Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀
Imagine hearing a claim that the most sensitive identity data in the United States could be sitting on a personal thumb drive. That allegation is still unverified and under investigation, but it gives us a rare chance to see CISSP Domain 2 asset security in real time, with consequences that go far beyond a typical data breach.
I walk through what’s being reported about Social Security Administration dat...
A vendor gets breached and suddenly your perimeter does not matter, because the attacker does not need to “hack” you. They just reuse the access you already approved. That’s the core lesson behind the Shiny Hunters campaign targeting Oracle PeopleSoft servers at colleges and universities, where compromised access led to large-scale theft of student data and a messy, high-impact supply chain inciden...
Your endpoint tool can be world class and still get taken out first. That’s the unsettling reality behind a new wave of “EDR killer” capabilities being packaged inside ransomware-as-a-service platforms, where affiliates can plug in advanced evasion without building it themselves. When attackers can blind endpoint detection and response before the ransomware payload runs, the old comfort of “w...
Someone is stealing encrypted data right now and they are not trying to read it today. They are saving it for later, betting that quantum computing will eventually break the encryption that protects it. I dig into the “Harvest Now, Decrypt Later” strategy, why it matters most for long-term confidentiality, and how security leaders can talk about it as a present-day risk instead of science fiction.
Your software is only as trustworthy as the dependencies you quietly inherit and attackers know it. Today I break down the NCSC warning on software supply chain security and why open source package ecosystems have become a high-value target for real-world compromises that spread fast through CI/CD pipelines.
I walk through the attack patterns that keep showing up in incidents: maintainer account compromise, e...
The breach that takes down a company often does not kick in the front door. It walks in through a “simple” integration you set up months ago, powered by a token no one remembered to rotate. We start with a real-world Zapier-style scenario and unpack how researchers chained together a harmless-looking code block, an AWS Lambda environment, and a misconfigured IAM role to reach private repository files and...
Your firewall can be patched tomorrow, but what about the place your system hides its real secrets today? We start with a timely warning about a serious Fortinet FortiGate vulnerability and why perimeter devices are still a make-or-break control, then we pivot into the deeper layer most people ignore until it’s too late: memory.
We walk through CISSP Domain 3.4 by focusing on what memory protection is a...
AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry about” even while the agent quietly drifts outside its intended scope. That is the core AI governance problem we tackle, through the lens of CISSP thinking and real s...
Your security program can be airtight and still get wrecked by someone else’s breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or resold in ways your users never expected. If your organisation issues mobile devices, this is where security awareness, MDM controls, and clear “don’t allow t...
BitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training moment: a public proof of concept is available, a vendor patch is not, and the attack hinges on physical access. That mix forces you to think clearly about what “high risk&...
Default passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devices can turn a simple misconfiguration into redirect attacks, man-in-the-middle exposure, DDoS headaches, or silent monitoring. If you’re studying for the CIS...
Eight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the real world: intellectual property exposure, supply chain disruption, customer impact, and the uncomfortable truth that recovery is only one part of the story when data walks out...
Next Peak: https://nextpeak.net/services/icr/
A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomfortable reality behind geopolitical cyber risk, and it is why I brought on Helen Lee, Director of Intelligence Cyber Research at NextPeak, to break down how global flashpoints turn into real security problems for businesses of every...
Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one with zero special permissions. When an agent can act “as you” inside a trusted environment, the risk jumps from theory to real outcomes like silent email sendi...
Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately manipulated data can poison decisions for months without a single red flag. We break down what that looks like in real organizations, why it differs from the Hollywoo...
MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authenticati...
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a...
Ransomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built to give you structure, accountability, and weekly sessions so you can realistically target exam day without paying boot camp prices. Seats are limited, with an early bird opti...
Three Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in Patch Tuesday while Red Sun and Undefend were described as still unpatched at the time, and the practical response: update fast, verify coverage, and keep your eyes on threat ...
The next wave of AI in cybersecurity is not a theory project, it’s an operational deadline. I open with a timely look at reporting that the White House wants federal agencies to get access to Anthropic’s Claude Mythos, and why that scramble matters for every security team. If Mythos can help uncover vulnerabilities and accelerate exploit development, the same capability that strengthens defense can also ...
Hey Jonas! The official Jonas Brothers podcast. Hosted by Kevin, Joe, and Nick Jonas. It’s the Jonas Brothers you know... musicians, actors, and well, yes, brothers. Now, they’re sharing another side of themselves in the playful, intimate, and irreverent way only they can. Spend time with the Jonas Brothers here and stay a little bit longer for deep conversations like never before.
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by Audiochuck Media Company.
Betrayal Weekly is back for a new season. Every Thursday, Betrayal Weekly shares first-hand accounts of broken trust, shocking deceptions, and the trail of destruction they leave behind. Hosted by Andrea Gunning, this weekly ongoing series digs into real-life stories of betrayal and the aftermath. From stories of double lives to dark discoveries, these are cautionary tales and accounts of resilience against all odds. From the producers of the critically acclaimed Betrayal series, Betrayal Weekly drops new episodes every Thursday. If you would like to share your story, you can reach out to the Betrayal Team by emailing them at betrayalpod@gmail.com and follow us on Instagram at @betrayalpod and @glasspodcasts. Please join our Substack for additional exclusive content, curated book recommendations, and community discussions. Sign up FREE by clicking this link Beyond Betrayal Substack. Join our community dedicated to truth, resilience, and healing. Your voice matters! Be a part of our Betrayal journey on Substack.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.