CISSP Cyber Training Podcast - CISSP Training Program

Send us Fan Mail
Next Peak:   https://nextpeak.net/services/icr/
A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomfortable reality behind geopolitical cyber risk, and it is why I brought on Helen Lee, Director of Intelligence Cyber Research at NextPeak, to break down how global flashpoints turn into real security problems for businesses of every size. If your security program only reacts to today’s alerts, you are already behind the curve. 

We dig into what “geopolitical cyber risk” actually means, why awareness so often fails to become action, and how to bridge that gap with practical, decision ready outputs. Helen shares concrete examples that make the risk feel real: how hardware and supply chains can become national security issues, why router ecosystems can create broad exposure, and how second and third order effects in semiconductor production can introduce new vulnerabilities across your tech stack. We also talk about the World Economic Forum data showing that organisations expect geopolitical tensions to increase cyber risk while many are still adjusting their posture. 

From there, we get operational. We cover where this work fits in an existing security stack, how to “bake it in” at the governance, risk, and compliance layer, and why threat intelligence teams will be critical for monitoring geocyber indicators and handing off actionable guidance to the SOC and leadership. Helen walks through offerings like a geopolitical cyber risk index, assessments, advisory support, customised reporting, and future focused tabletop exercises that test readiness for plausible scenarios years ahead. If you are studying for the CISSP, this conversation ties directly to Security and Risk Management, third party risk, supply chain risk, and communicating risk to executives and boards. 

Subscribe for more practical CISSP focused conversations, share this with a security leader who owns vendor risk, and leave a review so more people can find the show. What is the biggest geopolitical risk you think your organisation is ignoring right now?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sending, data loss through Google Drive, or code theft from private repos.

We walk through the mechanics in plain language: the extension’s communication model is too trusting, relying on origin assumptions instead of validating true execution context. That opens the door to script injection and environment-level manipulation, where the most sophisticated part of the attack is making bad actions look normal from the inside. We also talk about the vendor response, why partial patches can still leave uncomfortable gaps, and why “trust but verify” matters when AI tools move faster than enterprise controls.

Then we pivot to CISSP Domain 3.9 design site and facility security controls, because reliability and security still live in wiring closets, server rooms, and restricted work areas. We cover practical facility security: locks and limited access, airflow and HVAC planning, avoiding storage-room chaos, why cameras must be monitored, how badge systems fail in real life, and how media and evidence storage ties into legal hold, forensics, encryption, and key management. We finish with environmental and resilience essentials including UPS vs generators, fire detection and suppression options, and power quality issues like sags, spikes, surges, and brownouts.

Subscribe for weekly CISSP-ready lessons, share this with a teammate who lives in Chrome, and leave a review so more security pros can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywood version of a hack, and how the business impact shows up as confident misinformation rather than obvious outages.

We also dig into the difference between data poisoning (deliberate manipulation) and data pollution (accidental garbage at scale), then connect it to retrieval augmented generation (RAG). RAG is powerful because it answers from your internal knowledge base, but that same knowledge base becomes the attack surface and the “source of truth” the model won’t question. I share practical steps you can take right now: audit what your AI actually trusts, map the full AI contact surface across workflows and repositories, treat the AI pipeline like an untrusted vendor, and assign a named owner for accuracy and security.

Then we shift into CISSP Domain 1 practice with exam-style questions that force real trade-offs: using annual loss expectancy (ALE) to recommend a risk treatment to the board, applying NIST RMF guidance even when controls are inherited through FedRAMP, handling an ethics dilemma under the ISC2 Code of Ethics, spotting the biggest BCP gap when RTO and RPO targets collide with backup frequency, and explaining why HIPAA compliance does not automatically equal GDPR compliance for EU citizen data.

If you’re studying for the CISSP or you’re building security controls around AI and cloud systems, this one is built to sharpen both your judgement and your test readiness. Subscribe, share this with a friend who’s deploying AI internally, and leave a quick review so more CISSP candidates can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way.
 
We break down practical, real-world defenses that go beyond “more tools”: fixing payment and approval workflows, defining what counts as a high-risk transaction, forcing out-of-band verification using known contact details, adding mandatory pauses for unusual transfers, and training teams with realistic BEC scenarios during end-of-quarter and holiday pressure. The big takeaway is that blocked phishing emails are not the same thing as protected money movement, and leadership has to own that gap.
 
Then we pivot into CISSP Domain 7 with a clear, test-focused walkthrough of disaster recovery plans. A DR plan on paper is not resilience, so we cover the five primary DR testing types: read-through checklist, walkthrough and tabletop, simulation, parallel, and full interruption. You will learn what each test proves, why most organizations stop at simulation, and how to build toward higher-confidence testing without taking reckless risks.
 
If this helps you, subscribe for weekly CISSP-focused cyber training, share the episode with a teammate, and leave a review so more people can find the show.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!

Send us Fan Mail
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal looking” logins, you may not see the threat until it has already jumped domains.

From there, we pivot into CISSP Domain 8.4 thinking: how to evaluate acquired software without guessing. We break down what to look for in open source software (community activity, maintenance signals, orphaned project risk), what makes COTS software uniquely hard to assess (no source code visibility for deep vulnerability assessment), and what matters most for SaaS and managed services (encryption for data at rest and in transit, plus clear SLAs that define performance metrics and incident response expectations). We also cover why the shared responsibility model is non-negotiable for cloud security clarity, especially around account management and access control.

We round it out with hands-on evaluation methods that map to both the exam and real security programs: threat modeling to uncover dependency risk, dependency scanning to catch vulnerable libraries, sandbox testing in a controlled environment, and periodic reassessments as threats evolve. If you’re studying for the CISSP or building a safer vendor and software intake process, this one gives you a practical checklist mindset. Subscribe for more CISSP training, share this with a study partner, and leave a review with the software risk topic you want us to cover next.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!