Podcasts about cissp

The ISSAP (Information Systems Security Architecture Professional) exam is evolving in 2025—and if you're aiming to specialize beyond CISSP, you'll want to know exactly what's new. In this InfosecTrain session, we break down the latest syllabus changes and what they mean for your certification journey.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity models can be one of the most challenging concepts for CISSP candidates to grasp, yet they form the bedrock of how we implement and understand security controls. In this comprehensive episode, we break down Domain 3.2's security models in plain, accessible language with real-world examples that will finally make these abstract concepts click.We start with an analysis of the recent TransUnion data breach affecting 4.4 million individuals, using it as a practical reminder of why proper security architecture matters. This breach, occurring through a third-party application, perfectly illustrates the dangers when security models aren't properly implemented.The episode then demystifies the Trusted Computing Base (TCB), explaining its role as the foundation of creating secure code. We explore key components including the Security Kernel, Reference Monitor, Trusted Path, and TCB Boundary, translating these complex concepts into understandable terms.The heart of the episode focuses on the "Big Eight" security models you need to know for the CISSP exam. From Bell-LaPadula's "no read up, no write down" confidentiality focus to Biba's integrity-centered approach, we provide clear explanations and memorable scenarios for each model. You'll learn how Clark-Wilson enforces business integrity through separation of duties, how Brewer-Nash prevents conflicts of interest, and how the remaining models address specific security concerns.Rather than simply memorizing names and concepts, this episode gives you a framework for understanding each model's purpose, category (confidentiality, integrity, information flow, or access), and practical application. We conclude with exam preparation tips, highlighting which models deserve the most attention during your studies.Whether you're preparing for the CISSP exam or simply want to deepen your cybersecurity knowledge, this episode transforms abstract security models into practical tools you can apply to real-world security challenges. Visit CISSPCyberTraining.com for free questions and additional resources to support your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvDive into the multifaceted world of data security controls with Sean Gerber as he unpacks CISSP Domain 2.6. The episode opens with a fascinating glimpse into the creative ingenuity of technology users—a student who managed to hack a TI-84 calculator to access ChatGPT during exams. This real-world example perfectly illustrates why robust data security controls are more crucial than ever in our interconnected world.Sean meticulously breaks down the three fundamental data states—data at rest, data in transit, and data in use—providing clear explanations of the unique protection mechanisms each requires. You'll discover why data is rarely truly "at rest" unless completely powered off and disconnected, and why this understanding is vital for comprehensive protection strategies. The discussion extends to emerging technologies like homomorphic encryption, which promises to keep data encrypted throughout all states, though it's still evolving.The heart of effective data protection lies in classification and labeling, and Sean offers practical advice on implementing these systems. Starting small with clearly defined data sets, standardizing nomenclature, and utilizing visual cues like color-coding are just a few of the actionable strategies shared. You'll gain insights into Digital Rights Management (DRM), Data Loss Prevention (DLP), and Cloud Access Security Brokers (CASBs)—three critical components of a comprehensive data security framework.Perhaps most valuable is Sean's emphasis on understanding organizational risk tolerance. As he eloquently puts it, "If you don't know the risk for your company, find out somebody who does." This perspective shift from pure protection to risk-aligned security can transform how security professionals approach their role and communicate with leadership.Whether you're studying for the CISSP exam or looking to enhance your organization's data protection strategy, this episode delivers practical wisdom drawn from real-world experience. Visit CISSP Cyber Training for additional resources, and remember—understanding data security isn't just about passing an exam; it's about becoming a more effective guardian of your organization's most valuable assets.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvFrom insecure code causing breaches to proper data destruction, this episode dives deep into the critical world of data lifecycle management—a cornerstone of the CISSP certification and modern cybersecurity practice.A shocking 74% of organizations have experienced security incidents from insecure code, highlighting why proper data management matters more than ever. Whether you're preparing for the CISSP exam or strengthening your organization's security posture, understanding who's responsible for what is essential. We break down the sometimes confusing differences between data owners (who bear legal liability), data custodians (handling day-to-day operations), data controllers (determining what gets processed and how), and data processors (who handle the actual processing).The stakes couldn't be higher. With GDPR violations potentially costing organizations up to 4% of global annual revenue, misunderstanding these roles can lead to catastrophic financial consequences. We explore the eight principles driving transborder data flows and why understanding your data's journey matters for compliance and security.When it comes to data destruction, I share practical wisdom about what really works. While methods like degaussing and various overwriting techniques exist, I explain why physical destruction (the "jaws of death" approach) often makes the most practical and economic sense in today's world of inexpensive storage media.Throughout the episode, I provide real-world examples from my decades of experience as a CISO and security professional. Whether you're dealing with classified information requiring specialized handling or simply trying to implement sensible data governance in a commercial environment, these principles will help protect your organization's most valuable asset—its information.Ready to continue your cybersecurity journey? Visit CISSP Cyber Training for free resources, sign up for my email list, or check out my YouTube channel for additional content to help you pass the CISSP exam the first time.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe digital world has opened up unprecedented opportunities for scammers, and seniors have become prime targets. In this alarming and informative episode, we dive deep into the FBI's recent warning about AI-driven "Phantom Hacker" scams that have already stolen over a billion dollars from American seniors through sophisticated three-stage attacks.What makes these scams particularly devastating is the deployment of AI voice cloning technology. With just a small sample of someone's speech, scammers can create perfect voice replicas that sound exactly like trusted family members or financial advisors. This technology has advanced to the point where distinguishing between real and AI-generated voices is nearly impossible for most people. As cybersecurity professionals, we have a responsibility to protect vulnerable populations through education and clear verification protocols.The episode transitions into a comprehensive review of CISSP Domain 4, covering essential communication and network security concepts. We explore voice communications security for both traditional telephone networks and modern VoIP systems, email security protocols including SPF, DKIM, and DMARC, and remote access considerations with VPNs. The discussion covers critical decisions between split and full tunneling, network address translation complexities, and third-party risk management through formal agreements and vendor assessments.Whether you're preparing for the CISSP exam or looking to strengthen your organization's communication security posture, this episode provides actionable insights on protecting against today's most sophisticated threats. The convergence of AI technology with traditional social engineering tactics demands a new approach to security awareness and technical controls—one that acknowledges voice is no longer a reliable authentication factor on its own.Ready to continue your CISSP journey? Visit CISSPCyberTraining.com for free resources including practice questions, rapid review videos, and a comprehensive study plan designed to help you pass the exam on your first attempt.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvNetwork security is the cornerstone of modern cybersecurity, and understanding its intricacies is essential for anyone preparing for the CISSP exam. In this comprehensive episode, Sean Gerber delivers a rapid review of Domain 4: Communications and Network Security, which constitutes 13% of the CISSP exam questions.The episode opens with a cautionary tale about a disgruntled Chinese developer who received a four-year prison sentence for deploying a logic bomb that devastated his former employer's network. This real-world example underscores the critical importance of proper employee termination procedures and privilege management—especially for technical staff with elevated access. As Sean emphasizes, "The eyes of Sauron" should be on any high-privilege employee showing signs of discontent.Diving into Domain 4, Sean expertly navigates through foundational concepts like the OSI and TCP/IP models, explaining how they standardize network communications and why security professionals must understand them to implement effective defense strategies. The discussion progresses through IP networking (both IPv4 and IPv6), secure protocols, multi-layer protections, and deep packet inspection—all crucial components of a robust security architecture.Particularly valuable is Sean's breakdown of modern network technologies like micro-segmentation, which divides networks into highly granular security zones. While acknowledging its power to limit lateral movement during breaches, he cautions that implementation requires sophisticated knowledge of software-defined networking (SDN) and careful planning: "It's better to start small than to go out and think of and get too big when you're dealing with deploying these SDN type of capabilities."Wireless security, content delivery networks, and endpoint protection receive thorough examination, with Sean emphasizing that endpoints are "your first line of detection" and advocating for comprehensive endpoint detection and response (EDR) solutions that go beyond traditional antivirus. The episode concludes with insights on voice communication security, contrasting traditional telephone networks with modern VoIP systems and their unique vulnerabilities.Whether you're preparing for the CISSP exam or looking to strengthen your organization's network security posture, this episode provides actionable insights backed by real-world experience. Ready to deepen your understanding of cybersecurity fundamentals? Subscribe to the CISSP Cyber Training Podcast and check out the free resources available at cisspybertraining.com to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA catastrophic data loss incident involving South Yorkshire Police serves as a powerful security lesson in today's episode. We examine how 96,174 pieces of body-worn video evidence vanished during an IT upgrade, affecting 126 criminal cases. This real-world security failure highlights the critical importance of proper data management, backups, and third-party oversight—fundamental concepts that directly apply to your CISSP exam preparation.The heart of this episode tackles five challenging CISSP exam questions spanning multiple security domains. We methodically work through complex scenarios involving encryption algorithm selection, mitigating Single Sign-On risks in healthcare environments, containing Advanced Persistent Threats, addressing cross-border data protection compliance, and handling SQL injection vulnerabilities in government applications.For each question, I break down the critical thinking process that helps you eliminate incorrect answers and identify the best solution. You'll understand why AES-256 balances security and performance for financial data, how multi-factor authentication strengthens SSO implementations, when network segmentation becomes crucial for APT containment, why Data Loss Prevention systems address insider threats, and the importance of parameterized queries in secure software development.This episode demonstrates how to approach scenario-based questions methodically, turning what seems overwhelming into manageable decision points. By breaking down complex questions step-by-step, you dramatically improve your chances of success on the CISSP exam while building practical security knowledge that translates directly to real-world challenges.Visit CISSP Cyber Training for more resources, including 360 free practice questions to accelerate your certification journey. Remember, a methodical approach to security problems is your path to passing the CISSP exam the first time.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

