Podcasts about cissp

  • 329PODCASTS
  • 1,789EPISODES
  • 35mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Jun 19, 2025LATEST

POPULARITY

20172018201920202021202220232024

Categories



Best podcasts about cissp

Show all podcasts related to cissp

Latest podcast episodes about cissp

The FIT4PRIVACY Podcast - For those who care about privacy
CISO Role In Age of AI with Nick Shevelyov and Punit Bhatia in the FIT4PRIVACY Podcast E141 S06

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later Jun 19, 2025 30:23


In the AI era, trust is everything and it's under attack. How do you build digital trust when AI is changing the rules and attackers are getting smarter? Discover how today's CISOs are stepping up, adapting to AI risks, and learning from history to protect our digital future. In this episode of the Fit4Privacy Podcast, host Punit Bhatia is joined by Nick Shevelyov, a cybersecurity expert with extensive experience as a CISO and Chief Privacy Officer, and author of Cyber War and Peace. The discussion focuses on the evolving challenges for Chief Information Security Officers (CISOs) in the age of AI, highlighting risks such as deep fakes and hyper-targeted attacks. Nick emphasizes the importance of translating technical risks into business risks for board members and discusses the implications of new AI legislation, particularly California's SB 468.  Tune in to gain insights into managing digital trust, safeguarding personal data, and the strategic initiatives needed to combat emerging cybersecurity threats.  KEY CONVERSION POINT 00:01:50 How would you define the concept of trust 00:05:26 How do you place trust? How are they shifting? What kind of swans? 00:09:06 How are CISO coping with the change of AI era? 00:20:01 Insights in CISO Perspective for US/California direction in law of terms 00:23:06 About “Cyber War…and Peace: Building Digital Trust Today, with History as our Guide” book 00:27:50 How to get in touch with Nick   ABOUT GUEST Nick Shevelyov helps build next-gen tech companies from the ideation stage. His work includes StackRox (Kubernetes security, acquired by Red Hat for $400M), Kodem (software composition analysis, Greylock Series A), Bedrock Security (data-loss prevention, Greylock Series A), and Laminar (shadow data discovery, Insight Ventures Series A).He advises founders and CEOs on product and go-to-market strategy, boosting time-to-value for companies like Pixee.ai, Quokka.io, Boostsecurity.io, and ETZ. He works across all stages, from seed to IPO.Nick consults with Insight Partners (also an LP) and FTV Capital, and serves on advisory boards for ForgePoint Capital, Mayfield Fund, Evolution Equity Partners, NightDragon, YL Ventures, and Glynn Capital.He is on the boards of Cofense | Phishme and the Bay Area CSO Council (BACC), an invite-only group of CISOs from leading Bay Area companies. A former CIO, he is also an honorary member of the Blumberg Technology Council.Nick authored Cyber War…and Peace and brings historical and behavioral insights to tech and risk management. He holds an Executive MBA from USF and certifications from Stanford, Harvard, plus CISSP, CISM, and CIPPE.ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.Punit is the author of books “Be Ready for GDPR” which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites: www.fit4privacy.com,www.punitbhatia.com,https://www.linkedin.com/in/nicholasshevelyov/, https://vcso.ai/   Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy   

The Full Nerd
Episode 352: Security Expert Talks Windows 10 EOL, The Rise Of Scams & More

The Full Nerd

Play Episode Listen Later Jun 17, 2025 174:14


Join The Full Nerd gang as they talk about the latest PC hardware topics. In this episode the gang talks with security expert Mike Danseglio, CISSP & CEH, about the Windows 10 end of life situation, whether now is the time to switch to Linux, the rise of new kinds of scams and more. And of course we answer your questions live! Windows 10 security updates: https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates Sign up for The Full Nerd newsletter: https://www.pcworld.com/newsletters/signup The opening music is Rollout (MaxPC Theme) by Jeremy Williams used under a Creative Commons 3.0 attrib license. You can grab the source files at Podcast Fantastic: http://podcastfantastic.com/ Join the PC related discussions and ask us questions on Discord: https://discord.gg/SGPRSy7 Follow the crew on X: @AdamPMurray @BradChacos @MorphingBall @WillSmith ============= Follow PCWorld! Website: http://www.pcworld.com X: https://www.x.com/pcworld =============

CISSP Cyber Training Podcast - CISSP Training Program
CCT 254: Understanding APIs for the CISSP Exam (Domain 8.5)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 16, 2025 40:46 Transcription Available


Send us a textCybersecurity vulnerabilities continue to emerge in unexpected places, as evidenced by the recent Iranian-backed attacks on U.S. water treatment facilities through poorly secured Unitronics PLCs. This alarming development sets the stage for our deep dive into API security - a critical yet often overlooked aspect of modern cybersecurity strategy.APIs form the connective tissue of our digital world, enabling seamless communication between different software systems. However, this interconnectivity creates numerous potential entry points for attackers. From RESTful APIs with their statelessness to enterprise-focused SOAP protocols and the newer GraphQL systems, each implementation brings unique security challenges that must be addressed proactively.We explore the most common API security threats facing organizations today: injection attacks that exploit poorly coded interfaces, broken authentication mechanisms that enable unauthorized access, sensitive data exposure through improper configurations, and man-in-the-middle attacks that intercept communications. Understanding these threats is just the beginning - implementing robust countermeasures is where real security happens.Authentication and access controls form the foundation of API security. OAuth, OpenID Connect, and token-based authentication systems provide powerful protection when implemented correctly. However, token management practices - including secure storage, proper revocation procedures, and regular refreshing - are equally critical yet frequently overlooked components of a comprehensive security strategy.API gateways emerge as perhaps the most valuable security control in your arsenal. Acting as centralized checkpoints, they provide enhanced visibility, consistent authentication enforcement, traffic throttling capabilities, and simplified management across numerous API connections. Cloud-based API gateways from major providers offer scalability and robust features that on-premises solutions struggle to match.Beyond the technical controls, we discuss the human element of API security. The most secure implementations balance protection with functionality while fostering collaboration between security professionals and developers. As I emphasize throughout the episode, effective security isn't about forcing compliance - it's about building bridges of understanding between teams with different expertise.Ready to strengthen your API security posture or prepare for your CISSP exam? Visit cisspcybertraining.com for free questions, comprehensive courseware, and a proven blueprint for certification success.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 253: Practice CISSP Questions - Conduct logging and monitoring activities (Domain 7.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 12, 2025 25:09 Transcription Available


Send us a textSecurity professionals face a constant battle to keep up with evolving threats, and our latest CISSP Question Thursday podcast delivers critical insights into one of the most fundamental cybersecurity capabilities: effective logging and monitoring.The episode begins with a warning about a sophisticated attack campaign targeting recruiters. The hacker group FIN6 (Skeleton Spiders) has been creating fake candidate profiles with malware-laced resume attachments, tricking HR professionals into downloading zip files containing the "More Eggs" JavaScript backdoor. This social engineering tactic exploits normal recruiting workflows to steal credentials and gain network access. We discuss why security teams must partner with recruitment departments to develop specialized awareness training and technical controls to address this growing threat.Diving into CISSP Domain 7.2, we explore fifteen practical questions about logging and monitoring implementations. We cover critical distinctions between detection and prevention technologies, explaining why deep packet inspection is essential for identifying encrypted command and control communications over HTTPS. We examine why log integrity and non-repudiation are paramount when logs may serve as legal evidence, and why HR data provides crucial context for User and Entity Behavior Analytics (UEBA) systems trying to identify insider threats.For those implementing Network Intrusion Prevention Systems, we emphasize the importance of deployment in detection-only mode for extended tuning periods before enabling blocking capabilities. We examine why mean time to respond (MTTR) to critical incidents provides the most holistic metric for evaluating security operations effectiveness, and why automated ingestion of threat intelligence feeds delivers the most value for continuous monitoring objectives.This episode balances technical depth with practical implementation guidance, making it valuable for both CISSP candidates preparing for the exam and practicing security professionals looking to strengthen their monitoring capabilities. Visit CISSP Cyber Training for access to all our training materials and sign up for 360 free practice questions to accelerate your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 252: Logging and Monitoring Security Activities for the CISSP (Domain 7.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 9, 2025 44:45 Transcription Available


Send us a textDive deep into the critical world of security logging and monitoring as we explore Domain 7.2 of the CISSP certification. This episode unpacks the strategic considerations behind effective logging practices that balance comprehensive visibility with practical resource management.We begin with a thought-provoking look at Anthropic's new AI chatbot designed specifically for classified government environments. Could this be the beginning of something like Skynet? While AI offers tremendous capabilities for processing classified data, these developments raise important questions about reliability, oversight, and unintended consequences.The heart of this episode focuses on building a robust logging and monitoring strategy. We examine the various types of logs you should consider—security logs, system logs, application logs, network logs, and database logs—while emphasizing the importance of starting small and focusing on critical systems. You'll learn why centralized logging through SIEM platforms has become the industry standard, and how to approach log retention policies that balance regulatory requirements with storage costs.Active monitoring, passive monitoring, and the correlation of events each serve distinct security purposes. We explore how techniques like log sampling and clipping levels can help manage the overwhelming volume of data modern networks generate, while highlighting the risks of missing critical security events if these techniques aren't properly implemented.Special attention is given to egress monitoring—watching what leaves your network—as a crucial but often overlooked security practice. Since attackers ultimately need to extract data from compromised systems, monitoring outbound traffic can catch breaches even when the initial compromise was missed.The episode rounds out with discussions on emerging technologies transforming the security monitoring landscape: SOAR tools that automate security operations, the integration of AI and machine learning for threat detection, and the strategic use of threat intelligence to understand attacker methodologies through frameworks like the cyber kill chain.Whether you're preparing for the CISSP exam or working to strengthen your organization's security monitoring capabilities, this episode provides both the conceptual understanding and practical considerations you need. Connect with us at CISSP Cyber Training for more resources to support your certification journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

UNSECURITY: Information Security Podcast
Unsecurity Episode 239: Meet the Mentor - CISSP w/ John Kennedy

UNSECURITY: Information Security Podcast

Play Episode Listen Later Jun 6, 2025 30:35


We're back! It's time for a "Meet The Mentor" session with our newest CISSP Program Instructor, John Kennedy. From joining the Air Force to being an ISSM and a cybersecurity mentor, John transports us from his challenges in tech to now leading live sessions, the pressure of building slide decks, and why giving back is essential to him and the security field. Listen to hear John's success story and get a glimpse into to this year's CISSP Cohort! For more information on FRSecure's CISSP Program, visit our webpage:https://frsecure.com/cissp-mentor-program/And register for this year's cohort through our event page! CISSP Program 2025 Registration--Continue to stay connected with our happenings through our social platforms! LinkedIn InstagramFacebookBlueSkyAbout FRSecure: https://frsecure.com/ FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start, or looking for a team of experts to collaborate with you, we are ready to serve.

The FIT4PRIVACY Podcast - For those who care about privacy
Quantum Computing with Ramsés Gallego and Punit Bhatia in the FIT4PRIVACY Podcast E140 S06

The FIT4PRIVACY Podcast - For those who care about privacy

Play Episode Listen Later Jun 5, 2025 36:50


The powerful and emerging world of quantum computing is on its way. Quantum computing is a technology that is set to redefine privacy, trust, and artificial intelligence. What does quantum computing really mean, how will it change the digital trust landscape, what will happen when organizations gain quantum capabilities, and how existing standards and laws can help us govern. Quantum computing is still in its early stages, but it promises to open new possibilities, bring new challenges, and create risks we need to understand today.  To help us navigate this complex but exciting topic, host Punit Bhatia speaks with cybersecurity expert Ramsés Gallego about the exciting and challenging world of quantum computing. With over 25 years of experience in cybersecurity and technology governance, Ramsés brings not just knowledge, but incredible energy to the discussion — "quantum energy," as we like to say. Will it change the way we define and manage digital trust?   KEY CONVERSION POINT 00:02:20 How would you define digital trust 00:05:03 Demystify what is Quantum 00:10:52 How Quantum change the AI game? 00:15:44 What will happen if you acquire Quantum Computing 00:19:17 How are we seeing digital trust dimension with Quantum Computing? 00:28:10 How would an organization or a corporate govern this? 00:33:20 Get in touch with Ramses  ABOUT GUEST With an MBA and Law education, Ramsés Gallego is a +25 year security professional with deep expertise in the Risk Management and Governance areas. Ramsés is now  Chief Technologist Cybersecurity with DXC, where he defines the vision and mission, purpose and promise of the division. He has recently been Strategist & Evangelist for the office of the CTO with Symantec and holds the following professional accreditations: CISM, CGEIT, CISSP, SCPM, CCSK, ITIL and COBIT Foundations. An internationally recognized public speaker, has visited +25 different countries in the past 12 months and has been awarded 'Best Speaker' in four continents. He is also a Six Sigma Black Belt professional and is proud of being Past International VP for ISACA's Board of Directors, actual President of the Barcelona Chapter, Ambassador of the association and honored to be inducted into the ISACA Hall of Fame. Ramsés is also Executive Vice President of the Quantum World Association and has had the US flag flown on his honor at The Capitol, in Washington DC, USA. With already 22 Marathons -and other crazy adventures- on his legs he lives in Barcelona, Spain, with his wonderful wife and his two loved kids.  ABOUT HOST Punit Bhatia is one of the leading privacy experts who works independently and has worked with professionals in over 30 countries. Punit works with business and privacy leaders to create an organization culture with high privacy awareness and compliance as a business priority. Selectively, Punit is open to mentor and coach professionals.  Punit is the author of books “Be Ready for GDPR'' which was rated as the best GDPR Book, “AI & Privacy – How to Find Balance”, “Intro To GDPR”, and “Be an Effective DPO”. Punit is a global speaker who has spoken at over 30 global events. Punit is the creator and host of the FIT4PRIVACY Podcast. This podcast has been featured amongst top GDPR and privacy podcasts.  As a person, Punit is an avid thinker and believes in thinking, believing, and acting in line with one's value to have joy in life. He has developed the philosophy named ‘ABC for joy of life' which passionately shares. Punit is based out of Belgium, the heart of Europe.  RESOURCES Websites www.fit4privacy.com, www.punitbhatia.com, https://www.linkedin.com/in/ramsesgallego/ Podcast https://www.fit4privacy.com/podcast Blog https://www.fit4privacy.com/blog YouTube http://youtube.com/fit4privacy  

CISSP Cyber Training Podcast - CISSP Training Program
CCT 251: Practice CISSP Questions - Security Control Testing, Vulnerability Assessments and Network Scanning (Domain 6.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 5, 2025 19:53 Transcription Available


Send us a textThe boundaries between digital vulnerabilities and physical warfare are dissolving before our eyes. Ukrainian forces have dramatically shifted military paradigms by marrying cybersecurity breaches with commercial drone attacks against strategic Russian targets like Tupolev aircraft manufacturers. This evolution demands security professionals develop capabilities far beyond traditional network defense – a stark reminder that our field continues expanding into unexpected territories.Security testing forms the foundation of effective defense, and distinguishing between key methodologies is crucial both for the CISSP exam and real-world implementation. Vulnerability assessments detect weaknesses, while penetration tests exploit them to demonstrate actual impact. When evaluating your security testing approach, consider the perspective advantage: internal testing reveals different vulnerabilities than external probing, each simulating distinct attacker vantage points. False negatives represent perhaps the greatest danger in security testing – providing a dangerous illusion of safety while leaving actual vulnerabilities unaddressed.Testing approaches vary in depth and disclosure level. Black box testing simulates external attacks with no prior system knowledge. White box testing grants complete access to internal architecture. Gray box testing offers a middle ground with partial system information – a cost-effective approach for organizations with tighter budgets. Red teams validate incident response plans through realistic attack simulations, while authenticated scans reveal vulnerabilities that exist beyond login barriers. By mastering these concepts for Domain 6.2, you'll build essential knowledge that translates directly to creating more secure environments and passing your CISSP exam the first time. Join us at CISSP Cyber Training for free practice questions and comprehensive preparation resources to accelerate your cybersecurity career.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

@BEERISAC: CPS/ICS Security Podcast Playlist
Building Trust and Bridging the Gap in OT and IT Cybersecurity

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 4, 2025 60:38


Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Building Trust and Bridging the Gap in OT and IT CybersecurityPub date: 2025-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with Dean Parsons, one of the most recognized names in the OT and industrial control systems (ICS) security world, for a candid and insightful conversation.   Join Aaron and Dean as they explore what it truly takes to bridge the worlds of IT and OT. Drawing from decades of industry experience, their discussion covers everything from building trust across teams, to the superpower of understanding both operational technology and cybersecurity. Expect real-world stories, practical advice on breaking into OT cybersecurity, and memorable lessons from the plant floor to the boardroom.   They also break down what makes OT security fundamentally different from traditional IT approaches, why risk-based strategies are essential, and how building relationships, sometimes over donuts and coffee—can be just as important as deploying firewalls and patching systems. Whether you're new to ICS and OT security, or a seasoned defender looking for fresh perspective, this episode brings actionable tips, honest assessments, and inspiration to help you better protect what matters most.   So grab your hard hat (and maybe a box of donuts!), and get ready for a masterclass on collaboration, building skills, and why trust is the real currency in the fight to secure our critical infrastructure.   Key Moments:    05:32 Listening Over Speaking in Legacy Spaces 07:01 IT Security Teamwork and Trust 11:21 Cost-Efficient ICS Security Solutions 15:42 Converging Skill Sets in IT Security 17:36 OT vs IT: Different Risks 22:28 Prioritizing Post-Assessment Actions 23:20 Prioritize SANS ICS Critical Controls 29:31 Engineering Perspective on Critical Assets 30:47 Detecting Misuse of Control Systems 35:52 Collaborative Incident Response Dynamics 39:03 Remote Hydroelectric Plant Journey 40:45 Building Trust with Baked Goods 44:55 "Safety Crucial in Facility Disruptions" 48:50 ICS Security: Closing Safety Gaps 53:37 Enhancing ICS Security Controls 57:18 "ICS Summit and LinkedIn Activities"   About the guest :  Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, electric generation, transmission, distribution, and oil & gas refineries, storage, and distribution, and water management. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!”    Over the course of his career, Dean's accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully conducting industrial-grade incident response and tabletops, ICS digital forensics, and ICS/OT Cybersecurity assessments across multiple sectors. As a SANS Principal Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response, is a co-author of the SANS Course ICS418: ICS Security Essentials for Managers and an author of SANS ICS Engineer Technical Awareness Training. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®, and holds a BS in computer science. When not in the field, Dean spends tine chasing icebergs off the coast of Newfoundland on a jetski, or writing electric 80s inspired electronic music in this band Arcade Knights.   Resources Mentioned:  5 ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ SANS ICS Cybersecurity Summit: https://www.sans.org/cyber-security-training-events/ics-security-summit-2025/ How to connect Dean:  https://www.linkedin.com/in/dean-parsons-cybersecurity/ https://www.sans.org/profiles/dean-parsons/ Dean's Book: https://www.amazon.com/ICS-Cybersecurity-Field-Manual-EXCLUSIVE/dp/B0CGG6GMHW/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 250: Vulnerability Assessments and Network Scanning and the CISSP (D6.2.1)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Jun 2, 2025 39:54 Transcription Available


Send us a textVulnerability assessments serve as the frontline defense against cybersecurity threats, yet many professionals struggle to understand the terminology and methodologies that make them effective. In this comprehensive episode, we demystify the critical components of vulnerability management that every security practitioner should master – whether you're preparing for the CISSP exam or strengthening your organization's security posture.We begin by examining recent ransomware attacks targeting municipal governments across the United States, highlighting how 28 county and tribal governments have already fallen victim in 2024 alone. These incidents underscore why vulnerability management isn't just theoretical knowledge but an urgent practical necessity for protecting critical infrastructure and services.Diving into the technical foundations, we explore how the Common Vulnerability and Exposures (CVE) system works, from discovery to disclosure, and how the Common Vulnerability Scoring System (CVSS) helps prioritize remediation efforts through its base, temporal, and environmental metrics. You'll gain clarity on related frameworks including CPE, CCE, and OVAL, understanding how these pieces fit together to create a comprehensive vulnerability management approach.The episode also provides a practical breakdown of network scanning techniques essential for vulnerability discovery, including SYN scans, TCP connect scans, ACK scans, UDP scans, and Christmas tree scans. We explain the intricacies of the TCP handshake process and how different scanning methods leverage various aspects of this protocol to identify potential vulnerabilities while avoiding detection.We also examine how AI-assisted code generation is transforming development practices, with 70% of professional developers expected to use these tools by 2027. While this technology promises significant productivity gains, it creates new security challenges that vulnerability assessment processes must address.Whether you're studying for the CISSP exam or looking to strengthen your organization's security practices, this episode equips you with the knowledge to implement effective vulnerability management. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Grey Dynamics
Grey Dynamics Presents the OpSec Podcast: A Guide By Former USIC Cyber Contractor

Grey Dynamics

Play Episode Listen Later May 30, 2025 67:14


Welcome back to Grey Dynamics. Today, we are thrilled to announce the OpSec Podcast, a project from our cyber intelligence and operational security expert, which will be produced and edited in-house every couple of weeks. Allen, the show host, is a seasoned intelligence and defence professional with over twenty years of experience, including military service, government contracting and the private sector. Specialising in Intelligence, Surveillance, and Reconnaissance (ISR) collection operations. Allen holds a Master of Science in Cybersecurity and top-tier certifications including CISSP and CASP+. Additionally, his career spans global assignments leading multinational teams and supporting mission-critical programs for the United States military and allied partners. Currently, he serves as a GEOINT advisor for the United States government and an OPSEC specialist in Grey Dynamics team. Find AllenLinkedIn ProfileOpSec PodcastIntel ReportsRelated LinksGrey Dynamics Intelligence Capability Development and TrainingGrey Dynamics Operational SupportGrey Dynamics Open Source Intelligence ServicesGrey Dynamics Case StudiesGrey Dynamics StoryAdvance Your Intelligence Career Today!We are the first fully online intelligence school helping professionals to achieve their long-term goals. Our school with tons of new material is currently under construction and will be out there very The Grey Dynamics Podcast is available on all major platforms!YouTubeSpotifyApple PodcastGoogle PodcastAmazon Podcast Hosted on Acast. See acast.com/privacy for more information.

The Other Side Of The Firewall
Dr. Jimmy Davies on 90 Years of Black Entrepreneurial Mentorship & the Future of Tech | Ask a CISSP

The Other Side Of The Firewall

Play Episode Listen Later May 29, 2025 40:29


In this episode, Dr. Jimmy Davies shares his inspiring journey from a variety of jobs to becoming a successful entrepreneur and technology expert. He discusses the importance of mentorship, community support, and the evolution of technology in entrepreneurship. Dr. Davies emphasizes the significance of embracing AI and technology for future business success while also highlighting the legacy of Every.Black, an organization dedicated to supporting Black entrepreneurs. The conversation touches on personal insights, the importance of networking, and the need for a mindset shift towards production and ownership in the community. Please LISTEN

CISSP Cyber Training Podcast - CISSP Training Program
CCT 249: Practice CISSP Questions - De-provisioning and Role Definitions (Domain 5.5.2-3)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 29, 2025 19:10 Transcription Available


Send us a textRansomware attacks are surging at an alarming rate - a Scottish non-profit recently reported a 100% increase year-over-year, with fraud cases expected to exceed $33 million. Even more concerning, businesses report feeling less resilient against these threats than in previous years. As cybersecurity professionals, we have a responsibility to help organizations understand and mitigate these risks before they become existential threats.Today's CISSP Question Thursday dives deep into Domain 5 concepts that directly address these challenges. We explore fifteen carefully crafted practice questions covering user account provisioning, deprovisioning, the principle of least privilege, Privileged Access Management (PAM), and identity governance. Each question targets critical knowledge areas you'll need to master for exam success while providing practical insights you can immediately apply to strengthen organizational security postures.The practice questions reveal important security principles: collecting user information must precede role assignment in the provisioning process; deprovisioning should occur immediately upon employment termination; personal preferences should never determine access rights; and PAM tools are essential for securing privileged accounts. We also examine why multi-factor authentication enhances security through multiple verification forms while Single Sign-On improves user experience by simplifying authentication processes.Whether you're preparing for the CISSP exam or looking to strengthen your organization's security practices, this episode provides actionable knowledge to protect against today's evolving threat landscape. Visit CISSPCyberTraining.com to access our comprehensive blueprint and additional resources designed to help you pass your exam the first time. Share your thoughts on today's questions and let us know what topics you'd like us to cover in future episodes!Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Going North Podcast
Ep. 959 – How Networking Can Unlock & Advance Your Professional Growth with Michael Morgan

Going North Podcast

Play Episode Listen Later May 28, 2025 36:15


“Networking is a two-way street, and I always emphasize the give aspect. When I meet someone new, I try to understand their needs and figure out how I can help them.” – Michael Morgan Today's featured award-winning author is a motivational speaker, mentor, and consultant, Michael Morgan. Michael and I had a fun on a bun chat about his book, “The Power Of Networking: Strategies for Career Excellence, Job Development, and Building Greater Triumphs in Your Work”, the power of changing your zip code, and more!!!Key Things You'll Learn:What led Michael to write and publish his first bookWhy stepping out of your comfort zone is essential to career successWhat setback led him to create more successTwo common networking mistakes to avoidMichael's Site: https://michaelvmorgan.com/Michael's Book: https://a.co/d/7WKc10HThe opening track is titled, “North Wind and the Sun” by Trevin P. To listen to and download the full track, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…Ep. 306 – “Be The SPARK” with Dr. Simon T. Bailey (@SimonTBailey): https://www.goingnorthpodcast.com/ep-306-be-the-spark-with-simon-t-bailey-simontbailey/Ep. 669 – “Save Your Asks” with Chris Tuff (@christuff): https://www.goingnorthpodcast.com/ep-669-save-your-asks-with-chris-tuff-christuff/Ep. 623 - "The Day One Executive" With April Armstrong (@ahaconsult): https://www.goingnorthpodcast.com/ep-623-the-day-one-executive-with-april-armstrong-ahaconsult/Ep. 336.5 (H2H Special) – “Own Your Career Own Your Life” with Andy Storch (@AndyStorch): https://www.goingnorthpodcast.com/ep-3365-h2h-special-own-your-career-own-your-life-with-andy-storch-andystorch/Ep. 857 – Side Hustle & Flow with Cliff Beach, DTM (@cliffbeachmusic): https://www.goingnorthpodcast.com/ep-857-side-hustle-flow-with-cliff-beach-dtm-cliffbeachmusic/Ep. 691 – “How to Spark Your Heart and Ignite Your Life” with Hilary DeCesare (@HilaryDeCesare): https://www.goingnorthpodcast.com/ep-691-how-to-spark-your-heart-and-ignite-your-life-with-hilary-decesare-hilarydecesare/Ep. 795 – If You Want to Win, Start Within with Ahmard Vital (@ahmardvital): https://www.goingnorthpodcast.com/ep-795-if-you-want-to-win-start-within-with-ahmard-vital-ahmardvital/Ep. 632 – “The Career Toolkit” with Mark Herschberg (@CareerToolkitBk): https://www.goingnorthpodcast.com/ep-632-the-career-toolkit-with-mark-herschberg-careertoolkitbk/Ep. 353 – “Free Agent” with Rennie Curran (@RennieCurran53): https://www.goingnorthpodcast.com/ep-353-free-agent-with-rennie-curran-renniecurran53/Ep. 307 – “Failure Is Not The Problem, It's The Beginning Of Your Success” with Col. George Milton: https://www.goingnorthpodcast.com/ep-307-failure-is-not-the-problem-its-the-beginning-of-your-success-with-col-george-milton/270 – "Forever Employable" with Jeff Gothelf (@jboogie): https://www.goingnorthpodcast.com/270-forever-employable-with-jeff-gothelf-jboogie/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/Ep. 768 – How You Can Become a Valuable Leader with Velma Knowles: https://www.goingnorthpodcast.com/ep-768-how-can-you-become-a-valuable-leader-with-velma-knowles/Ep. 931 – Proven Sales Management Wisdom for a Limitless Career with Meghan Clarke (@meghanclarkeofficial): https://www.goingnorthpodcast.com/ep-931-proven-sales-management-wisdom-for-a-limitless-career-with-meghan-clarke-meghanclarkeoff/

CISSP Cyber Training Podcast - CISSP Training Program
CT 248: Implementing Authentication Systems (SAML, OpenID, ODIC, Kerberos, RADIUS/TACACS+) - Domain 5.6

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 26, 2025 34:21 Transcription Available


Send us a textNavigating the complex landscape of authentication frameworks is essential for any cybersecurity professional, especially those preparing for the CISSP exam. This deep-dive episode unravels the intricate world of authentication systems that protect our digital identities across multiple platforms and services.We begin by examining OAuth 2.0 and OpenID Connect (OIDC), exploring how these token-based frameworks revolutionize third-party authentication without exposing user credentials. When you click "Login with Google," you're experiencing these protocols in action—reducing password reuse while maintaining security across digital services. Learn the difference between authorization flows and how these systems interact to verify your identity seamlessly across the web.The podcast then transitions to Security Assertion Markup Language (SAML), breaking down how this XML-based protocol establishes trust between identity providers and service providers. Through practical examples, we illustrate how SAML enables web single sign-on capabilities across educational institutions, corporate environments, and cloud services—creating that "connective tissue" between disparate systems while enhancing both security and user experience.Kerberos, MIT's powerful network authentication protocol, takes center stage as we explore its ticketing system architecture. Named after the three-headed dog of Greek mythology, this protocol's Authentication Service, Ticket Granting Service, and Key Distribution Center work in concert to verify identities without transmitting passwords across networks. We also discuss critical considerations like time synchronization requirements that can make or break your Kerberos implementation.For remote authentication scenarios, we compare RADIUS and TACACS+ protocols, highlighting their distinct approaches to the AAA (Authentication, Authorization, and Accounting) framework. Discover why network administrators choose UDP-based RADIUS for general network access while preferring the TCP-based TACACS+ for granular administrative control with command-level authorization and full payload encryption.Whether you're studying for the CISSP exam or looking to strengthen your organization's security posture, this episode provides the knowledge foundation you need to implement robust authentication systems in today's interconnected world. Visit CISSP Cyber Training for additional resources to support your cybersecurity journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Sefaz Conecta
#T10#EP14 -Sefaz Conecta com Fábio Savella: segurança da Informação, CSIRT, ataques cibernéticos, antivírus, sites fraudulentos, onças e potes de mel

Sefaz Conecta

Play Episode Listen Later May 25, 2025 42:05


Que tal ficar por dentro do trabalho do CSIRT (Grupo de Resposta a Incidentes de Segurança da Informação) da Sefaz-SP? É só você ficar ligado neste 14º episódio do Sefaz Conecta com o líder técnico de Segurança, Fábio Luiz Savella, que está na Fazenda há mais de 20 anos. Aliás, ele é um dos poucos especialistas do assunto no país a receber o certificado CISSP, que significa "Certified Information Systems Security Professional", reconhecido internacionalmente e um dos certificados mais respeitados no mundo.“A missão do CSIRT é receber, analisar e responder aos incidentes de segurança da informação envolvendo os sistemas computacionais, as redes e domínios da Sefaz-SP, atuando desde a detecção de eventos até a coordenação das ações de resposta”, explica Savella.De acordo com ele, são mais de sete mil estações de trabalho, entre computadores e notebooks, espalhados pelas unidades da secretaria que precisam de atenção redobrada, minuto a minuto, para garantir a confidencialidade, integridade e disponibilidade das informações da Sefaz-SP.Savella diz que “o nosso CSIRT nasceu na época das Olímpiadas do Rio de Janeiro, quando os especialistas previam que o Brasil ia ser atacado por hackers de todo o mundo , e era preciso reforçar a segurança dos sistemas e agrupar pessoas capacitadas para responder a esses incidentes de uma forma mais rápida que a habitual. Nessa época, o site da Sefaz-SP foi alvo de tentativas de ataques que duraram cerca de 30 horas ininterruptas, com o objetivo de roubar informações da secretaria, mas felizmente eles não conseguiram”.O convidado de hoje também recorda que, graças ao trabalho do CSIRT, pelo menos 40 sites fraudulentos criados para enganar os proprietários de veículos que iam pagar o IPVA foram tirados do ar no ano passado.Além de explicar o trabalho da equipe de especialistas do CSIRT, que trabalha 24 horas por dia, sete dias por semana, Fábio Savella fala de sua vida pessoal, das suas viagens pelo Brasil afora, da observação de onças no Pantanal, e de uma arapuca chamada “potes de mel” para atrair os hackers desavisados. É muita história dos bastidores dos sistemas de segurança cibernética da Secretaria da Fazenda e Planejamento!​

Master Of Your Crafts
S7. Ep. 143. Cyber security holes

Master Of Your Crafts

Play Episode Listen Later May 24, 2025 27:39


Craig Taylor is a seasoned cybersecurity leader, CISSP since 2001, and co-founder of CyberHoot, a fully automated SaaS platform that teaches cyber literacy to SMBs and MSPs. As a virtual CISO for over 35 companies and founder of a growing vCISO peer group, he brings deep expertise and collaborative insight to the cybersecurity field. A gifted speaker, Rotarian, and cancer research fundraiser, Craig blends technical leadership with a passion for service and community.Master of Your Crafts is a captivating podcast featuring conversations with individuals who have dedicated themselves to mastering their craft. Whether it's a gift, talent or skill that comes naturally to them, these individuals have taken ownership and honed their abilities to perfection. Through deep conversation, we delve into their inner dialogue, actions and life circumstances offering words of wisdom to empower and guide you on a journey to becoming the master of your own craft.For more information, visit our website https://masterofyourcrafts.com and Bright Shining Light Website: https://brightshininglight.comStay connected with us:- Facebook: https://www.facebook.com/masterofyourcrafts- Instagram: https://www.instagram.com/MasterOfYourCrafts/- Spotify: https://open.spotify.com/show/1M0vp9HoK7kkP1w4ij7PJd?si=7d383a92b93b4e2c- ApplePodcast: https://podcasts.apple.com/ca/podcast/master-of-your-crafts/id1512818795- Amazon Music: https://music.amazon.ca/podcasts/b15079de-bc6a-487c-b8f8-faca73d0f685/master-of-your-crafts- Google Play: https://podcasts.google.com/feed/aHR0...

CISSP Cyber Training Podcast - CISSP Training Program
CCT 247: Mastering Access Controls - From Biometrics to Administrative Policies (CISSP Domain 4)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 22, 2025 18:34 Transcription Available


Send us a textA shocking incident in Spain recently left 60% of the country's power grid dark in less than five seconds. Was it a cyber attack? The jury's still out, but this real-world event perfectly illustrates why understanding access controls and security mechanisms is critical for today's cybersecurity professionals.Sean Gerber, despite battling a cold that affects his voice, delivers a compelling analysis of the Spanish power grid incident before diving into essential CISSP domain four content. He highlights how smaller electrical providers might have fewer security resources, making them attractive targets, and emphasizes the growing importance of professionals who understand both operational technology and information technology security.The episode then transitions into practical CISSP exam preparation, exploring various types of access controls through real-world scenarios. Sean expertly distinguishes between preventative, detective, corrective, and deterrent controls, while also clarifying the differences between physical and logical security mechanisms. Particularly valuable is his breakdown of biometric authentication methods, pointing out how voice recognition (ironically demonstrated by his own cold-affected voice) proves less reliable than alternatives like iris scanning or fingerprinting.Understanding the nuances between Mandatory Access Controls (MAC) and Discretionary Access Controls (DAC), implementing proper identity proofing processes, and recognizing when compensating controls are needed are all critical CISSP concepts covered in this content-rich episode. Whether you're preparing for certification or working to strengthen your organization's security posture, these lessons apply directly to building effective defense-in-depth strategies. Ready to master these concepts and pass your CISSP exam? Visit CISSP Cyber Training for a proven blueprint guaranteed to help you succeed.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT Vendor 03: From Bomb Loader to Hacker - A Journey in Cybersecurity with Clint Steven (Phycyx.com)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 20, 2025 43:28 Transcription Available


Send us a textWhat happens when a former Air Force weapons loader transforms into a cybersecurity expert? Clint Stevens from Physics joins us to share his remarkable journey through military intelligence, special operations support, and cyber warfare before founding his own security consultancy.This conversation peels back the layers of cybersecurity consulting to reveal what truly matters for organizations trying to improve their security posture. Clint explains why expensive security tools often become glorified "paperweights" when organizations fail to understand their specific threat landscape first. His practical approach focuses on identifying business-specific risks rather than implementing generic solutions that waste resources without addressing real vulnerabilities.For aspiring cybersecurity professionals, Clint offers refreshingly honest career advice that contradicts common assumptions. Rather than accumulating certifications without purpose, he emphasizes finding your passion within the vast cybersecurity landscape and developing hands-on experience. "Find what you're most interested in," he advises, noting that true expertise requires thousands of hours of dedication—something only sustainable when you genuinely enjoy the work.Perhaps most valuable is Clint's insight into the crucial skill of translating technical findings into business impacts. This ability to communicate effectively with everyone from system administrators to CEOs—what Sean calls speaking "dolphin to shark"—often determines whether security recommendations are implemented or ignored. The conversation highlights why understanding both the technical and business perspectives is essential for career advancement in cybersecurity.Whether you're preparing for the CISSP exam or exploring career opportunities in information security, this episode delivers practical wisdom from someone who's successfully navigated multiple roles in the field. Visit phycyx.com to learn more about Physics' approach to cybersecurity consulting.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 246: CISSP Training - Secure Communication Protocols (Domain 4.1.3)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 19, 2025 32:35 Transcription Available


Send us a textCybersecurity professionals need a solid understanding of secure communication protocols, not just for exam success but for real-world implementation. This episode unpacks the essential protocols covered in CISSP Domain 4.1.3, providing clear explanations of how each works and when to use them.We begin with a timely discussion of the recent UnitedHealthcare hack, examining how ransomware crippled Change Healthcare systems nationwide. This case study highlights the critical importance of understanding security protocols and being able to articulate potential business impacts to leadership. Sean shares practical approaches for estimating downtime costs to help justify security investments.The heart of this episode explores crucial security protocols including IPsec tunnels, Kerberos authentication, Secure Shell (SSH), and the Signal protocol. Each section covers how these technologies function, their ideal use cases, and their respective strengths and limitations. The discussion extends to transport layer security (TLS), layer 2 tunneling protocol (L2TP), and lesser-known protocols like secure real-time transport protocol (SRTP) and Zimmerman real-time transport protocol (ZRTP).Sean breaks down complex technical concepts into accessible explanations, perfect for both CISSP candidates and practicing security professionals. Understanding these protocols isn't just about passing an exam—it's about making informed decisions when implementing security architecture in your organization. Whether you're preparing for certification or looking to strengthen your organization's security posture, this episode provides valuable insights into the fundamental building blocks of secure communications.Check out cisspcybertraining.com for free resources including practice questions, training videos, and blog posts to support your cybersecurity learning journey.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 245: Practice CISSP Questions - Hashing - Ensuring Message Authenticity with the CISSP (D3.6)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 15, 2025 19:25 Transcription Available


Send us a textSecurity regulations are changing dramatically in response to major breaches, and the implications for cybersecurity professionals are profound. Sean Gerber kicks off this episode with a career announcement, sharing his transition to independent consulting after 13 years with his previous employer—a move that highlights the evolving opportunities in the cybersecurity field.The heart of this episode examines the recent UnitedHealthcare breach, where attackers targeted Change Healthcare, a critical system processing 15 billion healthcare transactions annually. The February ransomware attack led to a $22 million ransom payment and disrupted approximately half of all pharmacy operations across the United States. This incident serves as a perfect case study in critical infrastructure vulnerability and has triggered a significant regulatory response from the Biden administration, which is now promising "tough, mandatory cybersecurity standards" for the healthcare industry.What does this mean for security professionals? Potentially stricter oversight, increased financial penalties, and perhaps most concerning—explicit executive liability for security failures. As Sean notes, these developments create an increasingly complex landscape where CISOs must navigate not just technical challenges but also regulatory expectations that might lack technical nuance.The episode transitions into a comprehensive examination of CISSP exam questions covering Domain 3.6, focusing on message integrity, digital signatures, and cryptographic hashing functions. Through fifteen detailed questions and answers, Sean breaks down essential concepts like the difference between checksums and hashing functions, the evolution from SHA-1 to more secure algorithms, and the role of certificate authorities in public key infrastructure. These technical foundations aren't just academic—they're the building blocks of systems that, when implemented correctly, prevent exactly the kind of breach that hit UnitedHealthcare.Ready to deepen your understanding of message integrity and prepare for the CISSP exam? Visit CISSP Cyber Training for videos, transcripts, and additional practice questions to help you master these critical concepts and advance your cybersecurity career.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Going North Podcast
Ep. 954 – The Courage To Leave from Toxic Workplaces with Jeff Davis (@JeffDavis027)

Going North Podcast

Play Episode Listen Later May 13, 2025 55:57


“You do not deserve to be harassed, or disrespected, or demeaned in your workplace. That is not normal.” – Jeff Davis Today's featured award-winning bestselling author is a mental health advocate, international keynote speaker, world traveler, TEDx speaker, and digital marketing expert, Jeff Davis. Jeff and I had a fun on a bun chat about his new book, “The Courage To Leave: Breaking Free from Toxic Workplaces”, the importance of self-advocacy, prioritizing your well-being, and more!!Key Things You'll Learn:How he legally challenged a multi-billion dollar company and wonHow he dealt with his severe burnout experience while living overseas during COVID-19The importance of recognizing the signs of burnout and taking proactive steps to address itStrategies for coping with toxic work environments and finding supportWhy standing up for yourself is necessary for your well-beingJeff's Site: https://jeffdspeaks.com/Jeff's Books: https://www.amazon.com/stores/author/B00PF0QL8U/allbooksJeff's TEDx Talk: https://youtu.be/b_hwMJMBBvQ?si=2ozFiXTJF_FkDrOTThe opening track is titled, “North Wind and the Sun” by Trevin P. to listen to the full track and download it, click the following link. https://compilationsforhumanity.bandcamp.com/track/north-wind-and-the-sunPlease support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…14 - "Reach Your Mountaintop" Jeff Davis (@JeffDavis027): https://www.goingnorthpodcast.com/14-reach-your-mountaintop-jeff-davis-jeffdavis027/Ep. 322.5 (H2H Special) – “Burnout Proof” with Michael Levitt (@bfastleadership): https://www.goingnorthpodcast.com/ep-3225-h2h-special-burnout-proof-with-michael-levitt-bfastleadership/Ep. 836 – The 6% Club with Dr. Michelle Rozen (@DrMichelleRozen): https://www.goingnorthpodcast.com/ep-836-the-6-club-with-dr-michelle-rozen-drmichellerozen/Ep. 943 – How to Create a Team Culture Where Everyone Thrives with Dr. Patricia Grabarek & Dr. Katina Sawyer (@WorkrBeeing): https://www.goingnorthpodcast.com/ep-943-how-to-create-a-team-culture-where-everyone-thrives-with-dr-patricia-grabarek-dr-katin/Ep. 764 – The 5 Languages of Appreciation in the Workplace with Dr. Paul White (@drpaulwhite): https://www.goingnorthpodcast.com/ep-764-the-5-languages-of-appreciation-in-the-workplace-with-dr-paul-white-drpaulwhite/Ep. 502 – “A Leadership Development Strategy To Bond And Unite” With Amy P. Kelly (@AmyPKelly): https://www.goingnorthpodcast.com/ep-502-a-leadership-development-strategy-to-bond-and-unite-with-amy-p-kelly-amypkelly/Ep. 571 – “A Powerful Culture Starts with You” with Dr. Shahrzad Nooravi (@shahrzadnooravi): https://www.goingnorthpodcast.com/ep-571-a-powerful-culture-starts-with-you-with-dr-shahrzad-nooravi-shahrzadnooravi/#Bonus Host2Host Ep.– “Unleashing the Power of Respect” with Dr. Joseph Shrand (@Drjoeshrand): https://www.goingnorthpodcast.com/bonus-host2host-ep-unleashing-the-power-of-respect-with-dr-joseph-shrand-drjoeshrand/Ep. 411 – “Name That Mouse” with David Wood (@_focusceo): https://www.goingnorthpodcast.com/ep-411-name-that-mouse-with-david-wood-_focusceo/44 - "How to Work With Jerks" by Eric Williamson (@TTS_Williamson): https://www.goingnorthpodcast.com/44-how-to-work-with-jerks-by-eric-williamson-tts_williamson/Ep. 372 – “The Grit Factor” with Shannon Huffman Polson (@ABorderLife): https://www.goingnorthpodcast.com/ep-372-the-grit-factor-with-shannon-huffman-polson-aborderlife/Ep. 348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

There are reports of significant negotiations between OpenAI and Microsoft regarding their partnership terms, possibly influenced by OpenAI's future IPO plans. The texts also highlight the Vatican's view on AI as a critical challenge to humanity, with Pope Leo XIV emphasizing ethical guidance. From a technological perspective, breakthroughs are noted in AI training methods, such as the "Absolute Zero" system enabling models to teach themselves, and in new silicon-free transistor technology developed in China. Finally, the articles touch on the practical applications of AI, covering the use of AI tools for personalised avatar creation and Klarna's decision to reintroduce human staff after an AI-only customer service approach negatively impacted quality.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 244: Cybersecurity Foundations - Message Integrity and Authentication (CISSP Domain 3.6)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 12, 2025 31:17 Transcription Available


Send us a textEver wondered how your sensitive messages stay secure in an increasingly dangerous digital landscape? The answer lies in message integrity controls, digital signatures, and certificate validation – the core components of modern cybersecurity we tackle in this episode.We begin with a timely breakdown of Microsoft's recent security breach by Russian hackers who stole source code by exploiting a test environment. This real-world example perfectly illustrates why proper security controls must extend beyond production environments – a lesson many organizations learn too late.Diving into the technical foundation of message security, we explore how basic checksums evolved into sophisticated hashing algorithms like MD5, SHA-2, and SHA-3. You'll understand what makes these algorithms effective at detecting tampering and why longer digests provide better protection against collision attacks.Digital signatures emerge as the cornerstone of secure communication, providing the crucial trifecta of integrity verification, sender authentication, and non-repudiation. Through practical examples with our fictional users Alice and Bob, we demonstrate exactly how public and private keys work together to safeguard information exchange.The episode culminates with an exploration of digital certificates and S/MIME protocols – the technologies that make secure email possible. You'll learn how certificate authorities establish chains of trust, what happens when certificates are compromised, and how the revocation process protects the entire ecosystem.Whether you're preparing for the CISSP exam or simply want to understand how your sensitive communications remain protected, this episode provides clear, actionable knowledge about the cryptographic building blocks that secure our digital world.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

Scientific advancements are highlighted with AI designing synthetic DNA for gene control and Anthropic launching a programme to support scientific research with AI. Societal and ethical concerns feature prominently, including Reddit strengthening verification against human-like bots, Pope Leo XIV identifying AI as a key challenge, and artists calling for stronger copyright protection against AI use of their work. The sources also mention practical applications like California's multilingual wildfire chatbot and technical issues such as the persistence of AI hallucinations. Finally, industry and regulatory dynamics are covered with Anthropic warning the DOJ about potential negative impacts of a Google antitrust proposal and SoundCloud facing backlash over terms regarding AI training data.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

Key themes include legislative efforts in the US concerning AI chip exports and regulation, industry applications of AI such as enhancing security cameras, interpreting animal sounds, and transforming creative platforms like Figma, and advancements in AI technologyitself, including new models from Google and Mistral AI, and research into autonomous agents. The text also touches on the business aspects of AI, with acquisitions, funding initiatives, and discussions around workforce impact, alongside emerging ethical and societal implications like AI's use in court and the privacy concerns surrounding advanced smart glasses.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

This podcast highlight advocacy by tech leaders for 'light-touch' AI regulation in the US, the integration of on-device AI for scam detection in Google Chrome, and a new AI tool that estimates biological age from face photos for potential health insights. Additionally, the text touches on major AI investment in Saudi Arabia by Salesforce, Apple's development of custom chips for future AI products, Meta's consideration of stablecoins for payments, and Reddit's efforts to combat AI bots. Finally, the sources mention research into AI agents for autonomous web research and the transformative role of AI in de-extinction efforts, alongside various other smaller AI advancements.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

This podcast and sources included explore the complex impact of artificial intelligence on art and creativity, addressing the debate around whether individuals using AI tools can be considered "artists" and exploring the emerging skills involved like prompt engineering and curation. They examine the ethical concerns surrounding AI art, including job displacement and the use of training data scraped from existing artwork, while also navigating the challenging legal landscape of copyright for AI-generated content, noting the US position that purely AI art is not copyrightable. The podcast highlights how online discussions reflect societal anxieties about automation and the devaluation of human skill, posing philosophical questions about intentionality and the future of human creativity in a technologically evolving world.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

OpenAI's strategic appointment of Instacart CEO Fidji Simo to lead its applications division and its global "Stargate" initiative to build sovereign AI infrastructure with national governments. Several articles touch on the potential for AI to reshape technology and society, including Apple's contemplation of a future beyond the iPhone due to AI advancements and Meta's development of "super-sensing" AI glasses with potential facial recognition. The text also covers policy shifts, specifically the Trump administration's plan to roll back Biden-era AI chip export restrictions. Furthermore, the sources describe new AI-powered products and features from companies like Figma, Stripe, Superhuman, and Mistral AI, showcasing the increasing integration of AI into design, finance, communication, and enterprise solutions.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

This podcast discuss the rapidly advancing field of de-extinction, highlighting the crucial role of artificial intelligence (AI) in making this a tangible scientific pursuit. AI is presented not merely as a tool but as an architect across all stages, from reconstructing degraded ancient DNA and predicting gene function to optimising gene editing and modelling ecological impacts. While companies like Colossal Biosciences pursue ambitious projects for species like the woolly mammoth and dire wolf, often driving technological innovation with commercial spin-offs, organisations like Revive & Restore focus on genetic rescue for endangered species, illustrating differing approaches within this landscape. The podcast underscore the significant technical, ecological, and ethical challenges inherent in de-extinction, particularly concerning animal welfare, resource allocation, and potential ecological disruption, while also pointing to valuable spillover innovations benefiting broader conservation and human health.Get the eBook at Google Play https://play.google.com/store/search?q=etienne%20noumen%27&c=books

CISSP Cyber Training Podcast - CISSP Training Program
CCT 243: Practice CISSP Questions - Information and Asset Handling Requirements (Domain 2.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 8, 2025 24:50 Transcription Available


Send us a textWhat happens when a security professional falls victim to malicious AI? The consequences can be devastating, as demonstrated by our analysis of a recent high-profile breach where a Disney security engineer downloaded AI-generated artwork containing hidden malware. This sophisticated attack led to the theft of 1.1 terabytes of sensitive corporate data and resulted in criminal charges for the attacker and career devastation for the victim. We break down exactly how it happened and the critical lessons for security professionals.After exploring this cautionary tale, we dive into comprehensive practice questions focused on CISSP Domain 2: Asset Security. These challenges take you beyond textbook scenarios into the complex realities of modern information security governance. From metadata exposure risks and virtualization security to data sovereignty compliance and privacy protection, each question tests your ability to identify the most effective security controls and strategies in diverse enterprise environments.The questions tackle particularly relevant security challenges including proper handling of sensitive data in cloud environments, managing security risks in mobile applications, and implementing responsible data sharing practices for research purposes. We emphasize crucial principles like data minimization, appropriate anonymization techniques, and breach notification requirements across multiple jurisdictions. Each question and explanation reinforces foundational CISSP concepts while developing your critical thinking skills for real-world implementations.Ready to accelerate your CISSP preparation? Our Bronze package provides the comprehensive self-study blueprint you need to systematically master all CISSP domains. Visit CISSPCyberTraining.com today to access our complete library of resources designed specifically to help you pass the exam on your first attempt and advance your cybersecurity career.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The Virtual CISO Moment
S7E23 - A Conversation with Will Klotz

The Virtual CISO Moment

Play Episode Listen Later May 8, 2025 10:04


From the ISACA Middle Tennessee conference March 2025.Will Klotz is a Senior Information Security Consultant at GuidePoint Security. As a CISSP-certified professional with an MBA and a proud veteran of the U.S. Army Signal Corps, he brings a unique blend of technical expertise, military discipline, and business leadership to the Governance, Risk, and Compliance (GRC) space. His career spans building and leading robust risk management programs, developing policies and standards, and driving innovation in cybersecurity practices.

conversations risk mba governance klotz cissp compliance grc guidepoint security army signal corps senior information security consultant
AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

Significant developments include Amazon's introduction of a tactile warehouse robot named Vulcan and Google's Gemini 2.5 Pro reportedly topping AI leaderboards, highlighting progress in automation and model performance. Strategically, OpenAI is planning to reduce revenue share with partners like Microsoft and also launching an initiative to help nations build AI infrastructure. Meanwhile, Apple is considering AI search partners for Safari amid declining Google usage, and AI is being used in innovative ways, such as AI-powered drones for medical delivery and the recreation of a road rage victim for a court statement. Finally, HeyGen is enhancing AI avatars with emotional expression, and platforms like Zapier are enabling users to create personal AI assistants, indicating broader application and accessibility of AI technology.

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

This podcast details how AI-powered autonomous drones are transforming global logistics, particularly for delivering essential medical supplies in challenging environments. The podcast highlights Zipline as a key player, discussing its pioneering work in countries like Rwanda and Ghana where drone delivery has shown significant improvements in healthcare outcomes and efficiency.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 242: CISSP and Information and Asset Handling Requirements (Domain 2.2)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 5, 2025 49:41 Transcription Available


Send us a textFour million people affected by a single data breach. Let that sink in. This sobering reality frames today's deep dive into Domain 2 of the CISSP exam: Asset Security. As cybersecurity professionals, understanding how to establish proper information and asset handling requirements isn't just academic—it's essential for preventing exactly these types of incidents.The podcast tackles the complete data security lifecycle, beginning with the foundations of asset security and the vital importance of having documented processes from data creation through destruction. Sean emphasizes repeatedly that security professionals must work hand-in-hand with legal and compliance teams when developing these frameworks to ensure proper protection for both the organization and themselves professionally.Data Loss Prevention (DLP) strategies take center stage as we explore different approaches—from content-aware systems that analyze specific data patterns to endpoint protections that stop information from leaving devices unauthorized. The discussion moves into practical application with data classification schemes, where Sean advises starting small and building gradually to prevent overwhelming complexity. Physical markings, electronic tagging, and watermarking all serve as methods to identify sensitive information, but these tools only work when paired with comprehensive employee training.Perhaps most compelling is the straightforward approach to data retention and destruction. "Don't be a data hoarder," Sean cautions, highlighting how unnecessary retention increases both storage costs and legal liability. The podcast outlines specific destruction methods including clearing, purging, degaussing, and crypto erasure—each with particular applications depending on data sensitivity and storage media. Throughout the episode, practical examples from real-world scenarios illustrate how these principles apply in actual cybersecurity practice.Ready to master these essential CISSP concepts? Visit CISSP Cyber Training to access Sean's comprehensive blueprint for exam preparation and explore mentorship options to accelerate your cybersecurity career. Whether you're preparing for certification or strengthening your organization's security posture, these methodical approaches to asset security provide the foundation you need.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

AI Unraveled: Latest AI News & Trends, Master GPT, Gemini, Generative AI, LLMs, Prompting, GPT Store

This podcast outline a comprehensive strategy for job candidates to succeed in interview processes increasingly influenced by Artificial Intelligence (AI). It explain how AI is integrated into recruitment, from Applicant Tracking Systems (ATS) screening resumes to AI-powered video interviews and skills assessments. The podcast emphasize the importance of optimising application materials for AI, using AI ethically for preparation, and understanding AI's limitations and potential biases. Ultimately, success requires a dual approach: mastering traditional interview skills while also navigating the technical and analytical aspects introduced by AI systems, alongside highlighting distinctly human qualities that AI cannot easily evaluate.Discover Your Next Corporate Opportunity at https://inrealtimejobs.comHow It Works- Enter your preferred location, industry, and job title.- The chatbot curates a list of the most relevant openings from top free-to-access job sources.- Refine your search with additional filters, such as experience level or specific keywords.Get personalized recommendations and connect with the right employers, all through our friendly chatbot interface.

CISSP Cyber Training Podcast - CISSP Training Program
CCT 241: Practice CISSP Questions - Transborder Data Flows and the CISSP (Domain 1.5)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later May 1, 2025 25:05 Transcription Available


Send us a textThe cybersecurity talent gap is widening at an alarming rate. According to the 2023 ISC² Global Workforce Study, we're facing a shortfall of 5.5 million cybersecurity professionals by 2024, with the workforce needing to grow 12.6% annually just to keep pace with demand. Yet growth is stalling at only 8.7%, creating both challenges and unprecedented opportunities for those pursuing cybersecurity careers.What might surprise aspiring security professionals is that technical skills alone won't secure your future. As Sean Gerber emphasizes, "You can give me the smartest person in the world that understands security, and if they don't have critical thinking skills and communication skills, it makes it extremely challenging to put them in front of somebody to explain what's going on." This insight reveals why soft skills have become the hidden differentiator in cybersecurity hiring. While certifications like CISSP remain essential credentials, employers increasingly seek professionals who can translate complex technical concepts into business language.This episode dives deep into Domain 1.5 of the CISSP exam, exploring the complexities of breach notification and trans-border data flows. Through practical examples and challenging questions, we examine how to navigate conflicting international regulations like GDPR and China's data localization laws, implement appropriate anonymization techniques to prevent re-identification attacks, and develop strategic approaches to vulnerability management across global operations. Each scenario challenges listeners to think beyond technical solutions to consider legal, ethical, and business implications – precisely the mindset required to excel as a cybersecurity leader.Whether you're preparing for the CISSP exam or looking to advance your security career, this episode provides actionable insights on balancing compliance requirements with business objectives in our increasingly interconnected world. Join us to strengthen both your technical knowledge and the crucial soft skills that will set you apart in a competitive job market where communication might be your most valuable security asset.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT Vendor 02: AI in Cybersecurity: Protecting Financial Institutions - NextPeak.net

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Apr 30, 2025 31:05 Transcription Available


Send us a textThe rapid evolution of artificial intelligence and machine learning has created a pivotal moment for financial institutions. As these organizations race to implement AI solutions, they face both transformative opportunities and significant cybersecurity challenges that demand immediate attention.Sean Gerber draws from over 20 years of cybersecurity experience to demystify the complex intersection of AI, machine learning, and financial security. With his straightforward approach, Sean breaks down the fundamental differences between AI (the broader field) and ML (the subset that enables systems to learn from data without explicit programming), making these concepts accessible even to those without technical backgrounds.The central message resonates clearly throughout: AI must be developed and employed with a secure design approach from day one. Financial institutions that implement security as an afterthought rather than a foundation will inevitably face costly remediation down the road. Sean outlines practical security considerations including data anonymization, network segmentation, intellectual property protection, and AI-specific policies that organizations should implement immediately.Through real-world examples from JP Morgan, Bank of America, and Capital One, we see how leading financial institutions are already leveraging AI for legal contract reviews, fraud detection, customer engagement, and risk assessment—all while implementing varying degrees of security controls to protect their systems and data.Looking toward the future, Sean previews emerging trends including generative AI for threat analysis, federated learning approaches, and quantum-aware AI security that will reshape financial cybersecurity within the next five years. His practical action items emphasize building multidisciplinary teams spanning AI, cybersecurity, legal and business domains to ensure comprehensive implementation.Whether you're a CISO at a major bank or a security professional preparing for emerging challenges, this episode provides the strategic framework needed to navigate AI implementation securely. The message is clear: investing time and resources in proper security foundations now will determine whether AI becomes your competitive advantage or your greatest vulnerability.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 240: Cybersecurity Documentation: Policies, Standards, and Procedures (CISSP Domain 1.7)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Apr 28, 2025 49:36 Transcription Available


Send us a textEver wonder why organizations with robust cybersecurity teams still fall victim to devastating attacks? The answer often lies not in fancy technology but in something far more fundamental: documentation.In this eye-opening episode, Shon Gerber takes listeners into the critical world of cybersecurity documentation hierarchy, revealing how properly structured policies, standards, procedures, and guidelines form an organization's first and most important line of defense against threats.The stakes couldn't be higher. As Shon reveals, cybercriminals stole a record-breaking $6.6 billion from US entities last year - a shocking 33% increase from the previous year. Business Email Compromise alone accounted for $2.7 billion in losses, while individuals over 60 remain the most vulnerable demographic.What separates organizations that survive these threats from those that don't? Proper documentation that actually works rather than gathering digital dust. Shon breaks down the hierarchical relationship between different types of security documentation, providing real-world examples from healthcare and financial institutions to illustrate how these documents should build upon each other to create comprehensive protection.You'll learn why policies should represent management intent, standards should specify requirements, procedures should provide step-by-step guidance, and guidelines should offer flexibility - all while avoiding common pitfalls that render documentation useless. Shon provides practical advice on creating documentation that's clear, accessible, and actually used rather than just created to appease auditors.Whether you're preparing for the CISSP exam or working to strengthen your organization's security posture, this episode provides invaluable insights into creating documentation that transforms from a bureaucratic burden into powerful protection. Subscribe to CISSP Cyber Training for more expert guidance on mastering cybersecurity essentials and advancing your career in the field.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Inside Scoop Live!
"Scams, Hacking, and Cybersecurity" by May Brooks-Kempler

Inside Scoop Live!

Play Episode Listen Later Apr 28, 2025 28:42


SCAMS, HACKING AND CYBERSECURITY The internet is a powerful tool connecting us in ways unimaginable just a few decades ago. However, it also harbors risks—cyber scams, cyber crimes, and hidden dangers lurking on the dark web. Hackers and cybercriminals exploit vulnerabilities to steal data, commit identity theft, and manipulate systems using social engineering. But how safe are we online? Should we avoid the digital world entirely? Not at all. Just like real-world dangers, we can navigate online security risks with the right tools and knowledge. This cybersecurity bible is the ultimate guide to protecting yourself in the digital landscape. Whether you're looking for cybersecurity for beginners, insights into cyber hacking and the law, or best cybersecurity books to improve your internet safety, this book equips you with practical tools and strategies.   ABOUT THE AUTHOR May Brooks-Kempler is a cybersecurity expert whose career began in the 1990s, exploring the realms of game “cheats” and “hacks” on IRC chats. This early fascination led her through a distinguished journey in cybersecurity, from Penetration Testing to Security Architect and eventually a Chief Information Security Officer (CISO). Today, she is a highly sought-after strategic consultant, speaker, and mentor, known for her dynamic involvement in developing and promoting innovative cybersecurity initiatives and guiding startups. May's expertise and engaging delivery have made her a favorite at numerous speaking engagements, including a TEDx talk, keynotes, and commentator on critical cybersecurity issues. Her role as a podcaster further amplifies her reach, where she shares vital security insights with a global audience. As a member of the ISC2 Board of Directors, an authorized CISSP and HCISPP instructor, and co-author, May's dedication to advancing the cybersecurity profession is unmistakable. Her book, “Scams, Hacking and Cybersecurity – The Ultimate Guide to Online Safety and Privacy”, and her online courses, reflect her commitment to making the digital world a safer place for all, especially families, as underscored by her personal mission as a mother of three. Through her extensive experience and influential voice in the field, May Brooks-Kempler continues to shape the future of online safety, making her a pivotal figure in the world of cybersecurity education and advocacy.   TOPICS OF CONVERSATION Evolution of Threats: Online scams have evolved from obvious phishing emails to sophisticated ads, fake profiles, and AI-generated content. Emotional Manipulation: Scammers rely on fear, urgency, and curiosity to trick people through social engineering. Online Safety Habits: Good habits like thinking before sharing, using password managers wisely, and enabling two-factor authentication are essential. Protecting Kids Online: Parents should teach children to think critically before posting and clicking to protect their privacy and safety. Responding to Cyber Incidents: If you suspect a hack, stay calm, assess the damage, and act quickly based on the importance of the compromised asset.   LEARN MORE AND CONNECT WITH MAY BROOKS-KEMPLER: https://maybrooks.net/  https://www.linkedin.com/in/may-brooks-kempler https://www.instagram.com/may.brooks.kempler https://www.youtube.com/@CyberMAYnia https://new-may.framepro.io/guidebooks-and-resources  

CISSP Cyber Training Podcast - CISSP Training Program
CCT 239: Practice CISSP Questions - Assess the Effectiveness of Software Security (D8.3)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Apr 24, 2025 28:20 Transcription Available


Send us a textCybersecurity isn't just for enterprises—small and medium businesses face increasingly sophisticated threats with fewer resources to combat them. In this information-packed episode, Sean Gerber explores why cybersecurity matters critically for SMBs while delivering practical CISSP exam questions focused on Domain 8.3.Sean begins by examining how even non-tech businesses rely heavily on digital systems, making them vulnerable to attacks that could devastate operations. A ransomware incident targeting inventory management or employee scheduling could cripple a small business just as effectively as one targeting a financial institution. Business continuity planning—often overlooked until disaster strikes—becomes a critical safeguard that many small businesses simply don't consider until it's too late.The economic reality of cybersecurity for small businesses creates a challenging landscape. While virtual CISO services and managed security operations centers offer potential solutions, many remain financially out of reach for smaller organizations. This creates a significant vulnerability gap in our business ecosystem that security professionals must work to address.The episode then transitions into fifteen carefully crafted CISSP practice questions focusing on Domain 8.3, covering essential concepts like API security, content security policies, message queue poisoning, and the principle of least privilege in containerized environments. Each question explores real-world vulnerabilities while providing clear explanations about proper security approaches.Whether you're studying for the CISSP exam or working to improve your organization's security posture, this episode delivers actionable insights on identifying and mitigating common application security vulnerabilities. Subscribe to the CISSP Cyber Training podcast for weekly deep dives into cybersecurity concepts that will help you pass your certification exam and become a more effective security professional.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

CISSP Cyber Training Podcast - CISSP Training Program
CCT 238: Assessing the Effectiveness of Software Security (Domain 8.3)

CISSP Cyber Training Podcast - CISSP Training Program

Play Episode Listen Later Apr 21, 2025 36:57 Transcription Available


Send us a textSoftware security assessment can make or break your organization's defense posture, yet many professionals struggle with implementing effective evaluation strategies. This deep dive into CISSP Domain 8.3 reveals critical approaches to software security that balance technical requirements with business realities.The recent funding crisis surrounding CVEs (Common Vulnerability Exposures) serves as a perfect case study of how fragile our security infrastructure can be. When the standardized system for cataloging vulnerabilities faced defunding, it highlighted our dependence on these foundational systems and raised questions about sustainable models for critical security infrastructure.Database security presents unique challenges, particularly when managing multi-level classifications within a single environment. We explore how proper implementation requires strict separation between classification levels and how technologies like ODBC serve as intermediaries for legacy applications. The key takeaway? Data separation isn't just a technical best practice—it's an essential security control.Documentation emerges as a surprisingly critical element in effective security. Beyond regulatory compliance, proper documentation protects security professionals when incidents inevitably occur. As one security leader candidly explains, when breaches happen, fingers point toward security teams first—comprehensive documentation proves you implemented appropriate controls and communicated risks effectively.The most successful security professionals step outside their comfort zones, collaborating across organizational boundaries to integrate security throughout the development lifecycle. Static analysis, dynamic testing, vulnerability assessments, and penetration testing all provide complementary insights, but only when security and development teams maintain open communication channels.Ready to strengthen your software security assessment capabilities? Join us weekly for more insights that help you pass the CISSP exam and build practical security knowledge that makes a difference in your organization.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Talking Cloud with an emphasis on Cloud Security
74-Talking Cloud Podcast-with Steve Winterfeld, Advisory & Fractional CISO, Cyber Vigilance Advice (CVA) LLC

Talking Cloud with an emphasis on Cloud Security

Play Episode Listen Later Apr 14, 2025 46:29


Episode #74 features a great discussion with Steve Winterfeld, Advisor, and Fractional CISO with Cyber Vigilance Advice (CVA) LLC. Steve is passionate about cybersecurity. He served as CISO for Nordstrom Bank, Director of Cybersecurity for Nordstrom, and Director of Incident Response and Threat Intelligence at Charles Schwab. Steve also published a book on Cyber Warfare and holds CISSP, ITIL, and PMP certifications. We discussed a variety of topics, and during our conversation, Steve offered these resources: On finding job: Lessons Learned on Finding a Cybersecurity Job After a Layoff - Security Boulevard On starting / managing a career: Creating a Roadmap for Your Dream Cybersecurity Career - Security Boulevard 

The Other Side Of The Firewall
Ask a CISSP | Mark Christian's Unique Path in Cybersecurity

The Other Side Of The Firewall

Play Episode Listen Later Apr 10, 2025 52:59


In this episode of the Ask a CISSP podcast, Ryan Williams Sr. engages in a deep conversation with Mark Christian, exploring his journey from military service to a successful career in cybersecurity. They discuss the importance of training, the challenges of transitioning to civilian life, and the significance of building a supportive community for neurodivergent individuals. Mark shares his aspirations for the future, including his desire to create a safe haven for those facing similar challenges and his passion for woodworking and technology. Please LISTEN

Dark Rhino Security Podcast
S16 E09 (VIDEO) Phishing, Encryption, and Cybersecurity Training

Dark Rhino Security Podcast

Play Episode Listen Later Mar 27, 2025 50:07


Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

Dark Rhino Security Podcast
S16 E09 Phishing, Encryption, and Cybersecurity Training

Dark Rhino Security Podcast

Play Episode Listen Later Mar 26, 2025 50:07


Craig Taylor is a seasoned cybersecurity expert and entrepreneur with nearly 30 years of experience managing risk across industries—from Fortune 500 corporations to SMBs. As the Co-Founder and CEO of CyberHoot, he has pioneered a positive reinforcement approach to cybersecurity education, helping businesses eliminate risky behaviors and build a positive cybersecurity culture. With a background in psychology and extensive experience leading security programs at Chase Paymentech, Vistaprint, and DXC Technology, Craig specializes in incident response, governance, and compliance. A CISSP-certified professional since 2001, he is a recognized thought leader, public speaker, and advocate for making cybersecurity training engaging, fun, and effective. 00:00 Introduction01:16 Our guest08:40 There are two types of companies10:00 We taught them how to Phish12:12 Business Email compromise13:50 Go back to the way your parents ran security16:19 What do I do first?26:12 Changing your passwords is not good for you29:00 Encryption31:30 What to look for in a Password Manager35:17 “Unsubscribe” button mishap46:15 Cyberhoot49:05 Free Training from Cyberhoot-----------------------------------------------------------------To learn more about Cyberhoot visit https://cyberhoot.com/To learn more about Dark Rhiino Security visit https://www.darkrhiinosecurity.com

BarCode
Silent War

BarCode

Play Episode Listen Later Mar 16, 2025 63:08


In this conversation, Chris Glanden interviews Derek Fisher, a cybersecurity expert with nearly 30 years of experience. They discuss Derek's background, the evolving landscape of cybersecurity with the advent of AI and cloud computing, the importance of threat modeling, and the challenges in the security hiring process. Derek emphasizes the need for a secure design in cybersecurity and the impact of AI on threat modeling, while also addressing the difficulties job seekers face in a competitive market. In this conversation, Derek Fisher discusses the current state of the cybersecurity job market, emphasizing the frustrations faced by both job seekers and employers. He provides insights on how individuals can break into the industry, highlighting the importance of aligning personal interests with market demands. Derek also addresses the gap between academic education and real-world skills, advocating for more practical experiences for students. He shares his experience writing children's books to inspire the next generation about cybersecurity and discusses the challenges parents face in navigating technology with their kids. Finally, he explores future trends in technology, including robotics and quantum computing, and shares a fun concept for a cybersecurity-themed bar.TIMESTAMPS:00:00 Introduction to Cybersecurity and Derek Fisher's Background10:09 The Impact of AI and Cloud on Cybersecurity19:19 Understanding Threat Modeling in Cybersecurity27:47 Navigating the Security Hiring Process35:48 Navigating the Job Market in Cybersecurity36:40 Breaking into Cybersecurity: Finding Your Path44:16 Bridging the Gap: Academia vs. Industry47:24 Inspiring the Next Generation: Writing for Kids50:46 The Challenges of Parenting in a Digital Age54:08 Future Trends in Cybersecurity and Technology56:52 Creating a Cybersecurity-Themed Bar: A Fun ConceptSYMLINKS:[Derek Fisher's LinkedIn Profile ]- https://www.linkedin.com/in/derek-fisher-sec-archConnect with Derek Fisher on LinkedIn to learn more about his professional background and expertise in cybersecurity.[Securely Built Website] - https://www.securelybuilt.com/Explore Securely Built, founded by Derek Fisher, offering tailored cybersecurity advisory services, training programs, and resources to help businesses develop robust cybersecurity programs. [Secure Work Coach] - https://www.secureworkcoach.com/aboutAccess specialized cybersecurity courses and training materials provided by Secure Work Coach, founded by Derek Fisher, a seasoned cybersecurity expert with 30 years of engineering [Derek Fisher's Udemy Instructor Profile] - https://www.udemy.com/user/derek-fisher-8/Enroll in cybersecurity courses taught by Derek Fisher on Udemy, covering topics such as application security and CISSP exam preparation.[Ultimate Cybersecurity Course & CISSP Exam Prep] - https://www.udemy.com/course/ultimate-cyber-security-course/Develop your cybersecurity skills and prepare for the CISSP exam with this comprehensive course by Derek Fisher.[The Application Security Program Handbook] - https://www.securelybuilt.com/mediaLearn about building an application security program through this comprehensive guide authored by Derek Fisher.[Alicia Connected Series ] - https://www.aliciaconnected.com/Discover the "Alicia Connected" children's book series by Derek Fisher, focusing on safe technology usage for kids.[Securely Built YouTube Channel] - https://www.youtube.com/@securelybuiltWatch cybersecurity tutorials and discussions on the Securely Built YouTube channel.[Derek Fisher's Articles on SecureWorld News] - https://www.secureworld.io/industry-news/author/derek-fisherRead articles authored by Derek Fisher on SecureWorld News, covering various cybersecurity topics.

The Bid Picture - Cybersecurity & Intelligence Analysis

Send Bidemi a Text Message!In this episode, host Bidemi Ologunde spoke with May Brooks-Kempler, a cybersecurity educator, entrepreneur, and consultant. In this episode, May shares her insights into what cybersecurity is and isn't, how to build a successful cybersecurity career, the mindset and skills necessary to thrive within cybersecurity, what led her to build an online cybersecurity community of over 27,000 members, and lots more. May is an Amazon bestselling author, a TEDx speaker, and mentor to hundreds.Support the show