CISSP Cyber Training Podcast - CISSP Training Program

Send us Fan Mail
Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos.

We walk through the mechanics in plain language: the extension’s communication model is too trusting, relying on origin assumptions instead of validating true execution context. That opens the door to script injection and environment-level manipulation, where the most sophisticated part of the attack is making bad actions look normal from the inside. We also talk about the vendor response, why partial patches can still leave uncomfortable gaps, and why “trust but verify” matters when AI tools move faster than enterprise controls.

Then we pivot to CISSP Domain 3.9 design site and facility security controls, because reliability and security still live in wiring closets, server rooms, and restricted work areas. We cover practical facility security: locks and limited access, airflow and HVAC planning, avoiding storage-room chaos, why cameras must be monitored, how badge systems fail in real life, and how media and evidence storage ties into legal hold, forensics, encryption, and key management. We finish with environmental and resilience essentials including UPS vs generators, fire detection and suppression options, and power quality issues like sags, spikes, surges, and brownouts.

Subscribe for weekly CISSP-ready lessons, share this with a teammate who lives in Chrome, and leave a review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywood version of a hack, and how the business impact shows up as confident misinformation rather than obvious outages.

We also dig into the difference between data poisoning (deliberate manipulation) and data pollution (accidental garbage at scale), then connect it to retrieval augmented generation (RAG). RAG is powerful because it answers from your internal knowledge base, but that same knowledge base becomes the attack surface and the “source of truth” the model won’t question. I share practical steps you can take right now: audit what your AI actually trusts, map the full AI contact surface across workflows and repositories, treat the AI pipeline like an untrusted vendor, and assign a named owner for accuracy and security.

Then we shift into CISSP Domain 1 practice with exam-style questions that force real trade-offs: using annual loss expectancy (ALE) to recommend a risk treatment to the board, applying NIST RMF guidance even when controls are inherited through FedRAMP, handling an ethics dilemma under the ISC2 Code of Ethics, spotting the biggest BCP gap when RTO and RPO targets collide with backup frequency, and explaining why HIPAA compliance does not automatically equal GDPR compliance for EU citizen data.

If you’re studying for the CISSP or you’re building security controls around AI and cloud systems, this one is built to sharpen both your judgement and your test readiness. Subscribe, share this with a friend who’s deploying AI internally, and leave a quick review so more CISSP candidates can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way.
 
We break down practical, real-world defenses that go beyond “more tools”: fixing payment and approval workflows, defining what counts as a high-risk transaction, forcing out-of-band verification using known contact details, adding mandatory pauses for unusual transfers, and training teams with realistic BEC scenarios during end-of-quarter and holiday pressure. The big takeaway is that blocked phishing emails are not the same thing as protected money movement, and leadership has to own that gap.
 
Then we pivot into CISSP Domain 7 with a clear, test-focused walkthrough of disaster recovery plans. A DR plan on paper is not resilience, so we cover the five primary DR testing types: read-through checklist, walkthrough and tabletop, simulation, parallel, and full interruption. You will learn what each test proves, why most organizations stop at simulation, and how to build toward higher-confidence testing without taking reckless risks.
 
If this helps you, subscribe for weekly CISSP-focused cyber training, share the episode with a teammate, and leave a review so more people can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal looking” logins, you may not see the threat until it has already jumped domains.

From there, we pivot into CISSP Domain 8.4 thinking: how to evaluate acquired software without guessing. We break down what to look for in open source software (community activity, maintenance signals, orphaned project risk), what makes COTS software uniquely hard to assess (no source code visibility for deep vulnerability assessment), and what matters most for SaaS and managed services (encryption for data at rest and in transit, plus clear SLAs that define performance metrics and incident response expectations). We also cover why the shared responsibility model is non-negotiable for cloud security clarity, especially around account management and access control.

We round it out with hands-on evaluation methods that map to both the exam and real security programs: threat modeling to uncover dependency risk, dependency scanning to catch vulnerable libraries, sandbox testing in a controlled environment, and periodic reassessments as threats evolve. If you’re studying for the CISSP or building a safer vendor and software intake process, this one gives you a practical checklist mindset. Subscribe for more CISSP training, share this with a study partner, and leave a review with the software risk topic you want us to cover next.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Ransomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built to give you structure, accountability, and weekly sessions so you can realistically target exam day without paying boot camp prices. Seats are limited, with an early bird option, because the whole point is real feedback and momentum. 

From there we dig into a timely threat story: Trigona ransomware and its use of a custom data exfiltration tool designed to evade common detection patterns. We break down what it means when attackers move away from popular utilities and how bandwidth saturation, connection rotation, and encrypted outbound traffic can slip past monitoring. If you’re studying CISSP security operations and incident thinking, this is a clean example of how credential theft, endpoint interference, and network visibility all connect. 

Then we shift into CISSP Domain 3 cryptography and make the rules stick: symmetric versus asymmetric encryption, what key does what for confidentiality, and how digital signatures actually deliver integrity and non-repudiation. We also cover elliptic curve cryptography, key size advantages, and why quantum computing is forcing real post-quantum cryptography planning now, not later. Finally, we share a board briefing framework for CISOs and security leaders so you can translate technical risk into business impact, loss cases, and a clear ask the board can act on. 

Subscribe for weekly CISSP-focused cybersecurity training, share this with a study partner or a security leader, and leave a review so more people can find the show. What part do you want us to go deeper on next: crypto rules, ransomware tradecraft, or board communication?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!