January 1, 2026 • 28 mins
Ready to turn CISSP Domain 3.5 into practical moves you can deploy on Monday? We unpack how real SOC teams apply microsegmentation, identity-aware controls, and targeted inspection to crush lateral movement without dragging performance. Along the way, we demystify AI’s role: where detection engineering benefits from crisp use cases, how Tier 1 triage speeds up, and why models still need human oversight and rigorous validation to stay trustworthy.
We also step through common network design traps that drain budgets and weaken defenses. VLAN sprawl looks tidy on paper but collapses under hybrid cloud dynamics. Central chokepoints promise control yet introduce latency and single failure domains. The smarter path is selective inline inspection where risk is highest, strong encryption everywhere else, and host-based enforcement that understands identity and context after decryption. If you’ve been tempted to collapse controls into one “do-everything” appliance, we lay out the hidden cost: a fragile core that turns into a single point of failure when you need it most.
To ground the theory, we walk through scenario-style questions that mirror real decisions security leaders face: stopping east-west movement, balancing HA with inspection, drawing zero trust boundaries that don’t assume implicit trust, and enforcing policy on encrypted traffic. You’ll leave with patterns you can adapt immediately: start small, define use cases, validate outputs like code, and iterate with tight feedback loops. Whether you run a SOC, partner with an MSP, or are targeting a first-time CISSP pass, this conversation gives you a clear map from concept to control. If this helped, follow the show, share it with a teammate, and leave a quick review so others can find it too.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_00 (00:00):
Welcome to the CISP Cyber Training.
We provide C training and toolsyou need.
CISP exam.
Hi, my name is John Gerber.
I'm your host.
I provide the information youneed.
CISP exam.
And roll your cyber checker inthe light.
(00:21):
Alright.
SPEAKER_01 (00:25):
Good morning, everybody.
It's John Gerber with CISSPCyber Training and hope you all
are having a beautifully blessedday today.
Today is CISSP questionThursday, and we are going to be
talking about questions relatedto domain 3.5 of the CISSP exam.
So yeah, I hope you all had abeautiful, wonderful Christmas.
(00:46):
As you're listening to thispodcast, it's after the
Christmas holidays.
And so I hope you all gotexactly what you were looking
for and not a lump of coal.
And if you don't know what thatis, is well, then I guess you've
moved beyond the coal and you'reinto gas-fired electricity and
heat for your home.
So you don't have to worry aboutthe coal.
But hope you all had a greatChristmas.
Hope it was a very blessed timeof year for you.
(01:08):
It is for me and my family.
We are, as Christians, we justlove this time of year.
It's an amazing part of ourlife, and we are so very, very
thankful.
Today we're going to be gettinginto domain three, as I
mentioned a little bit earlier.
But before we do, I wanted tokind of talk about an article
that I saw in the Hacker News.
And this is how to integrate AIinto modern SOC, which is
(01:29):
Security Operations Center, SOC,typically what it's called, SOC
workflows.
But I've been doing SOCS formany, many years and understand
that how they work, at least inthe past, things have that have
changed, I think, are reallyit's really cool, honestly.
(01:51):
I'm really excited about wherethat's actually going.
Just because if you've worked ina SOC at any point in time, you
can understand that thedifferent types of triaging
related to tier one through tierthree kind of events can be a
bit overwhelming.
And honestly, it can beextremely laborious.
So a lot of companies and a lotof different organizations are
actually integrating AI as muchas they possibly can within SOC.
(02:14):
Now, this is out of thisarticle, they had some uh 2025
SANS SOC survey that had comeout and that they had questioned
a lot of different organizationsabout where is their SOC and
what is how are theyimplementing AI within it.
40% of SOCs will use AI or MLtools without making them a
defined part of their operation.
Uh really what it comes down tois they turn it on and hope it's
(02:36):
all going to work.
Uh and I've seen this becauseyou know that's just the magic
button of AI.
Let's kick it in, let's just seewhat it does.
Uh, 42% will rely on AI and MLtools out of the box with no
customization, just kind of likeI mentioned before.
And then 69% of SOCs still relyon manual or mostly manual
processes to report metrics.
And it really comes down tothis.
(02:57):
In many of the stocks that I'vedealt with, they are having a
hard enough time just trying tokeep their heads above water.
Now you add another tool ontothis, and what does that do to
your organization?
How does that all that add up?
It can be overwhelming in manydifferent ways.
So, one of the areas that theytalked about how AI can provide
reliable SOC support isdetection engineering.
(03:19):
And again, this comes down tohaving high quality alerts from
your for your SIM for basicallyyour MDR pipeline.
And it's designed specificallyaround creating testable proc
classification problems,examining the first eight bytes
of a pack of streams to detectanomalies.
It's extremely accurate and itvalidates a lot of different
(03:40):
things that you might be lookingfor.
