, rapid review videos, and a comprehensive study plan designed to help you pass the exam on your first attempt.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvNetwork security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions.The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent.Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture.Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities."Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities.Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA catastrophic data loss incident involving South Yorkshire Police serves as a powerful security lesson in today's episode. We examine how 96,174 pieces of body-worn video evidence vanished during an IT upgrade, affecting 126 criminal cases. This real-world security failure highlights the critical importance of proper data management, backups, and third-party oversight—fundamental concepts that directly apply to your CISSP exam preparation.The heart of this episode tackles five challenging CISSP exam questions spanning multiple security domains. We methodically work through complex scenarios involving encryption algorithm selection, mitigating Single Sign-On risks in healthcare environments, containing Advanced Persistent Threats, addressing cross-border data protection compliance, and handling SQL injection vulnerabilities in government applications.For each question, I break down the critical thinking process that helps you eliminate incorrect answers and identify the best solution. You'll understand why AES-256 balances security and performance for financial data, how multi-factor authentication strengthens SSO implementations, when network segmentation becomes crucial for APT containment, why Data Loss Prevention systems address insider threats, and the importance of parameterized queries in secure software development.This episode demonstrates how to approach scenario-based questions methodically, turning what seems overwhelming into manageable decision points. By breaking down complex questions step-by-step, you dramatically improve your chances of success on the CISSP exam while building practical security knowledge that translates directly to real-world challenges.Visit CISSP Cyber Training for more resources, including 360 free practice questions to accelerate your certification journey. Remember, a methodical approach to security problems is your path to passing the CISSP exam the first time.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe core principles of cybersecurity aren't just theoretical concepts—they're the practical foundation every security professional needs to master. In this deep-dive episode, Sean Gerber breaks down the critical components of Domain 1.2 of the CISSP exam, unpacking confidentiality, integrity, availability, authenticity, and non-repudiation in clear, actionable terms.Starting with breaking news about Microsoft ending Windows 10 support on October 14th, Sean highlights the urgent security implications for organizations still running this widely-embedded operating system. He emphasizes the importance of comprehensive inventory management—especially for IoT devices that may contain embedded Windows components—and the available extension options for critical systems.The heart of the episode delivers a comprehensive exploration of the CIA triad. Sean walks through each element with real-world examples: confidentiality through encryption and access controls; integrity via change management and validation processes; and availability through redundant systems and business continuity planning. But he doesn't stop there. The discussion expands to cover the DAD triad (Disclosure, Alteration, Destruction) which helps identify security failures, and the AAA framework (Authentication, Authorization, Accounting) that provides essential security controls.What makes this episode particularly valuable is Sean's practical advice drawn from 25 years of cybersecurity experience. He emphasizes the importance of defense-in-depth strategies, network segmentation, and prioritizing critical systems rather than attempting to fix everything at once—"eating the elephant one toenail at a time." His methodical approach helps listeners understand not just the concepts themselves, but how to implement them effectively in real-world environments.Whether you're preparing for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the foundational knowledge and practical strategies you need. Visit CISSP Cyber Training for free study materials, practice questions, and mentoring options to accelerate your cybersecurity career.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvDive deep into the critical world of configuration management with Sean Gerber as he unpacks Domain 7.3 of the CISSP exam. This episode balances theoretical knowledge with hard-earned practical wisdom, helping you not only pass your certification exam but implement effective security controls in real-world environments.Sean begins by exploring recent IT employment trends, highlighting the growing importance of specialized skills in networking, cloud, and software development. He notes how employers are increasingly valuing practical skills and certifications over traditional four-year degrees, creating new opportunities for security professionals.The heart of the episode examines the foundational elements of configuration management – from asset discovery to change control processes. Through relatable examples, Sean illustrates how unauthorized devices create security blind spots and why automated tools like SCCM are essential for maintaining secure environments. He breaks down the four key activities of security configuration management: identification, control, status accounting, and verification/audit.Perhaps most valuable is Sean's candid discussion of implementation challenges. Rather than presenting idealized scenarios, he acknowledges the messy reality of managing configurations in complex organizations with legacy systems. His practical advice includes focusing on operating systems and devices first before tackling the more challenging application landscape, and implementing changes through a multi-year approach rather than attempting overnight transformation.Ready to master configuration management and move closer to CISSP certification? Visit CISSPcybertraining.com where you can access training resources on a pay-what-you-wish basis. What makes this program truly special is that all proceeds support adoptive families through Sean's nonprofit foundation. Learn essential cybersecurity skills while contributing to a meaningful cause!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

