CISSP Cyber Training Podcast - CISSP Training Program
Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
Episodes
363 episodes
CCT 359: ShinyHunters vs. Oracle — Supply Chain Risk Every CISSP Must Know
A vendor gets breached and suddenly your perimeter does not matter, because the attacker does not need to “hack” you. They just reuse the access you already approved. That’s the core lesson behind the Shiny Hunters campaign targeting Oracle Peo...
CCT 358: EDR Bypass Ransomware: The Gentle Killer Threat Every CISSP Must Know
Your endpoint tool can be world class and still get taken out first. That’s the unsettling reality behind a new wave of “EDR killer” capabilities being packaged inside ransomware-as-a-service platforms, where affiliates can plug in advanced eva...
CCT 357: Is Your Encrypted Data Already Stolen? Quantum Risk & Supply Chain Attacks for CISSP
Someone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Late...
CCT 356: Supply Chain Attacks Are Exploding in 2026 — Here's What the NCSC Wants You to Do
Your software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for...
CCT 355: Zapier Breach Lessons For Cloud Security and Setting Up TPRM Program in 15 Minutes
The breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and u...
CCT 354: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY
Your firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break contro...
CCT 353: AI Agent Governance Essentials - CISSP Practice Questions
AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry abo...
CCT 352: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY
Your security program can be airtight and still get wrecked by someone else’s breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or r...
CCT351: BitLocker Bypass Reality Check (YellowKey) and CISSP Practice Questions
BitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training mom...
CCT 350: Investigation Types Made Simple - CISSP Training (Replay)
Default passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devic...
CCT 349: FOXCONN Hack and Domain 7 CISSP Practice Questions
Eight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the re...
CCT Vendor 04: The Practical Realities of Geopolitical Cyber Risk - Next Peak Interview
Next Peak: https://nextpeak.net/services/icr/A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomf...
CCT 348: ClaudeBleed - The Hidden Risk In AI Browser Extensions and CISSP Domain 3
Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one wi...
CCT 347: AI Poisoning the Quiet Enterprise Threats and CISSP Questions (Domain 1)
Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately man...
CCT 346: Testing Disaster Recovery Plans and Why BEC Still Works Despite MFA (CISSP Domain 7)
MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because ...
CCT 345: Practice CISSP Questions - Domain 8.4 (Replay)
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move...
CCT 344: Trigona RaaS - CISSP 3.7 Crypto - Board Translation Framework (Segment 3)
Ransomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built ...
CCT 343: Microsoft Defender - CISSP EOL-EOS (Part 2) - Board Translation (Segment 2)
Three Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in ...
CCT 342: US Govt and Mythos - CISSP EOL-EOS (Part 1) - Board Translation (Segment 1)
The next wave of AI in cybersecurity is not a theory project, it’s an operational deadline. I open with a timely look at reporting that the White House wants federal agencies to get access to Anthropic’s Claude Mythos, and why that scramble mat...
CCT 341: Deepfake Nudify (Wired) - CISSP Exam Practice Test (Deep Dive)
AI didn’t just make deepfakes easier. It made targeted sexual abuse scalable. I open with a Wired-reported reality that’s hitting schools worldwide: AI tools that can generate fake nude images from ordinary photos, spread through bots and subsc...
CCT 340: Anthropic Mythos - Risk Management Concepts (Domain 1.10)
Check us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.c...
CCT 339: Infrastructure Insider - Cyber Career Roadmap - No One is Talking About
Check us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.c...
CCT 338: LinkedIn Monitoring - Support for Patch and Vulnerability Management (Domain 7)
Check us out at: https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions: https://www.c...