So, one thing is that AI cannotfix vaguely defined learning
problems.
If you don't have a very crispand clean use cases that you
have used for your SOC and yourreporting, it's going to have a
hard time with that, even justas it is.
So you need to make sure thatyou have a good plan related to
(04:01):
your SOC before you even startit going.
And I would highly recommendthat you have good use cases
already well defined.
Thread hunting, this will alsoresearch do research and
development around capabilityfor exploiting ideas and testing
different assumptions.
It really does help speed upearly stages of analysis and it
does compare the patterns andtests and test your hypothesis
(04:22):
against them.
It does help you with that.
And again, this comes down touse case development that you
really have truly thought abouthow are these attackers going to
come in and go after you.
It's a tool for exploration, notit's not the final authority,
and this is why you need people.
So many people are worried aboutAI that it will take over for
their organization, but itreally won't.
(04:43):
It's just, I personally look atit, it's a new tier one type of
tool that's going to make yourtier one capabilities much, much
easier.
So you you but you have todefine, it's like the human.
The human understands what thetier one stuff is, and they've
been doing it long enough.
And even not, you get a newintern that comes in and starts
working tier one events.
It takes them time to try tounderstand what they're actually
(05:04):
looking at.
Well, now this AI tool will workat those tier one events and be
able to, based on use casedevelopment, be able to roll
through those extremely quickly.
And that and that's what youreally truly want is you want
someone that's going to actuallyhave the ability to roll through
this stuff in a very quickmanner.
The other thing is that is it'sgonna be help you with your
(05:25):
software development andanalysis.
It can help write code forautomation and host integration
based on your SIM and what arethe queries that your SIM will
possibly need.
Uh so this can define theexisting code snippets,
accelerates logic construction,reduces your mechanical
overhead.
All of those things can be donefor you with the SIM.
(05:46):
And it can be done in Python,PowerShell, or whatever SIM
query language you may havespecifically for your
organization and for the type oftool that you're using.
So it's very interesting aroundhow that will work.
And I can see a lot of value inthat, especially since it takes
a lot of brain bites to be ableto do those things.
The other one is automation andorchestration.
Uh, you can design workflows foryour SOAR, your MCP, or other
(06:08):
orchestration platforms.
Uh, if you have a SOAR platform,uh, this is your security
orchestration and yeah,response, I think is what it is.
Uh but bottom line is it's thetools that make the automation
piece work for your SIM.
Uh a lot of organizations willbuy a SOAR tool, just hoping
that it works right out of thebox.
(06:29):
Uh, I was working as aconsultant for a company and
they had a SOAR, actually, theyhad one SOAR tool and they had
two SIMs, and they reallyweren't even using either SIM
correctly.
So the thing is, is it's it'sall of these tools as they
interact.
What's in the past you've had tobeen required to buy or hire
someone that can help coordinatethese different orchestrations
between them.
(06:49):
Now you can actually have yourAI help you with that in a way
that is extremely effective foryour company.
But what it's gonna take is it'sgonna take you as a, depending
on if you're a security leaderlistening to this, it's gonna
take you to be able to work withyour company to set aside the
amount of resources to work onit.
If you don't set aside resourcesto work on these types of
(07:10):
capabilities, it's just notgonna work out for you.
So again, you're gonna have tocarve out some people and some
time to make that happen for youand your organization.
The reporting and communication,this is a really an important
part that I feel doesn't getdone well already.
Uh, but this is translatingtechnical findings into clear,
actionable communication.
It can help improve the clarity,maybe take out some of the uh
(07:34):
business wording and thebusiness language that actually
ends up making it moreconvoluted and and hard to
understand.
I've always struggled with thatwhere people will write these
big pontificated words that it'sin almost incredibly impossible
to even know what you're saying.
Uh, this can help the AI canhelp with that aspect as well.
So it I think there's really alot of great things that you can
(07:58):
utilize the AI pieces in this inthis space, but you really have
to kind of focus on some keyprinciples around it.
And they cut the article talksabout some key principles being
one, narrow the scope, apply AIto specific, well-bounded tasks.
Tasks that you already know,that you've already bounded, you
already know how the people aredoing.
And I would focus on your tierone task specifically.
(08:19):
What are things that you knowpeople have the ability to do,
and that it's easily actionableand it's also easy verify,
easily verifiable, that you canensure that whatever AI you put
in place, you can actually goback and verify that because you
have a process already for yourpeople to do those types of
activities.
So I think narrowing your scopeis important.
You can always increase thescope in the future, but
(08:42):
narrowing at the beginning isreally an important part.
I also mentioned validating youroutput.
You need to treat AI output withthe same rigor as an engine any
engineering effort.
Do not just assume just becauseit came out of the AI bot that
it is 100% right.
And because it won't be, it'sjust not gonna be.