When security becomes more than a checkbox, the conversation shifts from “how much” to “how well.” At Black Hat USA 2025, Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Viktor Petersson, Founder of an SBOM artifact platform, unpack how regulatory forces, cultural change, and AI innovation are reshaping how organizations think about security.Viktor points to the growing role of Software Bill of Materials (SBOMs) as not just a best practice, but a likely requirement in future compliance frameworks. The shift, he notes, is driven largely by regulation—especially in Europe—where security is no longer a “nice to have” but a mandated operational function. Sean connects this to a market reality: companies increasingly see transparent security practices as a competitive differentiator, though the industry still struggles with the hollow claim of simply being “secure.”AI naturally dominates discussions, but the focus is nuanced. Rather than chasing hype, both stress the need for strong guardrails before scaling AI-driven development. Viktor envisions engineers supervising fleets of specialized AI agents—handling tasks from UX to code auditing—while Sean sees AI as a way to rethink entire operational models. Yet both caution that without foundational security practices, AI only amplifies existing risks.The conversation extends to IoT and supply chain security, where market failures allow insecure, end-of-life devices to persist in critical environments. The infamous “smart fish tank” hack in a Las Vegas casino serves as a reminder: the weakest link often isn't the target itself, but the entry point it provides.DEFCON, Viktor notes, offers a playground for challenging assumptions—whether it's lock-picking to illustrate perceived versus actual security, or examining the human factor in breaches. For both hosts, events like Black Hat and DEFCON aren't just about the latest vulnerabilities or flashy demos—they're about the human exchange of ideas, the reframing of problems, and the collaboration that fuels more resilient security strategies.___________Guest:Viktor Petersson, Founder, sbomify | On LinkedIn: https://www.linkedin.com/in/vpetersson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA sophisticated banking network breach using tiny Raspberry Pi devices sets the stage for our comprehensive examination of CISSP Domain 3 Security Architecture fundamentals. The attack—which gave hackers persistent remote access to ATM systems—demonstrates how physical security failures can lead to devastating network compromises, perfectly illustrating why Domain 3's holistic approach to security is critical in modern environments.We systematically explore the security requirements for diverse system architectures—from traditional client-server setups to cutting-edge containerization and serverless deployments. You'll gain clarity on why different systems demand specialized protection strategies: how industrial control systems prioritize availability over confidentiality, why cloud environments operate under shared responsibility models, and what makes IoT devices particularly vulnerable to compromise.The cryptographic section demystifies key management practices, explaining why even mathematically sound algorithms fail when implementation is flawed. We break down symmetric versus asymmetric encryption, digital signatures, and hashing techniques essential for data integrity. More importantly, you'll understand the complete cryptographic lifecycle from generation through destruction—knowledge directly applicable to real-world security operations and exam scenarios alike.Our detailed examination of attack methodologies covers everything from brute force attempts to sophisticated side-channel attacks that extract secrets through power consumption analysis. The physical security portion reveals why facility design, environmental controls, and power management form essential layers in your defense strategy.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode delivers actionable insights into creating robust, multi-layered security architectures. Ready to build stronger defenses? Visit CISSPCyberTraining.com for free practice questions and additional resources to accelerate your cybersecurity mastery.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Black Hat USA 2025 has wrapped, and for Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Marco Ciappelli, Co-Founder of ITSPmagazine, the end of the event is both an exhale and a moment to reflect on what was learned, heard, and felt. After days of conversations with industry leaders, CISOs, vendors, and attendees from around the globe, one recurring message stands out: cybersecurity decision-makers are tired of buzzwords and hungry for real solutions.Sean shares that during sessions and informal meetups, CISOs expressed frustration with marketing pitches that fail to connect to their real challenges. Sitting across from security leaders, marketers heard it directly—stop with the jargon and explain how your solution genuinely makes their lives easier, reduces stress, and improves security outcomes. In other words, trust and honesty carry far more weight than flashy claims.Marco emphasizes that hype not only wastes time but also adds “noise” to the already complex job of running a security program. The more a vendor can be direct about what they do—and what they don't do—the more likely they are to earn a lasting relationship with a CISO and their team. Both agree that connecting the dots between a product and an organization's operational reality is key: what does adoption require, how will it fit into existing systems, and will it force a major operational shift?Beyond the messaging critique, the duo reflects on the community element of Black Hat. They reconnected with peers, met new contacts from as far as Toronto, and discussed future events in places like Melbourne, Barcelona, and Amsterdam. They also teased the upcoming “Transatlantic Broadcast” podcast series, which will explore cybersecurity voices from across Europe while maintaining a global view.While the Black Hat booths are now dismantled and the floors mopped, the conversations are far from over. Sean and Marco head back to Los Angeles ready to produce interviews, publish articles, and share the many stories captured during the week—stories that cut through the noise and get to the heart of what matters in cybersecurity.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Studio: https://www.itspmagazine.studio/Learn more about ITSPmagazine Europe: https://www.itspmagazine.com/europeCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Send us a textWe begin by exploring foundational security principles that drive effective system design. Threat modeling emerges as a proactive approach for identifying vulnerabilities before implementation, while least privilege ensures users have only the access they absolutely need. Defense in depth creates those crucial security layers that prevent single points of failure from becoming catastrophic breaches. The podcast clarifies how secure defaults and fail-secure mechanisms ensure systems remain protected even during unexpected circumstances.The security models section demystifies complex concepts like Bell-LaPadula (no read up, no write down) and Biba (no read down, no write up), providing clear distinctions between these often-confused frameworks. You'll gain clarity on when and why each model applies to different security