Podcasts about cissp

Send us a textSoftware security assessment can make or break your organization's defense posture, yet many professionals struggle with implementing effective evaluation strategies. This deep dive into CISSP Domain 8.3 reveals critical approaches to software security that balance technical requirements with business realities.The recent funding crisis surrounding CVEs (Common Vulnerability Exposures) serves as a perfect case study of how fragile our security infrastructure can be. When the standardized system for cataloging vulnerabilities faced defunding, it highlighted our dependence on these foundational systems and raised questions about sustainable models for critical security infrastructure.Database security presents unique challenges, particularly when managing multi-level classifications within a single environment. We explore how proper implementation requires strict separation between classification levels and how technologies like ODBC serve as intermediaries for legacy applications. The key takeaway? Data separation isn't just a technical best practice—it's an essential security control.Documentation emerges as a surprisingly critical element in effective security. Beyond regulatory compliance, proper documentation protects security professionals when incidents inevitably occur. As one security leader candidly explains, when breaches happen, fingers point toward security teams first—comprehensive documentation proves you implemented appropriate controls and communicated risks effectively.The most successful security professionals step outside their comfort zones, collaborating across organizational boundaries to integrate security throughout the development lifecycle. Static analysis, dynamic testing, vulnerability assessments, and penetration testing all provide complementary insights, but only when security and development teams maintain open communication channels.Ready to strengthen your software security assessment capabilities? Join us weekly for more insights that help you pass the CISSP exam and build practical security knowledge that makes a difference in your organization.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textWondering how to tackle incident response questions on the CISSP exam? This episode delivers exactly what you need, walking through fifteen essential incident management scenarios that test your understanding of this critical domain.Sean Gerber breaks down the fundamentals of incident management, exploring how security professionals should approach detection, response, mitigation, and recovery. From distinguishing between legitimate security incidents and routine activities to prioritizing response efforts based on severity, each question targets a specific aspect of incident management that CISSP candidates must master.The questions systematically cover the incident response lifecycle, highlighting the importance of proper processes rather than blame-focused reactions. You'll learn why activating the incident response team should be your immediate priority upon detection, how to effectively categorize and prioritize incidents, and what constitutes valid mitigation strategies versus ineffective approaches. The episode also emphasizes the documentation requirements for incident reports and the value of capturing lessons learned for continuous improvement.What makes this episode particularly valuable is how it reinforces the CISSP mindset—understanding not just the technical aspects but the thought processes behind effective security management. Whether you're preparing for certification or looking to strengthen your practical knowledge of incident response, these question scenarios provide the framework you need to approach real-world security events with confidence. Check out the special offer at CISSPCyberTraining.com to continue your certification journey with expert guidance.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Episode #74 features a great discussion with Steve Winterfeld, Advisor, and Fractional CISO with Cyber Vigilance Advice (CVA) LLC. Steve is passionate about cybersecurity. He served as CISO for Nordstrom Bank, Director of Cybersecurity for Nordstrom, and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve also published a book on Cyber Warfare and holds CISSP, ITIL, and PMP certifications. We discussed a variety of topics, and during our conversation, Steve offered these resources: On finding job: Lessons Learned on Finding a Cybersecurity Job After a Layoff - Security Boulevard On starting / managing a career: Creating a Roadmap for Your Dream Cybersecurity Career - Security Boulevard 

Send us a textCybersecurity incidents aren't a matter of if, but when. Are you prepared to respond effectively? Sean Gerber takes us through the complete incident response lifecycle, breaking down the seven essential phases every security professional must master. From developing comprehensive response plans to conducting effective post-incident analysis, this episode provides actionable guidance for both CISSP candidates and working cybersecurity practitioners.The stakes couldn't be higher for small and medium-sized businesses, with a staggering 43% of cyber attacks specifically targeting SMBs. Most lack adequate protection due to limited budgets and resources. Sean explores practical solutions including leveraging AI tools to develop baseline response plans, implementing critical security controls like multi-factor authentication, and establishing clear communication protocols for when incidents occur.What sets this episode apart is Sean's emphasis on the human element of security. "Every employee is a sensor," he reminds us, highlighting how proper training and awareness can transform your workforce into your first line of defense. He balances technical recommendations with strategic insights, including how to approach different types of incidents from ransomware to insider threats.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode delivers the perfect blend of theoretical knowledge and real-world application. The incident response process outlined here will not only help you pass certification exams but could mean the difference between a minor security event and a catastrophic breach.Ready to transform how you prepare for and respond to cybersecurity incidents? Listen now and discover why having a tested, comprehensive incident response plan is your best defense against the inevitable attack.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The AI landscape saw significant activity, with OpenAI preparing new, smaller, and reasoning-focused models alongside facing capacity challenges.

In this episode of the Ask a CISSP podcast, Ryan Williams Sr. engages in a deep conversation with Mark Christian, exploring his journey from military service to a successful career in cybersecurity. They discuss the importance of training, the challenges of transitioning to civilian life, and the significance of building a supportive community for neurodivergent individuals. Mark shares his aspirations for the future, including his desire to create a safe haven for those facing similar challenges and his passion for woodworking and technology. Please LISTEN

Send us a textThe collision of artificial intelligence and cybersecurity takes center stage in this episode as we explore how Agentic AI is revolutionizing Security Operations Centers. Moving beyond simple assistant AI or co-pilots, this new generation of autonomous systems proactively investigates alerts, follows structured playbooks, and performs triage at scale—potentially liberating human analysts from the crushing weight of alert fatigue.For security professionals and organizations struggling with overwhelming SOC alert volumes, this technological advancement offers a glimpse into a future where human expertise can be directed toward high-value analysis while routine investigations happen autonomously. The potential efficiency gains are substantial, though implementation requires careful consideration and perhaps starting with a proof of concept.Following this forward-looking discussion, we dive deep into CISSP domain 6.2 with fifteen targeted questions covering essential security testing methodologies. From misuse case testing and manual code review to vulnerability assessments and penetration testing, we examine the strengths and limitations of each approach. Learn why manual code review remains superior for detecting race conditions, how behavioral anomaly detection outperforms other methods for identifying lateral movement, and the critical distinctions between various testing approaches.Whether you're preparing for the CISSP exam or looking to strengthen your organization's security posture, this episode delivers practical insights into both emerging technologies and fundamental security testing principles. Join us to enhance your understanding of how these methodologies can be effectively deployed to protect critical systems and data in increasingly complex environments.Visit CISSP Cyber Training today to access free practice questions, additional resources, or comprehensive training materials to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

As a Principal in the DenSecure team at Wolf & Company, P.C., Sean Goodwin leads and executes cybersecurity projects for clients across various industries, including healthcare, financial services, and retail. He has over a decade of experience in cybersecurity and information security and holds several credentials, such as GSE #271, CISSP, CISA, GIACx13, QSA, and PCIP. His mission is to help organizations improve their security posture and resilience against cyber threats. We touch on many topics including the need to properly understand PCI DSS CDE scope, compliance versus security, and how trust may be the most important element when effecting positive changes in the information security program.