Uh, clear review process,establish how your AI output
should be validated.
(09:02):
You should ensure that that's inplace as well.
And then determine whichworkflows are mature enough to
benefit from the augmentation.
So what you got to determine ifyou have your tier three or tier
one folks, can it benefit fromthis specific AI augmentation
that you have set up?
Do you have checks and balancesto ensure that it's done
correctly?
Maintain your accountability.
Again, at the end of all ofthis, you have to have
(09:24):
accountability around everyaspect of this.
And then finally, you need tohave ensure continuous updates
where you have ongoingvalidation and tuning for each
of these.
So, what I would recommend isyou set aside a tier three tier
one person and have them wholikes to do AI stuff get into
this.
Have them dig into this and havethem come back to you with some
results.
Uh, give them a time box whichthey should start and when they
(09:47):
should end, and then have aminimum viable product that
which they can use and focus ona couple processes.
Have them come to you with justa couple processes on what you
should do or and how whatchanges you should make, and
then have them work on those.
But again, give them a time boxand tell them this is what your
expectations are.
So I think that's a really goodway for you to be able to
(10:07):
utilize AI, and it's probably inmost of your tools right now as
we speak, but I would look atways that you can use AI within
your company, utilizingresources you're already paying
for and helping to get them moretrue attuned to what is actually
going on.
So I do feel it's a really greatarticle around AI and how to
integrate it into your SOCworkflows.
(10:30):
Start small.
You can pay a lot of money tohave people help you with this,
but realistically, start smallin a one area and then grow upon
that for your tier one folks.
If for some reason you don'thave these capabilities and
you're maybe relying on an MSPto do your SOC, I would actually
challenge your MSP to ask themhow are they doing this
specifically for you?
(10:50):
Now, if you are going directlywith your like SOC providers
such as Sentinel One and soforth, they probably already are
doing this.
But if you're going with an MSPthat's providing this service, I
would just question them on it.
I would just ask them about itbecause it doesn't hurt to see
what they're doing and howthey're actually doing it.
Okay, that's what that's thearticle.
Again, the hacker news, how tointegrate AI into modern sock
(11:11):
workflows.
Okay, so before we get into thequestions for today, I want to
just quit just a quick shout outfor CISSP Cyber Training.
Head on over to CISSP CyberTraining, check it out, go to
the website, you've got mystories on there, how what
happened with me, how did I endup getting into this, a little
bit about my family, so you canunderstand a little bit about
that, some of the resources thatare available, all the free
(11:33):
stuff.
I've got podcasts, I've got examprep content, I've got the
training on YouTube, all thatstuff is available to you as
well.
So everything is at CISSP CyberTraining if you're trying to
study for your CISSP exam.
In addition, I have content thatis paid content that is
available for you.
This paid content will help youstreamline your overall process.
(11:55):
If you're going into 2026 andyou're listening to this
podcast, you want to take theCISSP.
There's no question about it.
Well, let me help you with that.
You know what?
When I took it the first timeand I failed, it's because I
didn't have this program inplace.
I have a blueprint that's set upspecifically, specifically to
help you pass this exam.
It's going to walk you throughstep by step.
(12:18):
I had an employee or anemployee, I had a student ask me
just, I was doing a conversationwith her.
Uh, she's in the UK area, and Ihad a conversation with her,
actually in Germany, about this.
And one thing that she said, Iunderstand risk.
I understand all parts of it,but this is really overwhelming.
There's so much informationhere, and she's right, the CISSP
(12:39):
is a challenging test, and it'sexpecting you to know a lot of
information about a lot ofdifferent areas.
Well, utilize the CISSP CyberTraining and utilize all the
content that I have available toyou to help you pass the CISSP
the first time.
You don't want to waste yourtime on trying to go back and
take it again.
You want to do it again.
(13:00):
You want you want to make sureyou pass it the first time and
not have to go back and do itagain.
So go to CISSP Cyber Training,check it all out.
Again, lots of free stuff, lotsof good stuff there for you.
All right, let's get into ourquestions today.
Okay, so these are the domathree deep dive questions that
are available for you on CISSPCyber Training.
You can get access to these andgo over all of them.
(13:22):
You can take the quiz and it'llsee how you did.
All right, let's get started onthe first question.
Question A global financialinstitution is redesigning its
internal network after a breach.
They revealed extensive lateralmovement between the application
tiers.
The organization operates ahybrid environment which is
on-prem and cloud and mustsupport legacy systems that
(13:43):
cannot easily be modified.
I've seen this done that.
Live the life.
Which architectural approachbest reduces lateral movement
while maintaining operationalflexibility?
Okay, so let's see what theysay.
So again, financialinstitutions, so highly
regulated.
It's got an internal networkafter breach revealed that that
had extensive lateral movementbetween application tiers,
(14:05):
typically happens.