priorities—whether confidentiality in Bell-LaPadula or integrity in Biba. Other essential models covered include Clark-Wilson, Brewer-Nash (Chinese Wall), and State Machine models.Memory protection emerges as a crucial technical component, with explanations of buffer overflows, dangling pointers, and other vulnerabilities that can compromise system integrity. The practical countermeasures discussed—Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and secure coding practices—provide actionable knowledge for preventing memory-based attacks.The episode also highlights the NSA's recent release of "Elite Wolf," a repository of signatures and analytics for operational technology networks. This timely information underscores the growing importance of securing industrial control systems, which have historically received less security attention despite their critical nature.Whether you're preparing for the CISSP exam or looking to strengthen your security architecture knowledge, this episode provides the structured approach and key concepts you need. Ready to master the most heavily weighted domain on the CISSP exam? Visit CISSP Cyber Training for additional resources, practice questions, and comprehensive exam preparation materials.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe cybersecurity landscape grows more complex each day, especially when it comes to protecting critical infrastructure. In this essential episode of the CISSP Cyber Training Podcast, Sean Gerber breaks down Domain 2 of the CISSP certification - a vital area representing approximately 10% of the exam questions that every security professional must master.Sean begins with a timely discussion of the recently discovered Honeywell Experion PKS vulnerability that could allow remote manipulation of industrial processes. This real-world example perfectly illustrates why understanding industrial control security is crucial across all sectors - from energy and water treatment to manufacturing and healthcare. The vulnerability serves as a sobering reminder that patching isn't always straightforward in environments that operate 24/7/365.Diving into Domain 2.1, Sean meticulously explains data classification fundamentals - how sensitivity levels are assigned based on business value, regulatory requirements, and potential compromise impact. He walks through the relationship between classification levels (public through highly confidential) and corresponding handling procedures. The podcast builds logically through ownership concepts, introducing essential roles like data owners, custodians, stewards, and asset owners.Perhaps most valuable is Sean's practical exploration of asset inventory management. Drawing from his extensive experience, he shares surprising stories of servers found in bathroom closets and emphasizes why knowing your asset locations isn't just good practice - it's essential for incident response and vulnerability management.The episode thoroughly covers the complete data lifecycle from collection through destruction. Sean explains data minimization principles, location considerations for sovereignty compliance, maintenance requirements, and proper destruction techniques. His discussion of data remnants highlights why simply deleting files is never sufficient for sensitive information.Sean wraps up with crucial insights on end-of-life system management and data protection technologies including encryption, DRM, DLP, and Cloud Access Security Brokers. His rapid review approach efficiently condenses critical knowledge while maintaining depth where it matters most.Whether you're preparing for the CISSP exam or seeking to strengthen your security program, this episode delivers actionable knowledge you can immediately apply. Visit CISSP Cyber Training for free study resources and take the next step in your cybersecurity journey today!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecuring SaaS environments and mastering security assessment techniques are critical skills for today's cybersecurity professionals. This episode delivers a powerful examination of Domain 6.3 of the CISSP certification, focusing on security testing methodologies that can make or break your organization's defensive posture.Sean Gerber begins with a startling statistic: 96.7% of organizations now use at least one SaaS application, yet many fail to properly secure these cloud-based services. When you migrate from on-premises solutions to SaaS offerings, your sensitive data moves from environments protected by your security infrastructure to those secured by third parties. This fundamental shift demands rigorous risk assessment processes. Sean provides practical guidance on evaluating SaaS providers, emphasizing critical areas like data encryption practices, multi-factor authentication implementation, account access controls, and comprehensive backup strategies.The heart of this episode explores essential testing methodologies every security professional should master. Black box testing techniques like penetration testing simulate real-world attacks without prior knowledge of system internals. Vulnerability assessments evaluate risk exposure by systematically identifying weaknesses. Dynamic analysis tests systems during operation, while code reviews catch vulnerabilities before deployment. Each approach serves a unique purpose in a comprehensive security program. Sean clarifies the crucial distinction between false positives (incorrectly identified vulnerabilities) and false negatives (missed vulnerabilities), explaining why the latter pose a significantly greater risk to organizations.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode provides the knowledge you need to implement effective security assessment strategies. Join our growing community of security professionals at CISSP Cyber Training, where you'll find additional resources to accelerate your cybersecurity journey while supporting a worthy cause – all proceeds go to a nonprofit supporting adoptive families. Take your security knowledge to the next level and make a difference!