CISSP Cyber Training Podcast - CISSP Training Program

Folgen

• CCT 356: Supply Chain Attacks Are Exploding in 2026 — Here's What the NCSC Wants You to Do 08.06.2026 41Min.

  Send us Fan Mail Your software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for real-world compromises that spread fast through CI/CD pipelines. I walk through the attack patterns that keep showing up in incidents: maintainer account compromise, expired domain takeover, typosquatting, and credential chaining. We ...
• CCT 355: Zapier Breach Lessons For Cloud Security and Setting Up TPRM Program in 15 Minutes 04.06.2026 24Min.

  Send us Fan Mail The breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and ultimately an NPM token that could enable a supply chain attack. From t...
• CCT 354: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY 01.06.2026 37Min.

  Send us Fan Mail Your firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break control, then we pivot into the deeper layer most people ignore until it’s too late: memory. We walk through CISSP Domain 3.4 by focusing on what memory protection is actually trying to achieve: confidentiality, integrity, and process isolat...
• CCT 353: AI Agent Governance Essentials - CISSP Practice Questions 28.05.2026 28Min.

  Send us Fan Mail AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real security leadership. We walk through what is driving the mess: board-leve...
• CCT 352: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY 25.05.2026 40Min.

  Send us Fan Mail Your security program can be airtight and still get wrecked by someone else’s breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or resold in ways your users never expected. If your organisation issues mobile devices, this is where security awareness, MDM controls, and clear “don’t allow tracking unless required” guidance stops being a nice-to-have and starts becomin...
• CCT351: BitLocker Bypass Reality Check (YellowKey) and CISSP Practice Questions 21.05.2026 24Min.

  Send us Fan Mail BitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training moment: a public proof of concept is available, a vendor patch is not, and the attack hinges on physical access. That mix forces you to think clearly about what “high risk” actually means, why “critical” is not always the right label, and ...
• CCT 350: Investigation Types Made Simple - CISSP Training (Replay) 18.05.2026 44Min.

  Send us Fan Mail Default passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devices can turn a simple misconfiguration into redirect attacks, man-in-the-middle exposure, DDoS headaches, or silent monitoring. If you’re studying for the CISSP or defending a real network, you’ll walk away with a clearer sense of what t...
• CCT 349: FOXCONN Hack and Domain 7 CISSP Practice Questions 14.05.2026 28Min.

  Send us Fan Mail Eight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the real world: intellectual property exposure, supply chain disruption, customer impact, and the uncomfortable truth that recovery is only one part of the story when data walks out the door. From there, we switch into CISSP Domain 7 Securit...
• CCT Vendor 04: The Practical Realities of Geopolitical Cyber Risk - Next Peak Interview 13.05.2026 28Min.

  Send us Fan Mail Next Peak: https://nextpeak.net/services/icr/ A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomfortable reality behind geopolitical cyber risk, and it is why I brought on Helen Lee, Director of Intelligence Cyber Research at NextPeak, to break down how global flashpoints turn into real security problems for businesses of every size. If your security program only reacts to today’s alert...
• CCT 348: ClaudeBleed - The Hidden Risk In AI Browser Extensions and CISSP Domain 3 11.05.2026 34Min.

  Send us Fan Mail Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos. We walk ...
• CCT 347: AI Poisoning the Quiet Enterprise Threats and CISSP Questions (Domain 1) 07.05.2026 28Min.

  Send us Fan Mail Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywood version of a hack, and how the business impact shows up as confident mi...
• CCT 346: Testing Disaster Recovery Plans and Why BEC Still Works Despite MFA (CISSP Domain 7) 04.05.2026 26Min.

  Send us Fan Mail MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way. We break...
• CCT 345: Practice CISSP Questions - Domain 8.4 (Replay) 30.04.2026 22Min.

  Send us Fan Mail A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal...
• CCT 344: Trigona RaaS - CISSP 3.7 Crypto - Board Translation Framework (Segment 3) 27.04.2026 36Min.

  Send us Fan Mail Ransomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built to give you structure, accountability, and weekly sessions so you can realistically target exam day without paying boot camp prices. Seats are limited, with an early bird option, because the whole point is real feedback and momentum.&nb...
• CCT 343: Microsoft Defender - CISSP EOL-EOS (Part 2) - Board Translation (Segment 2) 23.04.2026 31Min.

  Send us Fan Mail Three Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in Patch Tuesday while Red Sun and Undefend were described as still unpatched at the time, and the practical response: update fast, verify coverage, and keep your eyes on threat intel so local privilege escalation does not become a bigger ...
• CCT 342: US Govt and Mythos - CISSP EOL-EOS (Part 1) - Board Translation (Segment 1) 20.04.2026 38Min.

  Send us Fan Mail The next wave of AI in cybersecurity is not a theory project, it’s an operational deadline. I open with a timely look at reporting that the White House wants federal agencies to get access to Anthropic’s Claude Mythos, and why that scramble matters for every security team. If Mythos can help uncover vulnerabilities and accelerate exploit development, the same capability that strengthens defense can also supercharge attackers. We talk about why the government wants guardrails,...
• CCT 341: Deepfake Nudify (Wired) - CISSP Exam Practice Test (Deep Dive) 16.04.2026 31Min.

  Send us Fan Mail AI didn’t just make deepfakes easier. It made targeted sexual abuse scalable. I open with a Wired-reported reality that’s hitting schools worldwide: AI tools that can generate fake nude images from ordinary photos, spread through bots and subscription services, and leave students and families dealing with humiliation, harassment, and real trauma. If you’re a cybersecurity professional, this is a moment where your skills can protect your community, not just your company. I wa...
• CCT 340: Anthropic Mythos - Risk Management Concepts (Domain 1.10) 13.04.2026 41Min.

  Send us Fan Mail Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv An AI model that can uncover thousands of zero-days and potentially chain multiple vulnerabilities into an automated exploit is not just a scary headline, it’s a stress test for every risk program on ...
• CCT 339: Infrastructure Insider - Cyber Career Roadmap - No One is Talking About 09.04.2026 27Min.

  Send us Fan Mail Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv A single disgruntled admin can do more damage with “normal” IT tools than many attackers can with malware, and that reality changes how we should think about both security and careers. I start with ...
• CCT 338: LinkedIn Monitoring - Support for Patch and Vulnerability Management (Domain 7) 06.04.2026 23Min.

  Send us Fan Mail Check us out at: https://www.cisspcybertraining.com/ Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv LinkedIn might be doing more in your browser than you think. We start with a report dubbing it “BrowserGate” a claim that LinkedIn quietly checks for installed Chrome extensions using hidden JavaScr...