The organization operates ahybrid environment which is
on-prem and cloud and mustsupport legacy systems that
cannot be easily modified.
Which architectural approachbest reduces lateral movement
while maintaining operationalflexibility?
Alright, so A.
Deploy next generation firewallsat all perimeter ingress and
(14:26):
egress locations.
Okay, that's positive, but we'llsee.
B.
Implement VLAN-basedsegmentation across the internal
networks.
C adopt micro segmentationenforced at workload and or host
level.
Or D indecrease IDS coverage foreast and west traffic.
Okay, so let's talk about that.
(14:47):
So if you're looking at all ofthose have valid points within
your organization, but not allof them are the best way to
reduce lateral movement.
So let's start with increase IDScoverage for east and west
traffic.
So typically east and westtraffic is basically determined
within your network.
Okay, so north and south is inand out of the organization,
east and west is within theorganization.
(15:08):
The IDS will improve adetection, but does not prevent
lateral movement.
So it's gonna tell you you'vegot a problem.
Houston, we have a problem, butit's not going to do anything
other than that.
It's not gonna stop it, it's notgonna limit the lateral
movement, it's just gonna tellyou that we got things moving
through your organization.
Now, that also being said, Idon't know how the IDSs today I
(15:32):
don't know how much they'regonna actually give you.
They're gonna may tell you youhave an issue, and unless you
have done a really good jobtuning them, it may not be
something that is gonna beproviding a whole lot of value.
I've seen it in places wherethey will have IDSs and IPSs in
front of uh areas, VLANs thatare maybe very sensitive, but
short of that, I think it justcreates noise myself.
(15:53):
Uh implement VLAN-basedsegmentation across all internal
networks.
Now, VLAN segmentation islimited by network boundaries
and does not scale well with adynamic environment.
What does that mean?
Well, you've got a cloudenvironment that's dynamic.
Uh, you most times your on-premstuff's gonna be very static,
very set in one place, but whenyou're dealing with the cloud,
(16:14):
you're gonna have a very dynamicenvironment.
So, as a dynamic environment,VLAN-based segmentation just
adds more complexity.
I went to uh one of thegentlemen that I looked at, he
well, he was in my organizationuh through a company we acquired
and looked at what he createdwhen after we met with him, and
he had 32 VLANs within hiscompany.
(16:35):
I mean, it was absolutenightmare.
And I and this was a very smalllocation.
This wasn't like multipleplaces, this was at one
location.
So all the VLANs were great, butthey just added way too much
complexity.
And he he wasn't really fond ofwhen I said, hey dude, this
isn't gonna work so well.
So um, yeah, that again, VLANsare good.
(16:55):
I'm not saying they're not, butyou need to use them with
moderation.
It's like salt.
Don't use them on everything.
Uh okay, then deploy nextgeneration firewalls at the
perimeter, ingress and egresspoints.
Okay, so deploying firewalls atthe perimeter does not control
east and west traffic.
Obviously, we talked about onceattack attackers inside, then
it's a soft GUI center, and theycan get to whatever they need
(17:15):
to.
So again, firewalls are great,but not for all the stuff when
people are migrating or doinglateral movement within your
company.
So the correct answer is C.
Adopt micro-segmentation forcedat the workload or host level.
Microsegmentation doesn't forcepolicies closest to the workload
or the application, as it wasmentioned, which is critical in
(17:36):
a high-red or cloud environment.
You really truly need to havesome level of micro
segmentation.
Now, you may not do everythingas it's segmented that way.
You may just have parts of yourorganization that are that way.
All right, the next question (17:47):
an organization is deploying a high
availability application thatrequires real-time data
synchronization between datacenters.
Okay, so you got highavailability, which can cause
some challenges, uh, and whichbasically, for your lack of
knowledge, you have twofirewalls, and each firewall is
has a traffic going through it.
If one were to fail, the otherone would pick up the slack, and
(18:09):
therefore you have don't have toworry about an outage occurring
when you have high availabilityin place.
So they have an applicationthat's high availability
requiring real-time datasynchronization between data
centers.
So there means there's more thanone data center.
Security leadership is concernedabout performance degradation
caused by inline securitydevices.
Which network design choice mostappropriately balances security
(18:31):
and availability?
Okay, so A.
Implement security controls andnetwork at network choke points
only.
B route all interdata centertraffic through centralized
firewalls.
C use out-of-band monitoringinstead of inline inspection, or
D apply encryption withselective inline inspection
where risk is highest.
(18:53):
Okay, so high availabilityrequires real-time data
synchronization.
They're worried aboutperformance degradation caused
by inline security devices.
Okay, so let's talk about theones that are not correct.
Implement security controls atnetwork choke points only.
So by implementing a securitycontrol at your choke point,
that's a very legacy type ofactivity.
And it's only going to it'sgonna ignore your east-west and
(19:17):
your service-to-service traffic.