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA shocking cybersecurity case recently hit the headlines—a 50-year-old IT contractor sentenced to over 8 years in prison for acting as a mule for North Korean hackers. What makes this story particularly alarming? Companies were unknowingly shipping laptops directly to her, providing legitimate access credentials that she then shared with foreign adversaries. This case serves as a powerful reminder of why third-party risk management isn't just a compliance exercise but a critical security function.Diving into CISSP Domain 6.3, we explore the fundamental security processes that could prevent such compromises. User account lifecycle management forms the backbone of organizational security, from proper identity verification during onboarding to the principle of least privilege and role-based access controls. We examine the critical differences between disabling and deleting accounts during deprovisioning, and why service accounts deserve special attention as high-value targets for attackers.Security assessments and audits provide the verification mechanisms needed to ensure your controls are both properly designed and effectively operating. Understanding the distinction between vulnerability assessments, penetration tests, and formal audits helps you build a comprehensive evaluation strategy. We clarify the differences between SOC Type 1 and Type 2 reports when evaluating service providers, and explain why metrics must be measurable, actionable, relevant, timely, and attributional (SMARTA) to drive meaningful security improvements.Perhaps most critically, we address backup verification strategies—because discovering your backups are corrupted during a recovery situation is a career-limiting event. Through practical guidance on security training approaches, enforcement mechanisms, and measurement techniques, this episode provides both CISSP candidates and practicing security professionals with actionable insights to strengthen their security programs. Ready to transform your security posture? Listen now, then visit CISSPCyberTraining.com for more resources to accelerate your cybersecurity journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of The Other Side of the Firewall's Thursday episode, Ask a CISSP, Ryan Williams Sr. interviews Angela Diaz, an expert in risk management and fraud prevention. They discuss the importance of understanding the three lines of defense in risk management, the impact of fraud on individuals and organizations, and the career pathways available in the field. Angela shares her personal journey into risk management, the significance of soft skills, and her involvement in the Fraud Fight Club initiative. The conversation also touches on mindfulness practices and the importance of maintaining a balanced life outside of work. Contact Angela - https://www.linkedin.com/in/angela-diaz-crmp-37430064/ Fraud Fight Club - https://www.fraudfightclub.com/ Please buy my book: https://theothersideofthefirewall.com Socials: Website - www.ramcyber.io Heroes Media Group: https://www.heroesmediagroup.com/shows/the-other-side-of-the-firewall/ Audio - https://podcasts.apple.com/us/podcast/the-other-side-of-the-firewall/id1542479181 YouTube - https://www.youtube.com/@theothersideofthefirewall7511 ReppedFLIX - https://lnkd.in/eVis2CbS WDJY 99.1 FM: https://www.wdjyfm.com/ TuneIn: https://lnkd.in/e2crcZU8 Facebook - https://www.facebook.com/profile.php?id=61556539026086 Instagram - https://www.instagram.com/theothersideofthefw X (Twitter) - https://twitter.com/Ask_a_CISSP TikTok - https://www.tiktok.com/@ryanwilliams683 Medium - https://medium.com/@ryanwilliamssenior Subscribe to LinkedIn Newsletter - https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7172626552545865728 LinkedIn - https://www.linkedin.com/company/the-other-side-of-the-firewall/ Ryan on Twitter, LinkedIn, Clubhouse, and Threads - @ryrysecurityguy Chris on LinkedIn - https://www.linkedin.com/in/chrisabacon/ Chapters 00:00 Introduction to Risk Management and Fraud 03:58 Understanding the Three Lines of Defense 11:58 The Importance of Risk Management in Financial Institutions 19:45 Career Pathways in Risk Management 25:59 Soft Skills for Success in Risk Management 29:47 Engagement in the Fraud Fight Club Initiative 37:49 Personal Insights and Mindfulness Practices 41:43 Conclusion and Future Connections #cybersecurity #riskmanagement #fraud

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe cybersecurity landscape is rapidly evolving, and AI stands at the forefront of this transformation. In this thought-provoking episode, Shon Gerber explores the projected $450 billion impact AI will have by 2028 and what this means for security professionals today.With only 2% of companies having fully deployed AI solutions and 39% not yet exploring them, we're at the beginning of a massive shift that will fundamentally change how organizations approach security. Shon provides a candid assessment of why cybersecurity roles haven't yet been automated (risk aversion) and why this protection is temporary—predicting significant changes within the next five years.For CISSP candidates, the episode delivers exceptional value through a detailed breakdown of five Domain 1 questions. Rather than simply providing correct answers, Shon dissects each question to reveal the underlying principles and reasoning. This approach helps listeners develop the critical thinking needed to succeed not just on the exam, but in real-world security scenarios.The questions cover essential security concepts including risk treatment strategies, due diligence versus due care, professional ethics, policy versus procedure distinctions, and governance structures. Each explanation includes common points of confusion and practical workplace applications, bridging the gap between exam preparation and professional practice.Perhaps most valuable is Shon advice on navigating ethical dilemmas in security consulting. His guidance on how to inform clients of regulatory violations while maintaining professional relationships demonstrates the nuanced people skills that separate truly effective security leaders from technical practitioners.Ready to future-proof your cybersecurity career while preparing for CISSP certification? This episode delivers actionable insights for both immediate exam success and long-term career viability in an AI-transformed landscape. Check out CISSPCyberTraining.com for additional resources, including 360 free practice questions to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvLooking to strengthen your organization's defenses against unauthorized access? This episode dives deep into CISSP Domain 5.1, exploring the critical components of physical and logical access controls that protect your most valuable assets.We begin with a startling discussion about China's "Maciantool" - sophisticated software secretly deployed at security checkpoints to extract SMS messages, GPS data, and images from travelers' phones. You'll learn practical strategies for protecting executive devices during international travel, including recommendations for burner phones and proper security protocols at checkpoints.The foundation of effective access control starts with proper identity proofing and registration processes. We examine how to match verification rigor with resource sensitivity and explore the four authentication factors: something you know (passwords), something you have (tokens), something you are (biometrics), and something you do (keystroke patterns). Understanding how multi-factor authentication leverages these factors is essential for building robust security layers.From preventative controls that stop unauthorized actions before they occur to detective measures that identify incidents after the fact, we break down each access control type with real-world examples. You'll discover how physical barriers like fences and man traps work alongside compensating controls when primary measures aren't feasible, plus strategies for implementing corrective actions after security breaches occur.The principle of least privilege emerges as a central theme throughout our discussion - granting users only the minimum access necessary prevents credential creep while maintaining operational efficiency. We also emphasize the critical importance of documentation, regular testing, and effective communication channels for all access control measures.Visit CISSP Cyber Training for free resources including practice questions, study plans, and additional podcasts. Ready to advance your cybersecurity career? Check out our mentoring programs designed to help you maximize both job fulfillment and income potential.