⸻ Podcast: Redefining Society and Technologyhttps://redefiningsocietyandtechnologypodcast.com _____________________________This Episode's SponsorsBlackCloak provides concierge cybersecurity protection to corporate executives and high-net-worth individuals to protect against hacking, reputational loss, financial loss, and the impacts of a corporate data breach.BlackCloak:  https://itspm.ag/itspbcweb_____________________________A Musing On Society & Technology Newsletter Written By Marco Ciappelli | Read by TAPE3August 18, 2025The Narrative Attack Paradox: When Cybersecurity Lost the Ability to Detect Its Own Deception and the Humanity We Risk When Truth Becomes OptionalReflections from Black Hat USA 2025 on Deception, Disinformation, and the Marketing That Chose Fiction Over FactsBy Marco CiappelliSean Martin, CISSP just published his analysis of Black Hat USA 2025, documenting what he calls the cybersecurity vendor "echo chamber." Reviewing over 60 vendor announcements, Sean found identical phrases echoing repeatedly: "AI-powered," "integrated," "reduce analyst burden." The sameness forces buyers to sift through near-identical claims to find genuine differentiation.This reveals more than a marketing problem—it suggests that different technologies are being fed into the same promotional blender, possibly a generative AI one, producing standardized output regardless of what went in. When an entire industry converges on identical language to describe supposedly different technologies, meaningful technical discourse breaks down.But Sean's most troubling observation wasn't about marketing copy—it was about competence. When CISOs probe vendor claims about AI capabilities, they encounter vendors who cannot adequately explain their own technologies. When conversations moved beyond marketing promises to technical specifics, answers became vague, filled with buzzwords about proprietary algorithms.Reading Sean's analysis while reflecting on my own Black Hat experience, I realized we had witnessed something unprecedented: an entire industry losing the ability to distinguish between authentic capability and generated narrative—precisely as that same industry was studying external "narrative attacks" as an emerging threat vector.The irony was impossible to ignore. Black Hat 2025 sessions warned about AI-generated deepfakes targeting executives, social engineering attacks using scraped LinkedIn profiles, and synthetic audio calls designed to trick financial institutions. Security researchers documented how adversaries craft sophisticated deceptions using publicly available content. Meanwhile, our own exhibition halls featured countless unverifiable claims about AI capabilities that even the vendors themselves couldn't adequately explain.But to understand what we witnessed, we need to examine the very concept that cybersecurity professionals were discussing as an external threat: narrative attacks. These represent a fundamental shift in how adversaries target human decision-making. Unlike traditional cyberattacks that exploit technical vulnerabilities, narrative attacks exploit psychological vulnerabilities in human cognition. Think of them as social engineering and propaganda supercharged by AI—personalized deception at scale that adapts faster than human defenders can respond. They flood information environments with false content designed to manipulate perception and erode trust, rendering rational decision-making impossible.What makes these attacks particularly dangerous in the AI era is scale and personalization. AI enables automated generation of targeted content tailored to individual psychological profiles. A single adversary can launch thousands of simultaneous campaigns, each crafted to exploit specific cognitive biases of particular groups or individuals.But here's what we may have missed during Black Hat 2025: the same technological forces enabling external narrative attacks have already compromised our internal capacity for truth evaluation. When vendors use AI-optimized language to describe AI capabilities, when marketing departments deploy algorithmic content generation to sell algorithmic solutions, when companies building detection systems can't detect the artificial nature of their own communications, we've entered a recursive information crisis.From a sociological perspective, we're witnessing the breakdown of social infrastructure required for collective knowledge production. Industries like cybersecurity have historically served as early warning systems for technological threats—canaries in the coal mine with enough technical sophistication to spot emerging dangers before they affect broader society.But when the canary becomes unable to distinguish between fresh air and poison gas, the entire mine is at risk.This brings us to something the literary world understood long before we built our first algorithm. Jorge Luis Borges, the Argentine writer, anticipated this crisis in his 1940s stories like "On Exactitude in Science" and "The Library of Babel"—tales about maps that become more real than the territories they represent and libraries containing infinite books, including false ones. In his fiction, simulations and descriptions eventually replace the reality they were meant to describe.We're living in a Borgesian nightmare where marketing descriptions of AI capabilities have become more influential than actual AI capabilities. When a vendor's promotional language about their AI becomes more convincing than a technical demonstration, when buyers make decisions based on algorithmic marketing copy rather than empirical evidence, we've entered that literary territory where the map has consumed the landscape. And we've lost the ability to distinguish between them.The historical precedent is the 1938 War of the Worlds broadcast, which created mass hysteria from fiction. But here's the crucial difference: Welles was human, the script was human-written, the performance required conscious participation, and the deception was traceable to human intent. Listeners had to actively choose to believe what they heard.Today's AI-generated narratives operate below the threshold of conscious recognition. They require no active participation—they work by seamlessly integrating into information environments in ways that make detection impossible even for experts. When algorithms generate technical claims that sound authentic to human evaluators, when the same systems create both legitimate documentation and marketing fiction, we face deception at a level Welles never imagined: the algorithmic manipulation of truth itself.The recursive nature of this problem reveals itself when you try to solve it. This creates a nearly impossible situation. How do you fact-check AI-generated claims about AI using AI-powered tools? How do you verify technical documentation when the same systems create both authentic docs and marketing copy? When the tools generating problems and solving problems converge into identical technological artifacts, conventional verification approaches break down completely.My first Black Hat article explored how we risk losing human agency by delegating decision-making to artificial agents. But this goes deeper: we risk losing human agency in the construction of reality itself. When machines generate narratives about what machines can do, truth becomes algorithmically determined rather than empirically discovered.Marshall McLuhan famously said "We shape our tools, and thereafter they shape us." But he couldn't have imagined tools that reshape our perception of reality itself. We haven't just built machines that give us answers—we've built machines that decide what questions we should ask and how we should evaluate the answers.But the implications extend far beyond cybersecurity itself. This matters far beyond. If the sector responsible for detecting digital deception becomes the first victim of algorithmic narrative pollution, what hope do other industries have? Healthcare systems relying on AI diagnostics they can't explain. Financial institutions using algorithmic trading based on analyses they can't verify. Educational systems teaching AI-generated content whose origins remain opaque.When the industry that guards against deception loses the ability to distinguish authentic capability from algorithmic fiction, society loses its early warning system for the moment when machines take over truth construction itself.So where does this leave us? That moment may have already arrived. We just don't know it yet—and increasingly, we lack the cognitive infrastructure to find out.But here's what we can still do: We can start by acknowledging we've reached this threshold. We can demand transparency not just in AI algorithms, but in the human processes that evaluate and implement them. We can rebuild evaluation criteria that distinguish between technical capability and marketing narrative.And here's a direct challenge to the marketing and branding professionals reading this: it's time to stop relying on AI algorithms and data optimization to craft your messages. The cybersecurity industry's crisis should serve as a warning—when marketing becomes indistinguishable from algorithmic fiction, everyone loses. Social media has taught us that the most respected brands are those that choose honesty over hype, transparency over clever messaging. Brands that walk the walk and talk the talk, not those that let machines do the talking.The companies that will survive this epistemological crisis are those whose marketing teams become champions of truth rather than architects of confusion. When your audience can no longer distinguish between human insight and machine-generated claims, authentic communication becomes your competitive advantage.Most importantly, we can remember that the goal was never to build machines that think for us, but machines that help us think better.The canary may be struggling to breathe, but it's still singing. The question is whether we're still listening—and whether we remember what fresh air feels like.Let's keep exploring what it means to be human in this Hybrid Analog Digital Society. Especially now, when the stakes have never been higher, and the consequences of forgetting have never been more real. End of transmission.___________________________________________________________Marco Ciappelli is Co-Founder and CMO of ITSPmagazine, a journalist, creative director, and host of podcasts exploring the intersection of technology, cybersecurity, and society. His work blends journalism, storytelling, and sociology to examine how technological narratives influence human behavior, culture, and social structures.___________________________________________________________Enjoyed this transmission? Follow the newsletter here:https://www.linkedin.com/newsletters/7079849705156870144/Share this newsletter and invite anyone you think would enjoy it!New stories always incoming.___________________________________________________________As always, let's keep thinking!Marco Ciappellihttps://www.marcociappelli.com___________________________________________________________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Marco Ciappelli | Co-Founder, Creative Director & CMO ITSPmagazine  | Dr. in Political Science / Sociology of Communication l Branding | Content Marketing | Writer | Storyteller | My Podcasts: Redefining Society & Technology / Audio Signals / + | MarcoCiappelli.comTAPE3 is the Artificial Intelligence behind ITSPmagazine—created to be a personal assistant, writing and design collaborator, research companion, brainstorming partner… and, apparently, something new every single day.Enjoy, think, share with others, and subscribe to the "Musing On Society & Technology" newsletter on LinkedIn.

Starting your CISSP journey? Domain 1—Security and Risk Management—is the foundation for both exam success and career growth. In this deep-dive session, we break down everything you need to know to study smarter and lead stronger.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe core principles of cybersecurity aren't just theoretical concepts—they're the practical foundation every security professional needs to master. In this deep-dive episode, Sean Gerber breaks down the critical components of Domain 1.2 of the CISSP exam, unpacking confidentiality, integrity, availability, authenticity, and non-repudiation in clear, actionable terms.Starting with breaking news about Microsoft ending Windows 10 support on October 14th, Sean highlights the urgent security implications for organizations still running this widely-embedded operating system. He emphasizes the importance of comprehensive inventory management—especially for IoT devices that may contain embedded Windows components—and the available extension options for critical systems.The heart of the episode delivers a comprehensive exploration of the CIA triad. Sean walks through each element with real-world examples: confidentiality through encryption and access controls; integrity via change management and validation processes; and availability through redundant systems and business continuity planning. But he doesn't stop there. The discussion expands to cover the DAD triad (Disclosure, Alteration, Destruction) which helps identify security failures, and the AAA framework (Authentication, Authorization, Accounting) that provides essential security controls.What makes this episode particularly valuable is Sean's practical advice drawn from 25 years of cybersecurity experience. He emphasizes the importance of defense-in-depth strategies, network segmentation, and prioritizing critical systems rather than attempting to fix everything at once—"eating the elephant one toenail at a time." His methodical approach helps listeners understand not just the concepts themselves, but how to implement them effectively in real-world environments.Whether you're preparing for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the foundational knowledge and practical strategies you need. Visit CISSP Cyber Training for free study materials, practice questions, and mentoring options to accelerate your cybersecurity career.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

At Black Hat USA 2025, artificial intelligence wasn't the shiny new thing — it was the baseline. Nearly every product launch, feature update, and hallway conversation had an “AI-powered” stamp on it. But when AI becomes the lowest common denominator for security, the questions shift.In this episode, I read my latest opinion piece exploring what happens when the tools we build to protect us are the same ones that can obscure reality — or rewrite it entirely. Drawing from the Lock Note discussion, Jennifer Granick's keynote on threat modeling and constitutional law, my own CISO hallway conversations, and a deep review of 60+ vendor announcements, I examine the operational, legal, and governance risks that emerge when speed and scale take priority over transparency and accountability.We talk about model poisoning — not just in the technical sense, but in how our industry narrative can get corrupted by hype and shallow problem-solving. We look at the dangers of replacing entry-level security roles with black-box automation, where a single model misstep can cascade into thousands of bad calls at machine speed. And yes, we address the potential liability for CISOs and executives who let it happen without oversight.Using Mikko Hyppönen's “Game of Tetris” metaphor, I explore how successes vanish quietly while failures pile up for all to see — and why in the AI era, that stack can build faster than ever.If AI is everywhere, what defines the premium layer above the baseline? How do we ensure we can still define success, measure it accurately, and prove it when challenged?Listen in, and then join the conversation: Can you trust the “reality” your systems present — and can you prove it?________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesArticle: When Artificial Intelligence Becomes the Baseline: Will We Even Know What Reality Is AInymore?https://www.linkedin.com/pulse/when-artificial-intelligence-becomes-baseline-we-even-martin-cissp-4idqe/The Future of Cybersecurity Article: How Novel Is Novelty? Security Leaders Try To Cut Through the Cybersecurity Vendor Echo Chamber at Black Hat 2025: https://www.linkedin.com/pulse/how-novel-novelty-security-leaders-try-cut-through-sean-martin-cissp-xtune/Black Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEALearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Article: When Virtual Reality Is A Commodity, Will True Reality Come At A Premium? https://sean-martin.medium.com/when-virtual-reality-is-a-commodity-will-true-reality-come-at-a-premium-4a97bccb4d72Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conference________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvDive deep into the critical world of configuration management with Sean Gerber as he unpacks Domain 7.3 of the CISSP exam. This episode balances theoretical knowledge with hard-earned practical wisdom, helping you not only pass your certification exam but implement effective security controls in real-world environments.Sean begins by exploring recent IT employment trends, highlighting the growing importance of specialized skills in networking, cloud, and software development. He notes how employers are increasingly valuing practical skills and certifications over traditional four-year degrees, creating new opportunities for security professionals.The heart of the episode examines the foundational elements of configuration management – from asset discovery to change control processes. Through relatable examples, Sean illustrates how unauthorized devices create security blind spots and why automated tools like SCCM are essential for maintaining secure environments. He breaks down the four key activities of security configuration management: identification, control, status accounting, and verification/audit.Perhaps most valuable is Sean's candid discussion of implementation challenges. Rather than presenting idealized scenarios, he acknowledges the messy reality of managing configurations in complex organizations with legacy systems. His practical advice includes focusing on operating systems and devices first before tackling the more challenging application landscape, and implementing changes through a multi-year approach rather than attempting overnight transformation.Ready to master configuration management and move closer to CISSP certification? Visit CISSPcybertraining.com where you can access training resources on a pay-what-you-wish basis. What makes this program truly special is that all proceeds support adoptive families through Sean's nonprofit foundation. Learn essential cybersecurity skills while contributing to a meaningful cause!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

When security becomes more than a checkbox, the conversation shifts from “how much” to “how well.” At Black Hat USA 2025, Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Viktor Petersson, Founder of an SBOM artifact platform, unpack how regulatory forces, cultural change, and AI innovation are reshaping how organizations think about security.Viktor points to the growing role of Software Bill of Materials (SBOMs) as not just a best practice, but a likely requirement in future compliance frameworks. The shift, he notes, is driven largely by regulation—especially in Europe—where security is no longer a “nice to have” but a mandated operational function. Sean connects this to a market reality: companies increasingly see transparent security practices as a competitive differentiator, though the industry still struggles with the hollow claim of simply being “secure.”AI naturally dominates discussions, but the focus is nuanced. Rather than chasing hype, both stress the need for strong guardrails before scaling AI-driven development. Viktor envisions engineers supervising fleets of specialized AI agents—handling tasks from UX to code auditing—while Sean sees AI as a way to rethink entire operational models. Yet both caution that without foundational security practices, AI only amplifies existing risks.The conversation extends to IoT and supply chain security, where market failures allow insecure, end-of-life devices to persist in critical environments. The infamous “smart fish tank” hack in a Las Vegas casino serves as a reminder: the weakest link often isn't the target itself, but the entry point it provides.DEFCON, Viktor notes, offers a playground for challenging assumptions—whether it's lock-picking to illustrate perceived versus actual security, or examining the human factor in breaches. For both hosts, events like Black Hat and DEFCON aren't just about the latest vulnerabilities or flashy demos—they're about the human exchange of ideas, the reframing of problems, and the collaboration that fuels more resilient security strategies.___________Guest:Viktor Petersson, Founder, sbomify | On LinkedIn: https://www.linkedin.com/in/vpetersson/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA sophisticated banking network breach using tiny Raspberry Pi devices sets the stage for our comprehensive examination of CISSP Domain 3 Security Architecture fundamentals. The attack—which gave hackers persistent remote access to ATM systems—demonstrates how physical security failures can lead to devastating network compromises, perfectly illustrating why Domain 3's holistic approach to security is critical in modern environments.We systematically explore the security requirements for diverse system architectures—from traditional client-server setups to cutting-edge containerization and serverless deployments. You'll gain clarity on why different systems demand specialized protection strategies: how industrial control systems prioritize availability over confidentiality, why cloud environments operate under shared responsibility models, and what makes IoT devices particularly vulnerable to compromise.The cryptographic section demystifies key management practices, explaining why even mathematically sound algorithms fail when implementation is flawed. We break down symmetric versus asymmetric encryption, digital signatures, and hashing techniques essential for data integrity. More importantly, you'll understand the complete cryptographic lifecycle from generation through destruction—knowledge directly applicable to real-world security operations and exam scenarios alike.Our detailed examination of attack methodologies covers everything from brute force attempts to sophisticated side-channel attacks that extract secrets through power consumption analysis. The physical security portion reveals why facility design, environmental controls, and power management form essential layers in your defense strategy.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode delivers actionable insights into creating robust, multi-layered security architectures. Ready to build stronger defenses? Visit CISSPCyberTraining.com for free practice questions and additional resources to accelerate your cybersecurity mastery.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Black Hat 2025 was a showcase of cybersecurity innovation — or at least, that's how it appeared on the surface. With more than 60 vendor announcements over the course of the week, the event floor was full of “AI-powered” solutions promising to integrate seamlessly, reduce analyst fatigue, and transform SOC operations. But after walking the floor, talking with CISOs, and reviewing the press releases, a pattern emerged: much of the messaging sounded the same, making it hard to distinguish the truly game-changing from the merely loud.In this episode of The Future of Cybersecurity Newsletter, I take you behind the scenes to unpack the themes driving this year's announcements. Yes, AI dominated the conversation, but the real story is in how vendors are (or aren't) connecting their technology to the operational realities CISOs face every day. I share insights gathered from private conversations with security leaders — the unfiltered version of how these announcements are received when the marketing gloss is stripped away.We dig into why operational relevance, clarity, and proof points matter more than ever. If you can't explain what your AI does, what data it uses, and how it's secured, you're already losing the trust battle. For CISOs, I outline practical steps to evaluate vendor claims quickly and identify solutions that align with program goals, compliance needs, and available resources.And for vendors, this episode serves as a call to action: cut the fluff, be transparent, and frame your capabilities in terms of measurable program outcomes. I share a framework for how to break through the noise — not just by shouting louder, but by being more real, more specific, and more relevant to the people making the buying decisions.Whether you're building a security stack or selling into one, this conversation will help you see past the echo chamber and focus on what actually moves the needle.________This story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________✦ ResourcesBlack Hat 2025 On Location Closing Recap Video with Sean Martin, CISSP and Marco Ciappelli: https://youtu.be/13xP-LEwtEAITSPmagazine Studio — A Brand & Marketing Advisory for Cybersecurity and Tech Companies: https://www.itspmagazine.studio/ITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageCitations: Available in the full article________Sean Martin is a life-long musician and the host of the Music Evolves Podcast; a career technologist, cybersecurity professional, and host of the Redefining CyberSecurity Podcast; and is also the co-host of both the Random and Unscripted Podcast and On Location Event Coverage Podcast. These shows are all part of ITSPmagazine—which he co-founded with his good friend Marco Ciappelli, to explore and discuss topics at The Intersection of Technology, Cybersecurity, and Society.™️Want to connect with Sean and Marco On Location at an event or conference near you? See where they will be next: https://www.itspmagazine.com/on-locationTo learn more about Sean, visit his personal website.

Black Hat USA 2025 has wrapped, and for Sean Martin, CISSP, Co-Founder of ITSPmagazine, and Marco Ciappelli, Co-Founder of ITSPmagazine, the end of the event is both an exhale and a moment to reflect on what was learned, heard, and felt. After days of conversations with industry leaders, CISOs, vendors, and attendees from around the globe, one recurring message stands out: cybersecurity decision-makers are tired of buzzwords and hungry for real solutions.Sean shares that during sessions and informal meetups, CISOs expressed frustration with marketing pitches that fail to connect to their real challenges. Sitting across from security leaders, marketers heard it directly—stop with the jargon and explain how your solution genuinely makes their lives easier, reduces stress, and improves security outcomes. In other words, trust and honesty carry far more weight than flashy claims.Marco emphasizes that hype not only wastes time but also adds “noise” to the already complex job of running a security program. The more a vendor can be direct about what they do—and what they don't do—the more likely they are to earn a lasting relationship with a CISO and their team. Both agree that connecting the dots between a product and an organization's operational reality is key: what does adoption require, how will it fit into existing systems, and will it force a major operational shift?Beyond the messaging critique, the duo reflects on the community element of Black Hat. They reconnected with peers, met new contacts from as far as Toronto, and discussed future events in places like Melbourne, Barcelona, and Amsterdam. They also teased the upcoming “Transatlantic Broadcast” podcast series, which will explore cybersecurity voices from across Europe while maintaining a global view.While the Black Hat booths are now dismantled and the floors mopped, the conversations are far from over. Sean and Marco head back to Los Angeles ready to produce interviews, publish articles, and share the many stories captured during the week—stories that cut through the noise and get to the heart of what matters in cybersecurity.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974BlackCloak: https://itspm.ag/itspbcwebAkamai: https://itspm.ag/akamailbwcDropzoneAI: https://itspm.ag/dropzoneai-641Stellar Cyber: https://itspm.ag/stellar-9dj3___________ResourcesLearn more and catch more stories from our Black Hat USA 2025 coverage: https://www.itspmagazine.com/bhusa25Learn more about ITSPmagazine Studio: https://www.itspmagazine.studio/Learn more about ITSPmagazine Europe: https://www.itspmagazine.com/europeCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageITSPmagazine Webinar: What's Heating Up Before Black Hat 2025: Place Your Bet on the Top Trends Set to Shake Up this Year's Hacker Conference — An ITSPmagazine Thought Leadership Webinar | https://www.crowdcast.io/c/whats-heating-up-before-black-hat-2025-place-your-bet-on-the-top-trends-set-to-shake-up-this-years-hacker-conferenceWant to tell your Brand Story Briefing as part of our event coverage? Learn More

Send us a textWe begin by exploring foundational security principles that drive effective system design. Threat modeling emerges as a proactive approach for identifying vulnerabilities before implementation, while least privilege ensures users have only the access they absolutely need. Defense in depth creates those crucial security layers that prevent single points of failure from becoming catastrophic breaches. The podcast clarifies how secure defaults and fail-secure mechanisms ensure systems remain protected even during unexpected circumstances.The security models section demystifies complex concepts like Bell-LaPadula (no read up, no write down) and Biba (no read down, no write up), providing clear distinctions between these often-confused frameworks. You'll gain clarity on when and why each model applies to different security priorities—whether confidentiality in Bell-LaPadula or integrity in Biba. Other essential models covered include Clark-Wilson, Brewer-Nash (Chinese Wall), and State Machine models.Memory protection emerges as a crucial technical component, with explanations of buffer overflows, dangling pointers, and other vulnerabilities that can compromise system integrity. The practical countermeasures discussed—Data Execution Prevention (DEP), Address Space Layout Randomization (ASLR), and secure coding practices—provide actionable knowledge for preventing memory-based attacks.The episode also highlights the NSA's recent release of "Elite Wolf," a repository of signatures and analytics for operational technology networks. This timely information underscores the growing importance of securing industrial control systems, which have historically received less security attention despite their critical nature.Whether you're preparing for the CISSP exam or looking to strengthen your security architecture knowledge, this episode provides the structured approach and key concepts you need. Ready to master the most heavily weighted domain on the CISSP exam? Visit CISSP Cyber Training for additional resources, practice questions, and comprehensive exam preparation materials.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Security operations are the frontlines of cyber defense—and CISSP Domain 7 is where your expertise gets real. In this power-packed episode of our Deep-Dive series, we break down Domain 7: Security Operations using real-world SOC workflows and exam-style scenarios.From SIEM tuning and threat hunting to digital forensics and disaster recovery, learn how to master every objective through practical strategies and rapid-fire review questions.

If your security stops at the network's edge, it's already too late. In this CISSP Deep Dive, we take you inside Domain 4—Communication & Network Security—with a Zero-Trust mindset.Explore how traditional models fail and why "never trust, always verify" is essential for securing today's complex networks. From secure protocols to micro-segmentation and cloud-edge controls, this episode connects every CISSP Domain 4 concept to practical Zero-Trust implementation.

Send us a textThe cybersecurity landscape grows more complex each day, especially when it comes to protecting critical infrastructure. In this essential episode of the CISSP Cyber Training Podcast, Sean Gerber breaks down Domain 2 of the CISSP certification - a vital area representing approximately 10% of the exam questions that every security professional must master.Sean begins with a timely discussion of the recently discovered Honeywell Experion PKS vulnerability that could allow remote manipulation of industrial processes. This real-world example perfectly illustrates why understanding industrial control security is crucial across all sectors - from energy and water treatment to manufacturing and healthcare. The vulnerability serves as a sobering reminder that patching isn't always straightforward in environments that operate 24/7/365.Diving into Domain 2.1, Sean meticulously explains data classification fundamentals - how sensitivity levels are assigned based on business value, regulatory requirements, and potential compromise impact. He walks through the relationship between classification levels (public through highly confidential) and corresponding handling procedures. The podcast builds logically through ownership concepts, introducing essential roles like data owners, custodians, stewards, and asset owners.Perhaps most valuable is Sean's practical exploration of asset inventory management. Drawing from his extensive experience, he shares surprising stories of servers found in bathroom closets and emphasizes why knowing your asset locations isn't just good practice - it's essential for incident response and vulnerability management.The episode thoroughly covers the complete data lifecycle from collection through destruction. Sean explains data minimization principles, location considerations for sovereignty compliance, maintenance requirements, and proper destruction techniques. His discussion of data remnants highlights why simply deleting files is never sufficient for sensitive information.Sean wraps up with crucial insights on end-of-life system management and data protection technologies including encryption, DRM, DLP, and Cloud Access Security Brokers. His rapid review approach efficiently condenses critical knowledge while maintaining depth where it matters most.Whether you're preparing for the CISSP exam or seeking to strengthen your security program, this episode delivers actionable knowledge you can immediately apply. Visit CISSP Cyber Training for free study resources and take the next step in your cybersecurity journey today!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecuring SaaS environments and mastering security assessment techniques are critical skills for today's cybersecurity professionals. This episode delivers a powerful examination of Domain 6.3 of the CISSP certification, focusing on security testing methodologies that can make or break your organization's defensive posture.Sean Gerber begins with a startling statistic: 96.7% of organizations now use at least one SaaS application, yet many fail to properly secure these cloud-based services. When you migrate from on-premises solutions to SaaS offerings, your sensitive data moves from environments protected by your security infrastructure to those secured by third parties. This fundamental shift demands rigorous risk assessment processes. Sean provides practical guidance on evaluating SaaS providers, emphasizing critical areas like data encryption practices, multi-factor authentication implementation, account access controls, and comprehensive backup strategies.The heart of this episode explores essential testing methodologies every security professional should master. Black box testing techniques like penetration testing simulate real-world attacks without prior knowledge of system internals. Vulnerability assessments evaluate risk exposure by systematically identifying weaknesses. Dynamic analysis tests systems during operation, while code reviews catch vulnerabilities before deployment. Each approach serves a unique purpose in a comprehensive security program. Sean clarifies the crucial distinction between false positives (incorrectly identified vulnerabilities) and false negatives (missed vulnerabilities), explaining why the latter pose a significantly greater risk to organizations.Whether you're preparing for the CISSP exam or strengthening your organization's security posture, this episode provides the knowledge you need to implement effective security assessment strategies. Join our growing community of security professionals at CISSP Cyber Training, where you'll find additional resources to accelerate your cybersecurity journey while supporting a worthy cause – all proceeds go to a nonprofit supporting adoptive families. Take your security knowledge to the next level and make a difference!Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA shocking cybersecurity case recently hit the headlines—a 50-year-old IT contractor sentenced to over 8 years in prison for acting as a mule for North Korean hackers. What makes this story particularly alarming? Companies were unknowingly shipping laptops directly to her, providing legitimate access credentials that she then shared with foreign adversaries. This case serves as a powerful reminder of why third-party risk management isn't just a compliance exercise but a critical security function.Diving into CISSP Domain 6.3, we explore the fundamental security processes that could prevent such compromises. User account lifecycle management forms the backbone of organizational security, from proper identity verification during onboarding to the principle of least privilege and role-based access controls. We examine the critical differences between disabling and deleting accounts during deprovisioning, and why service accounts deserve special attention as high-value targets for attackers.Security assessments and audits provide the verification mechanisms needed to ensure your controls are both properly designed and effectively operating. Understanding the distinction between vulnerability assessments, penetration tests, and formal audits helps you build a comprehensive evaluation strategy. We clarify the differences between SOC Type 1 and Type 2 reports when evaluating service providers, and explain why metrics must be measurable, actionable, relevant, timely, and attributional (SMARTA) to drive meaningful security improvements.Perhaps most critically, we address backup verification strategies—because discovering your backups are corrupted during a recovery situation is a career-limiting event. Through practical guidance on security training approaches, enforcement mechanisms, and measurement techniques, this episode provides both CISSP candidates and practicing security professionals with actionable insights to strengthen their security programs. Ready to transform your security posture? Listen now, then visit CISSPCyberTraining.com for more resources to accelerate your cybersecurity journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of The Other Side of the Firewall's Thursday episode, Ask a CISSP, Ryan Williams Sr. interviews Angela Diaz, an expert in risk management and fraud prevention. They discuss the importance of understanding the three lines of defense in risk management, the impact of fraud on individuals and organizations, and the career pathways available in the field. Angela shares her personal journey into risk management, the significance of soft skills, and her involvement in the Fraud Fight Club initiative. The conversation also touches on mindfulness practices and the importance of maintaining a balanced life outside of work. Contact Angela - https://www.linkedin.com/in/angela-diaz-crmp-37430064/ Fraud Fight Club - https://www.fraudfightclub.com/ Please buy my book: https://theothersideofthefirewall.com Socials: Website - www.ramcyber.io Heroes Media Group: https://www.heroesmediagroup.com/shows/the-other-side-of-the-firewall/ Audio - https://podcasts.apple.com/us/podcast/the-other-side-of-the-firewall/id1542479181 YouTube - https://www.youtube.com/@theothersideofthefirewall7511 ReppedFLIX - https://lnkd.in/eVis2CbS WDJY 99.1 FM: https://www.wdjyfm.com/ TuneIn: https://lnkd.in/e2crcZU8 Facebook - https://www.facebook.com/profile.php?id=61556539026086 Instagram - https://www.instagram.com/theothersideofthefw X (Twitter) - https://twitter.com/Ask_a_CISSP TikTok - https://www.tiktok.com/@ryanwilliams683 Medium - https://medium.com/@ryanwilliamssenior Subscribe to LinkedIn Newsletter - https://www.linkedin.com/build-relation/newsletter-follow?entityUrn=7172626552545865728 LinkedIn - https://www.linkedin.com/company/the-other-side-of-the-firewall/ Ryan on Twitter, LinkedIn, Clubhouse, and Threads - @ryrysecurityguy Chris on LinkedIn - https://www.linkedin.com/in/chrisabacon/ Chapters 00:00 Introduction to Risk Management and Fraud 03:58 Understanding the Three Lines of Defense 11:58 The Importance of Risk Management in Financial Institutions 19:45 Career Pathways in Risk Management 25:59 Soft Skills for Success in Risk Management 29:47 Engagement in the Fraud Fight Club Initiative 37:49 Personal Insights and Mindfulness Practices 41:43 Conclusion and Future Connections #cybersecurity #riskmanagement #fraud

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvThe cybersecurity landscape is rapidly evolving, and AI stands at the forefront of this transformation. In this thought-provoking episode, Shon Gerber explores the projected $450 billion impact AI will have by 2028 and what this means for security professionals today.With only 2% of companies having fully deployed AI solutions and 39% not yet exploring them, we're at the beginning of a massive shift that will fundamentally change how organizations approach security. Shon provides a candid assessment of why cybersecurity roles haven't yet been automated (risk aversion) and why this protection is temporary—predicting significant changes within the next five years.For CISSP candidates, the episode delivers exceptional value through a detailed breakdown of five Domain 1 questions. Rather than simply providing correct answers, Shon dissects each question to reveal the underlying principles and reasoning. This approach helps listeners develop the critical thinking needed to succeed not just on the exam, but in real-world security scenarios.The questions cover essential security concepts including risk treatment strategies, due diligence versus due care, professional ethics, policy versus procedure distinctions, and governance structures. Each explanation includes common points of confusion and practical workplace applications, bridging the gap between exam preparation and professional practice.Perhaps most valuable is Shon advice on navigating ethical dilemmas in security consulting. His guidance on how to inform clients of regulatory violations while maintaining professional relationships demonstrates the nuanced people skills that separate truly effective security leaders from technical practitioners.Ready to future-proof your cybersecurity career while preparing for CISSP certification? This episode delivers actionable insights for both immediate exam success and long-term career viability in an AI-transformed landscape. Check out CISSPCyberTraining.com for additional resources, including 360 free practice questions to accelerate your certification journey.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvLooking to strengthen your organization's defenses against unauthorized access? This episode dives deep into CISSP Domain 5.1, exploring the critical components of physical and logical access controls that protect your most valuable assets.We begin with a startling discussion about China's "Maciantool" - sophisticated software secretly deployed at security checkpoints to extract SMS messages, GPS data, and images from travelers' phones. You'll learn practical strategies for protecting executive devices during international travel, including recommendations for burner phones and proper security protocols at checkpoints.The foundation of effective access control starts with proper identity proofing and registration processes. We examine how to match verification rigor with resource sensitivity and explore the four authentication factors: something you know (passwords), something you have (tokens), something you are (biometrics), and something you do (keystroke patterns). Understanding how multi-factor authentication leverages these factors is essential for building robust security layers.From preventative controls that stop unauthorized actions before they occur to detective measures that identify incidents after the fact, we break down each access control type with real-world examples. You'll discover how physical barriers like fences and man traps work alongside compensating controls when primary measures aren't feasible, plus strategies for implementing corrective actions after security breaches occur.The principle of least privilege emerges as a central theme throughout our discussion - granting users only the minimum access necessary prevents credential creep while maintaining operational efficiency. We also emphasize the critical importance of documentation, regular testing, and effective communication channels for all access control measures.Visit CISSP Cyber Training for free resources including practice questions, study plans, and additional podcasts. Ready to advance your cybersecurity career? Check out our mentoring programs designed to help you maximize both job fulfillment and income potential.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this powerful episode, we sit down with cybersecurity executive and thought leader Tammy Klotz to explore the profound impact of compassionate leadership in high-stakes environments. Tammy shares a deeply personal story of receiving crucial support from a leader during a professional and personal crisis—a moment that shaped her own leadership philosophy and redefined how she views strength in the workplace.We discuss what it means to show vulnerability in a world that often demands perfection, and why soft skills like emotional intelligence, grace, and empathy aren't optional—they're essential. Tammy opens up about how leaders can create psychological safety, establish rituals that foster connection and trust, and give explicit permission for authenticity, rest, boundaries, and even failure.This conversation is a masterclass in human-centered leadership and a reminder that some of the most powerful things leaders can offer don't come from a playbook—they come from the heart.Topics Covered:The moment a leader's support changed everythingCreating space for vulnerability in high-performing teamsWhy emotional intelligence and empathy are critical leadership skillsBuilding team rituals that support culture and connectionThe impact of leaders giving “permission” to be humanGuest Bio:Tammy Klotz is the Chief Information Security Officer at Trinseo, a Top 100 CISO, and the author of Leading with Empathy & Grace. With over 30 years in cybersecurity leadership, she is redefining what it means to lead with both strength and soul. She holds esteemed certifications including CISM, CISSP, and CRISC, and has earned notable accolades such as the 2022 Covanta Leadership Award and recognition as a Top 100 CISO by Cyber Defense Magazine in 2023. Tammy is also the author of "Leading with Empathy & Grace: Secrets to Developing High-Performing Teams", where she shares insights on leadership, resilience, and emotional intelligence.Resources: Leading with Empathy and Grace - Tammy KlotzLeading with Empathy and Grace: Secrets to Developing High- Performing TeamsRituals Roadmap - Erica KeswinRituals Roadmap: The Human Way to Transform Everyday Routines into Workplace MagicThe Anxious Generation - Jonathan Haidt The Anxious Generation: How the Great Rewiring of Childhood Is Causing an Epidemic of Mental Illness

In this conversation, Chris Glandon interviews Josh Mason, a Solutions Architect at CINAC and founder of Newb Village. They discuss Josh's journey from being a U.S. Air Force pilot to entering the cybersecurity field, his motivation behind creating Newb Village to support newcomers in the industry, and his new book 'Speak Security with a Business Accent'. They also explore the role of SYNAC in cybersecurity and share insights on creating a welcoming environment for new professionals in the field. The conversation wraps up with a light-hearted discussion about unique bars and venues in the cybersecurity community.00:00 Josh Mason's Journey into Cybersecurity08:38 The Birth of Noob Village20:02 Speak Security with a Business Accent26:59 Transforming Technical Language for Business Impact30:01 Understanding Metrics for Different Audiences33:15 Aligning Business Goals with Security Metrics36:49 Insights into SYNAC and Its Offerings47:22 Exploring Unique Bars and Venues48:37 Imagining a Cybersecurity-Themed BarSYMLINK[Noob Village] - An inclusive space at DEF CON is designed to welcome and guide newcomers in the cybersecurity community. It offers resources like pamphlets, volunteers (“buddies”), and a booth called “No Stupid Questions” to support first-time attendees.Noob Village LinkedIn Page –A LinkedIn organization page with updates about volunteer calls, community news, and DEF CON involvement .[Joshua C. Mason – LinkedIn] - A cybersecurity leader and vCISO profile with extensive experience, offering insights on Noob Village, initiatives for veterans, and IT-to-security career development. Frequently shares event involvement (like DEF CON), mentorship tips, and professional updates.[Joshua C. Mason – Website] – Josh's professional website for Mason Security Consulting (Mason SC), where he offers vCISO services, cybersecurity consultancy, and insights from his military and IT background.[Mason SC Book Page] - Josh Mason's personal site, where signed copies of his book are available. The book includes cybersecurity leadership insights drawn from his experiences in the Air Force and IT.[Onward to Opportunity – A career training program for veterans, offering free training and certification opportunities in areas like project management and IT, including PMP and CISSP prep.[Synack] - A cybersecurity company offering “pen test as a service.” It connects clients with vetted ethical hackers using a managed platform to identify exploitable vulnerabilities efficiently.

Send us a textSecurity vulnerabilities lurk in the most unexpected places – even in your home internet modem. Today we kick off with breaking news about a security flaw discovered in Cox modems that could potentially allow unauthorized access to run malicious commands on connected devices. While Cox reports fixing the issue within 24 hours, this real-world example perfectly illustrates a critical concept we explore further: how exposed APIs often become significant data exfiltration points because organizations fail to track and manage their connections properly.Diving into our CISSP Question Thursday, we tackle fifteen practice questions specifically targeting Domain 3.1.2 and 3.1.3 concepts. These questions explore fundamental security principles including encryption standards (why AES-256 trumps proprietary algorithms), access controls (how custom APIs demonstrate both abstraction and access restriction), and defense in depth strategies (protecting data across multiple states). Each question builds practical understanding of how these principles apply in real-world scenarios – from secure boot configurations that hide complexity from users to the dangers of storing all encryption keys on a single, inadequately protected server.The beauty of these practice questions lies in their practical applications. We examine how stenography conceals data within other files, how security defaults strengthen systems through pre-configuration, and how patching vulnerabilities relates to maintaining secure environments (while acknowledging that patches themselves can sometimes introduce new issues). Whether you're actively preparing for the CISSP exam or simply looking to strengthen your cybersecurity knowledge, these practice scenarios provide valuable training in identifying and addressing common security challenges. Visit cisspcybertraining.com to access this episode's questions and many more resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textThe medieval castle with its moat, high walls, and sentries provides the perfect metaphor for modern cybersecurity. Just as each defensive element served a specific purpose in protecting the castle, today's information security requires multiple layers working in concert to safeguard digital assets.Shon Gerber opens this episode with a timely discussion of the UnitedHealthcare ransomware attack, which reportedly cost $22 million and sparked controversy around the CISO's qualifications. This real-world example perfectly frames the importance of defense in depth strategies that could have prevented such a catastrophic breach.The core of defense in depth involves implementing multiple security controls that protect various aspects of information systems. Shon walks through each layer, starting with perimeter security (firewalls, IDS/IPS systems), moving to access controls and data security (encryption, DLP), and continuing through system hardening and detection mechanisms. Each layer serves two crucial purposes: stopping attackers altogether or, at minimum, slowing them down enough that they move on to easier targets.Particularly enlightening is Shon's breakdown of abstraction in security - how operating systems, networking protocols, databases, and APIs hide complexity from users while maintaining protection. This concept extends to data hiding techniques like steganography, tokenization, and encryption that conceal sensitive information from prying eyes.The episode concludes with an examination of secure defaults - the principle that systems should ship with security enabled rather than requiring manual configuration. Shon provides practical guidance on implementing secure defaults and overcoming common challenges like vendor limitations and legacy systems.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode delivers actionable insights on building robust, multi-layered defense strategies that balance protection with usability. Visit CISSP Cyber Training for additional resources, including practice questions and comprehensive study materials.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textMicrosoft recently released 137 security patches, with 14 critical vulnerabilities that could allow attackers to seize control of Windows systems with minimal user interaction. Among these, the Windows authentication negotiation flaw rated at 9.8 severity poses a significant threat to all current Windows versions. For security professionals, this underscores the crucial importance of effective patch management strategies—balancing timely updates against thorough testing procedures.When approaching CISSP certification, understanding different investigation types provides essential context for security operations. Administrative investigations address potential policy violations and inappropriate resource usage, while criminal investigations gather evidence when laws are broken. Civil investigations resolve disputes between parties, regulatory investigations examine compliance with industry mandates, and standards investigations assess adherence to best practices like ISO 27001. Each investigation type requires distinct approaches and yields different outcomes, from disciplinary actions to legal proceedings.The security documentation hierarchy—policies stating high-level objectives, standards specifying mandatory requirements, procedures providing step-by-step instructions, and guidelines offering flexible recommendations—creates a comprehensive framework for organizational security. However, these documents must use clear, accessible language that employees can understand and apply, not just legal jargon that looks impressive but goes unread.Business continuity planning begins with a thorough Business Impact Analysis that identifies critical functions and establishes recovery objectives. This foundational work must involve stakeholders from across the organization to ensure operational reality aligns with security requirements. Similarly, personnel security extends beyond employee screening to include robust onboarding, transfer, and termination procedures—with equivalent controls for third-party relationships.Risk management concepts form the core of security operations, from identifying threats and vulnerabilities to selecting appropriate controls. Understanding the distinction between preventative, detective, corrective, deterrent, and compensating controls enables security professionals to build comprehensive protection strategies. Combined with threat modeling methodologies like STRIDE and PASTA, these concepts create the framework for proactive security postures.Ready to deepen your CISSP knowledge? Visit CISSP Cyber Training for both free resources and comprehensive paid training options that will help you pass your exam the first time while building practical security expertise.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textReady to conquer CISSP Domain 1? This rapid review episode delivers essential knowledge on security and risk management fundamentals that form the cornerstone of information security practice.We begin with a timely discussion on preventing ransomware through exfiltration controls, noting the alarming shift where 90% of ransomware attacks now involve data theft. The practical advice on implementing zero trust architecture acknowledges real-world challenges while providing actionable steps for gradual deployment.Diving into Domain 1, we explore the ISC² Code of Professional Ethics and its four critical canons: protecting society and infrastructure, acting honorably, providing competent services, and advancing the security profession. The CIA triad (Confidentiality, Integrity, Availability) is thoroughly unpacked alongside the critical concepts of Authenticity and Non-repudiation, with practical examples of how these manifest in organizational security.Security governance emerges as a crucial topic, emphasizing the necessity of aligning security efforts with business objectives rather than operating in isolation. Practical guidance on establishing effective governance committees, defining clear roles, and implementing proper segregation of duties provides real-world context beyond theoretical concepts.The complexity of compliance requirements is demystified as we navigate legal regulations, industry standards, contractual obligations, and escalating privacy requirements. Particular attention is given to data breach notification timelines, evidence collection procedures, and transborder data flow considerations – all essential knowledge for modern security professionals.Whether you're preparing for the CISSP exam or seeking to strengthen your security program, this rapid review provides the comprehensive foundation you need. Visit cisspcybertraining.com for additional resources including practice questions and study materials to support your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutReady to master data classification for your CISSP exam? This episode delivers exactly what you need through fifteen practical questions that mirror real exam scenarios, all focused on Domain 2.1.1.The cybersecurity world is constantly evolving, and our discussion of the newly formed ARPA-H demonstrates this perfectly. Modeled after DARPA but focused on healthcare innovation, this agency represents a $50 million opportunity for security professionals to tackle the persistent ransomware threats plaguing the healthcare industry.Diving into our practice questions, we explore how marketing materials receive "sensitive" classifications, while revolutionary battery technology blueprints warrant "class three severe impact" protection. We clarify why social security numbers in healthcare settings fall under Protected Health Information rather than just PII, and why government agencies use distinctive classification schemas including terms like "top secret" that aren't merely arbitrary labels.The episode tackles complex scenarios including cloud storage responsibilities (you retain ownership of customer data even when stored by third parties), the limitations of DLP solutions for printed documents, and proper breach response protocols. Each question provides context-rich explanations that go beyond simple answers to build your understanding of the underlying principles.Perhaps most valuable is our exploration of classification system design - revealing why simply labeling all non-public information as "sensitive" creates security vulnerabilities by failing to distinguish between different impact levels. This practical insight helps you not just memorize concepts but understand how to implement effective classification in real-world environments.Whether you're studying for your CISSP exam or wanting to strengthen your organization's security posture, these fifteen questions provide the perfect framework for mastering data classification principles. Visit cisspcybertraining.com to access our complete blueprint and mentoring services guaranteed to help you pass the CISSP exam on your first attempt.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textEffective data classification isn't just about regulatory compliance—it's the foundation of your entire security program. Whether you're preparing for the CISSP exam or leading security initiatives at your organization, understanding how to identify, categorize, and protect sensitive information is critical to your success.This episode dives deep into the world of sensitive data management, breaking down the fundamental frameworks and approaches you need to master. Data classification might seem deceptively simple on the surface, but implementing it effectively requires navigating complex regulatory environments, understanding technical controls, and driving cultural change within your organization.We begin by exploring what constitutes sensitive data across different industries—from financial institutions prioritizing monetary data to healthcare organizations safeguarding patient information. You'll learn about key regulatory frameworks like GDPR and HIPAA, their specific requirements, and the substantial penalties for non-compliance. The episode provides a practical breakdown of classification schemes in both government and private sectors, with actionable advice on simplifying these systems to improve employee compliance.Most importantly, we address the critical human element of data protection. Without clear ownership and responsibility, sensitive information falls victim to the "tragedy of the commons"—accessible to everyone but protected by no one. The episode outlines strategies for assigning data ownership and implementing controls throughout the entire information lifecycle, from creation through disposal.Along the way, we examine an emerging privacy concern with Microsoft's Copilot "recall" feature that captures screenshots of everything you do on your computer. This real-world example perfectly illustrates the constant tension between innovation and privacy that security professionals must navigate daily.Whether you're just starting your security journey or looking to refine your approach as a seasoned professional, this episode provides the practical knowledge you need to build robust data protection strategies that balance security requirements with business needs. Subscribe now to continue building your cybersecurity expertise and prepare for the challenges of tomorrow's threat landscape.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Send us a textCheck us out at: https://www.cisspcybertraining.com/Ethical dilemmas lurk around every corner in cybersecurity, ready to challenge even the most technically competent professionals. Sean Gerber tackles these moral minefields head-on in this thought-provoking episode focused on CISSP Domain 1.1, presenting fifteen real-world ethical scenarios that will test your professional judgment.The episode opens with crucial context about the New York Department of Financial Services (NYDFS) and its significant influence on cybersecurity standards in the financial sector. Sean explains how their recent bulletin addressing Iranian threats emphasizes essential security controls including multi-factor authentication and third-party risk management - requirements that extend well beyond the financial industry.Diving into the ethical scenarios, listeners will confront challenging questions: What would you do upon discovering a concealed data breach orchestrated by previous leadership? How should you handle a zero-day vulnerability when the vendor is notorious for slow responses? Is it ever appropriate to modify security logging standards when employees resist what they perceive as surveillance?Through each scenario, Sean walks through multiple possible responses, highlighting the correct ethical choice while acknowledging the complex organizational dynamics at play. The discussions reveal that ethical practice isn't just about knowing the right answer—it's about effectively implementing ethical decisions through proper channels, documentation, and constructive solutions.The episode offers invaluable guidance for anyone preparing for the CISSP exam or working in cybersecurity, demonstrating that while technical competence opens doors in this field, ethical judgment keeps those doors from slamming shut. As cyber threats evolve in complexity, the moral compass of security professionals becomes an increasingly critical asset in protecting organizations and their stakeholders.Ready to test your ethical judgment against CISSP standards? Visit CISSPcybertraining.com for 360 free practice questions and additional resources to strengthen both your technical knowledge and ethical reasoning.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us a textEthical leadership lies at the heart of effective cybersecurity practice. In this episode, we dive deep into Domain 1.1 of the CISSP certification, exploring professional ethics and their critical importance for security professionals.The episode opens with a sobering look at the current landscape of cyber warfare, examining how Israeli-linked hackers are actively targeting Iran's financial systems. This real-world example serves as a stark reminder that cyber conflicts aren't theoretical—they're happening now, with devastating consequences for both government systems and ordinary citizens. For security professionals, this underscores the urgent need for robust resilience planning and strategic preparation for highly targeted attacks.We then unpack the ISC² Code of Ethics through its four foundational canons: protecting society and the common good, acting with integrity, providing competent service, and advancing the profession. Each canon is explored with practical examples and real-world implications. The message becomes clear—security professionals possess extraordinary power through their knowledge and system access, and with this comes profound responsibility.Throughout the discussion, we emphasize that ethical considerations extend beyond compliance requirements. They touch everything from handling sensitive data and discovering vulnerabilities to implementing AI systems and creating organizational cultures where ethical concerns can be safely raised. The principle of "do no harm" stands paramount, recognizing that security decisions impact not just organizations but the individuals who rely on these systems for their livelihoods.Whether you're preparing for your CISSP certification, already working in the field, or leading security teams, this episode provides crucial insights into the ethical framework that must guide cybersecurity practice. Because in information security, ethics isn't just about following rules—it's about protecting people and building trust in the digital systems that increasingly power our world.Ready to strengthen your ethical leadership in cybersecurity? Visit our website for resources including practice questions, mentorship opportunities, and comprehensive CISSP exam preparation materials.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In the AI era, trust is everything and it's under attack. How do you build digital trust when AI is changing the rules and attackers are getting smarter? Discover how today's CISOs are stepping up, adapting to AI risks, and learning from history to protect our digital future. In this episode of the Fit4Privacy Podcast, host Punit Bhatia is joined by Nick Shevelyov, a cybersecurity expert with extensive experience as a CISO and Chief Privacy Officer, and author of Cyber War and Peace. The discussion focuses on the evolving challenges for Chief Information Security Officers (CISOs) in the age of AI, highlighting risks such as deep fakes and hyper-targeted attacks. Nick emphasizes the importance of translating technical risks into business risks for board members and discusses the implications of new AI legislation, particularly California's SB 468.  Tune in to gain insights into managing digital trust, safeguarding personal data, and the strategic initiatives needed to combat emerging cybersecurity threats.  KEY CONVERSION POINT 00:01:50 How would you define the concept of trust 00:05:26 How do you place trust? How are they shifting? What kind of swans? 00:09:06 How are CISO coping with the change of AI era? 00:20:01 Insights in CISO Perspective for US/California direction in law of terms 00:23:06 About “Cyber War…and Peace: Building Digital Trust Today, with History as our Guide” book 00:27:50 How to get in touch with Nick   ABOUT GUEST Nick Shevelyov helps build next-gen tech companies from the ideation stage. His work includes StackRox (Kubernetes security, acquired by Red Hat for $400M), Kodem (software composition analysis, Greylock Series A), Bedrock Security (data-loss prevention, Greylock Series A), and Laminar (shadow data discovery, Insight Ventures Series A).He advises founders and CEOs on product and go-to-market strategy, boosting time-to-value for companies like Pixee.ai, Quokka.io, Boostsecurity.io, and ETZ. He works across all stages, from seed to IPO.Nick consults with Insight Partners (also an LP) and FTV Capital, and serves on advisory boards for ForgePoint Capital, Mayfield Fund, Evolution Equity Partners, NightDragon, YL Ventures, and Glynn Capital.He is on the boards of Cofense | Phishme and the Bay Area CSO Council (BACC), an invite-only group of CISOs from leading Bay Area companies. A former CIO, he is also an honorary member of the Blumberg Technology Council.Nick authored Cyber War…and Peace and brings historical and behavioral insights to tech and risk management. He holds an Executive MBA from USF and certifications from Stanford, Harvard, plus CISSP, CISM, and CIPPE.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites: www.fit4privacy.com,www.punitbhatia.com,https://www.linkedin.com/in/nicholasshevelyov/, https://vcso.ai/   Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

Send us a textThe pursuit of AI expertise has reached staggering heights in the cybersecurity world. Meta reportedly offering "billion-dollar salaries" and $100 million sign-on bonuses to lure OpenAI talent reveals just how valuable the intersection of AI and security has become. This episode explores why security professionals should seriously consider developing AI skills while highlighting that most organizations are still figuring out their AI security strategy – creating massive opportunity for those who can help bridge the knowledge gap.Transitioning to our main feature, we dive deep into Domain 8.5 of the CISSP with 15 critical questions covering secure coding practices. From preventing XML External Entity attacks to understanding race conditions in concurrent applications, each question unpacks vital security concepts through practical scenarios. Learn why disabling DTDs in XML parsers, implementing proper input validation for APIs, and using prepared statements with parameterized queries are fundamental to building secure applications.The episode explores modern security challenges including infrastructure as code, OAuth 2.0 implementation, and the importance of implementing proper code review processes. Whether you're preparing for the CISSP exam or expanding your practical security knowledge, these questions provide valuable insight into how security vulnerabilities manifest and how to properly mitigate them. Each explanation goes beyond simple answers to help you understand the underlying principles that make certain practices more effective than others.Ready to accelerate your CISSP journey? Visit CISSP Cyber Training for access to hundreds of practice questions, video content, and resources designed to help you pass the exam on your first attempt. Leave a review and let us know what topics you'd like covered next!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin SearlePub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you're a C-suite executive, a seasoned cyber pro, or brand new to OT security, you'll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io https://www.linkedin.com/in/meeas/ Email: justin@controlthings.io Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Join The Full Nerd gang as they talk about the latest PC hardware topics. In this episode the gang talks with security expert Mike Danseglio, CISSP & CEH, about the Windows 10 end of life situation, whether now is the time to switch to Linux, the rise of new kinds of scams and more. And of course we answer your questions live! Windows 10 security updates: https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates Sign up for The Full Nerd newsletter: https://www.pcworld.com/newsletters/signup The opening music is Rollout (MaxPC Theme) by Jeremy Williams used under a Creative Commons 3.0 attrib license. You can grab the source files at Podcast Fantastic: http://podcastfantastic.com/ Join the PC related discussions and ask us questions on Discord: https://discord.gg/SGPRSy7 Follow the crew on X: @AdamPMurray @BradChacos @MorphingBall @WillSmith ============= Follow PCWorld! Website: http://www.pcworld.com X: https://www.x.com/pcworld =============

We're back! It's time for a "Meet The Mentor" session with our newest CISSP Program Instructor, John Kennedy. From joining the Air Force to being an ISSM and a cybersecurity mentor, John transports us from his challenges in tech to now leading live sessions, the pressure of building slide decks, and why giving back is essential to him and the security field. Listen to hear John's success story and get a glimpse into to this year's CISSP Cohort! For more information on FRSecure's CISSP Program, visit our webpage:https://frsecure.com/cissp-mentor-program/And register for this year's cohort through our event page! CISSP Program 2025 Registration--Continue to stay connected with our happenings through our social platforms! LinkedIn InstagramFacebookBlueSkyAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

The powerful and emerging world of quantum computing is on its way. Quantum computing is a technology that is set to redefine privacy, trust, and artificial intelligence. What does quantum computing really mean, how will it change the digital trust landscape, what will happen when organizations gain quantum capabilities, and how existing standards and laws can help us govern. Quantum computing is still in its early stages, but it promises to open new possibilities, bring new challenges, and create risks we need to understand today.  To help us navigate this complex but exciting topic, host Punit Bhatia speaks with cybersecurity expert Ramsés Gallego about the exciting and challenging world of quantum computing. With over 25 years of experience in cybersecurity and technology governance, Ramsés brings not just knowledge, but incredible energy to the discussion — "quantum energy," as we like to say. Will it change the way we define and manage digital trust?   KEY CONVERSION POINT 00:02:20 How would you define digital trust 00:05:03 Demystify what is Quantum 00:10:52 How Quantum change the AI game? 00:15:44 What will happen if you acquire Quantum Computing 00:19:17 How are we seeing digital trust dimension with Quantum Computing? 00:28:10 How would an organization or a corporate govern this? 00:33:20 Get in touch with Ramses  ABOUT GUEST With an MBA and Law education, Ramsés Gallego is a +25 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now  Chief Technologist Cybersecurity with DXC, where he defines the vision and mission, purpose and promise of the division. He has recently been Strategist & Evangelist for the office of the CTO with Symantec and holds the following professional accreditations: CISM, CGEIT, CISSP, SCPM, CCSK, ITIL and COBIT Foundations. An internationally recognized public speaker, has visited +25 different countries in the past 12 months and has been awarded 'Best Speaker' in four continents. He is also a Six Sigma Black Belt professional and is proud of being Past International VP for ISACA's Board of Directors, actual President of the Barcelona Chapter, Ambassador of the association and honored to be inducted into the ISACA Hall of Fame. Ramsés is also Executive Vice President of the Quantum World Association and has had the US flag flown on his honor at The Capitol, in Washington DC, USA. With already 22 Marathons -and other crazy adventures- on his legs he lives in Barcelona, Spain, with his wonderful wife and his two loved kids.  ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.  As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/ramsesgallego/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy  

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Building Trust and Bridging the Gap in OT and IT CybersecurityPub date: 2025-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with Dean Parsons, one of the most recognized names in the OT and industrial control systems (ICS) security world, for a candid and insightful conversation.   Join Aaron and Dean as they explore what it truly takes to bridge the worlds of IT and OT. Drawing from decades of industry experience, their discussion covers everything from building trust across teams, to the superpower of understanding both operational technology and cybersecurity. Expect real-world stories, practical advice on breaking into OT cybersecurity, and memorable lessons from the plant floor to the boardroom.   They also break down what makes OT security fundamentally different from traditional IT approaches, why risk-based strategies are essential, and how building relationships, sometimes over donuts and coffee—can be just as important as deploying firewalls and patching systems. Whether you're new to ICS and OT security, or a seasoned defender looking for fresh perspective, this episode brings actionable tips, honest assessments, and inspiration to help you better protect what matters most.   So grab your hard hat (and maybe a box of donuts!), and get ready for a masterclass on collaboration, building skills, and why trust is the real currency in the fight to secure our critical infrastructure.   Key Moments:    05:32 Listening Over Speaking in Legacy Spaces 07:01 IT Security Teamwork and Trust 11:21 Cost-Efficient ICS Security Solutions 15:42 Converging Skill Sets in IT Security 17:36 OT vs IT: Different Risks 22:28 Prioritizing Post-Assessment Actions 23:20 Prioritize SANS ICS Critical Controls 29:31 Engineering Perspective on Critical Assets 30:47 Detecting Misuse of Control Systems 35:52 Collaborative Incident Response Dynamics 39:03 Remote Hydroelectric Plant Journey 40:45 Building Trust with Baked Goods 44:55 "Safety Crucial in Facility Disruptions" 48:50 ICS Security: Closing Safety Gaps 53:37 Enhancing ICS Security Controls 57:18 "ICS Summit and LinkedIn Activities"   About the guest :  Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, electric generation, transmission, distribution, and oil & gas refineries, storage, and distribution, and water management. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!”    Over the course of his career, Dean's accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully conducting industrial-grade incident response and tabletops, ICS digital forensics, and ICS/OT Cybersecurity assessments across multiple sectors. As a SANS Principal Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response, is a co-author of the SANS Course ICS418: ICS Security Essentials for Managers and an author of SANS ICS Engineer Technical Awareness Training. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®, and holds a BS in computer science. When not in the field, Dean spends tine chasing icebergs off the coast of Newfoundland on a jetski, or writing electric 80s inspired electronic music in this band Arcade Knights.   Resources Mentioned:  5 ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ SANS ICS Cybersecurity Summit: https://www.sans.org/cyber-security-training-events/ics-security-summit-2025/ How to connect Dean:  https://www.linkedin.com/in/dean-parsons-cybersecurity/ https://www.sans.org/profiles/dean-parsons/ Dean's Book: https://www.amazon.com/ICS-Cybersecurity-Field-Manual-EXCLUSIVE/dp/B0CGG6GMHW/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