So it's it's just basicallyeverything coming in.
It's it's a very hub and spokekind of thought process.
Uh, so it's not the best option.
And a lot of it is thateast-west traffic, the lateral
movement, it's not gonna pickany of that up.
Route all inner data centertraffic through centralized
firewalls.
Again, that one is very oldschool.
(19:37):
Centralized firewalls introducelatency and single points of
failure.
Had this happen in a previouslife, uh, when I started uh with
the company after I left themilitary, they had all central
firewalls and it was anightmare.
It was an absolute nightmarebecause everything went through
them and you had to have HApairs, and then you had issues
with one and you couldn'tdiagnose the aspects.
(19:58):
It was just painful.
It was truly painful.
Uh use out of out-of-bandmonitoring instead of inline
inspection.
Okay, so out-of-band monitoringis good, but it's not the best
because it doesn't prevent anysort of attacks.
If it has the ability to blockattacks, then that would be
important.
The last one, which is the rightanswer, is apply encryption,
(20:18):
which we'll talk about.
It really isn't part of thisquestion, but it is.
Apply encryption with selectiveinline inspection where the risk
is highest.
Okay, so if you encrypt thedata, it's going to help
encrypting internal data is anextremely important part for
keeping the bad guys and girlsfrom understanding what's going
on.
Now it can be bad in the factthat if you don't have good
packet decryption capabilities,uh you're just basically now
(20:41):
making yourself blind.
But having encryption in placewith specific inline inspections
where your risk is highest wouldbe your most valuable plan.
So I would highly recommend thatyou kind of think about it that
way.
So there isn't, again, all ofthose are good, but some of them
are better than others.
But the best is applyingencryption with selective inline
(21:02):
inspection where your risk ishighest.
Next question a securityarchitect is defining trust
boundaries with zero trustaligned enterprises.
Okay, so now you get zero trust,and you're looking at how do you
deploy something like this?
Which practice is leastappropriate when defining
network trust zones?
Okay, so we're talking aboutnetwork trust zones within your
(21:23):
organization.
And this is dealing with zerotrust.
So a in treating internalnetworks as untrusted by
default.
B enforcing authentication andauthorization at zone
boundaries.
C logging and monitoring trafficacross trust boundaries, or D
allowing unrestrictedcommunication within a security
(21:44):
zone.
Okay, so now the big thing hereis least appropriate.
So when you're looking atquestions, you want to
understand which question isactually something negative than
what you're used to having froma security protection
standpoint.
So treating internal networks isuntrusted by default.
Well, that's part of zero trust,is that you're supposed to treat
everything with uh that's nottrusted.
(22:05):
That's the goal.
Then this, if you didn't dothis, this actually conflicts
with the zero trust principles.
Enforcing authentication andauthorizations at zone
boundaries is what you want.
That is an important part.
So therefore, that is notappropriate in this actual
question.
And then logging and monitoringtraffic crossing trust
boundaries.
This is an important part,especially when you're dealing
(22:27):
with any sort of activity goingacross the various trusts.
You want to log and monitor anytraffic because you're looking
for any east-west movement.
So again, those are the onesthat are positive.
Those are the ones that areactually more appropriate than
least appropriate.
The least appropriate isallowing unrestricted
communications within a securityzone, right?
Unrestricted cops within asecurity zone assumes that you
(22:49):
have implicit trust, whichcontradicts the zero trust
principles.
So again, the correct answer,which is least appropriate, is
allowing unrestrictedcommunication within a security
zone.
All right, next question.
Which component must is mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
(23:11):
Again, which component is mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
A network-based IDSs.
B traditional layer threefirewalls.
C host-based firewall withidentity aware rules, or D a
passive network tap.
(23:31):
Okay, so which is the mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
So the ones that are notcorrect, passive network taps.
I love passive network taps.
They work great, they'reawesome.
Uh they're they're of that bumpin the line, but the thing is is
they're allowing all traffic togo through and they're just kind
of sniffing or smelling thetraffic as it goes across.
(23:54):
The problem is, is they don'treally help you for enforcement.
So if you're looking to enforceyour security policy, the
passive network tap was not thebest choice.
Your network-based IDS systems.
Okay, so network-based IDScannot inspect encrypted traffic
without decrypting it.
So again, it's not the mosteffective for enforcing your
policy.
So if you have some level ofencryption, it's not going to
(24:17):
really help you much at all.
Traditional layer threefirewalls.
These lack application identityawareness.
So therefore, they would fail inthe fact they're just allowing
traffic.
They're the standard rules thatyou would have in place for your
different types of rules.
I mean, your any-any rulesversus your one-to-any, all
those types of activities withinyour firewalls, they will not
(24:40):
have that ability to help you.
So the correct answer ishost-based firewalls with
identity aware rules.
