CCT 330: SOC Preparation for Agentic AI Plus Five Skills For Bigger Cyber Security Paychecks

Show Notes

The ground under cybersecurity careers is shifting, and the fastest movers are pairing CISSP with modern, high-leverage skills that command premium pay. We dig into a practical roadmap: first, how to prepare your SOC for agentic AI with four concrete moves—reskill analysts to supervise and validate models, establish new roles for AI governance and orchestration, redesign playbooks around automation and escalation, and enforce tight guardrails with approvals and audit trails. The goal is simple: turn AI from chaos into a disciplined force multiplier.

From there, we unpack five high-income skills that dovetail with CISSP’s leadership mindset. Modern GRC is no longer paperwork; it’s resilience, litigation exposure, and executive storytelling—with VCISO opportunities that reward clear risk narratives and continuous evidence automation. Cloud security architecture centers on software-defined security, Terraform policies as code, zero trust in Kubernetes, and the legal boundaries of shared responsibility and data residency. AI ethics and governance emerges as the unofficial ninth domain, where shadow AI containment, dataset audits for PII, and prompt-injection testing meet global regulation and model risk policy.

We also dive into advanced identity as the new perimeter—taming machine identities, secrets sprawl, and rolling out phishing-resistant FIDO2 to make zero trust real. Finally, we get tactical with software supply chain security: SBOMs, signed artifacts, dependency hygiene, and CI/CD security gates that protect velocity without breaking builds. Along the way, we share market pay signals, “decision architect” expectations for senior roles, and smart bridge certifications like CISM, AI governance credentials, and CISA that accelerate credibility.

If you’re ready to pivot from “security says no” to “here’s how to do it safely,” this is your map. Subscribe, share with a teammate who needs a nudge, and leave a quick review to help more CISSPs find their niche and lead the way.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Chapters

• 0:00: Welcome & Today’s Focus
• 1:10: Preparing The SOC For Agentic AI
• 6:30: Reskilling Analysts And New AI Roles
• 10:45: Playbooks, Guardrails, And Oversight
• 13:20: Transition To Five High-Income Skills
• 16:40: Modern GRC And The VCISO Path
• 23:00: Cloud Security Architecture In Practice
• 31:20: AI Ethics, Governance, And Shadow AI

Transcript

Welcome & Today’s Focus

SPEAKER_00 0:17

C L SP examin and roll your cyber checker in the boy.