Send us a textDigital signatures are coming to AI models as cybersecurity evolves to meet emerging threats. Google's collaboration with NVIDIA and HiddenLayer demonstrates how traditional security controls must adapt to protect machine learning systems vulnerable to new forms of tampering and exploitation. This essential evolution mirrors the broader need for robust security validation across all systems.Security control testing forms the foundation of effective cybersecurity governance. Without proper validation, organizations operate on blind faith that their protections actually work. In this deep dive into Domain 6.2 of the CISSP, Sean Gerber breaks down the critical differences between assessments, testing, and audits while exploring practical approaches to vulnerability scanning, penetration testing, and log analysis.Vulnerability assessments serve as your first line of defense by systematically identifying weaknesses across networks, hosts, applications, and wireless infrastructure. The Common Vulnerability Scoring System helps prioritize remediation efforts, but understanding your architecture remains crucial - a low-scoring vulnerability in a critical system might pose more risk than a high-scoring one in an isolated environment. Meanwhile, penetration testing takes validation further by simulating real-world attacks through carefully structured phases from reconnaissance to exploitation.As organizations increasingly embrace APIs, ML models, and complex software architectures, security testing must evolve beyond traditional boundaries. Code reviews, interface testing, and compliance checks ensure that security is built into systems from the ground up rather than bolted on afterward. The shift toward "security left" integration aims to catch vulnerabilities earlier in the development lifecycle, reducing both costs and risks.Ready to master security control testing and prepare for your CISSP certification? Visit CISSPCyberTraining.com to access comprehensive study materials and a step-by-step blueprint designed to help you understand not just the exam content, but the practical application of cybersecurity principles in real-world scenarios.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCybersecurity professionals know that mastering identity and access management concepts is essential for CISSP certification success. This deep dive into Domain 5.2 tackles fifteen carefully crafted questions covering everything from just-in-time provisioning to federated identity systems and session security.We begin by examining the accelerating adoption of generative AI in healthcare organizations, where approximately 85% are investigating or implementing these technologies. This trend spans industries from manufacturing to financial services, creating both opportunities and serious security challenges for professionals who must balance innovation with appropriate safeguards.The heart of our discussion focuses on critical IAM concepts, including how just-in-time provisioning minimizes attack surfaces by limiting standing privileges, particularly vital in cloud environments. We explore SAML as the primary protocol enabling federated architectures, while highlighting their potential single point of failure risks. Session management security receives special attention, emphasizing secure token storage with appropriate expiration times, and protection against cross-site scripting attacks that target cookie theft.Throughout our exploration, practical security principles are reinforced: the dangers of shared credentials, the necessity of multi-factor authentication, and the security benefits of automated access revocation. Whether you're preparing for the CISSP exam or looking to strengthen your security knowledge, these concepts represent core knowledge every practicing security professional must internalize.Ready to accelerate your CISSP journey? Visit CISSP Cyber Training for additional resources and guidance from experienced security professionals who understand the practical applications beyond theoretical knowledge. Let's grow your cybersecurity expertise together!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textIdentity management sits at the core of effective cybersecurity, yet many organizations still struggle with implementing it correctly. In this comprehensive breakdown of CISSP Domain 5.2, we dive deep into the critical components of managing identification and authentication systems that protect your most valuable assets.Starting with a timely examination of the risks involved in the proposed rapid rewrite of the Social Security Administration's 60-million-line COBOL codebase, we explore why rushing critical identity systems can lead to catastrophic failures. This real-world example sets the stage for understanding why proper authentication management matters.The episode walks through the essential differences between centralized and decentralized identity approaches, explaining when each makes sense for your organization. We break down Single Sign-On implementation, multi-factor authentication best practices, and the often overlooked importance of treating Active Directory as the security tool it truly is—not just an open database for anyone to query.For security practitioners looking to level up their authentication strategy, we examine credential management systems like CyberArk, Just-in-Time access models, and federated identity frameworks including SAML, OAuth 2.0, and OpenID Connect. Each approach is explained with practical implementation considerations and security implications.Whether you're studying for the CISSP exam or working to strengthen your organization's security posture, this episode provides actionable insights on establishing robust authentication controls without sacrificing usability. Don't miss these essential strategies that form the foundation of your security architecture.Ready to master CISSP Domain 5.2 and all other CISSP domains? Visit CISSPCyberTraining.com for structured learning materials designed to help you pass the exam the first time.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Send us a textCybersecurity professionals, alert! A dangerous Chrome zero-day vulnerability demands your immediate attention. In this action-packed episode, Sean Gerber breaks down CVE-25-2783, a critical security threat that allows attackers to execute remote code simply by having users click malicious links. Though initially targeting Russian organizations, this exploit threatens Chromium-based browsers worldwide—including Chrome, Edge, Brave, Opera, and Vivaldi. Don't wait—patch immediately!The heart of this episode delivers 15 expertly-crafted CISSP practice questions focusing on Domain 4.2 network security concepts. Sean methodically explores essential topics including router load balancing capabilities, electromagnetic interference vulnerabilities, NAC implementation benefits, and optimal firewall configurations. Each question peels back another layer of network security knowledge, from identifying mesh topologies as offering superior fault tolerance to understanding how protocol analyzers diagnose VLAN performance issues.Advanced concepts receive equal attention with clear explanations of UDP timeout values in stateful firewalls, proper NIPS deployment strategies, VPN protocol security comparisons, broadcast storm mitigation techniques, and wireless security standards. Sean's straightforward breakdown of why WPA3 Enterprise provides superior protection and how ARP poisoning facilitates man-in-the-middle attacks transforms complex technical material into accessible knowledge that sticks.Whether you're actively studying for the CISSP exam or simply looking to strengthen your network security fundamentals, this episode delivers precision-targeted information in an engaging format. Visit CISSP Cyber Training for complete access to all practice questions covered and accelerate your certification journey today!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Send us a textGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The CISSP (Certified Information Systems Security Professional) certification continues to evolve with the ever-changing cybersecurity landscape. In this episode of the InfosecTrain podcast, we explore the key updates, differences, and enhancements between the CISSP 2021 and CISSP 2024 domains.

#SecurityConfidential #DarkRhiinoSecurityStacey Champagne is the Founder & CEO of Hacker in Heels, a community dedicated to advancing women in cybersecurity through coaching, courses, and events. With over a decade of experience leading cybersecurity programs at Fortune 500 companies and startups, she specializes in insider risk management, security investigations, and program management. She has been recognized as a 2024 SANS "Diversity Champion of the Year" finalist and a 2024 Cybersecurity Woman of the World Top 20 Honoree. She holds multiple industry certifications, including CISSP and GSOM, and earned a Master's in Security and Resilience Studies. 00:00 Intro02:26 Making cyber make sense 09:50 Why are cyber programs not working?14:47 How do you motivate folks?29:38 When should you use a mentor or a coach?31:26 The difference between a mentor and a coach34:20 How do you find a great coach?40:47 Connecting with the Hackers In Heels community----------------------------------------------------------------To learn more about Hackers In Heels visit https://www.hackerinheels.comBecome a Hacker In Heels Insider: https://www.hackerinheels.com/insidersTo learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com----------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​------------------------------------------------------------------

Send us a textToday's cybersecurity landscape demands vigilance on multiple fronts, something Sean Gerber demonstrates masterfully in this information-packed episode focused on CISSP Domain 3 security principles.The episode opens with a critical security alert regarding Cox modems—a vulnerability potentially affecting millions of American households and businesses. While quickly patched by the company, this real-world example perfectly illustrates one of Gerber's key points: exposed APIs represent a massive blind spot in organizational security posture. "Many organizations truly do not understand how many API connections they have leaving their organization," Gerber warns, identifying this as a primary vector for data exfiltration.Moving into the heart of the episode, Gerber walks listeners through fifteen challenging CISSP exam questions covering encryption standards, security principles, and practical implementation scenarios. Each question reveals essential security concepts—from why AES-256 should be prioritized over proprietary encryption algorithms to how abstraction and access controls function together in database security. The explanations break down complex topics into digestible, exam-ready knowledge while providing practical context for real-world application.Perhaps most valuable is Gerber's focus on security principles working in concert rather than isolation. Defense-in-depth, secure defaults, data hiding, and integrity verification through hashing are explained through scenarios security professionals encounter daily. Whether you're preparing for the CISSP exam or looking to strengthen your organization's security posture, this episode delivers actionable insights and critical thinking frameworks to elevate your cybersecurity approach. Visit cissp cyber training.com to access these questions and additional resources that will help you pass the CISSP exam on your first attempt.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Looking to kickstart your career in cybersecurity but not sure where to begin? In this episode of the InfosecTrain podcast, our experts walk you through a step-by-step guide to entering the field, even if you have no prior experience.

#SecurityConfidential #DarkRhiinoSecurityStacey Champagne is the Founder & CEO of Hacker in Heels, a community dedicated to advancing women in cybersecurity through coaching, courses, and events. With over a decade of experience leading cybersecurity programs at Fortune 500 companies and startups, she specializes in insider risk management, security investigations, and program management. She has been recognized as a 2024 SANS "Diversity Champion of the Year" finalist and a 2024 Cybersecurity Woman of the World Top 20 Honoree. She holds multiple industry certifications, including CISSP and GSOM, and earned a Master's in Security and Resilience Studies. 00:00 Intro02:26 Making cyber make sense 09:50 Why are cyber programs not working?14:47 How do you motivate folks?29:38 When should you use a mentor or a coach?31:26 The difference between a mentor and a coach34:20 How do you find a great coach?40:47 Connecting with the Hackers In Heels community-----------------------------------------------------------------To learn more about Hackers In Heels visit https://www.hackerinheels.comBecome a Hacker In Heels Insider: https://www.hackerinheels.com/insidersTo learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com-----------------------------------------------------------------SOCIAL MEDIA:Stay connected with us on our social media pages where we'll give you snippets, alerts for new podcasts, and even behind the scenes of our studio!Instagram: @securityconfidential and @DarkrhiinosecurityFacebook: @Dark-Rhiino-Security-IncTwitter: @darkrhiinosecLinkedIn: @dark-rhiino-securityYoutube: @DarkRhiinoSecurity ​

Meet the new hosts of NeedleStack. Robert Vamosi is a CISSP and award-winning journalist. AJ Nash has two decades of experience in the Intelligence community. Together they will host new episodes of NeedleStack, with an array of amazing guests.