Now, host-based firewalls canenforce policies after
decryption and they incorporateidentity and context into your
overall plan.
So the most effective is yourhost-based firewall with
identity aware rules.
(25:00):
Okay, last question.
An enterprise plans to collapsemultiple security layers to
reduce cost by relying heavilyon a single, highly capable
security appliance.
From a secure networkarchitecture perspective, what
is the primary risk of thisapproach?
So again, they're collapsingmultiple security layers.
So it had they had originallyhad a lot of security layers in
(25:22):
place, which is good, to reducecost by relying heavily on a
single, highly capable securityappliance.
So you're going from manydifferent types of appliances to
one.
For a secure networkarchitecture perspective, what
is the primary risk of thisapproach?
A increased administrationoverhead.
B creation of a single point offailure.
(25:43):
C reduced encryption strength,or D, inability to monitor
network traffic.
Okay, so the primary risk,primary, in air quotes, let's go
with the ones that are notcorrect.
Inability to monitor networktraffic.
So monitoring depends onconfiguration, not the overall
architecture.
So it it's not giving you thethat's not really the best
(26:03):
architecture plan of this.
Uh, and it's not the primaryrisk behind it.
It's just is it is it correctlyconfigured or not?
Reducing encryption strength,that really has nothing to do
with this overall plan.
So uh it's really not even areally risk around that.
So the encryption is going to bewhat the encryption is going to
be.
And then a increasedadministrative overhead.
(26:24):
That one is not a primary riskas well, because it will create
overhead.
There's no question about that,potentially.
Now, I say it will and it willreduce it.
It may end up creating moreadministrative overhead because
now you're in one system andthere might be a lot more bells
and whistles you have toconfigure.
In the old system that they had,obviously with multiple layers,
that could have had a lot ofoverhead as well.
(26:46):
But it's again, it's kind oflike meh, it's not the primary
risk in this situation.
The primary risk in thissituation is the creation of a
single point of failure.
So again, you have your securitycontrols in place.
If this device goes down, itcould lead to catastrophic
failure.
So I mean, not knowing the fullarchitecture and how it's all
planned, there are pros and consto both sides of this, but I
(27:08):
would highly recommend that theywould do a single point of
failure type of situation,especially when you're reducing
your security.
You think you're saving money,but in reality, you're actually
causing yourself a lot morepain.
Or if you're the guy that'sgoing to be leaving the
organization, you know, you'rethe CISO and you're saying, hey,
you know what?
I'm going to do this to savesome money so I look good and
get a good bonus, and then I'lllet Bob, who's my replacement,
(27:29):
figure it out.
Well, that, yeah, that's kickingthe can down the road a little
ways, and it's causing Bob tohave some more challenges.
But that's okay for Bob.
Not and it's okay for you,right?
All right, that's all I've gotfor you today.
Head on over to CISSP CyberTraining.
Check it out.
There's a lot of great stuff foryou.
And hopefully, in this one, youget in this podcast, you guys
(27:49):
don't catch from my editsbecause it's been an early
morning and I was really tired.
So hopefully, there's not anygoofy edits in this as this
thing goes out.
All right, thanks again.
Have a great day, and we'll talkto you all and catch you all on
the flip side.
See ya.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes
as I would greatly appreciateyour feedback.
(28:12):
Also, check out my videos thatare on YouTube, and just head to
my channel at CISSP CyberTraining, and you will find a
plethora or a conocopia ofcontent to help you pass the
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
SPEAKER_00 (28:32):
Thanks again for listening.
Welcome to the CISP Cyber Training.
We provide C training and toolsyou need.
CISP exam.
Hi, my name is John Gerber.
I'm your host.
I provide the information youneed.
CISP exam.
And roll your cyber checker inthe light.
(00:21):
Alright.
SPEAKER_01 (00:25):
Good morning, everybody.
It's John Gerber with CISSPCyber Training and hope you all
are having a beautifully blessedday today.
Today is CISSP questionThursday, and we are going to be
talking about questions relatedto domain 3.5 of the CISSP exam.
So yeah, I hope you all had abeautiful, wonderful Christmas.
(00:46):
As you're listening to thispodcast, it's after the
Christmas holidays.
And so I hope you all gotexactly what you were looking
for and not a lump of coal.
And if you don't know what thatis, is well, then I guess you've
moved beyond the coal and you'reinto gas-fired electricity and
heat for your home.
So you don't have to worry aboutthe coal.
But hope you all had a greatChristmas.
Hope it was a very blessed timeof year for you.
(01:08):
It is for me and my family.
We are, as Christians, we justlove this time of year.
It's an amazing part of ourlife, and we are so very, very
thankful.
Today we're going to be gettinginto domain three, as I
mentioned a little bit earlier.
But before we do, I wanted tokind of talk about an article
that I saw in the Hacker News.
