CISSP Cyber Training Podcast - CISSP Training Program

• CCT 288: CISSP Rapid Review (Domain 6)

  Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvhttps://www.jeffersonfisher.com/A spike in ransomware on the factory floor isn’t just a headline; it’s a stress test for how we design, segment, and measure our defenses. We open with the realities of manufacturing risk—legacy OT, flat networks, and high stakes for uptime—then translate that urgency into a practical walkthrough of CISSP Domain 6: the assessments, testing, and metrics that actually prove security works. Along the way, we share a surprising leadership edge from a trial lawyer’s communication book that helps you argue less, align faster, and get executive buy‑in when the first vuln report lights up like a Christmas tree.We break down internal vs external audits and when each makes sense, plus a smart cadence for third‑party and supply chain reviews that acknowledges your perimeter now includes APIs and vendor tunnels. From vulnerability scans and scoped penetration tests to SIEM‑driven log reviews and synthetic transactions, we map out a toolkit that catches issues before users do. We go deeper on secure code reviews, unit/integration testing, and interface testing for APIs, because the quiet paths between services are often where real risk hides.Then we shift to the machinery of proof: breach and attack simulation for continuous validation, compliance checks to spot drift, and the metrics that matter—MTTD, MTTR, patch rates, vuln density, mean time to report. We lay out how to run account reviews, verify backups you can trust, and exercise DR/BC so recovery is muscle memory. Finally, we tackle remediation prioritization, exception handling with compensating controls, and ethical disclosure that minimizes harm while nudging vendors to act. If you’re preparing for the CISSP or elevating your program, you’ll leave with a clearer map and concrete next steps.If this helped, follow the show, share it with a teammate, and drop a review—what’s one control or metric you’re upgrading this quarter?Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

  --------  

  50:27

  --------

  50:27
• CCT 287: Practice CISSP Questions - Deep Dive (Domain 5)

  Send us a textLeadership churn is reshaping security from the top down. We open the door on why CISO tenures are shrinking to 18–26 months and what that says about pressure, culture, compensation, and board-level risk literacy. From startups that stretch leaders thin to enterprises that treat security as a cost center until the breach, we map the real incentives behind the “revolving door”—and share what actually extends tenure: clear mandates, aligned executives, and measurable outcomes.Then we flip to hands-on security with a crisp CISSP Domain 5 deep dive. You’ll hear real-world IAM scenarios and how to reason through them: federated identity where users authenticate but can’t access apps (hint: attribute-to-role mapping at the service provider), RBAC implementations that quietly violate least privilege, and when mandatory access control beats RBAC or ABAC for classified environments. We also dissect deprovisioning gaps that leave terminated users active in SaaS platforms and outline the operational fixes—source-of-truth integration, event-driven provisioning, and reconciliation from the SaaS side. To cap it off, we tackle a red-team classic: static admin creds in scripts. The modern answer isn’t longer passwords; it’s just-in-time privilege through PAM and secret vaulting so nothing sensitive sits on disk.If you’re a senior technologist eyeing the CISO seat—or a CISO seeking sustainability—you’ll get a blueprint for aligning authority, resources, and risk. And if you’re prepping for the CISSP exam, these identity and access patterns will sharpen your instincts for both test day and production. Enjoy the conversation, and if it helps, subscribe, share it with a teammate, and leave a quick review so others can find it too.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

  --------  

  23:08

  --------

  23:08
• CCT 286: Access Controls - Role Based, Rule Based and Many More Controls (Domain 5.4)

  Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvA headline‑grabbing data leak is the wake‑up call; what you do next is the difference between panic and control. We start with concrete actions you can take today—check exposure with Have I Been Pwned, lock down your credit with freezes, turn on MFA, and keep meticulous records so you have proof when it counts. From there, we switch gears into the playbook every CISSP candidate and security leader needs: a clear path through the access control maze that actually maps to real work.We break down Discretionary Access Control (DAC) and why it’s fast but fragile, then show how non‑discretionary models keep large environments consistent. Role‑Based Access Control (RBAC) gets the spotlight with practical guidance: define roles by job function, automate approvals, prevent role explosion, and audit entitlements so inheritance doesn’t hand out surprise privileges. We separate role‑based from rule‑based—one tied to people and jobs, the other to conditions like time, location, and transaction type—using examples you can adopt immediately.For high‑assurance scenarios, we dig into Mandatory Access Control (MAC): labels, clearances, compartments, and the uncompromising policies that protect the most sensitive data. Finally, we look ahead with Attribute‑Based Access Control (ABAC), where context drives decisions in cloud and zero trust architectures. User attributes, device posture, data sensitivity, time, and geo all combine to answer the crucial question: should this subject access this object, right now?You’ll walk away with exam‑ready cues, battle‑tested pros and cons, and a mental model to pick the right approach for your team. If this helped, subscribe, share it with a teammate who keeps mixing up role‑based and rule‑based, and leave a quick review so others can find us.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