Are you passionate about ethical hacking and cybersecurity? Want to break into the exciting world of Red Teaming and Penetration Testing? In this episode of the InfosecTrain podcast, our experts guide you through everything you need to know to start and grow a career in these advanced cybersecurity domains.

Send us a textThe cybersecurity landscape is constantly evolving, with even major corporations falling victim to devastating attacks. A recent UnitedHealthcare ransomware incident cost the company $22 million, with fingers pointing at leadership for allegedly appointing an unqualified CISO. This sobering reality highlights why defense in depth strategies aren't just theoretical concepts—they're essential protective measures for organizations of all sizes.Defense in depth implements multiple security layers that work together like a medieval castle's defenses. When one layer fails, others remain to protect your assets. This approach serves two crucial functions: frustrating attackers enough that they move to easier targets, and creating trigger points that alert your team to potential breaches. From firewalls and IDS/IPS systems to role-based access controls and encryption, each layer contributes to a comprehensive security posture.Beyond implementing multiple controls, we explore the critical concept of secure defaults—ensuring systems are configured securely from the moment they're deployed. Unfortunately, many products arrive with functionality prioritized over security, requiring security teams to implement proper configurations before deployment. This includes setting up strong password requirements, disabling unnecessary services, configuring automatic updates, and establishing proper network rules.Balancing security with usability presents ongoing challenges. Each additional security layer adds complexity, impacts performance, and potentially frustrates users. The most effective security professionals find that sweet spot where protection is robust without driving users to circumvent controls. Documentation, regular reviews, and automated configuration management form the foundation of sustainable security practices.Ready to enhance your security knowledge and prepare for your CISSP certification? Visit CISSPCyberTraining.com for my comprehensive blueprint and sign up for 360 free practice questions to help you pass your exam the first time.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this conversation, Chris Glanden interviews Derek Fisher, a cybersecurity expert with nearly 30 years of experience. They discuss Derek's background, the evolving landscape of cybersecurity with the advent of AI and cloud computing, the importance of threat modeling, and the challenges in the security hiring process. Derek emphasizes the need for a secure design in cybersecurity and the impact of AI on threat modeling, while also addressing the difficulties job seekers face in a competitive market. In this conversation, Derek Fisher discusses the current state of the cybersecurity job market, emphasizing the frustrations faced by both job seekers and employers. He provides insights on how individuals can break into the industry, highlighting the importance of aligning personal interests with market demands. Derek also addresses the gap between academic education and real-world skills, advocating for more practical experiences for students. He shares his experience writing children's books to inspire the next generation about cybersecurity and discusses the challenges parents face in navigating technology with their kids. Finally, he explores future trends in technology, including robotics and quantum computing, and shares a fun concept for a cybersecurity-themed bar.TIMESTAMPS:00:00 Introduction to Cybersecurity and Derek Fisher's Background10:09 The Impact of AI and Cloud on Cybersecurity19:19 Understanding Threat Modeling in Cybersecurity27:47 Navigating the Security Hiring Process35:48 Navigating the Job Market in Cybersecurity36:40 Breaking into Cybersecurity: Finding Your Path44:16 Bridging the Gap: Academia vs. Industry47:24 Inspiring the Next Generation: Writing for Kids50:46 The Challenges of Parenting in a Digital Age54:08 Future Trends in Cybersecurity and Technology56:52 Creating a Cybersecurity-Themed Bar: A Fun ConceptSYMLINKS:[Derek Fisher's LinkedIn Profile ]- https://www.linkedin.com/in/derek-fisher-sec-archConnect with Derek Fisher on LinkedIn to learn more about his professional background and expertise in cybersecurity.[Securely Built Website] - https://www.securelybuilt.com/Explore Securely Built, founded by Derek Fisher, offering tailored cybersecurity advisory services, training programs, and resources to help businesses develop robust cybersecurity programs. [Secure Work Coach] - https://www.secureworkcoach.com/aboutAccess specialized cybersecurity courses and training materials provided by Secure Work Coach, founded by Derek Fisher, a seasoned cybersecurity expert with 30 years of engineering [Derek Fisher's Udemy Instructor Profile] - https://www.udemy.com/user/derek-fisher-8/Enroll in cybersecurity courses taught by Derek Fisher on Udemy, covering topics such as application security and CISSP exam preparation.[Ultimate Cybersecurity Course & CISSP Exam Prep] - https://www.udemy.com/course/ultimate-cyber-security-course/Develop your cybersecurity skills and prepare for the CISSP exam with this comprehensive course by Derek Fisher.[The Application Security Program Handbook] - https://www.securelybuilt.com/mediaLearn about building an application security program through this comprehensive guide authored by Derek Fisher.[Alicia Connected Series ] - https://www.aliciaconnected.com/Discover the "Alicia Connected" children's book series by Derek Fisher, focusing on safe technology usage for kids.[Securely Built YouTube Channel] - https://www.youtube.com/@securelybuiltWatch cybersecurity tutorials and discussions on the Securely Built YouTube channel.[Derek Fisher's Articles on SecureWorld News] - https://www.secureworld.io/industry-news/author/derek-fisherRead articles authored by Derek Fisher on SecureWorld News, covering various cybersecurity topics.

Send us a textA seemingly simple company restructuring at Eaton triggered a devastating cybersecurity incident when software developer Davis Liu planted a logic bomb on their systems after learning his responsibilities would be reduced. This cautionary tale kicks off our deep dive into CISSP Domain 1 concepts, showing exactly why understanding security governance and risk management principles matters in real-world scenarios.The logic bomb—crafted in Java code to create infinite loops crashing servers—activated upon Liu's termination, causing global disruption and hundreds of thousands of dollars in damage. Now facing up to 10 years in prison, Liu's poor decision perfectly illustrates why organizations must implement robust controls against insider threats.Through a series of challenging Domain 1 practice questions, we explore how access controls serve as critical technical safeguards for data privacy, and why establishing risk management programs that incorporate legal, regulatory, and industry standards forms the foundation for aligning security with business objectives. We also tackle the complexities of regulatory compliance across healthcare, financial services, and multinational organizations, emphasizing the value of centralized data protection offices and contractual safeguards for cloud services.The episode provides practical guidance for security professionals facing common challenges: how to handle budget constraints when addressing high-risk vulnerabilities (prioritize based on business impact), what makes ISO 31000 valuable as a risk management framework (its focus on integrating risk into business processes), and why executive sponsorship represents the most important factor for successful security governance implementation.For CISSP candidates, we clarify essential concepts including the purpose of information security policies (establishing management's intent), the principle most likely to determine liability after a breach (due care), and the most effective controls against insider threats (least privilege combined with activity monitoring).Ready to accelerate your CISSP preparation? Visit cissp-cyber-training.com for comprehensive training materials, practice questions, and mentorship options tailored to your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe traditional boundaries between physical and cyber security are rapidly disappearing, creating both risks and opportunities for organizations of all sizes. This eye-opening conversation with Casey Rash from Secure Passage explores the critical intersection where these two domains meet and the innovative solutions emerging to bridge this gap.Casey brings his fascinating journey from Marine Corps signals intelligence to fintech security to the partner side of cybersecurity, sharing valuable insights about career development along the way. His key advice resonates deeply: build a strong professional network and be open to exploring different security domains before finding your niche.The conversation dives deep into how everyday physical security devices have evolved into sophisticated data collection points. Today's smoke detectors can identify THC in vape smoke and detect distress calls. Modern security cameras perform advanced detection functions like tracking objects, identifying crowd formations, and reading license plates. All this creates valuable security telemetry that remains largely untapped in most organizations.What makes this discussion particularly valuable for security professionals is understanding how Secure Passage's solutions—Haystacks and Truman—map to specific CISSP domains including Security Operations, Security and Risk Management, and Asset Security. Their "Physical Detection and Response" (PDR) approach applies cybersecurity principles to physical security data, creating a more holistic security posture.Perhaps most telling is the organizational disconnect Casey highlights between physical and cyber teams. As he notes, "If you talk to CISOs today, it's a crapshoot who's managing physical security." This division creates significant risk, as threats in one domain frequently impact the other—from terminated employees becoming both physical threats and insider cyber risks to non-human identities outnumbering human identities 10-to-1 in most environments.Ready to rethink your approach to comprehensive security? This conversation provides the perfect starting point for bridging the gap between your physical and cyber security programs. Check out securepassage.com to learn more about their innovative solutions.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe $150 million cryptocurrency heist linked to the 2022 LastPass breach serves as a powerful wake-up call for cybersecurity professionals. As Sean Gerber explains in this comprehensive breakdown of CISSP Domain 2.1, even security-focused tools can become vulnerability points when housing your most sensitive information.Dive deep into the pyramid structure of data classification, where government frameworks (Unclassified, Confidential, Secret, Top Secret) and non-government equivalents (Public, Sensitive, Private, Confidential/Proprietary) provide the foundation for effective information protection. This systematic approach to identifying and classifying information and assets isn't just theoretical—it's a practical necessity in today's complex regulatory landscape.The episode meticulously examines classification criteria, benefits, and implementation challenges. You'll discover why identifying data owners is non-negotiable, how classification enhances security while optimizing resources, and why enterprises without leadership buy-in are fighting a losing battle. Sean provides actionable insights for protecting data across all three states: at rest, in transit, and in use.Security professionals will appreciate the comprehensive review of industry-specific regulations requiring data classification, from GDPR and HIPAA to sector-specific frameworks like Basel III for banking and NERC SIP for energy infrastructure. Understanding these requirements isn't just exam preparation—it's career preparation.Whether you're studying for the CISSP exam or implementing security controls in your organization, this episode delivers practical wisdom you can apply immediately. Connect with Sean at CISSPCyberTraining.com for additional resources to ace your exam on the first attempt, or reach out through ReduceCyberRisk.com for consulting expertise in implementing these principles in your enterprise.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with May Brooks-Kempler, a cybersecurity educator, entrepreneur, and consultant. In this episode, May shares her insights into what cybersecurity is and isn't, how to build a successful cybersecurity career, the mindset and skills necessary to thrive within cybersecurity, what led her to build an online cybersecurity community of over 27,000 members, and lots more. May is an Amazon bestselling author, a TEDx speaker, and mentor to hundreds.Support the show