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this powerful episode, we sit down with cybersecurity executive and thought leader Tammy Klotz to explore the profound impact of compassionate leadership in high-stakes environments. Tammy shares a deeply personal story of receiving crucial support from a leader during a professional and personal crisis—a moment that shaped her own leadership philosophy and redefined how she views strength in the workplace.We discuss what it means to show vulnerability in a world that often demands perfection, and why soft skills like emotional intelligence, grace, and empathy aren't optional—they're essential. Tammy opens up about how leaders can create psychological safety, establish rituals that foster connection and trust, and give explicit permission for authenticity, rest, boundaries, and even failure.This conversation is a masterclass in human-centered leadership and a reminder that some of the most powerful things leaders can offer don't come from a playbook—they come from the heart.Topics Covered:The moment a leader's support changed everythingCreating space for vulnerability in high-performing teamsWhy emotional intelligence and empathy are critical leadership skillsBuilding team rituals that support culture and connectionThe impact of leaders giving “permission” to be humanGuest Bio:Tammy Klotz is the Chief Information Security Officer at Trinseo, a Top 100 CISO, and the author of Leading with Empathy & Grace. With over 30 years in cybersecurity leadership, she is redefining what it means to lead with both strength and soul. She holds esteemed certifications including CISM, CISSP, and CRISC, and has earned notable accolades such as the 2022 Covanta Leadership Award and recognition as a Top 100 CISO by Cyber Defense Magazine in 2023. Tammy is also the author of "Leading with Empathy & Grace: Secrets to Developing High-Performing Teams", where she shares insights on leadership, resilience, and emotional intelligence.Resources: Leading with Empathy and Grace - Tammy KlotzLeading with Empathy and Grace: Secrets to Developing High- Performing TeamsRituals Roadmap - Erica KeswinRituals Roadmap: The Human Way to Transform Everyday Routines into Workplace MagicThe Anxious Generation - Jonathan Haidt The Anxious Generation: How the Great Rewiring of Childhood Is Causing an Epidemic of Mental Illness

In this conversation, Chris Glandon interviews Josh Mason, a Solutions Architect at CINAC and founder of Newb Village. They discuss Josh's journey from being a U.S. Air Force pilot to entering the cybersecurity field, his motivation behind creating Newb Village to support newcomers in the industry, and his new book 'Speak Security with a Business Accent'. They also explore the role of SYNAC in cybersecurity and share insights on creating a welcoming environment for new professionals in the field. The conversation wraps up with a light-hearted discussion about unique bars and venues in the cybersecurity community.00:00 Josh Mason's Journey into Cybersecurity08:38 The Birth of Noob Village20:02 Speak Security with a Business Accent26:59 Transforming Technical Language for Business Impact30:01 Understanding Metrics for Different Audiences33:15 Aligning Business Goals with Security Metrics36:49 Insights into SYNAC and Its Offerings47:22 Exploring Unique Bars and Venues48:37 Imagining a Cybersecurity-Themed BarSYMLINK[Noob Village] - An inclusive space at DEF CON is designed to welcome and guide newcomers in the cybersecurity community. It offers resources like pamphlets, volunteers (“buddies”), and a booth called “No Stupid Questions” to support first-time attendees.Noob Village LinkedIn Page –A LinkedIn organization page with updates about volunteer calls, community news, and DEF CON involvement .[Joshua C. Mason – LinkedIn] - A cybersecurity leader and vCISO profile with extensive experience, offering insights on Noob Village, initiatives for veterans, and IT-to-security career development. Frequently shares event involvement (like DEF CON), mentorship tips, and professional updates.[Joshua C. Mason – Website] – Josh's professional website for Mason Security Consulting (Mason SC), where he offers vCISO services, cybersecurity consultancy, and insights from his military and IT background.[Mason SC Book Page] - Josh Mason's personal site, where signed copies of his book are available. The book includes cybersecurity leadership insights drawn from his experiences in the Air Force and IT.[Onward to Opportunity – A career training program for veterans, offering free training and certification opportunities in areas like project management and IT, including PMP and CISSP prep.[Synack] - A cybersecurity company offering “pen test as a service.” It connects clients with vetted ethical hackers using a managed platform to identify exploitable vulnerabilities efficiently.

Send us a textSecurity vulnerabilities lurk in the most unexpected places – even in your home internet modem. Today we kick off with breaking news about a security flaw discovered in Cox modems that could potentially allow unauthorized access to run malicious commands on connected devices. While Cox reports fixing the issue within 24 hours, this real-world example perfectly illustrates a critical concept we explore further: how exposed APIs often become significant data exfiltration points because organizations fail to track and manage their connections properly.Diving into our CISSP Question Thursday, we tackle fifteen practice questions specifically targeting Domain 3.1.2 and 3.1.3 concepts. These questions explore fundamental security principles including encryption standards (why AES-256 trumps proprietary algorithms), access controls (how custom APIs demonstrate both abstraction and access restriction), and defense in depth strategies (protecting data across multiple states). Each question builds practical understanding of how these principles apply in real-world scenarios – from secure boot configurations that hide complexity from users to the dangers of storing all encryption keys on a single, inadequately protected server.The beauty of these practice questions lies in their practical applications. We examine how stenography conceals data within other files, how security defaults strengthen systems through pre-configuration, and how patching vulnerabilities relates to maintaining secure environments (while acknowledging that patches themselves can sometimes introduce new