And this is how to integrate AIinto modern SOC, which is
(01:29):
Security Operations Center, SOC,typically what it's called, SOC
workflows.
But I've been doing SOCS formany, many years and understand
that how they work, at least inthe past, things have that have
changed, I think, are reallyit's really cool, honestly.
(01:51):
I'm really excited about wherethat's actually going.
Just because if you've worked ina SOC at any point in time, you
can understand that thedifferent types of triaging
related to tier one through tierthree kind of events can be a
bit overwhelming.
And honestly, it can beextremely laborious.
So a lot of companies and a lotof different organizations are
actually integrating AI as muchas they possibly can within SOC.
(02:14):
Now, this is out of thisarticle, they had some uh 2025
SANS SOC survey that had comeout and that they had questioned
a lot of different organizationsabout where is their SOC and
what is how are theyimplementing AI within it.
40% of SOCs will use AI or MLtools without making them a
defined part of their operation.
Uh really what it comes down tois they turn it on and hope it's
(02:36):
all going to work.
Uh and I've seen this becauseyou know that's just the magic
button of AI.
Let's kick it in, let's just seewhat it does.
Uh, 42% will rely on AI and MLtools out of the box with no
customization, just kind of likeI mentioned before.
And then 69% of SOCs still relyon manual or mostly manual
processes to report metrics.
And it really comes down tothis.
(02:57):
In many of the stocks that I'vedealt with, they are having a
hard enough time just trying tokeep their heads above water.
Now you add another tool ontothis, and what does that do to
your organization?
How does that all that add up?
It can be overwhelming in manydifferent ways.
So, one of the areas that theytalked about how AI can provide
reliable SOC support isdetection engineering.
(03:19):
And again, this comes down tohaving high quality alerts from
your for your SIM for basicallyyour MDR pipeline.
And it's designed specificallyaround creating testable proc
classification problems,examining the first eight bytes
of a pack of streams to detectanomalies.
It's extremely accurate and itvalidates a lot of different
(03:40):
things that you might be lookingfor.
So, one thing is that AI cannotfix vaguely defined learning
problems.
If you don't have a very crispand clean use cases that you
have used for your SOC and yourreporting, it's going to have a
hard time with that, even justas it is.
So you need to make sure thatyou have a good plan related to
(04:01):
your SOC before you even startit going.
And I would highly recommendthat you have good use cases
already well defined.
Thread hunting, this will alsoresearch do research and
development around capabilityfor exploiting ideas and testing
different assumptions.
It really does help speed upearly stages of analysis and it
does compare the patterns andtests and test your hypothesis
(04:22):
against them.
It does help you with that.
And again, this comes down touse case development that you
really have truly thought abouthow are these attackers going to
come in and go after you.
It's a tool for exploration, notit's not the final authority,
and this is why you need people.
So many people are worried aboutAI that it will take over for
their organization, but itreally won't.
(04:43):
It's just, I personally look atit, it's a new tier one type of
tool that's going to make yourtier one capabilities much, much
easier.
So you you but you have todefine, it's like the human.
The human understands what thetier one stuff is, and they've
been doing it long enough.
And even not, you get a newintern that comes in and starts
working tier one events.
It takes them time to try tounderstand what they're actually
(05:04):
looking at.
Well, now this AI tool will workat those tier one events and be
able to, based on use casedevelopment, be able to roll
through those extremely quickly.
And that and that's what youreally truly want is you want
someone that's going to actuallyhave the ability to roll through
this stuff in a very quickmanner.
The other thing is that is it'sgonna be help you with your
(05:25):
software development andanalysis.
It can help write code forautomation and host integration
based on your SIM and what arethe queries that your SIM will
possibly need.
Uh so this can define theexisting code snippets,
accelerates logic construction,reduces your mechanical
overhead.
All of those things can be donefor you with the SIM.
(05:46):
And it can be done in Python,PowerShell, or whatever SIM
query language you may havespecifically for your
organization and for the type oftool that you're using.
So it's very interesting aroundhow that will work.
And I can see a lot of value inthat, especially since it takes
a lot of brain bites to be ableto do those things.
The other one is automation andorchestration.
Uh, you can design workflows foryour SOAR, your MCP, or other
(06:08):
orchestration platforms.
Uh, if you have a SOAR platform,uh, this is your security
orchestration and yeah,response, I think is what it is.
Uh but bottom line is it's thetools that make the automation
piece work for your SIM.
Uh a lot of organizations willbuy a SOAR tool, just hoping
that it works right out of thebox.
(06:29):
Uh, I was working as aconsultant for a company and
they had a SOAR, actually, theyhad one SOAR tool and they had
two SIMs, and they reallyweren't even using either SIM
correctly.
So the thing is, is it's it'sall of these tools as they
interact.
What's in the past you've had tobeen required to buy or hire
someone that can help coordinatethese different orchestrations
between them.