Send us a textRansomware attacks are a growing concern for both businesses and individuals, as the frequency and sophistication of these threats continue to escalate. In this episode, we take a closer look at this alarming trend and introduce six effective methods for recovering critical data that's been locked away due to ransomware encryption, specifically focusing on encrypted virtual machines. We begin by dissecting the mechanisms behind ransomware and discussing its increasing prevalence in today's cyber landscape. Listeners will learn practical insights on utilizing recovery methods such as mounting drives and specialized extraction tools, empowering them with the knowledge to take action in the event of an attack. Each strategy comes with its unique challenges, yet crucial insights on how to handle these situations are shared, ensuring that a comprehensive guide is at your fingertips.Given the chaotic nature of ransomware incidents, we also emphasize the importance of having a disaster recovery plan tailored to your specific cyber resilience requirements. We'll delve into business continuity strategies that highlight data prioritization and securing essential functions, aiming to minimize downtime and enhance recovery outcomes. In addition to our ransomware-focused conversation, we include a Q&A portion that addresses listeners' most pressing cybersecurity questions, offering guidance on business impact assessments and best practices for preparedness.Join us for this enlightening discussion that not only aims to inform but also empowers you to take proactive steps in protecting your data. Make sure to tune in, engage with our insights, and don't forget to subscribe, share, and leave a review if you find our content valuable!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Professional certifications have become a defining feature of the cybersecurity industry, promising enhanced career prospects, higher salaries, and professional credibility. But do they truly deliver on these promises, or are there hidden drawbacks to pursuing them? This presentation takes a deep dive into the dual-edged nature of certifications like CISSP, CISM, CEH, and CompTIA Security+, analyzing their benefits and potential limitations. Drawing on data-driven research, industry insights, and real-world case studies, we explore how certifications influence hiring trends, professional growth, and skills development in cybersecurity. Attendees will gain a balanced perspective on the role of certifications, uncovering whether they are a gateway to career success or an overrated credential. Whether you are an aspiring professional or a seasoned practitioner, this session equips you with the knowledge to decide if certifications are the key to unlocking your cybersecurity potential—or if other paths may hold the answers. About the speaker: Hisham Zahid is a seasoned cybersecurity professional and researcher with over 15 years of combined technical and leadership experience. Currently serving under the CISO as a Security Compliance Manager at a FinTech startup, he has held roles spanning engineering, risk management, audit, and compliance. This breadth of experience gives him unique insight into the complex security challenges organizations face and the strategies needed to overcome them.Hisham holds an MBA and an MS, as well as industry-leading certifications including CISSP, CCSP, CISM, and CDPSE. He is also an active member of the National Society of Leadership and Success (NSLS) and the Open Web Application Security Project (OWASP), reflecting his commitment to professional development and community engagement. As the co-author of The Phantom CISO, Hisham remains dedicated to advancing cybersecurity knowledge, strengthening security awareness, and guiding organizations through an ever-evolving threat landscape.David Haddad is a technology enthusiast and optimist committed to making technology and data more secure and resilient.David serves as an Assistant Director in EY's Technology Risk Management practice, focusing on helping EY member firms comply with internal and external security, data, and regulatory requirements. In this role, David supports firms in enhancing technology governance and oversight through technical reviews, consultations, and assessments. Additionally, David contributes to global AI governance, risk, and control initiatives, ensuring AI products and services align with the firm's strategic technology risk management processes.David is in the fourth year of doctoral studies at Purdue University, specializing in AI and information security. David's experience includes various technology and cybersecurity roles at the Federal Reserve Bank of Chicago and other organizations. David also served as an adjunct instructor and lecturer, teaching undergraduate courses at Purdue University Northwest.A strong advocate for continuous learning, David actively pursues professional growth in cybersecurity and IT through academic degrees, certifications, and speaking engagements worldwide. He holds an MBA with a concentration in Management Information Systems from Purdue University and multiple industry-recognized certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Data Privacy Solutions Engineer (CDPSE), and Certified Information Systems Auditor (CISA).His research interests include AI security and risk management, information management security controls, emerging technologies, cybersecurity compliance, and data protection.

