CISSP Cyber Training Podcast - CISSP Training Program

Send us Fan Mail
Someone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Later” strategy, why it matters most for long-term confidentiality, and how security leaders can talk about it as a present-day risk instead of science fiction.

From there, I get practical with post-quantum planning: what the NIST post-quantum cryptography standards signal, why quantum key distribution is still niche for most organisations, and the big architectural idea to remember for the CISSP and for real enterprise security programs: crypto agility. We walk through concrete steps like building a cryptographic inventory, mapping where RSA and elliptic curve crypto live, identifying data with 10 to 20 year secrecy needs, and pushing vendors for a clear PQC roadmap.

Then we pivot into CISSP Domain 1 supply chain risk management (SCRM and CSCRM). I explain why supply chains are a prime target, how modern supply chain attacks can ride in through poisoned open source packages, and what SolarWinds showed the world about scale and impact. We close with the nuts and bolts that actually reduce third-party risk: lifecycle supplier management, meaningful assessments (on-site when it matters), document and policy review, audits, and minimum security requirements baked into contracts and SLAs.

If you want more training, check out CISSP Cyber Training, subscribe for weekly updates, share this with a friend who owns risk, and leave a quick review so more CISSP candidates can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Your software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for real-world compromises that spread fast through CI/CD pipelines.

I walk through the attack patterns that keep showing up in incidents: maintainer account compromise, expired domain takeover, typosquatting, and credential chaining. We connect each technique to the CISSP mindset so you can spot it in scenario questions and, more importantly, recognise it in your own environment. Along the way, I explain why Node.js, Python, and Rust projects are especially exposed, how automation can turn “latest version” convenience into an enterprise incident, and why developer environments often become an overlooked attack surface.

Then we get practical with controls you can actually implement: pausing automatic dependency updates when compromise is suspected, adding human approval for critical packages, rotating credentials immediately, enforcing MFA on developer and registry accounts, and using private or trusted registries to mirror and vet dependencies. I also zoom out to show how to build supply chain security into the secure SDLC with software composition analysis (SCA), code signing, checksum verification, audit logging, continuous monitoring, and an SBOM so you can respond fast when a package turns toxic.

If this helps you tighten your dependency management and level up your CISSP prep, subscribe, share this with a teammate, and leave a quick review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
The breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and ultimately an NPM token that could enable a supply chain attack.

From there, we zoom out to the bigger cloud security problem: non-human identities. Service accounts, API keys, and OAuth tokens multiply fast, and they are frequently overprivileged, poorly tracked, and left active long after an integration is retired. We also talk about why SaaS-to-SaaS connections are so hard to secure, and why agentic AI makes visibility even more urgent. If you do not know what systems are connected, what data crosses those links, and who owns the risk, you are effectively trusting an invisible tunnel into your environment.

To make this actionable, we lay out a four-phase third-party risk management (TPRM) framework you can apply immediately: build a vendor and integration inventory with tiering, run real due diligence (SOC 2 Type II, ISO 27001, data access scope, subprocessors and fourth parties), lock protections into contracts (DPA language, right to audit, breach notification expectations), then enforce ongoing monitoring and governance with quarterly token reviews, logging, and incident response playbooks. If you are studying for the CISSP, you will also see exactly how this maps to Domain 1, Domain 3, Domain 4, and Domain 5.

Subscribe for more practical CISSP training, share this with a teammate who owns vendor approvals, and leave a review so more security pros can find it. What is the one integration you would audit first?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Your firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break control, then we pivot into the deeper layer most people ignore until it’s too late: memory.

We walk through CISSP Domain 3.4 by focusing on what memory protection is actually trying to achieve: confidentiality, integrity, and process isolation. From there, we unpack how modern operating systems enforce separation with paging, segmentation, and strict read, write, execute controls. You’ll hear why Meltdown and Spectre were such a big deal, how speculative execution can leak passwords and encryption keys from privileged memory, and why patching decisions are never just “apply everything” but a risk-based vulnerability management call that depends on visibility into what you run.

Next, we connect memory protection to virtualization security. We break down hypervisors, guest and host isolation, Type 1 versus Type 2 designs, and the threats that keep security teams up at night: VM escape, side-channel leakage through shared CPU resources, and the operational hazards of memory overcommitment. Then we bring in hardware roots of trust through TPMs: secure boot, measured boot, key storage for full disk encryption, TPM 2.0 types, and how HSM-style key management shows up in cloud environments. We close with practical best practices, from firmware and microcode updates to choosing encryption controls that fit your actual risk.

If you’re studying for the CISSP or building a real-world security strategy, subscribe, share this with a teammate, and leave a review so more security pros can find it.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership.

We walk through what is driving the mess: board-level pressure, AI FOMO, and the dangerous habit of treating AI agents like old-school automation. Then we get concrete. We talk about why many enterprises still lack an inventory of AI agents, why traditional security tooling is tuned for human behaviour anomalies, and what it actually takes to be audit-ready. We cover practical governance frameworks like tiered autonomy, why observability is more than collecting output logs, and how to design decision-path tracing with execution records and decision logs you can act on.

To make it actionable for exam prep and day-to-day work, I close with CISSP-style practice questions on the exact scenarios you will face: detection gaps, human approval bottlenecks, least privilege for agents, proving decisions during audits, and architecting platforms that balance operational efficiency with risk management. If you are serious about passing, I also share how my CISSP Sprint cohort is structured to force momentum, including booking your exam date early.

Subscribe for weekly CISSP-focused training, share this with a teammate building AI workflows, and leave a review so more security pros can find the show. What part of AI agent governance is your biggest blind spot right now?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!