Preparing The SOC For Agentic AI

Reskilling Analysts And New AI Roles

Playbooks, Guardrails, And Oversight

Transition To Five High-Income Skills

Modern GRC And The VCISO Path

Cloud Security Architecture In Practice

AI Ethics, Governance, And Shadow AI

SPEAKER_01 0:26

Good morning, everyone. It's Sean Gerber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is Monday, and we are going to be talking about various aspects related to the CISSP exam that you can anticipate to see. But today we're actually going to talk about a topic called the five high-income cybersecurity skills that pair perfectly with the CISSP. So we're going to get into what are some of those skills that you need to have that will work well with the CISSP once you pass the exam. The ultimate goal of this podcast is to help you understand the CISSP, the content in it, and how you can better yourself as you get this certificate certification and moving on in your cybersecurity career. So again, let's get we'll get into that here in just a second. But before we do, I wanted to talk about four ways to prepare your SOC or your Security Operations Center for agentic AI. Okay, so as we all know, the you're gonna be get your CISSP and you're also probably even working in a SOC at this point. This is an important part that you may end up getting. One is a question, but two, in your cybersecurity career as you're trying to move on up and up in the world. And agentic AI is a huge factor that's going to affect everyone in the CISSPs and in the cybersecurity as a whole. So what are some things? And this comes out of CSO magazine from Jack Kumar. I can't say his name, but you can go check it out. It's it was basically dated March 9th, 2026. Um, and it's a really great article on how what you should do to prepare your security operations center to deal with specifically with agentic AI. So we're gonna quickly go over a few main topics that they have in here, and then if you want to look at the article, you can go dig into it a little bit better yourself. But the first one is reskill your SOC analysts to work specifically with AI. Now, what does that mean? Well, understanding the fact that they need to supervise AI systems, they need to understand how to validate these AI systems, and then how are these complicated or how are the investigations being done? So it's an important part. You need to make sure your security operations centers understand how to adequately utilize AI. Now, let's be truly transparent. There's a real good chance that most of these folks have little experience or knowledge in this space, and so what's gonna happen is it's gonna be a learning experience for everybody. But you're gonna have to go from doing the investigations to overseeing and improving the AI-driven investigations. So that's a big factor. If you're getting your CISSP, like we've mentioned time and again, this you should be concerned about AI if you're not willing to pivot. If you're not willing to be able to go and learn the new technologies, then it will be coming for your jobs. So I would recommend pivoting. Second thing is build new roles for AI governance and content. Again, agentic is soccer requires new specialized roles that didn't exist. So content engineers, AI governance leads, data architects, and orchestration engineers. All of these are a bit beyond of what we've done in the past when it comes to a security operations center. So that I've mentioned this before, and you'll probably talk about it here in the future podcasts, as well as much of the content from CISSP Cyber Training, is your AI governance leads. If you're gonna glob onto something and you're not real sure, AI governance is a good place for you to begin. It really is. If you're not a technical person and you want to kind of just get into this AI space, that is a great place for you to start. So again, that you want these roles will ensure the AI agents operate effectively and safely across the entire security stack. The third thing is redesign the SOC processes and playbooks. Now, if you've created processes and playbooks, they have been built in the past probably around humans doing certain routine workflows. That's gonna change with AI. Now, you may not have that ability right at this moment, uh, but you're gonna want to incorporate all of your playbooks into how is AI gonna help you. So it really should try to build that out and what does that specifically look like? You need that it should handle all the routine workflows. Human steps should be in when the agents escalate issues. So if the agent starts seeing it goes from a basically a P4 all the way up to a P2, that's when the human should get involved. Uh, you need to also, they're gonna have to understand the AI model accuracy and then escalation quality as well. It's gonna be a learning process as we move forward in this world. Implement strict AI guardrails. This is the fourth part, and this is where you have least privilege across access for your AI agents. You have to be able to limit what they do. This is defined limits or actions that they can take specifically within your organization. And this goes with anything, right? I mean, we're talking foundational pieces here. You're just look at the AI uh robot as an extension of a human being. But this AI robot has the ability to do so much more than a human just because it can do it so much quicker and so much faster. So you need to make sure that you have good access controls in place for the robot. You just have to. Uh, there needs to be a human approval for high impact decisions and an audit trail for all of these aspects. That's the guardrails you want to put on for your SOC, specifically related to AI activities. Bottom