Send us a textWelcome to a compelling exploration of the crucial importance of Business Impact Analysis (BIA) in ensuring cybersecurity resilience, especially for those preparing for the CISSP exam. In this episode, we dive deep into the essentials of BIA, breaking down both qualitative and quantitative impact assessments that help organizations evaluate the potential repercussions of cybersecurity incidents. With recent ransomware attacks making headlines, organizations face unprecedented challenges in safeguarding critical infrastructure. Throughout our discussion, we underscore the pressing need for cybersecurity professionals to understand both the technical and strategic elements of BIA and how its effective execution can significantly influence organizational outcomes.We also address the emerging complexities introduced by cloud technologies, emphasizing the need to scrutinize third-party providers' security practices and regulatory compliance adequately. As attackers become more sophisticated, a robust BIA not only prepares organizations to respond effectively to incidents but also empowers them in their overall risk management strategy.Join us for this insightful episode filled with expert insights, real-world examples, and actionable takeaways that will not only help you ace your CISSP exam but also make you an invaluable asset to your organization's cybersecurity efforts. Don't miss out on these critical skills – your future in cybersecurity depends on it. Subscribe now, and let's together navigate the intricate world of cybersecurity!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textGet ready for an eye-opening deep dive into the world of cybersecurity! This episode reveals the alarming speed at which hackers adapt and exploit vulnerabilities, with over 61% of them leveraging new exploits within 48 hours of discovery. We discuss enlightening insights from InfoSecurity Magazine and showcase the new Netflix documentary "Zero Day," which delves into the insidious realm of malware and cyberattacks. Things take a darker turn as we recount a chilling story about a local priest whose voice was hijacked by criminals using AI to swindle desperate individuals claiming to need exorcisms. This event highlights the surreal intersections of faith, vulnerability, and technology in today's world. For small and medium-sized businesses, the conversation explores the additional risks posed by ransomware, which accounts for a staggering 95% of healthcare breaches. We dissect the unique challenges these entities face and the importance of investing in robust security measures. We also bring you a series of CISSP questions that challenge listeners to consider their knowledge and preparedness in combating emerging cyber threats. These questions encompass important topics, including risk mitigation, insider threats, and security protocols. Join us on this critical journey through today's cybersecurity landscape, and make sure to take proactive steps for your safety. Don't forget to subscribe, share, and leave a review to keep the conversation going!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The latest episode of the On Location series, recorded at ThreatLocker's Zero Trust World 2025 in Orlando, brings forward a deep and practical conversation about implementing Zero Trust principles in real-world environments. Hosted by Marco Ciappelli and Sean Martin, this episode features Avi Solomon, CIO of a law firm with nearly 30 years in IT and a strong focus on cybersecurity.The Journey to Proactive SecurityAvi Solomon shares his experience transitioning from traditional security models to a proactive, preventive approach with ThreatLocker. With a background in engineering, consulting, and security (CISSP certified), Solomon outlines his initial concerns with reactive endpoint detection and response (EDR) solutions. While EDR tools act as a secondary insurance policy, he emphasizes the need for a preventive layer to block threats before they manifest.Solomon's firm adopted ThreatLocker a year ago, replacing a legacy product to integrate its proactive security measures. He highlights the platform's maturation, including network control, storage control, application whitelisting, and cloud integration. The shift was not only a technological change but also a cultural one, aligning with the broader philosophy of Zero Trust—approaching security with a mindset that nothing within or outside the network should be trusted by default.Implementing Zero Trust with EaseA standout moment in the episode is Solomon's recount of his implementation process. His conservative approach included running ThreatLocker in observation mode for two months before transitioning fully to a secure mode. When the switch was finally flipped, the result was remarkable—zero disruptions, no pushback from users, and a smooth transition to a less risky security posture. Solomon attributes this success to ThreatLocker's intuitive deployment and adaptive learning capabilities, which allowed the system to understand normal processes and minimize false positives.Redefining Zero Trust: “Near Zero Trust”Solomon introduces a pragmatic take on Zero Trust, coining the term “Near Zero Trust” (NZT). While achieving absolute Zero Trust is an ideal, Solomon argues that organizations should strive to get as close as possible by layering strategic solutions. He draws a clever analogy comparing Zero Trust to driving safely before relying on a seatbelt—proactive behavior backed by reactive safeguards.Tune in to the full episode to explore more of Avi Solomon's insights, hear stories from the conference floor, and learn practical approaches to embedding Zero Trust principles in your organization's security strategy.Guest: Avi Solomon, Chief Information Officer at Rumberger | Kirk | On LinkedIn: https://www.linkedin.com/in/aviesolomon/Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine:  https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast | On ITSPmagazine: https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsThreatLocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from ZTW 2025 coverage: https://www.itspmagazine.com/zero-trust-world-2025-cybersecurity-and-zero-trust-event-coverage-orlando-floridaRegister for Zero Trust World 2025: https://itspm.ag/threat5mu1____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Send us a textUnlock the secrets to fortifying your software development practices with expert insights from Shon Gerber. As we navigate the complex landscape of cybersecurity, we delve deep into the urgent risks posed by TP-Link routers, used by a staggering portion of U.S. households. Discover practical strategies for protecting your network, like firmware updates and firewall configurations, and learn how potential geopolitical threats could reshape your tech choices. This episode arms you with the knowledge to safeguard your digital ecosystem against looming threats and prepares you for possible shifts in government regulations.Venture into the vibrant world of programming languages and development environments, tracing their evolution from archaic beginnings with BASIC and C# to today's dynamic platforms like Python and Ruby on Rails. Shon unravels the intricacies of runtime environments and libraries, emphasizing why sourcing trusted libraries is non-negotiable in preventing security breaches. For those new to programming, we demystify Integrated Development Environments (IDEs) and offer insights into why securing these tools is paramount, especially as AI makes coding more accessible than ever before.As we wrap up, Shon guides you through best practices for securing both your development and runtime environments. From addressing vulnerabilities inherent in IDEs to ensuring robust CI/CD pipeline security, we cover it all. Learn about the pivotal role Dynamic Application Security Testing (DAST) plays and how to seamlessly integrate it within your development processes. This episode is a trove of actionable advice, aimed at equipping you with the skills and foresight needed to enhance your cybersecurity strategies and development protocols. Don't miss this comprehensive guide to making informed decisions and fortifying your software's security posture.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Marc Ashworth, Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, management, author, a public speaker and is the host of “The Cyber Executive” podcast. He is a member of the Missouri Bankers Association Technology Committee, Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer and treasurer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank's information security, financial crimes unit, physical security, and the network services departmentsLISTEN NOW to discover, "3 Cybersecurity Threats You Can't Ignore."

Send us a textCurious about the latest tactics cybercriminals are using to exploit vulnerabilities in messaging apps? Join me, Shon Gerber, on the CISSP Cyber Training Podcast as we unravel how Russian hackers are leveraging malicious QR codes to breach platforms like Signal, Telegram, and WhatsApp. We'll dissect this alarming trend that targets high-profile individuals including politicians and journalists, and underscore the importance of staying vigilant when interacting with QR codes. Despite fighting off a cold, I share a heartening story of collaboration with a student who helped correct errors in our study materials, reminding us all of the power of continuous learning and positive contributions to the cybersecurity community.Ever wondered how digital forensics can help you get ahead of potential cybersecurity incidents? Discover essential techniques for conducting thorough investigations as we unpack the art of digital forensics and incident response. From using static analysis to safely examine suspicious files, crafting incident reports with precision, to tackling insider threats with comprehensive artifact collection, this episode covers it all. Learn about the role of tools like Cellebrite in mobile device analysis and the critical importance of maintaining a chain of custody to safeguard evidence integrity. We also highlight root cause analysis as a key strategy for dissecting malware outbreaks and fortifying your organization's defenses.Looking to deepen your cybersecurity expertise? We've got you covered with a treasure trove of resources, including video content on our CISSP Cyber Training blog and consulting services through partnerships like NextPeak. Whether you're a seasoned expert or just beginning your journey, these tools are designed to enhance your skills and provide specialized guidance. Explore how anomaly-based detection aids in spotting malicious network activity and why clear, jargon-free reporting is crucial in post-incident reviews. This episode promises to equip you with the insights needed to navigate the evolving landscape of cybersecurity challenges and opportunities.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The Institute of Internal Auditors Presents: All Things Internal Audit Tech In this episode, Bill Truett talks with Nick Lasenko about the critical role of identity and access management in today's organizations. They discuss common risks, best practices, and the impact of AI on identity and access management. The conversation also covers frameworks, regulatory requirements, and real-world use cases. Host:  Bill Truett, CIA, CISA, senior manager, Standards & Professional Guidance, IT,  The IIA Guest: Nick Lasenko, CISA, CISSP, cybersecurity, privacy, and risk management practitioner Key Points Introduction [00:00-00:00:07] Overview of identity and access management [00:00:08-00:00:31] The financial impact of data breaches [00:00:32-00:01:26] Challenges in detecting and responding to security incidents [00:01:27-00:02:26] Common identity and access management risks for auditors [00:02:27-00:03:26] Weak governance and its implications [00:03:27-00:04:26] Siloed organizations and identity and access management complexities [00:04:27-00:05:26] Regulatory frameworks and standards [00:05:27-00:07:26] Identity and access management controls and data governance [00:07:27-00:09:26] Real-world use cases and security incidents [00:09:27-00:11:26] Horror stories and lessons learned in identity and access management [00:11:27-00:13:26] Best practices for managing user access reviews [00:13:27-00:16:26] Continuous authentication and its challenges [00:16:27-00:18:26] Privileged access management and audit considerations [00:18:27-00:21:26] The impact of AI and machine learning on identity and access management [00:21:27-00:23:26] Final thoughts on strengthening identity and access management controls [00:23:27-00:25:26] Closing remarks [00:25:27-00:31:43] The IIA Related Content Interested in this topic? Visit the links below for more resources: Intermediate IT Auditing Auditing IT Change Management GTAG: Auditing Identity and Access Management, 2nd Edition Fraud and Emerging Tech: Identity and Authentication with the Paycheck Protection Program Implementing The IIA's New Cybersecurity Topical Requirement Cybersecurity Topical Requirement Visit The IIA's website or YouTube channel for related topics and more. Resources Mentioned The IIA's 2025 Analytics, Automation and AI Virtual Conference The IIA's Updated AI Auditing Framework NIST Cybersecurity Framework (CSF) NIST AI Risk Management Framework IBM Cost of a Data Breach Report 2024 CISA and NSA Guidance on Identity and Access Management Follow All Things Internal Audit: Apple PodcastsSpotify LibsynDeezer

Send us a textUncover the secrets to mastering firewalls and advancing your cybersecurity career with insights from the CISSP Cyber Training Podcast. Ever wondered how a simple firewall can be your strongest ally against a $12 billion threat that financial firms have faced over the past two decades? Join me, Sean Gerber, as we navigate the indispensable role of firewalls within cybersecurity, especially for those gearing up for the CISSP exam. This episode promises an enriched understanding of firewalls, from regulatory compliance to integrating next-generation firewalls in cloud environments like Azure and AWS.The discussion extends beyond technicalities, emphasizing the importance of understanding the entire security chain for effective implementation and maintenance of firewalls. By exploring real-world scenarios, such as the implementation of government-mandated firewalls in Sri Lanka, we highlight how robust logging systems and regulatory compliance are vital in shaping a secure network architecture. The complexities of handling advanced intrusion attempts with next-generation firewalls are unraveled, showcasing their application-layer protection and their importance in achieving a resilient security posture.Engage with practical advice on marketing your cybersecurity expertise within your organization and strategies for transitioning into security roles. We also touch on key managerial concepts essential for conquering the CISSP exam. From tackling practice questions to understanding the nuances of firewall architecture, this episode serves as a comprehensive guide to excel in your cybersecurity journey. With a focus on balancing innovative technology with organizational needs, listeners are encouraged to think beyond binary solutions and embrace a managerial mindset in their path to becoming cybersecurity leaders.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