  --------  

  40:20

  --------

  40:20
• CCT 285: Practice CISSP Questions - Evaluate and Apply Security Governance Principles (Domain 1.3)

  Send us a textThe fastest way to lose trust is to let AI adoption outrun your governance. We open with a blunt look at AI sprawl and shadow AI—how unsanctioned tools slip past weak policies, create data exposure, and strain legacy controls—then lay out a practical path for teams that don’t have a big‑tech budget: continuous discovery via proxies or CASB‑like tools, real‑time monitoring through a trusted partner, and risk assessments that focus on business impact, not buzzwords. The goal isn’t to slow innovation; it’s to make it safe and repeatable.From there, we bring CISSP Domain 1.3 to life with five scenario‑based questions that mirror real leadership decisions. You’ll hear why federated governance outperforms heavy central mandates in multinationals, how defining risk appetite is the first step before any framework, and which metrics actually prove value to a board. We draw a clear line between due care (policies, accountability, legal alignment) and due diligence (testing, verification, audits), and we show why insurance can transfer residual risk but can never replace sound governance.We also get specific about executive communication. A new CEO wants alignment, accountability, and outcomes—not weekly patch timelines. Learn how to map security objectives to corporate strategy, prioritize by business risk, and present measurable progress that earns budget and buy‑in. If you’re preparing for the CISSP or leading a program under pressure, these principles help you think like a strategist and act with confidence.Want more? Explore the free resources and growing library at CISSP Cyber Training, and grab the 360 free CISSP practice questions. If this episode helps you think clearer about governance and AI, subscribe, share it with a teammate, and leave a quick review to help others find the show.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

  --------  

  27:45

  --------

  27:45
• CCT 284: Evaluate and Apply Security Governance Principles (Domain 1.3)

  Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvSecurity governance represents one of the most misunderstood yet critical components of any cybersecurity program. As we explore Domain 1.3 of the CISSP exam, we unpack how proper governance creates accountability and structure that protects both your organization and your career.We begin with a startling real-world example: the "Red November" campaign, where Chinese state-sponsored hackers exploited vulnerable internet-facing appliances and VPNs across defense, aerospace, and government sectors for a full year. This sophisticated operation highlights why casual approaches to security governance leave organizations exposed to devastating attacks.Security governance isn't merely a theoretical concept – it's a practical framework that defines who's responsible for what across your security landscape. We break down the crucial roles every organization must establish: from Senior Managers who hold ultimate responsibility, to Data Owners who classify information, to Data Custodians who implement protections, and the often-overlooked role of Auditors who verify everything works as intended. Understanding these distinctions protects security professionals from becoming scapegoats when incidents occur.The real value emerges when we examine how security control frameworks like NIST CSF, ISO 27001, and CRI provide structured approaches to managing risk. These aren't one-size-fits-all solutions, but rather customizable blueprints that help you systematically identify, implement, and monitor security measures appropriate to your specific needs. Framework mapping allows you to align multiple requirements efficiently, making compliance less burdensome and more effective.Finally, we demystify the concepts of due care and due diligence – the practical actions that demonstrate you've taken reasonable steps to protect your organization. These aren't just legal defenses; they're the fundamental building blocks of a mature security program that aligns with business objectives while meaningfully reducing risk.Whether you're preparing for the CISSP exam or building a more robust security program, this episode provides the practical knowledge you need to implement effective security governance that executives will support and auditors will approve.Support the showGain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

  --------  

  42:52

  --------

  42:52

Más podcasts de Educación

Podcasts a la moda de Educación

Acerca de CISSP Cyber Training Podcast - CISSP Training Program