issues). Whether you're actively preparing for the CISSP exam or simply looking to strengthen your cybersecurity knowledge, these practice scenarios provide valuable training in identifying and addressing common security challenges. Visit cisspcybertraining.com to access this episode's questions and many more resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe medieval castle with its moat, high walls, and sentries provides the perfect metaphor for modern cybersecurity. Just as each defensive element served a specific purpose in protecting the castle, today's information security requires multiple layers working in concert to safeguard digital assets.Shon Gerber opens this episode with a timely discussion of the UnitedHealthcare ransomware attack, which reportedly cost $22 million and sparked controversy around the CISO's qualifications. This real-world example perfectly frames the importance of defense in depth strategies that could have prevented such a catastrophic breach.The core of defense in depth involves implementing multiple security controls that protect various aspects of information systems. Shon walks through each layer, starting with perimeter security (firewalls, IDS/IPS systems), moving to access controls and data security (encryption, DLP), and continuing through system hardening and detection mechanisms. Each layer serves two crucial purposes: stopping attackers altogether or, at minimum, slowing them down enough that they move on to easier targets.Particularly enlightening is Shon's breakdown of abstraction in security - how operating systems, networking protocols, databases, and APIs hide complexity from users while maintaining protection. This concept extends to data hiding techniques like steganography, tokenization, and encryption that conceal sensitive information from prying eyes.The episode concludes with an examination of secure defaults - the principle that systems should ship with security enabled rather than requiring manual configuration. Shon provides practical guidance on implementing secure defaults and overcoming common challenges like vendor limitations and legacy systems.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode delivers actionable insights on building robust, multi-layered defense strategies that balance protection with usability. Visit CISSP Cyber Training for additional resources, including practice questions and comprehensive study materials.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textMicrosoft recently released 137 security patches, with 14 critical vulnerabilities that could allow attackers to seize control of Windows systems with minimal user interaction. Among these, the Windows authentication negotiation flaw rated at 9.8 severity poses a significant threat to all current Windows versions. For security professionals, this underscores the crucial importance of effective patch management strategies—balancing timely updates against thorough testing procedures.When approaching CISSP certification, understanding different investigation types provides essential context for security operations. Administrative investigations address potential policy violations and inappropriate resource usage, while criminal investigations gather evidence when laws are broken. Civil investigations resolve disputes between parties, regulatory investigations examine compliance with industry mandates, and standards investigations assess adherence to best practices like ISO 27001. Each investigation type requires distinct approaches and yields different outcomes, from disciplinary actions to legal proceedings.The security documentation hierarchy—policies stating high-level objectives, standards specifying mandatory requirements, procedures providing step-by-step instructions, and guidelines offering flexible recommendations—creates a comprehensive framework for organizational security. However, these documents must use clear, accessible language that employees can understand and apply, not just legal jargon that looks impressive but goes unread.Business continuity planning begins with a thorough Business Impact Analysis that identifies critical functions and establishes recovery objectives. This foundational work must involve stakeholders from across the organization to ensure operational reality aligns with security requirements. Similarly, personnel security extends beyond employee screening to include robust onboarding, transfer, and termination procedures—with equivalent controls for third-party relationships.Risk management concepts form the core of security operations, from identifying threats and vulnerabilities to selecting appropriate controls. Understanding the distinction between preventative, detective, corrective, deterrent, and compensating controls enables security professionals to build comprehensive protection strategies. Combined with threat modeling methodologies like STRIDE and PASTA, these concepts create the framework for proactive security postures.Ready to deepen your CISSP knowledge? Visit CISSP Cyber Training for both free resources and comprehensive paid training options that will help you pass your exam the first time while building practical security expertise.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textReady to conquer CISSP Domain 1? This rapid review episode delivers essential knowledge on security and risk management fundamentals that form the cornerstone of information security practice.We begin with a timely discussion on preventing ransomware through exfiltration controls, noting the alarming shift where 90% of ransomware attacks now involve data theft. The practical advice on implementing zero trust architecture acknowledges real-world challenges while providing actionable steps for gradual deployment.Diving into Domain 1, we explore the ISC² Code of Professional Ethics and its four critical canons: protecting society and infrastructure, acting honorably, providing competent services, and advancing the security profession. The CIA triad (Confidentiality, Integrity, Availability) is thoroughly unpacked alongside the critical concepts of Authenticity and Non-repudiation, with practical examples of how these manifest in organizational security.Security governance emerges as a crucial topic, emphasizing the necessity of aligning security efforts with business objectives rather than operating in isolation. Practical guidance on establishing effective governance committees, defining clear roles, and implementing proper segregation of duties provides real-world context beyond theoretical concepts.The complexity of compliance requirements is demystified as we navigate legal regulations, industry standards, contractual obligations, and escalating privacy requirements. Particular attention is given to data breach notification timelines, evidence collection procedures, and transborder data flow considerations – all essential knowledge for modern security professionals.Whether you're preparing for the CISSP exam or seeking to strengthen your security program, this rapid review provides the comprehensive foundation you need. Visit cisspcybertraining.com for additional resources including practice questions and study materials to support your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In the AI era, trust is everything and it's under attack. How do you build digital trust when AI is changing the rules and attackers are getting smarter? Discover how today's CISOs are stepping up, adapting to AI risks, and learning from history to protect our digital future. In this episode of the Fit4Privacy Podcast, host Punit Bhatia is joined by Nick Shevelyov, a cybersecurity expert with extensive experience as a CISO and Chief Privacy Officer, and author of Cyber War and Peace. The discussion focuses on the evolving challenges for Chief Information Security Officers (CISOs) in the age of AI, highlighting risks such as deep fakes and hyper-targeted attacks. Nick emphasizes the importance of translating technical risks into business risks for board members and discusses the implications of new AI legislation, particularly California's SB 468.  