line is this is you need to prepare your sock for a gentic AI. Isn't about just deploying the tools. It's you must reskill your analysts. You really must train and teach them. And if you don't have a process to do that, now everybody can get to learn at the same time. You need to create new governance and engineering roles. This is a key factor. Like I said, I've been knocking on this door for a while. It's an important part of any sort of part of AI. And then redesign your SOC processes to ensure that you have allocated enough resources and abilities for this AI capability, and then enforce strong AI guard rules specifically around what you want them to do and what they cannot do. I would put out there more than anything else, what do you not want them to do is probably the bigger factor to figure out because they'll they'll be able to do all kinds of things for you. It's just what do you not want them to do? Okay, so that's all I've got for this article. And again, this is out of CSO magazine, and there's the four ways to prepare your sock for agentic AI. Now we're gonna roll into now is the five high-income cyber skills that pair perfectly with the CISSP. Hi, I'm Sean Griber with CISSP Cyber Training, and this video is to kind of talk about some things that I know is really near and dear to many of your hearts. It's about how do I make more money? So this is focused on how five high-income cyber skills that pair directly and perfectly with the CISSP. And this is one of the things I've learned over the 20-some years of doing this that it's at things are changing. But the CISSP is a key certification if you really want to up your game as far as from an income standpoint. So let's get into what we're gonna talk about today: the power of the strategic specialist. Okay, so with the CISSP, as we all know, is designed around management, management of cybersecurity assets, how to make it work, and think more like a manager. And you've talked about it in my podcast that I have, I've talked about it on my videos that I've got in my locate at CISSP Cyber Training, as well as you've seen here on YouTube that talk a lot about the fact that it is about the manager. It's about running an organization and making decisions based on risk. So the CISSP is your license to lead. It is the thing that when you get the certification, it does come with a role in many ways that has a leadership type of role. Now, the specialization is your license to earn. Okay, and your point of license to learn is that the more that you have in a specialized skill from your CISSP, you now can earn higher potential income. So that's the overall concept. Getting the CISSP is an important part, but then you should you should focus on areas within the CISSP and cybersecurity to help increase your earning potential. So in 2026, companies are moving away from what they call the general security management. So what that really comes down to is if you were hired as a security professional, that is the security management position that you would take. In the past, when I was a CISO, we would have a security architect, or you'd have maybe a security analyst. That's more of a general security thing that you would do. Now, those haven't gone away, and they're still going to be there for the time, foreseeable future. But the real thing that people are asking about is what they call a decision architect. And they don't really call that in a job description. I need a decision architect. No, that's not really what they're looking for. They're looking in many cases for a security architect or a senior security architect. The expectation is that many of these architects are the ones that will help them make decisions and have great deep technical understanding that they can then help them make some of the decisions they have to make for their organization. Now they're really looking for this in areas such as AI and cloud. Cloud's been going for a while, and I will tell you that the cloud, my cloud experience, has grown over the years. Is it where it needs to be? No, it's not. It is, it's actually, I feel in some cases, I've probably fallen behind because it is moving so fast. But that technical expertise is extremely important. So as you go in that now in the AI world that is now fast approaching us, and it's been in the business for about three years that we've actually had it, or maybe it's been closer to four, in the public forum, you now have the ability to take something that's relatively new and build upon it and grow with it. So I would highly recommend that you get some level of knowledge in this and then continue to grow and expand on this on a daily basis. Small little nuggets like podcasts, small little nuggets as far as seeing videos will go a long way in helping you increase your earning potential. The goal is bridging the gap between the eight domains and the specialized modern tech stack. What does that really mean? What it means is that we all know the eight domains cover so many different areas, right? From GRC to security operations to the dev environment, it's all there within all of the domains. Well, in 2026, they're actually adding in, as they modify the ISC Squared CISSP exam, they're adding in AI capability as well. So we know that the more that the that this overall world expands, it's going to increase the amount of knowledge you are gonna have to know as a security professional. So let's look at skill one, modern GRC, governance, risk, and compliance. Now I'll tell you when I first was in the security, GRC was like, oh, what does that mean? Yawn, I don't want to deal with this. This is what ah this is just paperwork stuff. Blah. Okay, that's changed. And I it never