⬥GUESTS⬥Sandy Dunn, Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State University | On Linkedin: https://www.linkedin.com/in/sandydunnciso/Rock Lambros, CEO and founder of RockCyber | On LinkedIn | https://www.linkedin.com/in/rocklambros/Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinView This Show's Sponsors⬥EPISODE NOTES⬥The rise of large language models (LLMs) has reshaped industries, bringing both opportunities and risks. The latest OWASP Top 10 for LLMs aims to help organizations understand and mitigate these risks. In a recent episode of Redefining Cybersecurity, host Sean Martin sat down with Sandy Dunn and Rock Lambros to discuss the latest updates to this essential security framework.The OWASP Top 10 for LLMs: What It Is and Why It MattersOWASP has long been a trusted source for security best practices, and its LLM-specific Top 10 is designed to guide organizations in identifying and addressing key vulnerabilities in AI-driven applications. This initiative has rapidly gained traction, becoming a reference point for AI security governance, testing, and implementation. Organizations developing or integrating AI solutions are now evaluating their security posture against this list, ensuring safer deployment of LLM technologies.Key Updates for 2025The 2025 iteration of the OWASP Top 10 for LLMs introduces refinements and new focus areas based on industry feedback. Some categories have been consolidated for clarity, while new risks have been added to reflect emerging threats.• System Prompt Leakage (New) – Attackers may manipulate LLMs to extract system prompts, potentially revealing sensitive operational instructions and security mechanisms.• Vector and Embedding Risks (New) – Security concerns around vector databases and embeddings, which can lead to unauthorized data exposure or manipulation.Other notable changes include reordering certain risks based on real-world impact. Prompt Injection remains the top concern, while Sensitive Information Disclosure and Supply Chain Vulnerabilities have been elevated in priority.The Challenge of AI SecurityUnlike traditional software vulnerabilities, LLMs introduce non-deterministic behavior, making security testing more complex. Jailbreaking attacks—where adversaries bypass system safeguards through manipulative prompts—remain a persistent issue. Prompt injection attacks, where unauthorized instructions are inserted to manipulate output, are also difficult to fully eliminate.As Dunn explains, “There's no absolute fix. It's an architecture issue. Until we fundamentally redesign how we build LLMs, there will always be risk.”Beyond Compliance: A Holistic Approach to AI SecurityBoth Dunn and Lambros emphasize that organizations need to integrate AI security into their overall IT and cybersecurity strategy, rather than treating it as a separate issue. AI governance, supply chain integrity, and operational resilience must all be considered.Lambros highlights the importance of risk management over rigid compliance: “Organizations have to balance innovation with security. You don't have to lock everything down, but you need to understand where your vulnerabilities are and how they impact your business.”Real-World Impact and AdoptionThe OWASP Top 10 for LLMs has already been widely adopted, with companies incorporating it into their security frameworks. It has been translated into multiple languages and is serving as a global benchmark for AI security best practices.Additionally, initiatives like HackerPrompt 2.0 are helping security professionals stress-test AI models in real-world scenarios. OWASP is also facilitating industry collaboration through working groups on AI governance, threat intelligence, and agentic AI security.How to Get InvolvedFor those interested in contributing, OWASP provides open-access resources and welcomes participants to its AI security initiatives. Anyone can join the discussion, whether as an observer or an active contributor.As AI becomes more ingrained in business and society, frameworks like the OWASP Top 10 for LLMs are essential for guiding responsible innovation. To learn more, listen to the full episode and explore OWASP's latest AI security resources.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥OWASP GenAI: https://genai.owasp.org/Link to the 2025 version of the Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/Getting Involved: https://genai.owasp.org/contribute/OWASP LLM & Gen AI Security Summit at RSAC 2025: https://genai.owasp.org/event/rsa-conference-2025/AI Threat Mind Map: https://github.com/subzer0girl2/AI-Threat-Mind-MapGuide for Preparing and Responding to Deepfake Events: https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/AI Security Solution Cheat Sheet Q1-2025:https://genai.owasp.org/resource/ai-security-solution-cheat-sheet-q1-2025/HackAPrompt 2.0: https://www.hackaprompt.com/⬥ADDITIONAL INFORMATION⬥✨ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist on YouTube:

Send us a textGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

⬥GUESTS⬥Sandy Dunn, Consultant Artificial Intelligence & Cybersecurity, Adjunct Professor Institute for Pervasive Security Boise State University | On Linkedin: https://www.linkedin.com/in/sandydunnciso/Rock Lambros, CEO and founder of RockCyber | On LinkedIn | https://www.linkedin.com/in/rocklambros/Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martinView This Show's Sponsors⬥EPISODE NOTES⬥The rise of large language models (LLMs) has reshaped industries, bringing both opportunities and risks. The latest OWASP Top 10 for LLMs aims to help organizations understand and mitigate these risks. In a recent episode of Redefining Cybersecurity, host Sean Martin sat down with Sandy Dunn and Rock Lambros to discuss the latest updates to this essential security framework.The OWASP Top 10 for LLMs: What It Is and Why It MattersOWASP has long been a trusted source for security best practices, and its LLM-specific Top 10 is designed to guide organizations in identifying and addressing key vulnerabilities in AI-driven applications. This initiative has rapidly gained traction, becoming a reference point for AI security governance, testing, and implementation. Organizations developing or integrating AI solutions are now evaluating their security posture against this list, ensuring safer deployment of LLM technologies.Key Updates for 2025The 2025 iteration of the OWASP Top 10 for LLMs introduces refinements and new focus areas based on industry feedback. Some categories have been consolidated for clarity, while new risks have been added to reflect emerging threats.• System Prompt Leakage (New) – Attackers may manipulate LLMs to extract system prompts, potentially revealing sensitive operational instructions and security mechanisms.• Vector and Embedding Risks (New) – Security concerns around vector databases and embeddings, which can lead to unauthorized data exposure or manipulation.Other notable changes include reordering certain risks based on real-world impact. Prompt Injection remains the top concern, while Sensitive Information Disclosure and Supply Chain Vulnerabilities have been elevated in priority.The Challenge of AI SecurityUnlike traditional software vulnerabilities, LLMs introduce non-deterministic behavior, making security testing more complex. Jailbreaking attacks—where adversaries bypass system safeguards through manipulative prompts—remain a persistent issue. Prompt injection attacks, where unauthorized instructions are inserted to manipulate output, are also difficult to fully eliminate.As Dunn explains, “There's no absolute fix. It's an architecture issue. Until we fundamentally redesign how we build LLMs, there will always be risk.”Beyond Compliance: A Holistic Approach to AI SecurityBoth Dunn and Lambros emphasize that organizations need to integrate AI security into their overall IT and cybersecurity strategy, rather than treating it as a separate issue. AI governance, supply chain integrity, and operational resilience must all be considered.Lambros highlights the importance of risk management over rigid compliance: “Organizations have to balance innovation with security. You don't have to lock everything down, but you need to understand where your vulnerabilities are and how they impact your business.”Real-World Impact and AdoptionThe OWASP Top 10 for LLMs has already been widely adopted, with companies incorporating it into their security frameworks. It has been translated into multiple languages and is serving as a global benchmark for AI security best practices.Additionally, initiatives like HackerPrompt 2.0 are helping security professionals stress-test AI models in real-world scenarios. OWASP is also facilitating industry collaboration through working groups on AI governance, threat intelligence, and agentic AI security.How to Get InvolvedFor those interested in contributing, OWASP provides open-access resources and welcomes participants to its AI security initiatives. Anyone can join the discussion, whether as an observer or an active contributor.As AI becomes more ingrained in business and society, frameworks like the OWASP Top 10 for LLMs are essential for guiding responsible innovation. To learn more, listen to the full episode and explore OWASP's latest AI security resources.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥OWASP GenAI: https://genai.owasp.org/Link to the 2025 version of the Top 10 for LLM Applications: https://genai.owasp.org/llm-top-10/Getting Involved: https://genai.owasp.org/contribute/OWASP LLM & Gen AI Security Summit at RSAC 2025: https://genai.owasp.org/event/rsa-conference-2025/AI Threat Mind Map: https://github.com/subzer0girl2/AI-Threat-Mind-MapGuide for Preparing and Responding to Deepfake Events: https://genai.owasp.org/resource/guide-for-preparing-and-responding-to-deepfake-events/AI Security Solution Cheat Sheet Q1-2025:https://genai.owasp.org/resource/ai-security-solution-cheat-sheet-q1-2025/HackAPrompt 2.0: https://www.hackaprompt.com/⬥ADDITIONAL INFORMATION⬥✨ To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist on YouTube:

Send us a textUnlock the secrets to safeguarding your cloud storage from becoming a cyber attack vector in our latest episode of the CISSP Cyber Training Podcast with Shon Gerber. Discover how neglected AWS S3 buckets can pose significant threats akin to the notorious SolarWinds attack. Shon breaks down the importance of auditing and access controls while providing strategic guidance aligned with domain 6.1 of the CISSP to fortify your knowledge for the exam. This episode promises to equip you with the essential tools to protect your cloud infrastructure and maintain robust security practices.Transitioning to security testing, we explore various methodologies and the vital role they play in incident readiness and data integrity. From vulnerability assessments to penetration testing and the collaborative efforts of red, blue, and purple teams, Shon sheds light on the automation of these processes to enhance efficacy. We also demystify SOC 1 and SOC 2 reports and discuss their criticality in vendor risk management and regulatory compliance. With insights into audit standards like ISO 27001 and PCI DSS, this episode is your comprehensive guide to understanding and applying security measures across diverse sectors.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textUnlock the secrets to cybersecurity success with Sean Gerber as your guide, promising not just knowledge but mastery of domain five for your CISSP exam. Will you be the one who finally understands the intricacies of identity and access management, or the latest defense tactics against the alarming rise of ransomware attacks? These are just a few of the critical insights we explore, providing you with the practical tools needed to safeguard organizations and ensure business resilience in today's digital battleground.As we navigate the complex world of identity governance and privileged access management, Sean unpacks the transformative power of multi-factor authentication and single sign-on in solidifying security protocols. Discover how the principle of least privilege can be your organization's best friend in minimizing breach risks and achieving compliance. Beyond just passing an exam, this episode arms you with insights that will make you an indispensable force in cybersecurity. Plus, explore the robust resources available through CISSP Cyber Training, designed to propel you towards certification success. Don't miss your chance to become an asset in the ever-evolving world of cybersecurity.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2's CISSP exam. Google updates its stance on AI weapons.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare. This week, Chris is joined by Steven Burnley to break down a question targeting ISC2®'s CISSP - Certified Information Systems Security Professional) exam. Today's question comes from N2K's ISC2® CISSP - Certified Information Systems Security Professional Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Federal Workers Sue to Disconnect DOGE Server (WIRED) Treasury says DOGE review has ‘read-only' access to federal payments system (The Record) ‘Things Are Going to Get Intense:' How a Musk Ally Plans to Push AI on the Government (404 Media) Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop) Five Eyes Launch Guidance to Improve Edge Device Security (Infosecurity Magazine) Apple's MacOS Kernel Vulnerability Let Attackers Escalate Privileges - PoC Released (Cyber Security News)  Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities (SecurityWeek) Critical Veeam Vulnerability (CVE-2025-23114) Exposes Backup Servers to Remote Code Execution (SOCRadar) Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers (TechCrunch) US cranks up espionage charges against ex-Googler accused of trade secrets heist (The Register) CISA Releases Nine Advisories Detailing vulnerabilities and Exploits Surrounding ICS (Cyber Security News) CISA hires former DHS CIO into top cyber position (Federal News Network) Proposal for federal cyber scholarship, with service requirement, returns in House (The Record) Google drops pledge not to use AI for weapons or surveillance (Washington Post) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a textDiscover the game-changing strategies to strengthen your company's cybersecurity posture with our latest episode on CISSP Cybersecurity Training and Board Expertise. We reveal shocking insights: only 5% of company boards have cybersecurity expertise, a glaring gap that can jeopardize risk management and financial stability. Listen as we advocate for the integration of cybersecurity professionals into risk committees, a move proven to enhance security measures and boost shareholder confidence. Get ready to transform your board's approach to cybersecurity.Unlock the secrets to effective Role-Based Access Control (RBAC) and learn how to shield your organization from credential creep threats. Long-term employees and contractors like Sean are especially vulnerable, but with well-defined roles and responsibilities, you can assign privileges with precision and prevent conflicts of interest. This episode unpacks the complexities of role hierarchy and the importance of role lifecycle management, emphasizing regular audits and compliance to keep your security framework airtight and aligned with business needs.Managing employee transitions is a critical challenge, and we discuss how deprovisioning and offboarding are vital components in maintaining security integrity. Prompt account deactivation, asset retrieval, and data retention management are just the beginning; delve into the role of identity and access management tools like single sign-on systems and multi-factor authentication. Discover how adaptive authentication and compliance considerations ensure your protocols meet regulatory standards while safeguarding your company's digital assets and data. Prepare to step up your cybersecurity game with expert insights and proven strategies from our podcast.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

“When you are working on your own, you just have to make sure that you do the behind the scenes things that need to be done to create your own success.” – Lois Creamer Today's featured bestselling author is a consultant, renowned speaker, and industry expert who works with speakers, consultants, and experts wanting to book more business, make more money, and monetize their message, Lois Cramer. Lois and I had a fun on a bun chat about her new book, “Book More Business: Make MORE Money Speaking”, some strategies for monetizing your speaking career, and more!Key Things You'll Learn:Why it pays to have a formal launch for your bookSome of the challenges of being a professional speaker and the importance of your intellectual propertyThe game-changing concept of "aftercare" and its value when supporting your client post-engagementThe valuable marketing lesson that Lois learned from Jeffrey Gitomer that she still applies todayWhat Lois does to remain organized and productive as a solopreneurLois' Site: https://www.bookmorebusiness.com/Lois' Books: https://www.amazon.com/stores/author/B07R75YR16/allbooksThe opening track is titled, "Set Sail" by Sparks Dynamite. To listen to and download the full track, click the following link. https://planetastroproductions.bandcamp.com/track/set-sail-intro Please support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like… Ep. 835 – Turn Words Into Wealth with Aurora Winter, MBA (@AuroraWinterMBA): https://www.goingnorthpodcast.com/ep-835-turn-words-into-wealth-with-aurora-winter-mba-aurorawintermba/Ep. 645 – “How to Build a #Profitable Speaking Business” with Bret Ridgway (@bridgway): https://www.goingnorthpodcast.com/ep-645-how-to-build-a-profitable-speaking-business-with-bret-ridgway-bridgway/Ep. 313 – “Ask Uncle Neil” with Neil Thompson (@teachthegeek): https://www.goingnorthpodcast.com/ep-313-ask-uncle-neil-with-neil-thompson-teachthegeek/216 – “The Write Way” with Amy Collins (@askamycollins): https://www.goingnorthpodcast.com/216-the-write-way-with-amy-collins-askamycollins/Ep. 680 – “The Influence Lottery Ticket for Having High Impact” with Kelly Swanson (@motivationspkr): https://www.goingnorthpodcast.com/ep-680-the-influence-lottery-ticket-for-having-high-impact-with-kelly-swanson-motivationspkr/Ep. 400 – “How to Become a Multimillionaire, but Not Act Like It” with Tom Antion (@TomAntion): https://www.goingnorthpodcast.com/ep-400-how-to-become-a/ Ep. 583 – “How to Be the Face of Your Business” with Tonya Eberhart (@brandfacestar): https://www.goingnorthpodcast.com/ep-583-how-to-be-the-face-of-your-business-with-tonya-eberhart-brandfacestar/Ep. 510 - "Lights, Camera, Action" With Amy Scruggs (@amyscruggssd): https://www.goingnorthpodcast.com/ep-510-lights-camera-action-with-amy-scruggs-amyscruggssd/86 - "Stepping Into the Spotlight" with Tsufit (@Tsufit): https://www.goingnorthpodcast.com/86-stepping-into-the-spotlight-with-tsufit-tsufit/141 - "Thou Shall Be Successful" with William Winfield (@Willisblessed38): https://www.goingnorthpodcast.com/141-thou-shall-be-successful-with-william-winfield-willisblessed38/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/Ep. 424 – “Thoughtfully Fit” with Darcy Luoma (@DarcyLuoma): https://www.goingnorthpodcast.com/ep-424-thoughtfully-fit-with-darcy-luoma-darcyluoma/Ep. 610 – “Are You Open To…” with Merit Kahn, CSP (@MeritKahn): https://www.goingnorthpodcast.com/ep-610-are-you-open-to-with-merit-kahn-csp-meritkahn/

