CISSP Cyber Training Podcast - CISSP Training Program cover art

CISSP Cyber Training Podcast - CISSP Training Program

CISSP Cyber Training Podcast - CISSP Training Program

By: Shon Gerber vCISO CISSP Cybersecurity Consultant and Entrepreneur
Listen for free

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

© 2026 CISSP Cyber Training Podcast - CISSP Training Program
Education
Episodes
  • CCT 360: SSA Whistleblower and the Thumb Drive: What CISSP Asset Security Tells Us About This Disaster
    Jul 6 2026

    Send us Fan Mail

    Imagine hearing a claim that the most sensitive identity data in the United States could be sitting on a personal thumb drive. That allegation is still unverified and under investigation, but it gives us a rare chance to see CISSP Domain 2 asset security in real time, with consequences that go far beyond a typical data breach.

    I walk through what’s being reported about Social Security Administration data access and potential copying, then I put on the Domain 2 lens: data classification and handling requirements, who the true data owner is, what custodians should be enforcing, and how processors should be limited by scope, purpose, and time. We talk about why “high” impact data under FIPS 199 should automatically trigger stricter controls, and how failures in encryption, logging, and data loss prevention can let sensitive datasets slip outside organizational boundaries.

    We also dig into the part most teams get wrong: the data lifecycle. If you cannot execute secure disposal and verify it, you cannot “close Pandora’s box.” Using NIST SP 800-88, we break down clear, purge, and destroy, connect it to real operational controls like removable media restrictions, and turn the whole story into practical exam guidance and CISO-level program lessons you can use with leadership.

    Subscribe for more CISSP-ready breakdowns, share this with someone studying Domain 2, and leave a review so more security pros can find the show. What is the first control you would fix in your own environment?

    Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

    Join now and start your journey toward CISSP mastery today!

    Show More Show Less
    23 mins
  • CCT 359: ShinyHunters vs. Oracle — Supply Chain Risk Every CISSP Must Know
    Jun 29 2026

    Send us Fan Mail

    A vendor gets breached and suddenly your perimeter does not matter, because the attacker does not need to “hack” you. They just reuse the access you already approved. That’s the core lesson behind the Shiny Hunters campaign targeting Oracle PeopleSoft servers at colleges and universities, where compromised access led to large-scale theft of student data and a messy, high-impact supply chain incident.

    We walk through what supply chain security really means for modern cybersecurity and for the CISSP exam: it’s not only the software you buy, but also hardware vendors, cloud service providers, managed service providers, open source libraries, and contractors with privileged access. I break down the four supply chain attack vectors you need to know cold: compromised credentials and OAuth tokens, malicious code injection in CI/CD pipelines, open source package attacks like typosquatting and maintainer compromise, and hardware tampering. Along the way, we map the ideas to CISSP Domains 1, 3, 5, and 8 so you can answer questions like a manager, not just a technician.

    Then we go deeper on two concepts that keep showing up in both real breaches and exam questions. First, SBOM (Software Bill of Materials), the “nutrition label” that tells you exactly what’s inside your software so you can respond fast when a new CVE hits. Second, OAuth token governance, where long-lived or overly broad tokens can become silent master keys if you do not scope, expire, inventory, revoke, and monitor them properly. We finish with three practice questions and the reasoning behind the best answers and the common distractors.

    If this helps, subscribe so you do not miss the next training, share the episode with a CISSP study partner, and leave a review to help more security pros find the show.

    Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

    Join now and start your journey toward CISSP mastery today!

    Show More Show Less
    43 mins
  • CCT 358: EDR Bypass Ransomware: The Gentle Killer Threat Every CISSP Must Know
    Jun 22 2026

    Send us Fan Mail

    Your endpoint tool can be world class and still get taken out first. That’s the unsettling reality behind a new wave of “EDR killer” capabilities being packaged inside ransomware-as-a-service platforms, where affiliates can plug in advanced evasion without building it themselves. When attackers can blind endpoint detection and response before the ransomware payload runs, the old comfort of “we have EDR, so we’re covered” turns into a single point of failure.

    We unpack the reporting on a highly active ransomware operation and its toolset, then zoom in on the technical path that makes this work: BYOVD, bring your own vulnerable driver. With admin access, attackers load a legitimate but vulnerable signed driver, escalate into kernel mode, and terminate security processes from below the privilege stack. From there, we shift to what matters for real security programs: defence in depth, kernel integrity protections like HVCI and KMCI, strict driver allow and block policies, and aggressive driver hygiene to reduce attack surface.

    Then we put on the CISSP lens. We tie the scenario to Domain 7 security operations (EDR limits, incident response, monitoring), Domain 3 security architecture and engineering (layered controls, hardening), and Domain 1 security and risk management (risk = threat × vulnerability × impact, plus threat landscape shifts). The big takeaway is simple: your job isn’t to find the fanciest tool, it’s to build a program that still works when one control fails and to communicate that risk clearly to leadership.

    If this helps you think like a manager and study smarter, subscribe for weekly CISSP-focused breakdowns, share the episode with a teammate, and leave a review so more people can find the show.

    Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

    Join now and start your journey toward CISSP mastery today!

    Show More Show Less
    43 mins
adbl_web_anon_alc_button_suppression_t1
All stars
Most relevant
Supposed it doesn't have more reviews. I've enjoyed listening, the subject can sometimes be dull or via other materials it can be but the host manages to spin it well. Recommend 👍

Free, informative and upbeat - what's not to love?

Something went wrong. Please try again in a few minutes.