CISSP Cyber Training Podcast - CISSP Training Program

Send us Fan Mail
An AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it’s a stress test for every risk program on the planet. I open with what the Mythos news implies for real-world defense: attacker behavior may shift from human pace to machine speed, and many SIEM and EDR detections are still tuned for human patterns. That’s why we talk candidly about what security teams may need to do next, including tightening externally facing systems and moving faster toward a zero trust architecture. 

Then we pivot into CISSP Domain 1 risk management concepts, translating exam language into decisions you’ll actually make in a business. We define the core terminology like assets, threats, vulnerabilities, exposure, safeguards, attacks and breaches, then walk through control categories (technical, administrative, physical) and control types (preventive, detective, corrective, deterrent, recovery and compensating). If you’ve ever wondered why risk conversations go sideways, we also dig into the difference between risk appetite, risk capacity, and risk tolerance, and why you can’t set these without business leaders in the room. 

We also tackle quantitative risk analysis versus qualitative risk analysis, including CISSP formulas such as AV, EF, SLE, ARO and ALE, plus a critical reality check on “fake precision” and how to apply a cost-benefit analysis that holds up. Finally, we cover security control assessments, monitoring and measurement, building a risk register safely, and how maturity models and risk frameworks like CMMI, ISO 31000, NIST approaches, ISO 27005, COBIT, SABSA and PCI DSS fit into a defensible cybersecurity risk management program. Subscribe, share this with a CISSP study partner, and leave a review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Check us out at:  https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv

A single disgruntled admin can do more damage with “normal” IT tools than many attackers can with malware, and that reality changes how we should think about both security and careers. I start with a true insider attack story where legitimate administrative access was used to lock out users, disrupt operations, and attempt extortion, then I break down the practical controls that reduce insider threat risk: least privilege, immutable backups, privileged activity alerting, and real segregation of duties.

From there, I share the cybersecurity career roadmap most people never get. Instead of pushing everyone into the same crowded paths, I talk through high-demand roles with less competition, especially GRC (governance, risk, and compliance) and OT/ICS security. If you’re breaking into cyber, we cover how risk assessments, policy writing, audit coordination, and vendor risk management can become your unfair advantage, even with a non-traditional background. If you’re drawn to critical infrastructure, we dig into why IT plus OT security skills are rare, how to start learning SCADA and industrial environments, and why the salary upside is real.

For mid-career and senior pros, we shift into what actually unlocks leadership: risk quantification, FAIR methodology, supply chain security, cloud security architecture, and speaking the language of the board through metrics and a risk register. If you want to move toward CISO or virtual CISO work, this is about becoming a business risk advisor, not just the person who runs tools. Subscribe, share this with a friend building their cyber career, and leave a review. What role are you aiming for next?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Check us out at:  https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv

LinkedIn might be doing more in your browser than you think. We start with a report dubbing it “BrowserGate” a claim that LinkedIn quietly checks for installed Chrome extensions using hidden JavaScript, raising real questions about privacy, browser fingerprinting, and what platforms should disclose to users when collecting device level signals tied to real identities and jobs. 

From there, we shift into a core CISSP topic that shows up everywhere in real security work: implementing and supporting patch vulnerability management (CISSP Domain 7.8). We talk about why patching is not just maintenance, but a primary security control that shrinks your attack surface across the entire ecosystem, including servers, endpoints, cloud services, mobile devices, and OT/ICS environments where uptime and safety make patching harder. We also cover the uncomfortable reality of unpatchable legacy systems and how compensating controls like micro-segmentation and network isolation help manage risk when a vendor will never ship an update. 

We ground the conversation with the Apache Struts remote code execution lesson and the Equifax breach, then walk through a practical patch management lifecycle: evaluate applicability, test in non-production when needed, follow change management approvals, deploy with rollback plans, and verify with follow-up scans. You’ll also hear clear CISSP-ready distinctions between hotfix vs patch vs update, authenticated vs unauthenticated vulnerability scanning, CVE feeds, CVSS prioritisation, MTTR metrics, and how to respond when a zero-day vulnerability has no patch yet. 

If this helps your CISSP prep, subscribe, share the episode with a study partner, and leave a review so more security learners can find it. What part of patch and vulnerability management is hardest in your environment right now?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Check us out at:  https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv

A ransomware headline is easy to ignore until you realize it can shut down a factory line, break supplier networks, and trigger contract penalties that dwarf the original IT cleanup. We start with a real-world manufacturing case study from the UK where cyber incidents are becoming routine, then zoom in on why revenue hits are so brutal in an industry that often runs on tight margins. The Jaguar Land Rover disruption adds a sobering lesson: a single breach can ripple outward into suppliers, logistics, and even wider economic impact.

From there, we switch into CISSP Question Thursday with Domain 4 focused practice that sharpens how you think under exam pressure. We walk through a zero trust private cloud scenario and explain why microsegmentation with software-defined networking gives the most granular workload-to-workload control for stopping east-west lateral movement after a compromised web server. We also tackle the split tunnel VPN tradeoff that can turn an endpoint into a bridge for attackers, plus a legacy ARP weakness that opens the door to ARP spoofing and man-in-the-middle attacks.

We round it out with high-value protocols and technologies you’re likely to see on the CISSP exam: DKIM for cryptographic email integrity and domain validation, WPA3’s SAE for stronger protection against offline dictionary attacks, and VXLAN in shared infrastructure where encryption is not provided by default and must be layered in with controls like IPsec or MACsec. If you’re studying communications and network security, this one connects technical decisions to real business risk. Subscribe, share with a study partner, and leave a review so more CISSP candidates can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Check us out at:  https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouv

Passing the CISSP is a huge win, but the part that quietly ends careers is what comes after: keeping the certification active. I walk you through how to submit ISC2 CPEs in a way that is accurate, defensible, and easy to repeat, so you never wake up to a renewal deadline panic. We talk real numbers too: 120 CPE credits per three-year cycle, a minimum of 40 each year, and the $125 annual maintenance fee that can sneak up on you if you are not watching your dashboard.

Before we get into the portal clicks, I bring up an idea that matters for every cybersecurity professional: the hidden cost of cybersecurity specialisation. Specialising can raise your income and sharpen your value, but without broad context you can lose the big picture, mis-prioritise risk, over-rely on tools, and slow down detection and response. The goal is to build depth while staying fluent across the CISSP domains and the business realities those domains protect.

Then we go step by step through CPE submission: choosing the right category (education, contributions, professional development, or unique work experience), understanding Group A vs Group B, selecting relevant CISSP domain areas, converting time into credit hours, and attaching supporting documentation that holds up during an ISC2 audit. I also share the most common mistakes that waste time, including waiting until the last minute, entering hours incorrectly, miscategorising activities, and failing to save proof for at least 12 months beyond your certification expiration date.

If you want more practical CISSP training and a smoother CPE routine, subscribe, share this with a friend who is newly certified, and leave a review so more people can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!