About the CISO Circuit SeriesSean Martin and Michael Piacente join forces roughly once per month (or so, depending on schedules) to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity for business and society. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.____________________________Guests: Heather Hinton, CISO-in-Residence, Professional Association of CISOsOn LinkedIn | https://www.linkedin.com/in/heather-hinton-9731911/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMichael Piacente, Managing Partner and Cofounder of Hitch PartnersOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Episode NotesIn this episode of the CISO Circuit Series, part of the Redefining Cybersecurity Podcast on ITSPmagazine, hosts Sean Martin and Michael Piacente welcomed Heather Hinton, seasoned cybersecurity leader, to discuss the evolving responsibilities and recognition of Chief Information Security Officers (CISOs). Their conversation explored the transformative work of the Professional Association of CISOs (PAC), an organization dedicated to establishing standards, accreditation, and support for cybersecurity leaders globally.This episode addressed three critical questions shaping the modern CISO role:How can CISOs build trust within their organizations?What is PAC doing to elevate cybersecurity as a recognized profession?How can CISOs prepare for increasing scrutiny and legal risks?Building Trust: A CISO's Key ResponsibilityHeather Hinton, whose career includes leadership roles like VP and CISO for IBM Cloud and PagerDuty, underscores that trust is foundational for a CISO's success. Beyond technical expertise, a CISO must demonstrate leadership, strategic thinking, and effective communication with boards, executives, and teams. Hinton highlights that cybersecurity should not be perceived as merely a technical function but as a critical enabler of business objectives.The PAC accreditation process reinforces this perspective by formalizing the skills needed to build trust. From fostering collaboration to aligning security strategies with organizational goals, PAC equips CISOs with tools to establish credibility and demonstrate value from day one.Elevating Cybersecurity as a Recognized ProfessionMichael Piacente, Managing Partner at Hitch Partners and co-host of the CISO Circuit Series, emphasizes PAC's role in professionalizing cybersecurity. By introducing a Code of Professional Conduct, structured accreditation programs, and robust career development resources, PAC is raising the bar for the profession. Hinton and Piacente explain that PAC's ultimate vision is to make membership and accreditation standard for CISO roles, akin to certifications we've come to expect and rely upon for doctors or lawyers.This vision reflects a growing recognition of cybersecurity as a discipline critical not only to organizations but to society as a whole. PAC's advocacy extends to shaping global policies, setting professional standards, and fostering an environment where CISOs are equipped to handle emerging challenges like hybrid warfare and AI-driven threats.Preparing for Legal Risks and Industry ChallengesThe conversation also delves into the increasing legal and regulatory scrutiny CISOs face. Piacente and Hinton stress the importance of having clear job descriptions, liability protections, and professional resources—areas where PAC is driving significant progress. By providing legal and mental health support, along with peer-driven mentorship, PAC empowers CISOs to navigate these challenges with confidence.Hinton notes that PAC is also a critical voice in addressing broader systemic risks, advocating for policies that protect CISOs while ensuring they are well-positioned to protect their organizations and society.Looking AheadWith goals to expand its membership to 1,000 and scale its accreditation programs by 2025, PAC is setting the foundation for a more unified and professionalized cybersecurity community. Hinton envisions PAC becoming a global authority, advising governments and organizations on cybersecurity standards and policies while fostering collaboration among professionals.For those aspiring to advance cybersecurity as a recognized profession, PAC offers a platform to shape the future of the field. Learn more about PAC and how to join at TheCISO.org.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

How do phishing scams, AI-powered attacks, and strategic governance intersect? Together, they're redefining the future of cybersecurity. Organizations are navigating a mix of challenges and implementing innovative solutions to proactively address today's threats.  Today's guest is Kelly Hood. She is the EVP and cybersecurity engineer at Optics Cyber Solutions. She is a CISSP who specializes in implementing cybersecurity and privacy best practices to manage risks and to achieve compliance. She supports the NIST cybersecurity framework and serves as a CMMC registered practitioner, helping organizations strengthen their cybersecurity posture and develop effective risk management strategies. Show Notes: [01:06] - Kelly is a cyber security engineer at Optic Cyber Solutions. It's her job to help companies protect themselves. [02:17] - Don't be embarrassed if you fall for a phishing scam. [03:01] - These attempts are getting more realistic. Kelly shares how she was briefly fooled by a phishing scam that looks like an email from her mother. [05:25] - The NIST Cybersecurity Framework is a voluntary framework for defining cybersecurity. An update was put out in February of 2024. They also added a new function. [06:01] - The five functions that organize a cybersecurity program have been to identify, protect, detect, respond, and recover. They recently added the govern function. [06:38] - The govern function is about defining your business objective and then putting protections in place that makes sense for those objectives. [09:01] - The identify function is focused on knowing what we have. [09:40] - Protect includes everything from identity management, authentication, training, data security, and platform security. [10:12] - Detect is looking at what's happening around us. It's continuous monitoring and knowing what happens if something goes wrong. [11:00] - Respond is knowing what the plan is when something does happen. [12:01] - Recover is about getting back to normal after something happens. [16:22] - Data centers want to make sure that they have redundant power supplies. [17:33] - We discuss some of the things that people might forget when identifying cybersecurity assets. Data and people need to be thought about as well as systems and hardware. [21:00] - We need to write things down and understand what systems and data connections we have. [23:10] - We talk about the importance of being aware of the physical space and who is actually supposed to be there. [24:46] - Data is one of the assets that often gets overlooked for protection. There are many new requirements that require data to be protected. [27:54] - Monitoring to understand what traffic you should expect and what is and isn't normal activity is also important. [31:10] - Transparency and communication are paramount for creating trust. [33:51] - Sometimes recovery doesn't mean 100%. Get up and running and prioritize the systems that matter most. [36:56] - With governance, you really want to look at what you're trying to do with the business and then translate cybersecurity to fit that objective. [37:27] - Have guidance documentation in place and have oversight. Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.  Links and Resources: Podcast Web Page Facebook Page whatismyipaddress.com Easy Prey on Instagram Easy Prey on Twitter Easy Prey on LinkedIn Easy Prey on YouTube Easy Prey on Pinterest Optic Cyber Solutions (MaPT) Maturity and Progress Tracker Optic Cyber Solutions on LinkedIn Optic Cyber YouTube NIST Cybersecurity Framework

The latest episode of Redefining CyberSecurity on ITSPmagazine featured a thought-provoking discussion about integrating human factors into secure software development. Host Sean Martin was joined by Dr. Kelsey Fulton, Assistant Professor at the Colorado School of Mines, and Julie Haney, a computer scientist at the National Institute of Standards and Technology. The conversation explored how human-centered approaches can strengthen secure software practices and address challenges in the development process.A Human-Centered Approach to SecurityDr. Fulton shared how her research focuses on the human factors that impact secure software development. Her journey began during her graduate studies at the University of Maryland, where she was introduced to the intersection of human behavior and security in a course that sparked her interest. Her projects, such as investigating the transition from C to Rust programming languages, underscore the complexity of embedding security into the software development lifecycle.The Current State of Secure DevelopmentOne key takeaway from the discussion was the tension between functionality and security in software development. Developers often prioritize getting a product to market quickly, leading to decisions that sideline security considerations. Dr. Fulton noted that while developers typically have good intentions, they often lack the resources, tools, and organizational support necessary to incorporate security effectively.She highlighted the need for a “security by design” approach, which integrates security practices from the earliest stages of development. Embedding security specialists within development teams can create a cultural shift where security becomes a shared responsibility rather than an afterthought.Challenges in Adoption and EducationDr. Fulton's research reveals significant obstacles to adopting secure practices, including the complexity of tools and the lack of comprehensive education for developers. Even advanced tools like static analyzers and fuzzers are underutilized. A major barrier is developers' perception that security is not their responsibility, compounded by tight deadlines and organizational pressures.Additionally, her research into Rust adoption at companies illuminated technical and organizational challenges. Resistance often stems from the cost and complexity of transitioning existing systems, despite Rust's promise of enhanced security and memory safety.The Future of Human-Centered SecurityLooking ahead, Dr. Fulton emphasized the importance of addressing how developers trust and interact with tools like large language models (LLMs) for code generation. Her team is exploring ways to enhance these tools, ensuring they provide secure code suggestions and help developers recognize vulnerabilities.The episode concluded with a call to action for organizations to support research in this area and cultivate a security-first culture. Dr. Fulton underscored the potential of collaborative efforts between researchers, developers, and companies to improve security outcomes.By focusing on human factors and fostering supportive environments, organizations can significantly advance secure software development practices.____________________________Guests: Dr. Kelsey Fulton, Assistant Professor of Computer Science at the Colorado School of MinesWebsite | https://cs.mines.edu/project/fulton-kelsey/Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead, National Institute of Standards and Technology [@NISTcyber]On LinkedIn | https://www.linkedin.com/in/julie-haney-037449119/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martin____________________________View This Show's SponsorsImperva | https://itspm.ag/imperva277117988LevelBlue | https://itspm.ag/levelblue266f6cThreatLocker | https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: