Podcasts about cissp

PODCAST EPISODE | Redefining CyberSecurity With Sean Martin — On Location at InfoSecurity Europe 2026 On Location With Sean Martin And Marco Ciappelli The UK's threats change by the day. Its laws change over years. Sean Martin sat down with James Morris — former Member of Parliament, now Director of the CSBR — to ask how a government writes cyber policy fast enough to matter, and why “resilience” has quietly stopped being a technical word.

Trust is not built by technology alone - it is architected through resilience, security, and strategic design. In today's complex threat landscape, organizations need more than basic security controls; they need resilient environments that enable continuity, trust, and business growth. In this masterclass episode, InfosecTrain explores how the CISSP-ISSAP mindset helps security architects design enterprise environments that withstand evolving threats while remaining aligned with core business objectives.The "course titled" CISSP-ISSAP (Information Systems Security Architecture Professional) Training is the gold standard for professionals aiming to elevate their design expertise. We break down the essential components of building a secure enterprise, from establishing a robust root of trust to ensuring your hybrid cloud infrastructure can scale without compromising integrity. Learn how to transform abstract security requirements into a concrete, resilient architecture.

Send us Fan MailYour software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for real-world compromises that spread fast through CI/CD pipelines.I walk through the attack patterns that keep showing up in incidents: maintainer account compromise, expired domain takeover, typosquatting, and credential chaining. We connect each technique to the CISSP mindset so you can spot it in scenario questions and, more importantly, recognise it in your own environment. Along the way, I explain why Node.js, Python, and Rust projects are especially exposed, how automation can turn “latest version” convenience into an enterprise incident, and why developer environments often become an overlooked attack surface.Then we get practical with controls you can actually implement: pausing automatic dependency updates when compromise is suspected, adding human approval for critical packages, rotating credentials immediately, enforcing MFA on developer and registry accounts, and using private or trusted registries to mirror and vet dependencies. I also zoom out to show how to build supply chain security into the secure SDLC with software composition analysis (SCA), code signing, checksum verification, audit logging, continuous monitoring, and an SBOM so you can respond fast when a package turns toxic.If this helps you tighten your dependency management and level up your CISSP prep, subscribe, share this with a teammate, and leave a quick review so more security pros can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailThe breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and ultimately an NPM token that could enable a supply chain attack.From there, we zoom out to the bigger cloud security problem: non-human identities. Service accounts, API keys, and OAuth tokens multiply fast, and they are frequently overprivileged, poorly tracked, and left active long after an integration is retired. We also talk about why SaaS-to-SaaS connections are so hard to secure, and why agentic AI makes visibility even more urgent. If you do not know what systems are connected, what data crosses those links, and who owns the risk, you are effectively trusting an invisible tunnel into your environment.To make this actionable, we lay out a four-phase third-party risk management (TPRM) framework you can apply immediately: build a vendor and integration inventory with tiering, run real due diligence (SOC 2 Type II, ISO 27001, data access scope, subprocessors and fourth parties), lock protections into contracts (DPA language, right to audit, breach notification expectations), then enforce ongoing monitoring and governance with quarterly token reviews, logging, and incident response playbooks. If you are studying for the CISSP, you will also see exactly how this maps to Domain 1, Domain 3, Domain 4, and Domain 5.Subscribe for more practical CISSP training, share this with a teammate who owns vendor approvals, and leave a review so more security pros can find it. What is the one integration you would audit first?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailYour firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break control, then we pivot into the deeper layer most people ignore until it's too late: memory.We walk through CISSP Domain 3.4 by focusing on what memory protection is actually trying to achieve: confidentiality, integrity, and process isolation. From there, we unpack how modern operating systems enforce separation with paging, segmentation, and strict read, write, execute controls. You'll hear why Meltdown and Spectre were such a big deal, how speculative execution can leak passwords and encryption keys from privileged memory, and why patching decisions are never just “apply everything” but a risk-based vulnerability management call that depends on visibility into what you run.Next, we connect memory protection to virtualization security. We break down hypervisors, guest and host isolation, Type 1 versus Type 2 designs, and the threats that keep security teams up at night: VM escape, side-channel leakage through shared CPU resources, and the operational hazards of memory overcommitment. Then we bring in hardware roots of trust through TPMs: secure boot, measured boot, key storage for full disk encryption, TPM 2.0 types, and how HSM-style key management shows up in cloud environments. We close with practical best practices, from firmware and microcode updates to choosing encryption controls that fit your actual risk.If you're studying for the CISSP or building a real-world security strategy, subscribe, share this with a teammate, and leave a review so more security pros can find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailAI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership.We walk through what is driving the mess: board-level pressure, AI FOMO, and the dangerous habit of treating AI agents like old-school automation. Then we get concrete. We talk about why many enterprises still lack an inventory of AI agents, why traditional security tooling is tuned for human behaviour anomalies, and what it actually takes to be audit-ready. We cover practical governance frameworks like tiered autonomy, why observability is more than collecting output logs, and how to design decision-path tracing with execution records and decision logs you can act on.To make it actionable for exam prep and day-to-day work, I close with CISSP-style practice questions on the exact scenarios you will face: detection gaps, human approval bottlenecks, least privilege for agents, proving decisions during audits, and architecting platforms that balance operational efficiency with risk management. If you are serious about passing, I also share how my CISSP Sprint cohort is structured to force momentum, including booking your exam date early.Subscribe for weekly CISSP-focused training, share this with a teammate building AI workflows, and leave a review so more security pros can find the show. What part of AI agent governance is your biggest blind spot right now?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailYour security program can be airtight and still get wrecked by someone else's breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or resold in ways your users never expected. If your organisation issues mobile devices, this is where security awareness, MDM controls, and clear “don't allow tracking unless required” guidance stops being a nice-to-have and starts becoming risk reduction.From there, we dig into CISSP Domain 2.3: provisioning resources securely, with the mindset of a senior security professional. We walk through information ownership versus asset ownership, why “IT owns the data” is often the wrong answer, and how classification (public, internal, confidential and beyond) drives least privilege and need-to-know access. We also cover the practical friction points: owners who don't realise they're owners, systems spread across teams, and the need to document decisions so risk acceptance is explicit instead of accidental.We then connect the dots across asset management, configuration management systems, and modern cloud operations. Expect talk on lifecycle tracking, secure disposal, rogue devices and shadow IT, plus the unique headaches of virtual sprawl, snapshots, tagging, data residency, and the cloud shared responsibility model. If you're studying for the CISSP exam or trying to run a cleaner security programme at work, you'll leave with a clearer map of what to inventory, who to hold accountable, and which controls keep resources from drifting into chaos.Subscribe for weekly CISSP-focused training, share this with a teammate who manages cloud or endpoints, and leave a review with the hardest “ownership” problem you've seen in the wild.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

“I'm not a writer, but you don't have to be a writer to create a really wonderful book.” – Christine Blosdale Today's featured international bestselling bookcaster is award-winning media personality and sought-after expert authority coach, Christine Blosdale. Christine and I had a fun on a bun chat about her books, conquering her imposter syndrome, the power of a small start, and more!!Key Things You'll Learn:What sparked Christine's early love for recording and broadcastingHow she helps clients overcome their fear of writingWhy it's easier than you think to produce an audiobookThree major lessons learned from starting, growing, and running her podcastsChristine's Site: https://www.christineblosdale.com/Christine's Books: https://www.amazon.com/stores/author/B088C19Y6K/allbooksChristine's Podcasts: https://www.christineblosdale.com/mypodcastsThe opening track is titled, “Unknown From M.E. | Sonic Adventure 2 ~ City Pop Remix” by Iridium Beats. To listen to and download the full track, click the following link. https://www.patreon.com/posts/sonic-adventure-136084016 Please support today's podcast to keep this content coming! CashApp: $DomBrightmonDonate on PayPal: @DBrightmonBuy Me a Coffee: https://www.buymeacoffee.com/dombrightmonGet Going North T-Shirts, Stickers, and More: https://www.teepublic.com/stores/dom-brightmonThe Going North Advancement Compass: https://a.co/d/bA9awotYou May Also Like…699 – “From His Brothers Basement to Hall of Fame Podcaster” with Dave Jackson (@DaveJackson): https://www.goingnorthpodcast.com/ep-699-from-his-brothers-basement-to-hall-of-fame-podcaster-with-dave-jackson-davejackson/583 – “How to Be the Face of Your Business” with Tonya Eberhart (@brandfacestar): https://www.goingnorthpodcast.com/ep-583-how-to-be-the-face-of-your-business-with-tonya-eberhart-brandfacestar/488.5 – “Create, Innovate & Dominate” with Tracy Hazzard (@hazzdesign): https://www.goingnorthpodcast.com/ep-4885-create-innovate-dominate-with-tracy-hazzard-hazzdesign/681 – “Make Someone's Moment Through Podcasting” with Kelly Smith: https://www.goingnorthpodcast.com/ep-681-make-someones-moment-through-podcasting-with-kelly-smith/232 – “Podcast Power” with Heneka Watkis-Porter (@TheEntrepYou): https://www.goingnorthpodcast.com/232-podcast-power-with-heneka-watkis-porter-theentrepyou/400 – “How to Become a Multimillionaire, but Not Act Like It” with Tom Antion (@TomAntion): https://www.goingnorthpodcast.com/ep-400-how-to-become-a/#Host2Host Bonus Ep. - “Innuendo City” with Michelle Nedelec (@michellenedelec): https://www.goingnorthpodcast.com/host2host-bonus-ep-innuendo-city-with-michelle-nedelec-michellenedelec/333 – “How to Grow Your Social Media Influence” with Catherine Saykaly-Stevens (@CatherineNetWeb): https://www.goingnorthpodcast.com/ep-333-how-to-grow-your-social-media-influence-with-catherine-saykaly-stevens-catherinenetweb/86 - "Stepping Into the Spotlight" with Tsufit (@Tsufit): https://www.goingnorthpodcast.com/86-stepping-into-the-spotlight-with-tsufit-tsufit/384 – “Steal Your Skills From Corporate” with Katrina Roddy (@KRoddy65): https://www.goingnorthpodcast.com/ep-384-steal-your/277 – “Entrepreneurs Rocket Fuel” with Kimberly Hobscheid (@EntrepreneursR4): https://www.goingnorthpodcast.com/277-entrepreneurs-rocket-fuel-with-kimberly-hobscheid-entrepreneursr4/348 – “Bring Inner Greatness Out” with Dr. Mansur Hasib, CISSP, PMP, CPHIMS (@mhasib): https://www.goingnorthpodcast.com/ep-348-bring-inner-greatness-out-with-dr-mansur-hasib-cissp-pmp-cphims-mhasib/387 – “How to Demolish Imposter Syndrome & Create an Online Course” with Mark Kumar (@mark2kumar): https://www.goingnorthpodcast.com/ep-387-how-to/

Send us Fan MailBitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training moment: a public proof of concept is available, a vendor patch is not, and the attack hinges on physical access. That mix forces you to think clearly about what “high risk” actually means, why “critical” is not always the right label, and how real security teams respond when the perfect fix does not exist yet.We connect the story to CISSP domains you are actively tested on. Domain 3 shows up in the basics of data at rest encryption and the uncomfortable truth that encryption is only as strong as its implementation. Domain 7 shows up in zero-day vulnerability management, compensating controls, and the need to have patch deployment ready to move the moment Microsoft ships a fix. We also highlight why secure boot and firmware integrity checks matter, and why endpoint detection may not help when an attacker can silently read files with little to no logging signal.Then we shift into five exam-style questions designed to sharpen your decision-making: how to classify risk using likelihood and impact, how to spot absolute-language distractors, which CIA triad principle is actually failing when data is accessed without detection, and why data minimisation can reduce breach impact more than “adding another tool.” If you're studying for the CISSP exam and want practice that feels like real life, this is built for you.Subscribe for weekly CISSP practice, share this with a study partner, and leave a review so more candidates can find the show. What control would you tighten first if a BitLocker bypass hit your fleet tomorrow?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

The Institute of Internal Auditors Presents: All Things Internal Audit  In this episode, Mike Levy sits down with Reebu George to get practical about one of the most significant shifts underway in internal audit right now: the automation of IT controls. They talk through where this shift is happening, what use cases are proving their value, and how internal audit can lead the conversation rather than wait for the business to figure it out first.      HOST: Mike Levy, CIA, CRMA, CISSP CEO, Cherry Hill Advisory GUEST: Reebu George, CISSP, CISA, PMP Audit & Assurance Managing Director, IT Internal Audit Leader, Deloitte & Touche LLP   KEY POINTS: Introduction [00:00:02-00:00:47] The Shift Toward Continuous Auditing [00:00:47-00:02:26] How Automation Is Changing IT Controls [00:02:26-00:04:54] Building an Internal Audit Digital Strategy [00:05:39-00:07:09] Where Internal Audit Teams Should Start [00:07:09-00:09:33] Using AI and Automation in Audit Workflows [00:09:33-00:10:04] Earning a Seat at the Table [00:10:04-00:11:35] Developing Talent for Advisory Conversations [00:11:35-00:12:23] Rule-Based Controls and Automation Opportunities [00:12:23-00:13:45] Governance Risks in Automated Controls [00:13:45-00:15:39] Selling the Value of Automation [00:15:39-00:18:37] The Future of Continuous Assurance [00:18:37-00:19:49] Closing [00:19:52-00:20:23] IIA RELATED CONTENT:  Interested in this topic? Visit the links below for more resources: IT General Controls Certificate Program Knowledge Centers: Artificial Intelligence Global Internal Audit Standards Vision 2035   Visit The IIA's website or YouTube channel for related topics and more. Follow All Things Internal Audit: Apple Podcasts Spotify Libsyn Deezer  

Send us Fan MailDefault passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devices can turn a simple misconfiguration into redirect attacks, man-in-the-middle exposure, DDoS headaches, or silent monitoring. If you're studying for the CISSP or defending a real network, you'll walk away with a clearer sense of what to fix first and how to roll changes out without creating change-management chaos.Then we shift into CISSP Domain 1.6: understanding requirements for investigation types. We break down administrative, criminal, civil, and regulatory investigations and why the burden of proof changes everything. We talk through why HR and legal need to be involved early, when law enforcement is (and is not) helpful, and how sloppy evidence handling can get key artifacts thrown out. We also cover e-discovery and legal holds, using the Electronic Discovery Reference Model (EDRM) to make the process easier to remember and apply.To close, we get practical about evidence: admissibility, chain of custody, and the forensics basics that protect data integrity, including media, memory, network, software, and embedded device analysis, plus the value of write blockers and disciplined documentation. If you want to pass the CISSP and operate like a calm, credible security professional during an incident, this is the mindset. Subscribe for weekly CISSP-focused training, share this with a teammate, and leave a review with the investigation topic you want us to tackle next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailEight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the real world: intellectual property exposure, supply chain disruption, customer impact, and the uncomfortable truth that recovery is only one part of the story when data walks out the door.From there, we switch into CISSP Domain 7 Security Operations mode and work through practical exam-style questions with the “how would this hold up at work” mindset. We break down why live forensics imaging can be the right call during an insider threat investigation, using the order of volatility and the kinds of RAM artifacts that disappear the moment you shut a machine down. We also tackle a Patch Tuesday nightmare scenario where a CVSS 9.8 vulnerability is already being exploited but the change advisory board will not meet for ten days, and we explain why an emergency change process plus compensating controls is the mature security operations answer.We also cover a common privileged access failure where a domain admin uses an elevated account for email and browsing, and how least privilege plus a privileged access workstation (PAW) architecture can prevent a single phish from becoming domain compromise. Finally, we sharpen the fundamentals with an RTO/RPO recovery timeline question and a SIEM brute force threshold miss that illustrates false negatives and the need for better tuning and behavioural baselines.Subscribe for weekly CISSP training, share this with a study partner, and leave a review so more security pros can find the show. What topic do you want me to turn into practice questions next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Dr. Adeel Shaikh Muhammad, a cybersecurity strategist and global speaker with over 16 years of experience across information security, networks, and systems. Adeel brings a practical perspective on how organizations can adapt to evolving cyber threats and the growing role of AI in cybersecurity. Adeel, with an extraordinary portfolio of 40+ industry certifications, including CISSP, CISM, CISA, CCISO, PMP, CEH, ISO 27001 Lead Implementer & Auditor, and a robust suite of advanced Cisco, Microsoft, Fortinet, Barracuda, ITIL, PRINCE2, and AI-related credentials, he is a benchmark of technical mastery and visionary execution. His academic excellence includes a Master's in Cybersecurity and a current Doctorate in Business Administration (DBA) focused on the impact of AI in Security Operations Centers (SOCs) in the Gulf region.Adeel is the author of two acclaimed books—“AI-Driven Transformation of Security Operations Center (SOC)” and “AI and Us: The Ethical Choices”—bridging the critical intersection of AI innovation and ethical leadership.Support our show by sharing your favorite episodes with a friend, subscribe, give us a rating or leave a comment on your podcast platform. This podcast is brought to you by LimaCharlie, maker of the SecOps Cloud Platform, infrastructure for SecOps where everything is built API first. Scale with confidence as your business grows. Start today for free at limacharlie.io

Send us Fan MailNext Peak:   https://nextpeak.net/services/icr/A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomfortable reality behind geopolitical cyber risk, and it is why I brought on Helen Lee, Director of Intelligence Cyber Research at NextPeak, to break down how global flashpoints turn into real security problems for businesses of every size. If your security program only reacts to today's alerts, you are already behind the curve. We dig into what “geopolitical cyber risk” actually means, why awareness so often fails to become action, and how to bridge that gap with practical, decision ready outputs. Helen shares concrete examples that make the risk feel real: how hardware and supply chains can become national security issues, why router ecosystems can create broad exposure, and how second and third order effects in semiconductor production can introduce new vulnerabilities across your tech stack. We also talk about the World Economic Forum data showing that organisations expect geopolitical tensions to increase cyber risk while many are still adjusting their posture. From there, we get operational. We cover where this work fits in an existing security stack, how to “bake it in” at the governance, risk, and compliance layer, and why threat intelligence teams will be critical for monitoring geocyber indicators and handing off actionable guidance to the SOC and leadership. Helen walks through offerings like a geopolitical cyber risk index, assessments, advisory support, customised reporting, and future focused tabletop exercises that test readiness for plausible scenarios years ahead. If you are studying for the CISSP, this conversation ties directly to Security and Risk Management, third party risk, supply chain risk, and communicating risk to executives and boards. Subscribe for more practical CISSP focused conversations, share this with a security leader who owns vendor risk, and leave a review so more people can find the show. What is the biggest geopolitical risk you think your organisation is ignoring right now?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

This week I'm reading from Jon Majerowski's book 'Contact and Control: UFOs, DNA, and the Hidden War on Human Potential' THEY ARE NOT HIDING UFOs. THEY ARE HIDING WHAT CONTACT DOES TO YOU. Something is being managed. Not the craft, not the sightings, not the congressional hearings. Those are the distraction. What is being managed is the people who get too close. Experiencers are monitored, discredited, and studied without their knowledge or consent. The research never stopped. The public narrative just never changed. Jon Majerowski spent decades figuring out why. As a CISSP-certified cybersecurity expert trained to recognize patterns across complex systems, a Freemason with direct access to esoteric traditions most researchers never reach, and a lifelong UFO experiencer who has lived this from the inside, he came to the phenomenon from every angle at once. What he found was not a mystery. It was a machine. In Contact and Control, Majerowski maps the architecture of a control system that has been running for generations: Why UFO disclosure is controlled and what is deliberately kept back. The documented programs collecting DNA from experiencers without consent. How breakthrough technology gets suppressed and drip-fed through carefully selected frontmen. The thread of consciousness research running through military and intelligence channels. How ancient knowledge, Templar history, and occult tradition connect to all of it. This is not a book about lights in the sky. It is about who decided you were not allowed to know what those lights mean, and how they built the walls to make sure you never found out. For experiencers who were told they were crazy. For researchers who kept hitting the same walls. For anyone who has sensed the gap between the official story and lived reality. The control is real. So is the contact. This book maps both. Bio JON MAJEROWSKI is a husband, father, CISSP-certified information security professional, Freemason, and experiencer based in Maumee, Ohio. He hosts the UFOs on the Level podcast, where he conducts in-depth conversations with researchers, experiencers, insiders, and practitioners exploring UFOs, consciousness, and unexplained phenomena. As a member of several initiatory orders, Jon brings an insider perspective on esoteric traditions and mystery school knowledge to his investigation of the UFO phenomenon, or as he puts it, "The Phenomenon." His approach combines personal experience, decades of critical research, and a commitment to helping other experiencers feel less alone. Jon lives with his wife and daughters, balancing family life with consciousness exploration and disclosure activism. https://contactandcontrol.com/ https://www.amazon.com/dp/B0GTGPDMFM https://www.pastliveshypnosis.co.uk/ https://www.patreon.com/alienufopodcast https://simonbown.com/ My new book, Aspects of Alien Abduction https://www.amazon.com/dp/B0GRRPCT9Y Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This episode features Angie Klein, IAM Business Technology Manager at Federated Insurance.Angie brings over a decade of experience spanning systems development and identity security leadership, holding CISSP, CIDPRO, and CISM certifications and working hands-on with CyberArk, SailPoint IDN, and Active Directory in a regulated environment.In this episode, Angie dives into the organizational and cultural work that most identity programs skip. She shares why identity deserves its own program, how to apply OCM to bring resistant stakeholders on board, and why governance must come first. Angie's core argument is that if identity security creates too much friction, people will route around it, and that's where the real risk lives.This episode makes the case that the hardest part of identity security isn't the technology, it's getting people to trust it enough to stop working around it.Guest Bio As the IAM Business Technology Manager at Federated Insurance, Angie is dedicated to advancing our Identity and Access Management program and the industry as a whole. With over 10 years of experience and currently leading a team of Security Engineers and Identity and Access Analysts, Angie is passionate about IAM and love to see "ah ha" moments when colleagues understand that security is everyone's job.Angie bring over a decade of experience as a Systems Developer, providing extensive technical expertise in the Identity Security domain. I hold certifications, including CISSP, CIDPRO, and CISM. Additionally, she has experience working in the insurance industry and am skilled in CyberArk, Active Directory, SailPoint IDN, Analytical Skills, Project Management, and Public Speaking.Guest Quote "Identity security is ultimately about trust. People have to trust that you are doing the things that will help them do their job securely and not stop them from doing their job."Time stamps 01:45 Meet Angie Klein: Expert IAM Practitioner 01:22 Why Identity Needs Its Own Program 04:30 Why Identity Programs Stall 07:27 Organizational Change Management (OCM) Explained 12:51 OCM in Action 17:08 How to Gain Buy-In for an Identity Security Program 25:05 First Steps for Standing Up a Program 30:22 The Core Pillars of Identity Security 35:00 Conclusion and Final ThoughtsSponsor The HIP Podcast is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory and Entra ID environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Angie on LinkedInConnect with Sean on LinkedInDon't miss future episodesLearn more about Semperis

This week I'm talking to Jon Majerowski about his book 'Contact and Control: UFOs, DNA, and the Hidden War on Human Potential' THEY ARE NOT HIDING UFOs. THEY ARE HIDING WHAT CONTACT DOES TO YOU. Something is being managed. Not the craft, not the sightings, not the congressional hearings. Those are the distraction. What is being managed is the people who get too close. Experiencers are monitored, discredited, and studied without their knowledge or consent. The research never stopped. The public narrative just never changed. Jon Majerowski spent decades figuring out why. As a CISSP-certified cybersecurity expert trained to recognize patterns across complex systems, a Freemason with direct access to esoteric traditions most researchers never reach, and a lifelong UFO experiencer who has lived this from the inside, he came to the phenomenon from every angle at once. What he found was not a mystery. It was a machine. In Contact and Control, Majerowski maps the architecture of a control system that has been running for generations: Why UFO disclosure is controlled and what is deliberately kept back. The documented programs collecting DNA from experiencers without consent. How breakthrough technology gets suppressed and drip-fed through carefully selected frontmen. The thread of consciousness research running through military and intelligence channels. How ancient knowledge, Templar history, and occult tradition connect to all of it. This is not a book about lights in the sky. It is about who decided you were not allowed to know what those lights mean, and how they built the walls to make sure you never found out. For experiencers who were told they were crazy. For researchers who kept hitting the same walls. For anyone who has sensed the gap between the official story and lived reality. The control is real. So is the contact. This book maps both. Bio JON MAJEROWSKI is a husband, father, CISSP-certified information security professional, Freemason, and experiencer based in Maumee, Ohio. He hosts the UFOs on the Level podcast, where he conducts in-depth conversations with researchers, experiencers, insiders, and practitioners exploring UFOs, consciousness, and unexplained phenomena. As a member of several initiatory orders, Jon brings an insider perspective on esoteric traditions and mystery school knowledge to his investigation of the UFO phenomenon, or as he puts it, "The Phenomenon." His approach combines personal experience, decades of critical research, and a commitment to helping other experiencers feel less alone. Jon lives with his wife and daughters, balancing family life with consciousness exploration and disclosure activism. https://contactandcontrol.com/ https://www.amazon.com/dp/B0GTGPDMFM https://www.pastliveshypnosis.co.uk/ https://www.patreon.com/alienufopodcast https://simonbown.com/ My new book, Aspects of Alien Abduction https://www.amazon.com/dp/B0GRRPCT9Y Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Send us Fan MailYour browser just became a security boundary you can't afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos.We walk through the mechanics in plain language: the extension's communication model is too trusting, relying on origin assumptions instead of validating true execution context. That opens the door to script injection and environment-level manipulation, where the most sophisticated part of the attack is making bad actions look normal from the inside. We also talk about the vendor response, why partial patches can still leave uncomfortable gaps, and why “trust but verify” matters when AI tools move faster than enterprise controls.Then we pivot to CISSP Domain 3.9 design site and facility security controls, because reliability and security still live in wiring closets, server rooms, and restricted work areas. We cover practical facility security: locks and limited access, airflow and HVAC planning, avoiding storage-room chaos, why cameras must be monitored, how badge systems fail in real life, and how media and evidence storage ties into legal hold, forensics, encryption, and key management. We finish with environmental and resilience essentials including UPS vs generators, fire detection and suppression options, and power quality issues like sags, spikes, surges, and brownouts.Subscribe for weekly CISSP-ready lessons, share this with a teammate who lives in Chrome, and leave a review so more security pros can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailQuiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywood version of a hack, and how the business impact shows up as confident misinformation rather than obvious outages.We also dig into the difference between data poisoning (deliberate manipulation) and data pollution (accidental garbage at scale), then connect it to retrieval augmented generation (RAG). RAG is powerful because it answers from your internal knowledge base, but that same knowledge base becomes the attack surface and the “source of truth” the model won't question. I share practical steps you can take right now: audit what your AI actually trusts, map the full AI contact surface across workflows and repositories, treat the AI pipeline like an untrusted vendor, and assign a named owner for accuracy and security.Then we shift into CISSP Domain 1 practice with exam-style questions that force real trade-offs: using annual loss expectancy (ALE) to recommend a risk treatment to the board, applying NIST RMF guidance even when controls are inherited through FedRAMP, handling an ethics dilemma under the ISC2 Code of Ethics, spotting the biggest BCP gap when RTO and RPO targets collide with backup frequency, and explaining why HIPAA compliance does not automatically equal GDPR compliance for EU citizen data.If you're studying for the CISSP or you're building security controls around AI and cloud systems, this one is built to sharpen both your judgement and your test readiness. Subscribe, share this with a friend who's deploying AI internally, and leave a quick review so more CISSP candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Just wrapped up a conversation with Vidya Shankaran, CISSP from Commvault here at RSAC, and honestly, this one made me pause and rethink a few things. We talk a lot about resilience, threat detection, and now AI data. But what stood out to me is how the conversation is shifting from just “can you recover” to “can you recover clean”.That's a big difference.With Vidya, we went deep into what's actually broken in traditional recovery models and why “verified clean recovery” is becoming critical. Not just recovering fast, but recovering without bringing the threat back with you.We also got into the real tradeoff teams are dealing with today. Speed vs accuracy in threat detection. Quick scans vs deeper AI inspection. And the answer is not either or, it is how you combine both in practice.Another big takeaway for me was around AI data becoming a new attack surface. Most teams are still thinking about structured data, but AI pipelines, embeddings, and unstructured data are now part of the risk layer.And the blind spots are bigger than most people think. We also touched on something I hear a lot from teams. How do you actually enforce governance without slowing everyone down. There is no perfect answer, but there are better ways to approach it.If you are thinking about resilience, especially in an AI-first world, this conversation is worth your time.Let me know what stood out to you.#data #ai #security #rsac #theravitshow

Think you're ready for the CISSP? Let's put that to the test. The CISSP (Certified Information Systems Security Professional) is widely considered the "gold standard" of security certifications, but passing it requires more than just technical knowledge - it requires a management mindset. In this episode of InfosecTrain Tech Talks, we walk through 10 carefully selected practice questions designed to simulate the complexity of the actual exam.The "course titled" CISSP Certification Training covers a mile-wide, inch-deep spectrum of security topics. In this session, we dive into key domains such as Security and Risk Management, Asset Security, and Security Architecture. We don't just give you the answers; we break down the logic behind each question, helping you identify common traps and master the "think like a CISO" strategy needed to succeed on your first attempt.

Send us Fan MailMFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way. We break down practical, real-world defenses that go beyond “more tools”: fixing payment and approval workflows, defining what counts as a high-risk transaction, forcing out-of-band verification using known contact details, adding mandatory pauses for unusual transfers, and training teams with realistic BEC scenarios during end-of-quarter and holiday pressure. The big takeaway is that blocked phishing emails are not the same thing as protected money movement, and leadership has to own that gap. Then we pivot into CISSP Domain 7 with a clear, test-focused walkthrough of disaster recovery plans. A DR plan on paper is not resilience, so we cover the five primary DR testing types: read-through checklist, walkthrough and tabletop, simulation, parallel, and full interruption. You will learn what each test proves, why most organizations stop at simulation, and how to build toward higher-confidence testing without taking reckless risks. If this helps you, subscribe for weekly CISSP-focused cyber training, share the episode with a teammate, and leave a review so more people can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailA single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal looking” logins, you may not see the threat until it has already jumped domains.From there, we pivot into CISSP Domain 8.4 thinking: how to evaluate acquired software without guessing. We break down what to look for in open source software (community activity, maintenance signals, orphaned project risk), what makes COTS software uniquely hard to assess (no source code visibility for deep vulnerability assessment), and what matters most for SaaS and managed services (encryption for data at rest and in transit, plus clear SLAs that define performance metrics and incident response expectations). We also cover why the shared responsibility model is non-negotiable for cloud security clarity, especially around account management and access control.We round it out with hands-on evaluation methods that map to both the exam and real security programs: threat modeling to uncover dependency risk, dependency scanning to catch vulnerable libraries, sandbox testing in a controlled environment, and periodic reassessments as threats evolve. If you're studying for the CISSP or building a safer vendor and software intake process, this one gives you a practical checklist mindset. Subscribe for more CISSP training, share this with a study partner, and leave a review with the software risk topic you want us to cover next.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailRansomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built to give you structure, accountability, and weekly sessions so you can realistically target exam day without paying boot camp prices. Seats are limited, with an early bird option, because the whole point is real feedback and momentum. From there we dig into a timely threat story: Trigona ransomware and its use of a custom data exfiltration tool designed to evade common detection patterns. We break down what it means when attackers move away from popular utilities and how bandwidth saturation, connection rotation, and encrypted outbound traffic can slip past monitoring. If you're studying CISSP security operations and incident thinking, this is a clean example of how credential theft, endpoint interference, and network visibility all connect. Then we shift into CISSP Domain 3 cryptography and make the rules stick: symmetric versus asymmetric encryption, what key does what for confidentiality, and how digital signatures actually deliver integrity and non-repudiation. We also cover elliptic curve cryptography, key size advantages, and why quantum computing is forcing real post-quantum cryptography planning now, not later. Finally, we share a board briefing framework for CISOs and security leaders so you can translate technical risk into business impact, loss cases, and a clear ask the board can act on. Subscribe for weekly CISSP-focused cybersecurity training, share this with a study partner or a security leader, and leave a review so more people can find the show. What part do you want us to go deeper on next: crypto rules, ransomware tradecraft, or board communication?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailCybersecurity isn't just an IT issue — it's a leadership issue. In this special session preview, REDW Principal and National Tribal Practice Leader Wes Benally sits down with REDW Principal John Graham, CISA, CISM, CISSP, CRISC, ahead of the NAFOA 44th Annual Spring Conference in Reno, Nevada.John offers Tribal leaders a new way to think about cyber risk — one rooted in stewardship, sovereignty, and sound decision-making. He shares how Tribal governments can build resilience before an incident strikes, what tends to go wrong when one does, and why data — from financial systems to recorded language — deserves to be protected like any other tribal asset.On April 28, 2026, John will join a panel of cybersecurity experts for What Could Go Wrong? Cybersecurity Essentials for Tribal Governments at NAFOA 2026. Don't miss it.Learn more about REDW at NAFOA 2026.Chapters00:00 - Introduction: John Graham and the NAFOA Panel01:04 - Reframing Cybersecurity as a Leadership Conversation02:53 - When Incidents Spiral: Leadership Disconnects During a Cyber Event06:06 - Stewardship, Sovereignty, and Tribal Data as an Asset08:26 - What John Hopes Leaders Take Away from NAFOAREDW Advisors and CPAs is proud to bring you the Insight in Indian Country Podcast, covering important advisory, accounting, and finance topics that impact Tribal Nations and business affairs. Thanks for listening!

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Breaking Into OT Cybersecurity: Closing the Skills Gap and Protecting Critical InfrastructurePub date: 2026-04-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe biggest challenge in OT cybersecurity isn't just technology - it's people. In this episode of Protect It All, host Aaron Crow sits down with Mike Holcomb to explore one of the most urgent issues facing the industry today: the growing skills gap in OT and ICS cybersecurity. Mike shares his journey from IT into operational technology security and breaks down why more professionals are needed to defend the systems that power energy, manufacturing, and critical infrastructure worldwide. This conversation goes beyond awareness - it's about practical pathways into the field and how the community is stepping up to make OT cybersecurity more accessible. You'll learn: Why OT cybersecurity is one of the most in-demand and underserved fields How to transition from IT to OT cybersecurity The biggest barriers newcomers face - and how to overcome them What foundational skills and controls matter most in ICS environments The role of community initiatives like BSides ICS in closing the gap Why training, mentorship, and collaboration are critical for the future Whether you're looking to break into cybersecurity, pivot your career, or build stronger teams, this episode delivers actionable guidance and inspiration from someone actively shaping the future of OT security. Tune in to learn how to build a career while helping protect the infrastructure the world depends on - only on Protect It All. Key Moments:  03:07 Getting started in cybersecurity 06:33 Early passion for cybersecurity 11:54 Hurricane Katrina aftermath discussion 15:50 Awareness and education on OT security 17:49 First experiences with GRID class 25:07 Early challenges in OT cybersecurity 29:17 Importance of effective communication 35:11 Global expansion of cybersecurity events 39:52 Building a foundation in OT cybersecurity 43:36 Excitement for new CompTIA exam 46:48 Expressing appreciation for community involvement About the guest:  Mike Holcomb is an independent consultant focused on OT/ICS cybersecurity and an educational content creator. Prior to supporting clients full-time through UtilSec, he was the Fellow of Cybersecurity and the OT/ICS Cybersecurity Global Lead for one of the world's largest engineering and construction companies, providing him with the opportunity to work in securing some of the world's largest OT/ICS environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT with multiple events planned globally in 2026. He has his master's degree in OT/ICS cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and OT/ICS certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He was awarded the SANS Difference Maker Award for Practitioner of the Year: ICS/OT Defender for 2025 and BEER-ISAC's Community Builder Award for 2026. He posts regularly on LinkedIn and YouTube to help others learn more about securing OT/ICS and critical infrastructure.  How to connect Mike:  Main Site: mikeholcomb.com LinkedIn: linkedin.com/in/mikeholcomb YouTube: youtube.com/@utilsec Instagram: instagram/_mikeholcomb/ Newsletter: utilsec.kit.com/95e31307f7 BSidesICS/OT: bsidesics.org Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Send us Fan MailThree Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in Patch Tuesday while Red Sun and Undefend were described as still unpatched at the time, and the practical response: update fast, verify coverage, and keep your eyes on threat intel so local privilege escalation does not become a bigger incident.From there, I keep the CISSP momentum going with Domain 2.5 retention requirements, because retention is one of those “boring” topics that turns you into a hero the day something goes wrong. We walk through why retention exists (regulatory compliance, legal mandates, litigation holds, audits, and business continuity), what you should actually retain (security logs, audit trails, backups, PCAP where it makes sense, and especially configuration files and system documentation), and how to test backup and recovery so it works when you need it. We also hit the real-world trade-offs: cost vs risk, over-retention vs under-retention, GDPR-style data minimisation, and secure disposal with documentation you can show an auditor.Then I shift into security leadership with segment two of the boardroom cybersecurity series: five business translations that convert security speak into language boards can act on. Vulnerabilities become business exposure, alert volume becomes risk prevented, budget requests become ROI, AI threats become operational risk, and compliance becomes business continuity. If you want clearer retention policies, stronger audit readiness, and better executive buy-in, subscribe, share the show, and leave a review so more security pros can find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of the Unsecurity Podcast, hosts Brad Nigh and Megan Larkins speak with Brian Kelley, information security consultant at FRSecure and one of the infamous CISSP Mentor Program's leads this year. Together, they talk about Brian's journey in information security and how it led him to helping support the FRSecure CISSP Mentor Program.Hear the trio discuss:Working in IT and finding interest in information securitySecurity focuses at MSPsPaying help forwardStudying tips and finding resourcesPicking your exam dateThe CISSP Mentor Program's format and evolutionWhile the program has already begun, you can still get all on-demand materials and join the rest of the live mentor sessions by signing up at https://learn.frsecure.com/courses/2026-cissp-mentor-program!Like, subscribe, and share with your network to stay informed about the latest in cyber and information security!We want to hear from you! Reach out at unsecurity@frsecure.com and follow us for more:LinkedIn: https://www.linkedin.com/company/frsecure/Instagram: https://www.instagram.com/frsecureofficial/Facebook: https://www.facebook.com/frsecure/BlueSky: https://bsky.app/profile/frsecure.bsky.socialAbout FRSecure:https://frsecure.com/FRSecure is a mission-driven information security consultancy headquartered in Minneapolis, MN. Our team of experts is constantly developing solutions and training to assist clients in improving the measurable fundamentals of their information security programs. These fundamentals are lacking in our industry, and while progress is being made, we can't do it alone. Whether you're wondering where to start or looking for a team of experts to collaborate with you, we are ready to serve.

Send us Fan MailThe next wave of AI in cybersecurity is not a theory project, it's an operational deadline. I open with a timely look at reporting that the White House wants federal agencies to get access to Anthropic's Claude Mythos, and why that scramble matters for every security team. If Mythos can help uncover vulnerabilities and accelerate exploit development, the same capability that strengthens defense can also supercharge attackers. We talk about why the government wants guardrails, why supply chain risk becomes a bigger deal, and why the gap between AI leaders may be measured in months, not years.From there, I shift into practical CISSP Domain 2.5 fundamentals: appropriate asset retention, end of life, and end of support. We walk through what “end of life” really means, why unsupported systems become high-value targets, and how to build a real end-of-life process with asset inventory, sunsetting plans, data migration, continuity planning, and secure disposal. I also share why documentation isn't busywork, especially when legal hold and chain of custody can block normal modernization efforts, and how retention policies can reduce both compliance exposure and litigation risk.Finally, I kick off a boardroom cybersecurity series built for senior security professionals and aspiring CISOs. The core idea is simple: boards don't make decisions in CVSS scores or alert counts, they make decisions in revenue impact, downtime, safety, and recovery time. I explain how to translate technical risk into business language, what boards actually want to know, and how strong executive communication turns a security leader into a strategic advisor. Subscribe, share this with a teammate, and leave a review so more CISSP and cybersecurity leaders can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailAI didn't just make deepfakes easier. It made targeted sexual abuse scalable. I open with a Wired-reported reality that's hitting schools worldwide: AI tools that can generate fake nude images from ordinary photos, spread through bots and subscription services, and leave students and families dealing with humiliation, harassment, and real trauma. If you're a cybersecurity professional, this is a moment where your skills can protect your community, not just your company.I walk through concrete ways to help: offering free threat briefings to school districts, helping draft acceptable use and AI governance policies, adding mandatory reporting language, and building age-appropriate deepfake awareness training for staff and students. If you're in threat intelligence, you can document and report active infrastructure. If you're in GRC or vendor risk, you can push synthetic media controls and stronger AI governance. I also talk about incident response basics for schools: evidence collection, platform takedowns, and tabletop exercises that prepare teams for a fast-moving crisis.Then we pivot into CISSP exam prep with practical questions tied to today's threats. We break down quantitative risk assessment (ALE, SLE, ARO) and how cost of mitigation drives the right response. We hit GDPR Article 22 and AI transparency, post-quantum cryptography for long-term retention, SSD sanitisation aligned to NIST 800-88 using cryptographic erasure, and zero trust in 5G edge networks using software-defined perimeter controls for least privilege IoT communications.Subscribe for weekly CISSP training, share this with someone who works with schools, and leave a review so more defenders can find it.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Ransomware has evolved from basic digital extortion into a sophisticated, AI-powered threat that's faster,smarter, and more devastating than ever before. In this session, we'll explore how threat actors are weaponizing artificial intelligence to supercharge their operations—from automated reconnaissance and hyper-realistic phishing to malware that adapts in real-time to evade detection. We'll also examine how AI-driven ransomware exploits supply chain vulnerabilities to create cascading disruptions across entire industries.More importantly, we'll discuss practical strategies for fighting back: leveraging AI-powered behavior alanalytics and autonomous response tools, implementing zero-trust architecture,and building true organizational resilience through tested backup and recovery procedures. Whether you're in security operations, incident response, or infrastructure protection, this session will equip you with actionable insights to shift from a prevention-only mindset to one focused on preparedness and rapid recovery in today's evolving threat landscape. About the speaker: Gary Hayslip is an experienced Global Security Executive with a proven track record of delivering innovative security programs that protect billion-dollar enterprises at every touchpoint. He is intensely focused on driving continuous improvement to maximize the efficiency of security programs while minimizing costs. As an insightful thought leader, he possesses strong business acumen and a commitment to organizational mission, values, and goals. He has demonstrated the ability to collaborate with all levels of an organization to champion new ideas, gain buy-in, and build consensus. Hayslip brings extensive experience in information technology, security leadership, physical security, and risk management to his role as the Senior Security Advisor | CISO in Residence for Halcyon.ai. His previous executive positions include multiple roles as Chief Information Security Officer, Chief Information Officer, Deputy Director of IT, and Chief Privacy Officer for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego, California, Webroot Software, and SoftBank Investments (Vision Fund & Vision Fund II).Hayslip is a proven cybersecurity expert with excellent communication and public speaking skills. He is skilled at explaining complex security and risk concepts to audiences with different levels of knowledge. Hayslip has earned a reputation as a highly effective communicator, author, and keynote speaker. He co-authored the "CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2," "The Executive Primer: An Executive's Guide to Security Programs," "Developing Your Cybersecurity Career Path," and the "The Essential Guide to Cybersecurity for SMBs." He recently coauthored andpublished "Mastering Third Party Risk," a guide aimed specifically for security practitioners to help them manage the risk exposure to organizations from vendors and supply chains. These books are among the top resources for helping CISOs improve their leadership and business skills. Hayslip currently serves as an independent director on several boards and advises various other security and technology firms. He is an active member of the cybersecurity community and belongs to professional organizations such asISC2, NACD, ISACA, and Infragard. Hayslip holds several professional certifications, including CISSP, CISA, and CRISC, and has earned a BS in Information Systems Management from the University of Maryland,University College, and an MBA from San Diego State University.

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvAn AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it's a stress test for every risk program on the planet. I open with what the Mythos news implies for real-world defense: attacker behavior may shift from human pace to machine speed, and many SIEM and EDR detections are still tuned for human patterns. That's why we talk candidly about what security teams may need to do next, including tightening externally facing systems and moving faster toward a zero trust architecture. Then we pivot into CISSP Domain 1 risk management concepts, translating exam language into decisions you'll actually make in a business. We define the core terminology like assets, threats, vulnerabilities, exposure, safeguards, attacks and breaches, then walk through control categories (technical, administrative, physical) and control types (preventive, detective, corrective, deterrent, recovery and compensating). If you've ever wondered why risk conversations go sideways, we also dig into the difference between risk appetite, risk capacity, and risk tolerance, and why you can't set these without business leaders in the room. We also tackle quantitative risk analysis versus qualitative risk analysis, including CISSP formulas such as AV, EF, SLE, ARO and ALE, plus a critical reality check on “fake precision” and how to apply a cost-benefit analysis that holds up. Finally, we cover security control assessments, monitoring and measurement, building a risk register safely, and how maturity models and risk frameworks like CMMI, ISO 31000, NIST approaches, ISO 27005, COBIT, SABSA and PCI DSS fit into a defensible cybersecurity risk management program. Subscribe, share this with a CISSP study partner, and leave a review so more security pros can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Dreaming of a high-demand, secure career that protects the digital world, but unsure where to start? This is your definitive guide to breaking into the thrilling field of cybersecurity, even with no prior experience! Industry expert Steve Regester reveals the exact roadmap you need to land your first cybersecurity job and build a resilient, rewarding future.In today's rapidly evolving digital landscape, the demand for skilled cybersecurity professionals is soaring. Cyber threats are more sophisticated than ever, making robust information security a critical concern for businesses worldwide. But how do you navigate this complex world and secure a lucrative role without an existing network or years of experience? Join us as Steve Regester, a seasoned veteran and renowned expert in the cybersecurity space, demystifies the entire process. He breaks down common barriers, offering actionable advice on everything from mastering foundational IT security skills to advanced strategies for career progression and how to get a cyber security job.This comprehensive guide is an invaluable resource for anyone aspiring to build a successful career in IT security. Whether you're a recent graduate looking for a clear career path, considering a significant career change into tech, or simply curious about the world of ethical hacking and digital defense, this video is your ultimate blueprint. Steve shares his invaluable insights on the diverse roles within cybersecurity, the most sought-after industry certifications like CompTIA Security+ or the highly respected CISSP, and crucial strategies for effective networking that will open doors.Discover how to craft a compelling cybersecurity resume, ace those challenging technical interviews, and position yourself as an indispensable asset in the global fight against cybercrime. Steve emphasizes practical tips and real-world scenarios, ensuring you understand not just 'what' to learn, but 'how' to apply it. We'll explore entry-level cybersecurity jobs, discuss potential cyber security salary expectations, and provide a clear framework for continuous learning in a field that constantly evolves. This isn't just about landing a job; it's about building a robust, future-proof cybersecurity career that truly matters. Empower yourself with the knowledge and confidence to make your cybersecurity career aspirations a reality. Don't miss out on these expert strategies from Steve Regester for breaking into cyber and securing your future in tech.Ready to embark on your cybersecurity journey? Like this video, subscribe to our channel for more expert insights into tech careers and information security, and hit the notification bell so you never miss an update on professional development! Share your questions and thoughts in the comments below – we love hearing from you!

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA single disgruntled admin can do more damage with “normal” IT tools than many attackers can with malware, and that reality changes how we should think about both security and careers. I start with a true insider attack story where legitimate administrative access was used to lock out users, disrupt operations, and attempt extortion, then I break down the practical controls that reduce insider threat risk: least privilege, immutable backups, privileged activity alerting, and real segregation of duties.From there, I share the cybersecurity career roadmap most people never get. Instead of pushing everyone into the same crowded paths, I talk through high-demand roles with less competition, especially GRC (governance, risk, and compliance) and OT/ICS security. If you're breaking into cyber, we cover how risk assessments, policy writing, audit coordination, and vendor risk management can become your unfair advantage, even with a non-traditional background. If you're drawn to critical infrastructure, we dig into why IT plus OT security skills are rare, how to start learning SCADA and industrial environments, and why the salary upside is real.For mid-career and senior pros, we shift into what actually unlocks leadership: risk quantification, FAIR methodology, supply chain security, cloud security architecture, and speaking the language of the board through metrics and a risk register. If you want to move toward CISO or virtual CISO work, this is about becoming a business risk advisor, not just the person who runs tools. Subscribe, share this with a friend building their cyber career, and leave a review. What role are you aiming for next?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvLinkedIn might be doing more in your browser than you think. We start with a report dubbing it “BrowserGate” a claim that LinkedIn quietly checks for installed Chrome extensions using hidden JavaScript, raising real questions about privacy, browser fingerprinting, and what platforms should disclose to users when collecting device level signals tied to real identities and jobs. From there, we shift into a core CISSP topic that shows up everywhere in real security work: implementing and supporting patch vulnerability management (CISSP Domain 7.8). We talk about why patching is not just maintenance, but a primary security control that shrinks your attack surface across the entire ecosystem, including servers, endpoints, cloud services, mobile devices, and OT/ICS environments where uptime and safety make patching harder. We also cover the uncomfortable reality of unpatchable legacy systems and how compensating controls like micro-segmentation and network isolation help manage risk when a vendor will never ship an update. We ground the conversation with the Apache Struts remote code execution lesson and the Equifax breach, then walk through a practical patch management lifecycle: evaluate applicability, test in non-production when needed, follow change management approvals, deploy with rollback plans, and verify with follow-up scans. You'll also hear clear CISSP-ready distinctions between hotfix vs patch vs update, authenticated vs unauthenticated vulnerability scanning, CVE feeds, CVSS prioritisation, MTTR metrics, and how to respond when a zero-day vulnerability has no patch yet. If this helps your CISSP prep, subscribe, share the episode with a study partner, and leave a review so more security learners can find it. What part of patch and vulnerability management is hardest in your environment right now?Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA ransomware headline is easy to ignore until you realize it can shut down a factory line, break supplier networks, and trigger contract penalties that dwarf the original IT cleanup. We start with a real-world manufacturing case study from the UK where cyber incidents are becoming routine, then zoom in on why revenue hits are so brutal in an industry that often runs on tight margins. The Jaguar Land Rover disruption adds a sobering lesson: a single breach can ripple outward into suppliers, logistics, and even wider economic impact.From there, we switch into CISSP Question Thursday with Domain 4 focused practice that sharpens how you think under exam pressure. We walk through a zero trust private cloud scenario and explain why microsegmentation with software-defined networking gives the most granular workload-to-workload control for stopping east-west lateral movement after a compromised web server. We also tackle the split tunnel VPN tradeoff that can turn an endpoint into a bridge for attackers, plus a legacy ARP weakness that opens the door to ARP spoofing and man-in-the-middle attacks.We round it out with high-value protocols and technologies you're likely to see on the CISSP exam: DKIM for cryptographic email integrity and domain validation, WPA3's SAE for stronger protection against offline dictionary attacks, and VXLAN in shared infrastructure where encryption is not provided by default and must be layered in with controls like IPsec or MACsec. If you're studying communications and network security, this one connects technical decisions to real business risk. Subscribe, share with a study partner, and leave a review so more CISSP candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvPassing the CISSP is a huge win, but the part that quietly ends careers is what comes after: keeping the certification active. I walk you through how to submit ISC2 CPEs in a way that is accurate, defensible, and easy to repeat, so you never wake up to a renewal deadline panic. We talk real numbers too: 120 CPE credits per three-year cycle, a minimum of 40 each year, and the $125 annual maintenance fee that can sneak up on you if you are not watching your dashboard.Before we get into the portal clicks, I bring up an idea that matters for every cybersecurity professional: the hidden cost of cybersecurity specialisation. Specialising can raise your income and sharpen your value, but without broad context you can lose the big picture, mis-prioritise risk, over-rely on tools, and slow down detection and response. The goal is to build depth while staying fluent across the CISSP domains and the business realities those domains protect.Then we go step by step through CPE submission: choosing the right category (education, contributions, professional development, or unique work experience), understanding Group A vs Group B, selecting relevant CISSP domain areas, converting time into credit hours, and attaching supporting documentation that holds up during an ISC2 audit. I also share the most common mistakes that waste time, including waiting until the last minute, entering hours incorrectly, miscategorising activities, and failing to save proof for at least 12 months beyond your certification expiration date.If you want more practical CISSP training and a smoother CPE routine, subscribe, share this with a friend who is newly certified, and leave a review so more people can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA cheap camera on a pole can become a surveillance pipeline, and that's not a movie plot, it's a real security problem. I start with a news-driven look at alleged CCTV espionage tied to critical infrastructure and why CISSP Domain 3 isn't just theory. If you don't know what devices are installed at your sites, what they record, and where that data goes, you can lose control of your environment long before an attacker ever touches your firewall.From there, I pivot into a focused Domain 3 question set that drills the kind of reasoning the CISSP exam rewards. We unpack why collapsing multiple security layers into one “highly capable” security appliance creates a single point of failure, and how defense in depth is really about independent layers, resilience, and clear risk acceptance. I also review classic security models, including the Bell-LaPadula lattice model and its “no read up, no write down” confidentiality rules, plus how it differs from integrity-focused Biba and the commercial Clark-Wilson approach.We then hit core security architecture and engineering concepts: the trusted computing base (TCB), what the reference monitor is, and why the security kernel is the component that implements it. On the crypto side, I explain why elliptic curve cryptography (ECC) is the best strength-to-key ratio choice for digital signatures on low-powered IoT devices. Finally, we cover database security threats like inference (and how it relates to aggregation), and wrap with a practical safety topic for data centers: Class C electrical fires and why CO2 or clean agents are preferred to protect hardware.Subscribe for weekly CISSP prep, share this with a study partner, and if it helped you think more clearly, leave a review so more candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailThe fastest way to lose control of your security program is to ignore the systems that control everything else. I start with a timely CISA warning: attackers went after an endpoint management system, the kind of “one system that touches many” platform that can turn a single compromise into enterprise-wide fallout. We talk through practical hardening moves like multi-factor authentication, limiting where admins can log in from, and adding extra checks for high-impact access, because centralized management consoles are prime targets for nation-state and supply chain motivated attacks. Then we pivot to the bigger wave: AI GRC (governance, risk, and compliance) in the age of artificial intelligence. AI adoption is exploding while AI governance lags, and that gap is where regulatory fines, privacy failures, and reputational damage tend to show up. I break down GRC in clear terms, explain why traditional audits and sample-based testing struggle with always-on AI decisions, and lay out what AI governance needs to add: an AI inventory, explainable AI requirements, named model owners, fairness and bias assessments, model lifecycle governance, and third-party AI risk management. We also map the AI regulatory landscape you need to know, including the EU AI Act, the NIST AI RMF, and ISO 42001 as an emerging certifiable AI management system. From there, I walk through seven risks companies must understand: algorithmic discrimination, non-compliance, model drift, data governance and GDPR privacy exposure, black box accountability gaps, vendor and supply chain AI risk, and shadow AI from unauthorized employee tool use. You'll leave with an eight-step roadmap you can apply immediately, plus next actions like downloading the NIST AI RMF, running a quick AI inventory, assessing EU exposure, and updating vendor due diligence for AI. Subscribe, share this with your GRC or security team, and leave a review so more CISSP learners can find the training.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailA “just visiting a website” iPhone hack is the kind of story that snaps you out of autopilot, and that's where we start. Dark Sword shows how sophisticated mobile malware can ride on compromised sites and silently pull sensitive data from iOS devices. The fix is refreshingly practical: patch quickly, encourage the people around you to patch, and treat update discipline as real cybersecurity risk management, not a minor inconvenience.Then I shift into CISSP Domain 2 Asset Security with a set of deep-dive practice questions that mirror how ISC2 likes to test your thinking. We break down what data classification is actually for, how to spot the “primary purpose” in tricky answer choices, and why value drives controls. From there we tackle cloud security responsibility with a healthcare scenario and a misconfigured ACL, clarifying why the organisation and its data owners remain accountable even when a cloud provider runs the infrastructure.We also navigate a common GRC conflict: legal retention requirements versus security's desire to reduce breach exposure, and how to land on a defensible data retention policy. Finally, we get hands-on with media sanitisation, including why DOD 5220.22-M overwriting can fail on SSDs under NIST 800-88 guidance, and we close with access governance basics like least privilege and need to know when roles change.If you're studying for the CISSP exam or tightening real-world security controls, subscribe, share this with a study partner, and leave a review so more candidates can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send a textAI is not a future cybersecurity problem. It is a right now career problem, and it is also a massive opportunity if you prepare the right way. I walk through how AI is changing cybersecurity forever, from AI-generated phishing and malware to brand new attack surfaces like prompt injection and LLM attacks. At the same time, I explain why modern defense stacks are getting smarter fast, with AI baked into SIEM, EDR, XDR, threat intelligence, and cloud security posture tools.We also zoom out to what senior leaders are expected to do today. CSOs and CISOs are hired to protect more than systems. They protect revenue, brand trust, and business continuity, and they have to communicate risk in language the board can act on. If you want to grow into leadership, I share the mindset shift away from being the “job of no” and toward enabling the business with clear trade-offs, metrics, and outcomes.Whether you are new to cyber or you have 5 to 20 years in, you will leave with a practical plan: which certifications build momentum, which roles AI is disrupting, what skills AI cannot replace, and how to run a 12-month upskill roadmap that keeps you relevant in the AI era. If this helps you, subscribe, share it with one person in cyber, and please leave a review so more CISSP and cybersecurity professionals can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send a textAI is starting to change cybersecurity budgets in a surprising place: cyber insurance premiums. We dig into why insurers now care about how you use AI, how “more automation” can still mean “more risk,” and what it looks like when AI expands your attack surface through new APIs, sensitive data exposure, and code that ships with hidden security flaws. If you're a security leader, risk manager, or CISSP candidate, this is the kind of real-world pressure that turns governance from a buzzword into a business necessity.From there, we shift into CISSP Question Thursday with Domain 1 practice questions and clear walk-throughs. We cover why discretionary access control matches a data classification model where data owners set permissions, how to use the CIA triad as a risk-based decision tool (especially for e-commerce where availability equals revenue), and a clean distinction between due diligence and due care that you can use in audits, interviews, and exam answers.We also tackle a scenario every organisation faces: cloud outsourcing and accountability. Even with a contract, you can't fully transfer liability for protected customer data, and regulators still expect you to manage compliance, vendor risk, and controls. We close with a governance lesson on why awareness training must evolve with the threat landscape, including modern social engineering like deepfake-driven attacks. Subscribe, share this with a friend studying CISSP, and leave a review or comment with the hardest Domain 1 concept you're trying to master.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

Send us Fan MailThe ground under cybersecurity careers is shifting, and the fastest movers are pairing CISSP with modern, high-leverage skills that command premium pay. We dig into a practical roadmap: first, how to prepare your SOC for agentic AI with four concrete moves—reskill analysts to supervise and validate models, establish new roles for AI governance and orchestration, redesign playbooks around automation and escalation, and enforce tight guardrails with approvals and audit trails. The goal is simple: turn AI from chaos into a disciplined force multiplier.From there, we unpack five high-income skills that dovetail with CISSP's leadership mindset. Modern GRC is no longer paperwork; it's resilience, litigation exposure, and executive storytelling—with VCISO opportunities that reward clear risk narratives and continuous evidence automation. Cloud security architecture centers on software-defined security, Terraform policies as code, zero trust in Kubernetes, and the legal boundaries of shared responsibility and data residency. AI ethics and governance emerges as the unofficial ninth domain, where shadow AI containment, dataset audits for PII, and prompt-injection testing meet global regulation and model risk policy.We also dive into advanced identity as the new perimeter—taming machine identities, secrets sprawl, and rolling out phishing-resistant FIDO2 to make zero trust real. Finally, we get tactical with software supply chain security: SBOMs, signed artifacts, dependency hygiene, and CI/CD security gates that protect velocity without breaking builds. Along the way, we share market pay signals, “decision architect” expectations for senior roles, and smart bridge certifications like CISM, AI governance credentials, and CISA that accelerate credibility.If you're ready to pivot from “security says no” to “here's how to do it safely,” this is your map. Subscribe, share with a teammate who needs a nudge, and leave a quick review to help more CISSPs find their niche and lead the way.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

"I can't think about cybersecurity this week; I'm thinking about 1099s."You're not alone. Many SMBs see the NIST Cybersecurity Framework (CSF) as an overwhelming manual for government contractors, not a local shop or startup. Jen Stone sits down with Daniel Eliot, NIST's lead for small business engagement. We break down the new NIST CSF 2.0 Small Business Quick Start Guide —a "small-chunk" resource designed for under-resourced organizations to move from chaos to a structured program. In this episode:Why having "everyone" responsible means "nobody" is.How to build a "reasonable" security program while managing payroll and daily operations.Why taking security seriously helps you win bigger contracts and scale safely.The exact steps (MFA, patching, backups, and more) that even large orgs get wrong.NIST ResourcesNIST (National Institute of Standards and Technology): https://www.nist.gov/Small Business Cybersecurity Corner: https://www.nist.gov/itl/smallbusinesscyberNIST CSF 2.0 (Cybersecurity Framework): https://www.nist.gov/cyberframeworkSmall Business Quick Start Guide: https://www.nist.gov/publications/nist-cybersecurity-framework-20-small-business-quick-start-guideContact Daniel and his team: smallbizsecurity@nist.govKey Term DefinitionsThe 6 Functions: Govern, Identify, Protect, Detect, Respond, and RecoverMFA: Multi-Factor Authentication—essential for account access. Patching: Updating software to fix security "holes." MSP/MSSP: Local experts you can hire to manage IT security. Timestamps00:00 – Many hats of small business owners00:26 – Daniel Eliot and NIST's Mission02:25 – Exploring the Small Business Cybersecurity Corner03:20 – What is the NIST CSF?04:26 – The Small Business Quick Start Guide for CSF 2.006:52 – How to Identify Your Most Critical Assets09:56 – When to Seek Help: Engaging MSPs and Local Resources10:52 – Defining a "Successful" Cybersecurity Program13:21 – Essential Fundamentals: MFA, Patching, and Backups15:35 – How to Engage Directly with NIST Jen Stone (MCIS, CISSP, CISA, QSA) is a Principal Security Analyst at SecurityMetrics. With 25+ years in IT and 100+ high-level assessments, Jen specializes in making complex compliance actionable for businesses of all sizes. Outside of security, she is an aerial arts enthusiast and motorcycle rider. Request a Quote for a PCI Audit ► https://www.securitymetrics.com/pci-audit Request a Quote for a Penetration Test ► https://www.securitymetrics.com/penetration-testing Get the Guide to PCI DSS compliance ► https://www.securitymetrics.com/lp/pci/pci-guide Get FREE security and compliance training ► https://academy.securitymetrics.com/ Get in touch with SecurityMetrics' Sales Team ► https://www.securitymetrics.com/contact/lets-get-you-to-the-right-place

How real-time security transforms ERP systems in a cloud-driven world, spotting threats instantly, leveraging AI for proactive defense, and closing common blind spots before breaches escalate. Curious about staying ahead of cyber risks?=====Mohammed Moidheen, SAP security architect at Infosys, unpacks why real-time monitoring is vital amid 2,200 daily cyber attacks costing trillions annually. He highlights blind spots like unmonitored access vulnerabilities, ignored audit logs, unsecured APIs, privileged accounts, insider threats, and poor event correlation in S/4HANA Cloud setups. AI evolves detection with predictive intelligence, automated responses, natural language queries, and cross-system pattern spotting, shifting from reactive to proactive security. Real-world cases show systems halting unusual data downloads and insider data exfiltration in minutes. Advice includes aligning with governance, prioritizing crown jewels, setting baselines, training teams, and correlating data. Infosys aids via assessments and foundational builds.Listen now and rethink what ERP can do for your organization!⁠⁠⁠⁠Download Episode Transcript⁠⁠⁠⁠Useful Links: ⁠SAP Cloud ERP⁠Infosys.comFollow Us on Social Media!SAP S/4HANA Cloud ERP: LinkedIn=====Guest: Mohammed Khan Moidheen, SAP Security Architect at Infosys ConsultingMohammed Khan Moidheen is a Senior SAP Security architect with over 12 years of experience securing and operating large scale SAP landscapes across global enterprises. His expertise spans SAP S/4HANA security, ERP platform services, DevSecOps enablement, and designing audit ready security architectures aligned with frameworks such as ISO 27001, NIST, and GDPR.Mohammed is CISSP and CISA certified and I excel at translating complex security requirements into actionable strategies that are practical , strategically aligned and strengthen organisational resilience.Host 1: Richard Howells, SAPRichard Howells has been working in the Supply Chain Management and Manufacturing space for over 30 years. He is responsible for driving the thought leadership and awareness of SAP's ERP, Finance, and Supply Chain solutions and is an active writer, podcaster, and thought leader on the topics of supply chain, Industry 4.0, digitization, and sustainability.Follow Richard Howell on ⁠⁠⁠⁠LinkedIn⁠⁠⁠⁠ and ⁠⁠⁠⁠X⁠⁠⁠⁠Host 2: Oyku Ilgar, SAPOyku Ilgar is a marketer and thought leader specializing in SAP's digital supply chain and ERP solutions since 2017. As a marketer, blogger, and podcaster, she creates engaging content that highlights innovative SAP technologies and explores key topics including business trends, AI, Industry 4.0, and sustainability.She holds dual bachelor's degrees in Finance & Accounting and English Translation, along with a master's degree in Business Administration and Foreign Trade, specializing in marketing. With her background in digital transformation, Oyku communicates technology trends and industry insights to help professionals navigate the evolving business landscape.Oyku's ⁠LinkedIn⁠ and ⁠SAP Community⁠=====Key Topics: real-time security, ERP monitoring, cloud threats, SAP S/4HANA, access management, audit logs, AI threat detection, insider threats, privileged accounts, predictive intelligence

This week on Defender Fridays, Farshad Abasi, Founder and CEO of Forward Security and Eureka DevSecOps, discusses how AI can help us set a new standard in app and cloud security. Farshad brings over 27 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions as the Principal Security Architect for HSBC Global, and Head of IT Security for the Canadian division. Farshad's commitment to the field extends to his role as an instructor at BCIT, where he imparts his wealth of knowledge to the next generation of cybersecurity experts. His diverse experience, which spans startups to large enterprises, informs his approach to delivering adaptive and reliable solutions.Engaged actively in the cybersecurity community through roles in BSides Vancouver/MARS, OWASP Vancouver/AppSec PNW, and as a CISSP designate, Farshad's vision and leadership continue to drive the industry forward. Under his guidance, Forward Security is setting new standards in application and cloud security. Learn more at https://www.eurekadevsecops.com/ and https://forwardsecurity.com/Register for Live SessionsJoin us every Friday at 10:30am PT for live, interactive discussions with industry experts. Whether you're a seasoned professional or just curious about the field, these sessions offer an engaging dialogue between our guests, hosts, and you – our audience.Register here: https://limacharlie.io/defender-fridaysSubscribe to our YouTube channel and hit the notification bell to never miss a live session or catch up on past episodes!Sponsored by LimaCharlieThis episode is brought to you by LimaCharlie, a cloud-native SecOps platform where AI agents operate security infrastructure directly. Founded in 2018, LimaCharlie provides complete API coverage across detection, response, automation, and telemetry, with multi-tenant architecture designed for MSSPs and MDR providers managing thousands of unique client environments.Why LimaCharlie?Transparency: Complete visibility into every action and decision. No black boxes, no vendor lock-in.Scalability: Security operations that scale like infrastructure, not like procurement cycles. Move at cloud speed.Unopinionated Design: Integrate the tools you need, not just those contracts allow. Build security on your terms.Agentic SecOps Workspace (ASW): AI agents that operate alongside your team with observable, auditable actions through the same APIs human analysts use.Security Primitives: Composable building blocks that endure as tools come and go. Build once, evolve continuously.Try the Agentic SecOps Workspace free: https://limacharlie.ioLearn more: https://docs.limacharlie.ioFollow LimaCharlieSign up for free: https://limacharlie.ioLinkedIn: / limacharlieio X: https://x.com/limacharlieioCommunity Discourse: https://community.limacharlie.com/Host: Maxime Lamothe-Brassard - CEO / Co-founder at LimaCharlie

In a podcast recorded at ITEXPO / MSP EXPO, Doug Green, Publisher of Technology Reseller News, spoke with Tomas Sjostrom, CISSP and President of Technology Services at James Moore Co., about how cybersecurity and compliance priorities are evolving for small and mid-sized businesses. Sjostrom explained that James Moore is a long-established CPA firm with more than 60 years of experience serving Florida-based organizations, and nearly three decades delivering IT managed services alongside traditional financial and audit work. As cybersecurity threats increase and regulatory requirements expand, SMBs are showing greater interest in both protecting their environments and demonstrating compliance—often driven by cyber insurance requirements, customer demands, or new business opportunities. A key theme of the discussion focused on how organizations assess and manage cybersecurity risk. Sjostrom emphasized that the process begins with understanding what is motivating a customer's concern, whether it is insurance questionnaires, data protection issues, or compliance mandates tied to industries such as defense contracting. From there, James Moore leverages onboarding and automated discovery tools to establish a baseline and support continuous compliance. “Customers want to meet new requirements as fast as possible, reliably, and without spending excessive time or money,” Sjostrom noted, highlighting the need for scalable and automated approaches. The conversation also touched on AI adoption and compliance readiness. Sjostrom observed that less mature organizations often start with questions around data protection and privacy, while more advanced companies already understand where their critical assets reside and can move more quickly toward compliant AI deployments. As cybersecurity, compliance, and AI increasingly intersect, Sjostrom positioned proactive risk monitoring as a strategic advantage for SMBs working with trusted MSP and advisory partners. Visit https://www.jmco.com/

Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes. Lauren Van Wazer, Vice President, Global Public Policy and Regulatory Affairs for Akamai Technologies, shares her story as she followed her own North Star and landed where she is today. She describes her career path, highlighting how she went from working at AT&T to being able to work in the White House. She shares how she is a coach and a leader to the team she works with now, saying "my view is I've got their back, if they make a mistake, it's my mistake, and if they do well, they've done well." Lauren hopes she's made an impact in the world by making it a little bit better than before, and discusses how she doesn't let anyone stop her from her goals. Lauren shares her outlook on her experiences, calling attention to different roles in her life that made her journey all the better. We thank Lauren for sharing. Learn more about your ad choices. Visit megaphone.fm/adchoices

Erik and Jeffrey Freeman bring over 30 years of combined real estate experience and manage more than $20M in multifamily assets as strategic partners. Erik, a U.S. Navy veteran with a B.S. in Marine Engineering, has two decades of experience as a real estate agent, investor, hard-money lending specialist, and project manager. Jeffrey, a U.S. Army veteran with degrees in IT and Cyber Security and a CISSP certification, adds 15 years of real estate investing and 12 years of leadership expertise. Together, their military backgrounds and deep experience in lending, investing, project management, and networking create a powerful foundation for delivering exceptional results and they proudly joined Rod's Warrior Group in late 2024.   Here's some of the topics we covered:   From Military Service to Real Estate Power Players From Single-Family Hustle to Multifamily Empire Building The Truth About Working With Family in Real Estate The Tax Play That Slashes Your Operating Expenses Must-Read Books That Supercharge Your Growth The One Factor That Skyrockets Your Multifamily Learning Curve Relentless Ambition and the Hunt for Killer Deals Where Game-Changing Ideas Are Really Born   If you'd like to apply to the warrior program and do deals with other rockstars in this business: Text crush to 72345 and we'll be speaking soon.   For more about Rod and his real estate investing journey go to www.rodkhleif.com