Tune in to gain insights into managing digital trust, safeguarding personal data, and the strategic initiatives needed to combat emerging cybersecurity threats.  KEY CONVERSION POINT 00:01:50 How would you define the concept of trust 00:05:26 How do you place trust? How are they shifting? What kind of swans? 00:09:06 How are CISO coping with the change of AI era? 00:20:01 Insights in CISO Perspective for US/California direction in law of terms 00:23:06 About “Cyber War…and Peace: Building Digital Trust Today, with History as our Guide” book 00:27:50 How to get in touch with Nick   ABOUT GUEST Nick Shevelyov helps build next-gen tech companies from the ideation stage. His work includes StackRox (Kubernetes security, acquired by Red Hat for $400M), Kodem (software composition analysis, Greylock Series A), Bedrock Security (data-loss prevention, Greylock Series A), and Laminar (shadow data discovery, Insight Ventures Series A).He advises founders and CEOs on product and go-to-market strategy, boosting time-to-value for companies like Pixee.ai, Quokka.io, Boostsecurity.io, and ETZ. He works across all stages, from seed to IPO.Nick consults with Insight Partners (also an LP) and FTV Capital, and serves on advisory boards for ForgePoint Capital, Mayfield Fund, Evolution Equity Partners, NightDragon, YL Ventures, and Glynn Capital.He is on the boards of Cofense | Phishme and the Bay Area CSO Council (BACC), an invite-only group of CISOs from leading Bay Area companies. A former CIO, he is also an honorary member of the Blumberg Technology Council.Nick authored Cyber War…and Peace and brings historical and behavioral insights to tech and risk management. He holds an Executive MBA from USF and certifications from Stanford, Harvard, plus CISSP, CISM, and CIPPE.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites: www.fit4privacy.com,www.punitbhatia.com,https://www.linkedin.com/in/nicholasshevelyov/, https://vcso.ai/   Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

Join The Full Nerd gang as they talk about the latest PC hardware topics. In this episode the gang talks with security expert Mike Danseglio, CISSP & CEH, about the Windows 10 end of life situation, whether now is the time to switch to Linux, the rise of new kinds of scams and more. And of course we answer your questions live! Windows 10 security updates: https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates Sign up for The Full Nerd newsletter: https://www.pcworld.com/newsletters/signup The opening music is Rollout (MaxPC Theme) by Jeremy Williams used under a Creative Commons 3.0 attrib license. You can grab the source files at Podcast Fantastic: http://podcastfantastic.com/ Join the PC related discussions and ask us questions on Discord: https://discord.gg/SGPRSy7 Follow the crew on X: @AdamPMurray @BradChacos @MorphingBall @WillSmith ============= Follow PCWorld! Website: http://www.pcworld.com X: https://www.x.com/pcworld =============

We're back! It's time for a "Meet The Mentor" session with our newest CISSP Program Instructor, John Kennedy. From joining the Air Force to being an ISSM and a cybersecurity mentor, John transports us from his challenges in tech to now leading live sessions, the pressure of building slide decks, and why giving back is essential to him and the security field. Listen to hear John's success story and get a glimpse into to this year's CISSP Cohort! For more information on FRSecure's CISSP Program, visit our webpage:https://frsecure.com/cissp-mentor-program/And register for this year's cohort through our event page! CISSP Program 2025 Registration--Continue to stay connected with our happenings through our social platforms! LinkedIn InstagramFacebookBlueSkyAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

The powerful and emerging world of quantum computing is on its way. Quantum computing is a technology that is set to redefine privacy, trust, and artificial intelligence. What does quantum computing really mean, how will it change the digital trust landscape, what will happen when organizations gain quantum capabilities, and how existing standards and laws can help us govern. Quantum computing is still in its early stages, but it promises to open new possibilities, bring new challenges, and create risks we need to understand today.  To help us navigate this complex but exciting topic, host Punit Bhatia speaks with cybersecurity expert Ramsés Gallego about the exciting and challenging world of quantum computing. With over 25 years of experience in cybersecurity and technology governance, Ramsés brings not just knowledge, but incredible energy to the discussion — "quantum energy," as we like to say. Will it change the way we define and manage digital trust?   KEY CONVERSION POINT 00:02:20 How would you define digital trust 00:05:03 Demystify what is Quantum 00:10:52 How Quantum change the AI game? 00:15:44 What will happen if you acquire Quantum Computing 00:19:17 How are we seeing digital trust dimension with Quantum Computing? 00:28:10 How would an organization or a corporate govern this? 00:33:20 Get in touch with Ramses  ABOUT GUEST With an MBA and Law education, Ramsés Gallego is a +25 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now  Chief Technologist Cybersecurity with DXC, where he defines the vision and mission, purpose and promise of the division. He has recently been Strategist & Evangelist for the office of the CTO with Symantec and holds the following professional accreditations: CISM, CGEIT, CISSP, SCPM, CCSK, ITIL and COBIT Foundations. An internationally recognized public speaker, has visited +25 different countries in the past 12 months and has been awarded 'Best Speaker' in four continents. He is also a Six Sigma Black Belt professional and is proud of being Past International VP for ISACA's Board of Directors, actual President of the Barcelona Chapter, Ambassador of the association and honored to be inducted into the ISACA Hall of Fame. Ramsés is also Executive Vice President of the Quantum World Association and has had the US flag flown on his honor at The Capitol, in Washington DC, USA. With already 22 Marathons -and other crazy adventures- on his legs he lives in Barcelona, Spain, with his wonderful wife and his two loved kids.  ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.  As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/ramsesgallego/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy  

“Networking is a two-way street, and I always emphasize the give aspect. When I meet someone new, I try to understand their needs and figure out how I can help them.” – Michael Morgan Today's featured award-winning author is a motivational speaker, mentor, and consultant, Michael Morgan. Michael and I had a fun on a bun chat about his book, “The Power Of Networking: Strategies for Career Excellence, Job Development, and Building Greater Triumphs in Your Work”, the power of changing your zip code, and more!!!Key Things You'll Learn:What led Michael to write and publish his first bookWhy stepping out of your comfort zone is essential to career successWhat setback led him to create more successTwo common networking mistakes to avoidMichael's Site: https://michaelvmorgan.com/Michael's Book: https://a.co/d/7WKc10HThe opening track is titled, “North Wind and the Sun” by Trevin P. To listen to and download the full track, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…Ep. 306 – “Be The SPARK” with Dr. Simon T. Bailey (@SimonTBailey): https://www.goingnorthpodcast.com/ep-306-be-the-spark-with-simon-t-bailey-simontbailey/Ep. 669 – “Save Your Asks” with Chris Tuff (@christuff): https://www.goingnorthpodcast.com/ep-669-save-your-asks-with-chris-tuff-christuff/Ep. 623 - "The Day One Executive" With April Armstrong (@ahaconsult): https://www.goingnorthpodcast.com/ep-623-the-day-one-executive-with-april-armstrong-ahaconsult/Ep. 336.5 (H2H Special) – “Own Your Career Own Your Life” with Andy Storch (@AndyStorch): https://www.goingnorthpodcast.com/ep-3365-h2h-special-own-your-career-own-your-life-with-andy-storch-andystorch/Ep. 857 – Side Hustle & Flow with Cliff Beach, DTM (@cliffbeachmusic): https://www.goingnorthpodcast.com/ep-857-side-hustle-flow-with-cliff-beach-dtm-cliffbeachmusic/Ep. 691 – “How to Spark Your Heart and Ignite Your Life” with Hilary DeCesare (@HilaryDeCesare): https://www.goingnorthpodcast.com/ep-691-how-to-spark-your-heart-and-ignite-your-life-with-hilary-decesare-hilarydecesare/Ep. 795 – If You Want to Win, Start Within with Ahmard Vital (@ahmardvital): https://www.goingnorthpodcast.com/ep-795-if-you-want-to-win-start-within-with-ahmard-vital-ahmardvital/Ep. 632 – “The Career Toolkit” with Mark Herschberg (@CareerToolkitBk): https://www.goingnorthpodcast.com/ep-632-the-career-toolkit-with-mark-herschberg-careertoolkitbk/Ep. 353 – “Free Agent” with Rennie Curran (@RennieCurran53): https://www.goingnorthpodcast.com/ep-353-free-agent-with-rennie-curran-renniecurran53/Ep. 307 – “Failure Is Not The Problem, It's The Beginning Of Your Success” with Col. George Milton: https://www.goingnorthpodcast.com/ep-307-failure-is-not-the-problem-its-the-beginning-of-your-success-with-col-george-milton/270 – "Forever Employable" with Jeff Gothelf (@jboogie): https://www.goingnorthpodcast.com/270-forever-employable-with-jeff-gothelf-jboogie/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/Ep. 768 – How You Can Become a Valuable Leader with Velma Knowles: https://www.goingnorthpodcast.com/ep-768-how-can-you-become-a-valuable-leader-with-velma-knowles/Ep. 931 – Proven Sales Management Wisdom for a Limitless Career with Meghan Clarke (@meghanclarkeofficial): https://www.goingnorthpodcast.com/ep-931-proven-sales-management-wisdom-for-a-limitless-career-with-meghan-clarke-meghanclarkeoff/

“You do not deserve to be harassed, or disrespected, or demeaned in your workplace. That is not normal.” – Jeff Davis Today's featured award-winning bestselling author is a mental health advocate, international keynote speaker, world traveler, TEDx speaker, and digital marketing expert, Jeff Davis. Jeff and I had a fun on a bun chat about his new book, “The Courage To Leave: Breaking Free from Toxic Workplaces”, the importance of self-advocacy, prioritizing your well-being, and more!!Key Things You'll Learn:How he legally challenged a multi-billion dollar company and wonHow he dealt with his severe burnout experience while living overseas during COVID-19The importance of recognizing the signs of burnout and taking proactive steps to address itStrategies for coping with toxic work environments and finding supportWhy standing up for yourself is necessary for your well-beingJeff's Site: https://jeffdspeaks.com/Jeff's Books: https://www.amazon.com/stores/author/B00PF0QL8U/allbooksJeff's TEDx Talk: https://youtu.be/b_hwMJMBBvQ?si=2ozFiXTJF_FkDrOTThe opening track is titled, “North Wind and the Sun” by Trevin P. to listen to the full track and download it, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…14 - "Reach Your Mountaintop" Jeff Davis (@JeffDavis027): https://www.goingnorthpodcast.com/14-reach-your-mountaintop-jeff-davis-jeffdavis027/Ep. 322.5 (H2H Special) – “Burnout Proof” with Michael Levitt (@bfastleadership): https://www.goingnorthpodcast.com/ep-3225-h2h-special-burnout-proof-with-michael-levitt-bfastleadership/Ep. 836 – The 6% Club with Dr. Michelle Rozen (@DrMichelleRozen): https://www.goingnorthpodcast.com/ep-836-the-6-club-with-dr-michelle-rozen-drmichellerozen/Ep. 943 – How to Create a Team Culture Where Everyone Thrives with Dr. Patricia Grabarek & Dr. Katina Sawyer (@WorkrBeeing): https://www.goingnorthpodcast.com/ep-943-how-to-create-a-team-culture-where-everyone-thrives-with-dr-patricia-grabarek-dr-katin/Ep. 764 – The 5 Languages of Appreciation in the Workplace with Dr. Paul White (@drpaulwhite): https://www.goingnorthpodcast.com/ep-764-the-5-languages-of-appreciation-in-the-workplace-with-dr-paul-white-drpaulwhite/Ep. 502 – “A Leadership Development Strategy To Bond And Unite” With Amy P. Kelly (@AmyPKelly): https://www.goingnorthpodcast.com/ep-502-a-leadership-development-strategy-to-bond-and-unite-with-amy-p-kelly-amypkelly/Ep. 571 – “A Powerful Culture Starts with You” with Dr. Shahrzad Nooravi (@shahrzadnooravi): https://www.goingnorthpodcast.com/ep-571-a-powerful-culture-starts-with-you-with-dr-shahrzad-nooravi-shahrzadnooravi/#Bonus Host2Host Ep.– “Unleashing the Power of Respect” with Dr. Joseph Shrand (@Drjoeshrand): https://www.goingnorthpodcast.com/bonus-host2host-ep-unleashing-the-power-of-respect-with-dr-joseph-shrand-drjoeshrand/Ep. 411 – “Name That Mouse” with David Wood (@_focusceo): https://www.goingnorthpodcast.com/ep-411-name-that-mouse-with-david-wood-_focusceo/44 - "How to Work With Jerks" by Eric Williamson (@TTS_Williamson): https://www.goingnorthpodcast.com/44-how-to-work-with-jerks-by-eric-williamson-tts_williamson/Ep. 372 – “The Grit Factor” with Shannon Huffman Polson (@ABorderLife): https://www.goingnorthpodcast.com/ep-372-the-grit-factor-with-shannon-huffman-polson-aborderlife/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/