“Networking is a two-way street, and I always emphasize the give aspect. When I meet someone new, I try to understand their needs and figure out how I can help them.” – Michael Morgan Today's featured award-winning author is a motivational speaker, mentor, and consultant, Michael Morgan. Michael and I had a fun on a bun chat about his book, “The Power Of Networking: Strategies for Career Excellence, Job Development, and Building Greater Triumphs in Your Work”, the power of changing your zip code, and more!!!Key Things You'll Learn:What led Michael to write and publish his first bookWhy stepping out of your comfort zone is essential to career successWhat setback led him to create more successTwo common networking mistakes to avoidMichael's Site: https://michaelvmorgan.com/Michael's Book: https://a.co/d/7WKc10HThe opening track is titled, “North Wind and the Sun” by Trevin P. To listen to and download the full track, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…Ep. 306 – “Be The SPARK” with Dr. Simon T. Bailey (@SimonTBailey): https://www.goingnorthpodcast.com/ep-306-be-the-spark-with-simon-t-bailey-simontbailey/Ep. 669 – “Save Your Asks” with Chris Tuff (@christuff): https://www.goingnorthpodcast.com/ep-669-save-your-asks-with-chris-tuff-christuff/Ep. 623 - "The Day One Executive" With April Armstrong (@ahaconsult): https://www.goingnorthpodcast.com/ep-623-the-day-one-executive-with-april-armstrong-ahaconsult/Ep. 336.5 (H2H Special) – “Own Your Career Own Your Life” with Andy Storch (@AndyStorch): https://www.goingnorthpodcast.com/ep-3365-h2h-special-own-your-career-own-your-life-with-andy-storch-andystorch/Ep. 857 – Side Hustle & Flow with Cliff Beach, DTM (@cliffbeachmusic): https://www.goingnorthpodcast.com/ep-857-side-hustle-flow-with-cliff-beach-dtm-cliffbeachmusic/Ep. 691 – “How to Spark Your Heart and Ignite Your Life” with Hilary DeCesare (@HilaryDeCesare): https://www.goingnorthpodcast.com/ep-691-how-to-spark-your-heart-and-ignite-your-life-with-hilary-decesare-hilarydecesare/Ep. 795 – If You Want to Win, Start Within with Ahmard Vital (@ahmardvital): https://www.goingnorthpodcast.com/ep-795-if-you-want-to-win-start-within-with-ahmard-vital-ahmardvital/Ep. 632 – “The Career Toolkit” with Mark Herschberg (@CareerToolkitBk): https://www.goingnorthpodcast.com/ep-632-the-career-toolkit-with-mark-herschberg-careertoolkitbk/Ep. 353 – “Free Agent” with Rennie Curran (@RennieCurran53): https://www.goingnorthpodcast.com/ep-353-free-agent-with-rennie-curran-renniecurran53/Ep. 307 – “Failure Is Not The Problem, It's The Beginning Of Your Success” with Col. George Milton: https://www.goingnorthpodcast.com/ep-307-failure-is-not-the-problem-its-the-beginning-of-your-success-with-col-george-milton/270 – "Forever Employable" with Jeff Gothelf (@jboogie): https://www.goingnorthpodcast.com/270-forever-employable-with-jeff-gothelf-jboogie/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/Ep. 768 – How You Can Become a Valuable Leader with Velma Knowles: https://www.goingnorthpodcast.com/ep-768-how-can-you-become-a-valuable-leader-with-velma-knowles/Ep. 931 – Proven Sales Management Wisdom for a Limitless Career with Meghan Clarke (@meghanclarkeofficial): https://www.goingnorthpodcast.com/ep-931-proven-sales-management-wisdom-for-a-limitless-career-with-meghan-clarke-meghanclarkeoff/

Craig Taylor is a seasoned cybersecurity leader, CISSP since 2001, and co-founder of CyberHoot, a fully automated SaaS platform that teaches cyber literacy to SMBs and MSPs. As a virtual CISO for over 35 companies and founder of a growing vCISO peer group, he brings deep expertise and collaborative insight to the cybersecurity field. A gifted speaker, Rotarian, and cancer research fundraiser, Craig blends technical leadership with a passion for service and community.Master of Your Crafts is a captivating podcast featuring conversations with individuals who have dedicated themselves to mastering their craft. Whether it's a gift, talent or skill that comes naturally to them, these individuals have taken ownership and honed their abilities to perfection. Through deep conversation, we delve into their inner dialogue, actions and life circumstances offering words of wisdom to empower and guide you on a journey to becoming the master of your own craft.For more information, visit our website https://masterofyourcrafts.com and Bright Shining Light Website: https://brightshininglight.comStay connected with us:- Facebook: https://www.facebook.com/masterofyourcrafts- Instagram: https://www.instagram.com/MasterOfYourCrafts/- Spotify: https://open.spotify.com/show/1M0vp9HoK7kkP1w4ij7PJd?si=7d383a92b93b4e2c- ApplePodcast: https://podcasts.apple.com/ca/podcast/master-of-your-crafts/id1512818795- Amazon Music: https://music.amazon.ca/podcasts/b15079de-bc6a-487c-b8f8-faca73d0f685/master-of-your-crafts- Google Play: https://podcasts.google.com/feed/aHR0...

“You do not deserve to be harassed, or disrespected, or demeaned in your workplace. That is not normal.” – Jeff Davis Today's featured award-winning bestselling author is a mental health advocate, international keynote speaker, world traveler, TEDx speaker, and digital marketing expert, Jeff Davis. Jeff and I had a fun on a bun chat about his new book, “The Courage To Leave: Breaking Free from Toxic Workplaces”, the importance of self-advocacy, prioritizing your well-being, and more!!Key Things You'll Learn:How he legally challenged a multi-billion dollar company and wonHow he dealt with his severe burnout experience while living overseas during COVID-19The importance of recognizing the signs of burnout and taking proactive steps to address itStrategies for coping with toxic work environments and finding supportWhy standing up for yourself is necessary for your well-beingJeff's Site: https://jeffdspeaks.com/Jeff's Books: https://www.amazon.com/stores/author/B00PF0QL8U/allbooksJeff's TEDx Talk: https://youtu.be/b_hwMJMBBvQ?si=2ozFiXTJF_FkDrOTThe opening track is titled, “North Wind and the Sun” by Trevin P. to listen to the full track and download it, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…14 - "Reach Your Mountaintop" Jeff Davis (@JeffDavis027): https://www.goingnorthpodcast.com/14-reach-your-mountaintop-jeff-davis-jeffdavis027/Ep. 322.5 (H2H Special) – “Burnout Proof” with Michael Levitt (@bfastleadership): https://www.goingnorthpodcast.com/ep-3225-h2h-special-burnout-proof-with-michael-levitt-bfastleadership/Ep. 836 – The 6% Club with Dr. Michelle Rozen (@DrMichelleRozen): https://www.goingnorthpodcast.com/ep-836-the-6-club-with-dr-michelle-rozen-drmichellerozen/Ep. 943 – How to Create a Team Culture Where Everyone Thrives with Dr. Patricia Grabarek & Dr. Katina Sawyer (@WorkrBeeing): https://www.goingnorthpodcast.com/ep-943-how-to-create-a-team-culture-where-everyone-thrives-with-dr-patricia-grabarek-dr-katin/Ep. 764 – The 5 Languages of Appreciation in the Workplace with Dr. Paul White (@drpaulwhite): https://www.goingnorthpodcast.com/ep-764-the-5-languages-of-appreciation-in-the-workplace-with-dr-paul-white-drpaulwhite/Ep. 502 – “A Leadership Development Strategy To Bond And Unite” With Amy P. Kelly (@AmyPKelly): https://www.goingnorthpodcast.com/ep-502-a-leadership-development-strategy-to-bond-and-unite-with-amy-p-kelly-amypkelly/Ep. 571 – “A Powerful Culture Starts with You” with Dr. Shahrzad Nooravi (@shahrzadnooravi): https://www.goingnorthpodcast.com/ep-571-a-powerful-culture-starts-with-you-with-dr-shahrzad-nooravi-shahrzadnooravi/#Bonus Host2Host Ep.– “Unleashing the Power of Respect” with Dr. Joseph Shrand (@Drjoeshrand): https://www.goingnorthpodcast.com/bonus-host2host-ep-unleashing-the-power-of-respect-with-dr-joseph-shrand-drjoeshrand/Ep. 411 – “Name That Mouse” with David Wood (@_focusceo): https://www.goingnorthpodcast.com/ep-411-name-that-mouse-with-david-wood-_focusceo/44 - "How to Work With Jerks" by Eric Williamson (@TTS_Williamson): https://www.goingnorthpodcast.com/44-how-to-work-with-jerks-by-eric-williamson-tts_williamson/Ep. 372 – “The Grit Factor” with Shannon Huffman Polson (@ABorderLife): https://www.goingnorthpodcast.com/ep-372-the-grit-factor-with-shannon-huffman-polson-aborderlife/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/