really did change. It was just, I changed me. That the GRC piece of this is it actually exploding because of all the regulatory requirements that are happening that are in place that you are gonna have to be prepared for. So they they're talking in 2026 is the year of enforcement for many of the different things that are going on in the cyberspace, to include AI, to include the different uh requirements related to regulatory aspects. It is a never-ending cycle. So GRC is no longer about being air quotes legal, but it's about ensuring the company's brand and the infrastructure remains resilient, key term against litigation and fines. So now we talk about litigation, that's an important part, but we talk about resilience, that's even more important. And we get resilient related to get litigation and fines, but it's also resilient related to your overall environment. Can your environment withstand a cyber attack or an incident that occurs? So you need to make sure that you have this in place. So, what are companies doing? They know they don't understand it. They know they can't get people out of college that really understand GRC. They think they do, but they don't. And so now they're looking for people that have these specialized skills that can then in turn help them grow with their overall company. But they know because of the aspects of between the litigation, the fines, and the overall legal uh exposure they have, they want to make sure they have the right people from a GRC standpoint. The VCSO path, this is a skill of the primary driver for many of the virtual CISO roles, which really have some of the highest hourly rates in the industry. You're talking any upwards of three to four hundred dollars an hour for a CISO and a virtual CISO. And the reason is is because they go, I don't understand this stuff. I need someone who has years of experience, can then come in and help me understand the governance, risk, and compliance piece of it. I did GRC for years as a CISO. That was like your primary role in so many ways. So that is a big factor in why the VCISO is an important part. So as you guys are all listening to this video and you're watching this going, well, what do I do? There's great opportunities for you because there's as this keeps expanding and your knowledge keeps growing, within a few years you can be in a really great position to each each couple of years increasing your overall revenue that you bring in just by getting these skills and enhancing this path from getting the CISSP. So, what is a day in the life of someone who's in the GRC world? Architecting real-time dashboards for boards of directors. And you're going like, really? Yeah. I mean, it's a you're like, I'm just the paper guy, right? Moving stuff around, making dashboards. It's more than that. Because what's going to have to happen is you're going to have to be the one in many cases that's going to have to go out there and explain what is going on with the board of directors. So you're going to come up with this overall plan, and then you're going to have to brief them on what is actually going on and what is the risk to their organization. Automating continuous evidence collection to eliminate audit fatigue. If you're in a highly regulated environment, lots of auditing happens, right? And there's a ton of audit fatigue that can occur. So therefore, it's imperative that you have a good plan related to this, and the fact is that you understand how to deal with it. This is an important part in your modern GRC world is understanding audits and how to manage and deal with the overall audits and assessments. Okay, a second skill is cloud security architecture. And I mean this in the fact that understanding cloud is a key driver. And what we mean by cloud, as you all are aware, it's just that your data center is or your infrastructure is in a third party, either in somebody's data center or it's in code, but it's not resident within your environment. It's someplace else. That's the cloud. Basically, it comes right down to it, right? Well, software-defined security in 2026, we don't configure firewalls. We write code using Terraform or TerraGrunt that creates secure environments. This has been an experience for me. I've been working with a company that has uh Terra Grunt, Terra uh Terraform in it, and I've been understanding how their infrastructure as code actually work. It's amazing and it has so much capability. But the fact of the matter is that I didn't understand it really at first. I knew it from a tangential standpoint, from a large point of view, but now as I'm getting smarter on how it runs and how it operates within an environment, it has actually made me much more, I'd say, lucrative from understanding what I can do. So there's an important part. Software defined security is a big, big factor. And taking that knowledge and growing on it each and every day is a critical piece in you in your growth as a CISSP. Now, the drift problem, companies lose millions due to configuration drift. Now, experts who can implement automated grade our guardrail rails, I can't speak, to are rare and are highly paid. What does this mean? Well, as you're integrating now with AI, if you can put guardrails in place as you are building these cloud environments up, that's going to go wonders in helping you overall protect your environment as well. So again, the drift problem, I've seen this when we're dealing with putting going from an on-prem environment to a cloud environment. There's so often that you one, you deploy things that you don't even realize you deployed. They're running and you don't even know it because of a configuration aspect. So there's so many pieces of this that you as a security professional can pay close attention to and save hundreds, if not hundreds of thousands of dollars for these organizations. Shared responsibility, mastering the legal and technical boundaries between your company and providers like AWS and Azure. So this is a key part, right? I'm dealing with developers right now, and these guys are super smart and brilliant people, right? Extremely intelligent. The thing though that they don't understand and they want to know more is the legal aspects around it and what are some of the technical boundaries they have that keep the legal pieces tied together. So, example, if you are in hosting your data center within the United States and you're in AWS East or West, what can happen with your data that leaves that organization? How to can what are some technical boundaries you can put in place to keep that data from leaving the United States if that's the case? So there's pieces in there that you have to understand, but as your knowledge and experience grows with the company you're with, then I would focus on how can that expand it in the future. So something to consider as you are looking into new opportunities and new jobs, look at ones that will help take you to the next level, areas that you can learn more, that you then can turn around and use that knowledge and move on to the next option and opportunity. So that's every time I looked at a job, I always looked at that job in a way that it would take me from one position to the next position. I was very selective. And even if you ended up turning down a job that you felt was, well, this was probably my job that would be good for me because it puts money on the table. Again, you have to weigh that out. The fact is that if it helps you and learn things and scale where you want to be in the next five years, I would take a job even if the pay was not exactly what you anticipated or expected. Because, as an example, if you're working in a startup, you get knowledge and experience that you may not get in an enterprise because in the enterprise they have people specifically designed for those tasks. You get into a startup environment, you may get exposed to technologies that you would never get exposed to in an overall enterprise. So think about that when you're looking at jobs and your opportunities. A day in a life would be writing Terraform Policies as code to auto-block insecure deployments and designing zero trust networks and micro-segmentations in Kubernetes clusters. That might be something you would understand. Also, something to consider as you're in the security space. You may not be writing the code, you might be providing guidance and recommendations to the developers who are actually doing that. So, again, that's an incredible part that you can learn, and you can do that now while you're studying for your CISSP and while you are in your job that you currently have and expanding. So lots of great opportunities for you. You just have to decide which one do you want to follow, which one are you going to go after. AI ethics and governance. Okay, now this one, as of probably three years ago, we saw it coming. We knew it was going to happen at some point, but it hadn't really caught up. Now we're seeing this more and more with the development and use of AI within businesses. And I mean, you see news articles all the time that there is somebody getting laid off because of AI. Well, the AI piece of this is needs individuals who are in cybersecurity who may not, let's just be honest. You there's very few people out there that know AI. I understand it. There's very few people out there like that. They all have knowledge around it, but they don't know it from A to Z. Therefore, you, as a cybersecurity professional and working on your CISSP, can take that knowledge and you can expand on it. The world is open to you. The shadow AI threat. Employees are sending data, proprietary trade secrets, into public LLMs all the time. And you must, as a security professional, build what they call a containment framework. I had it deal with just even when I got into as a CISO, we just had LLMs being deployed, and it was already a problem. And this was like day one. I had engineers trying to throw stuff up into LLMs. So you're gonna have to understand this. How much are you willing to allow to go out to these LLMs and what within your company are you going to deal with related to containing this framework or containing this data from leaving? So there's also algorithmic accountability. If an AI makes a biased hiring or credit decision, the GRC leader is on the hook. So you as a security professional need to understand what that means. So if this AI thing says, I'm gonna hire this person, but at the end of it, it isn't a good hire, somebody's head's gonna roll. So understanding all of the algorithms that go with it. The emerging domain nine, AI governance, is effectively the unofficial ninth domain of modern security. Now that they're gonna see how they deploy that within the ISC Squared, but realistically, it is true. It is a ninth domain in modern security times because it is being interwoven between everything that we do, from the video that this is being created to the content that is in here, to the thumbnail that's put on the screen, all of that stuff. And you can even make me into AI. I'm not, by the way, but you can. You can make me into AI. And they could do all of that is available to you at a hand within your grasp. So again, the ninth domain of AI security, it's incredibly and it's coming very, very quickly. So, what does a day in the life look like, right? So running red teams prompt injection tests against modern AI models. Do you have a good plan around that? Are you integrated with your folks that are creating LLMs that are both internal or are they using ones that are external? Do you have governance oversight into what they're actually putting out there? Do you have DLP or data loss prevention policies in place to limit the amount of data leakage that's going out to your organization? Then again, auditing, training data sets for PII and data leakage, all of those pieces are an important part of the overall plan and what you can do as a security professional. And again, as you can see in the CISSP, these are interwoven. They're blending together. There's so much overlap between the two. So it's imperative that you have a really good plan and understand these things. Not to a level that you need to be, I have to be a ninja level before I can do anything. No, but you need to understand what you're going to do with it to ensure that you can best protect your company. Advanced IIAM, right? Identity and access management. That's an important part. I see it. I'm dealing with it right now as well. So identity is the perimeter. With remote workforces, the network is gone. Identity is the only thing protecting the data in so many ways. So therefore, it's imperative that you have a good understanding of identity. How does it work? What is the identity provider you're going to use? How does that identity provider work with the other applications you have in your organization? All of these things are super imperatively important for you to have a good grasp and understanding of. The machine identity crisis. There are now more bots and APIs than there are human beings. I've talked about this if you listen to CISSP cyber training on my podcast or any of my videos for a long time. APIs are amazing, but they're also the bane of society. They are going to cause more problems for security people. So managing secret sprawl, that's an important part. All these non-human identities, it is, it's overwhelming, right? That in of itself is a specialized high-earning skill. How do you manage APIs? I I it's just I struggle with it. I really do because I'm dealing with APIs all the time, and it is overwhelming. The zero trust core, you cannot achieve zero trust, at least as it's called out in the 2026 standard, without expert level identity and access management strategies. You have to have an IAM strategy and it has to blend in well with your zero trust plan. And zero trust is an imperative part of all this. I struggle with the fact of everybody being able to be 100% zero trust. There's going to be hybrid versions of that more than anything else. That's what we that's the situation I see. So what's the day in the life of a security professional? Eliminating overprivileged machine accounts, transitioning the enterprise to password or FIDO2 authentication. All of those pieces are an important part if you just focused on IAM. So again, tons of things you can do. And each of these are specialized to the point where they can provide a high income to you and your family. Software supply chain security. This is a big one. This really truly is coming up new more and more as time goes on because supply chain is such an integral part of all business activities. So when you're dealing with strategic context around this, is it's an upstream attack. Happers, hackers, happers, hackers have moved from attacking companies to attacking the software libraries the company uses specifically. So that's an important part. They're actually wanting to get all of their code into these libraries, which then in turn are getting injected into their overall development code. So they're wanting to do that from an upstream standpoint. S-Bomb mandates your software bill of materials. There are now requirements from governments that will then who will manage this inventory because they don't understand it. And the software requirements are becoming larger and larger and larger. And you're going to have an incredible part of this as a security professional. Someone needs to understand what that is as well. You're also your dev sec ops. This is the skill that makes you bridge between the security office and the developer tribe. All that really means is you're working with the devs folks, which I deal with all the time, that is undertaking that security into the dev environment, ensuring that what they're putting in place meets the requirements of my security teams, but at the same time is also understanding their dev environment and the limitations that they have as well. Now, what does the day in life look like? Again, you're managing the software build of materials for all the core companies and their products. And then you're also automating security gates directly into the developer's CI CD pipelines. I can't stress this enough. You will deal with this on a developer standpoint. Even if you were in a traditional manufacturing, like I did, environment, you still will deal with the developers and their CICD pipelines. It's a matter of time. It truly is. So this is why domain eight of the CISSP is so important because it's just what your life is going to be. It's like Elon Musk said that the Tesla, it's not around having a car company, it's a software company. That's what they're focused on is the software behind it. You look at the rockets going out to the out into space that come back, the SpaceX ones that land, same thing. It's all software. Obviously, they gotta have the rocket to get there, but it's the software that brings it back home. Key important part. So, what does the financial look like again for what you're dealing with? So, an architect, a GRC architect, can make anywhere from$175 to$200 ish thousand dollars a year. Now, again, this is not, these are just generalities, right? You can find places that'll be less than this, you can find places possibly be more than this. Now, it also doesn't include your bonuses and any of the sort of profit sharing that may be involved. But again, these are just kind of rough numbers after I was out there Googling it and looking online. Your Google Secure Cloud Security principle is 190 to 230. I've seen that upwards of 250, depending upon what the role is for. Uh and so just kind of have to weigh that out. AI governance lead, kind of like a CISO in some respects, uh, that are dealing specifically with AI, 260 plus. Again, AI is a big deal. Big, big, big, big deal. So, and you also understand AI, there's many, very many folks that have more than probably three to four years experience in that AI platforms. You have your Identity and Access Management Directors, 185 to 200, and then you had your head of uh application security, which is 195 to 245. Again, they they can vary, right? You may see a top-end number of 245 here and go, well, I'm only seeing online of 200. Well, yeah, because they have a$50,000 bonus that they're putting that into that. So again, these are just broad generality numbers, but let's be realistic. If you're making a hundred, two hundred thousand dollars, just drop it right through the center. You're making 200 grand for any of these skills of having the CISSP, that is life-changing for everybody. I don't care who you are, 200 grand, even if you, well, I shouldn't say that. If you're living in San Francisco, 200 grand probably won't buy you much. But outside of the Bay Area and areas that have really, really high cost of living, the that will do a lot to change people's lives. So big money for getting the CISSP and having this knowledge. Okay, so the bridge certifications, fast track to mastery, right? The CISM is certified information security manager. This is one that you can work on before you get your CISSP, which helps build as a building block for your overall CISSP exam. Now it focuses on creating information security strategy, it's big into program management, and it's around risk and response, understanding financial and operational impact rather than just technical pieces to it. So again, this one covers the soft skills. This is your security manager. So it's a good stepping stone to the CISSP itself. It's the CISM. Now there's the AI governance piece. This is the AI, the IAP AI GP, and it's based solely around governance related to AI. So it talks about the AI lifecycle risk, right? Covers unique risks according to related to data collection, model training, and so forth. It also understands the global AI regulation and helps you understand the legal aspects related to AI, which is changing all the time, and it helps map these laws to any specific existing frameworks. And then it also rolls into ethics and transparency, focus on detecting and mitigating algorithmic biases, hallucinations, all of those aspects that run into with the various LLMs that are out there. So again, you got CISM, you have IAPAIGP, that is a mouthful, uh focused again on security management and AI governance. And then finally, your your CISA, it's your audit, right? It's the checkmate move for CISSB's moving into the executive GRC aspects, is understanding audit and assessments. So it goes focuses on audit standards and processes, covers formal and systematic methodology, control validations, understanding the various controls that you put in place to minimize or mitigate the risks that are there, and then also system like cycle audits provides a framework for auditing and how software is acquired and developed to ensure that you have it all baked in from the beginning. I will tell you that I use all of those pieces: CISM, the AIGP, and also the CISA. I don't have the certs, but I used aspects of that with the CISSP. So I can tell you that if you have those certs, great fundamental building block for the CISSP. If you don't, that's okay. Just know that if you get these before you get your CISSP, it will go a long way to help you in better being better prepared for the overall exam. So, what does this mean? What are you gonna do in 2026? Use your CISSP as a foundation. You can be able to pick when you pass the test, you get it done, you go to CISSP cyber training and you get in the training that we have, and you pass the CISSP exam. Now you can pick a niche. Pick one cloud, AR, or GSC. Pick it. Be the in-house expert. You don't have to be the expert before you're hired. You can learn that information. I went to school as an airline pilot. That's what I went from a background. I'm a pilot by trade, but I'm now in cybersecurity and been doing it for 20 plus years. Find an area, build on it, grow with it. Pivot your professional brand from cyber manager to business enabler. That is a key part, right? You are a business enabler. You are also an influencer related to your business. Important aspects that you really truly need to grasp and help become better with that. Final thought is in 2026, the highest paid CISSPs aren't those who say no, but those who say hear how we can do it safely. And you don't want to be security being the no police. You want to be ones of how do I help you with your business and enable it so that you are successful. Okay, that is all I have for you today. I hope you enjoyed this video. I hope you enjoyed this podcast. If you hear it on audio, I hope you're enjoying that as well. Because the ultimate goal is to help you pass your CISSP and help you with the cybersecurity world that we all live in. Have a great day. Have a blessed day, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Skyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.