Home Podcasts CISSP Cyber Training Podcast - CISSP Training Program
CISSP Cyber Training Podcast - CISSP Training Program

CISSP Cyber Training Podcast - CISSP Training Program

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur 360 Episodes Jun 29, 2026

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm.

Episodes

CCT 359: ShinyHunters vs. Oracle — Supply Chain Risk Every CISSP Must Know Jun 29, 2026 2588 Send us Fan MailA vendor gets breached and suddenly your perimeter does not matter, because the attacker does not need to “hack” you. They just reuse the access you already approved. That’s the core lesson behind the Shiny Hunters campaign targeting Oracle PeopleSoft servers at colleges and universities, where compromised access led to large-scale theft of student data and a messy, high-impact sup
CCT 358: EDR Bypass Ransomware: The Gentle Killer Threat Every CISSP Must Know Jun 22, 2026 2582 Send us Fan MailYour endpoint tool can be world class and still get taken out first. That’s the unsettling reality behind a new wave of “EDR killer” capabilities being packaged inside ransomware-as-a-service platforms, where affiliates can plug in advanced evasion without building it themselves. When attackers can blind endpoint detection and response before the ransomware payload runs, the old co
CCT 357: Is Your Encrypted Data Already Stolen? Quantum Risk & Supply Chain Attacks for CISSP Jun 15, 2026 1929 Send us Fan MailSomeone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Later” strategy, why it matters most for long-term confidentiality, and how security leaders can talk about it as a present-day risk instead of
CCT 356: Supply Chain Attacks Are Exploding in 2026 — Here's What the NCSC Wants You to Do Jun 8, 2026 2498 Send us Fan MailYour software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for real-world compromises that spread fast through CI/CD pipelines.I walk through the attack patterns that keep showing up in incidents: maint
CCT 355: Zapier Breach Lessons For Cloud Security and Setting Up TPRM Program in 15 Minutes Jun 4, 2026 1466 Send us Fan MailThe breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach priva
CCT 354: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY Jun 1, 2026 2248 Send us Fan MailYour firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break control, then we pivot into the deeper layer most people ignore until it’s too late: memory.We walk through CISSP Domain 3.4 by focusing on what m
CCT 353: AI Agent Governance Essentials - CISSP Practice Questions May 28, 2026 1706 Send us Fan MailAI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CI
CCT 352: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY May 25, 2026 2419 Send us Fan MailYour security program can be airtight and still get wrecked by someone else’s breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or resold in ways your users never expected. If your organisation issues mobile devices, this is where security awareness, MDM controls, and cle
CCT351: BitLocker Bypass Reality Check (YellowKey) and CISSP Practice Questions May 21, 2026 1468 Send us Fan MailBitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training moment: a public proof of concept is available, a vendor patch is not, and the attack hinges on physical access. That mix forces you to think c
CCT 350: Investigation Types Made Simple - CISSP Training (Replay) May 18, 2026 2689 Send us Fan MailDefault passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devices can turn a simple misconfiguration into redirect attacks, man-in-the-middle exposure, DDoS headaches, or silent monitoring. If you’re stu
CCT 349: FOXCONN Hack and Domain 7 CISSP Practice Questions May 14, 2026 1700 Send us Fan MailEight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the real world: intellectual property exposure, supply chain disruption, customer impact, and the uncomfortable truth that recovery is only one pa
CCT Vendor 04: The Practical Realities of Geopolitical Cyber Risk - Next Peak Interview May 13, 2026 1700 Send us Fan MailNext Peak:   https://nextpeak.net/services/icr/A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomfortable reality behind geopolitical cyber risk, and it is why I brought on Helen Lee, Director of Intelligence Cyber Research at NextPeak, to break down how global flashpoints turn into real security problem

Recommended