(06:49):
Now you can actually have yourAI help you with that in a way
that is extremely effective foryour company.
But what it's gonna take is it'sgonna take you as a, depending
on if you're a security leaderlistening to this, it's gonna
take you to be able to work withyour company to set aside the
amount of resources to work onit.
If you don't set aside resourcesto work on these types of
(07:10):
capabilities, it's just notgonna work out for you.
So again, you're gonna have tocarve out some people and some
time to make that happen for youand your organization.
The reporting and communication,this is a really an important
part that I feel doesn't getdone well already.
Uh, but this is translatingtechnical findings into clear,
actionable communication.
It can help improve the clarity,maybe take out some of the uh
(07:34):
business wording and thebusiness language that actually
ends up making it moreconvoluted and and hard to
understand.
I've always struggled with thatwhere people will write these
big pontificated words that it'sin almost incredibly impossible
to even know what you're saying.
Uh, this can help the AI canhelp with that aspect as well.
So it I think there's really alot of great things that you can
(07:58):
utilize the AI pieces in this inthis space, but you really have
to kind of focus on some keyprinciples around it.
And they cut the article talksabout some key principles being
one, narrow the scope, apply AIto specific, well-bounded tasks.
Tasks that you already know,that you've already bounded, you
already know how the people aredoing.
And I would focus on your tierone task specifically.
(08:19):
What are things that you knowpeople have the ability to do,
and that it's easily actionableand it's also easy verify,
easily verifiable, that you canensure that whatever AI you put
in place, you can actually goback and verify that because you
have a process already for yourpeople to do those types of
activities.
So I think narrowing your scopeis important.
You can always increase thescope in the future, but
(08:42):
narrowing at the beginning isreally an important part.
I also mentioned validating youroutput.
You need to treat AI output withthe same rigor as an engine any
engineering effort.
Do not just assume just becauseit came out of the AI bot that
it is 100% right.
And because it won't be, it'sjust not gonna be.
Uh, clear review process,establish how your AI output
should be validated.
(09:02):
You should ensure that that's inplace as well.
And then determine whichworkflows are mature enough to
benefit from the augmentation.
So what you got to determine ifyou have your tier three or tier
one folks, can it benefit fromthis specific AI augmentation
that you have set up?
Do you have checks and balancesto ensure that it's done
correctly?
Maintain your accountability.
Again, at the end of all ofthis, you have to have
(09:24):
accountability around everyaspect of this.
And then finally, you need tohave ensure continuous updates
where you have ongoingvalidation and tuning for each
of these.
So, what I would recommend isyou set aside a tier three tier
one person and have them wholikes to do AI stuff get into
this.
Have them dig into this and havethem come back to you with some
results.
Uh, give them a time box whichthey should start and when they
(09:47):
should end, and then have aminimum viable product that
which they can use and focus ona couple processes.
Have them come to you with justa couple processes on what you
should do or and how whatchanges you should make, and
then have them work on those.
But again, give them a time boxand tell them this is what your
expectations are.
So I think that's a really goodway for you to be able to
(10:07):
utilize AI, and it's probably inmost of your tools right now as
we speak, but I would look atways that you can use AI within
your company, utilizingresources you're already paying
for and helping to get them moretrue attuned to what is actually
going on.
So I do feel it's a really greatarticle around AI and how to
integrate it into your SOCworkflows.
(10:30):
Start small.
You can pay a lot of money tohave people help you with this,
but realistically, start smallin a one area and then grow upon
that for your tier one folks.
If for some reason you don'thave these capabilities and
you're maybe relying on an MSPto do your SOC, I would actually
challenge your MSP to ask themhow are they doing this
specifically for you?
(10:50):
Now, if you are going directlywith your like SOC providers
such as Sentinel One and soforth, they probably already are
doing this.
But if you're going with an MSPthat's providing this service, I
would just question them on it.
I would just ask them about itbecause it doesn't hurt to see
what they're doing and howthey're actually doing it.
Okay, that's what that's thearticle.
Again, the hacker news, how tointegrate AI into modern sock
(11:11):
workflows.
Okay, so before we get into thequestions for today, I want to
just quit just a quick shout outfor CISSP Cyber Training.
Head on over to CISSP CyberTraining, check it out, go to
the website, you've got mystories on there, how what
happened with me, how did I endup getting into this, a little
bit about my family, so you canunderstand a little bit about
that, some of the resources thatare available, all the free
(11:33):
stuff.
I've got podcasts, I've got examprep content, I've got the
training on YouTube, all thatstuff is available to you as
well.
So everything is at CISSP CyberTraining if you're trying to
study for your CISSP exam.
In addition, I have content thatis paid content that is
available for you.
This paid content will help youstreamline your overall process.
(11:55):
If you're going into 2026 andyou're listening to this
podcast, you want to take theCISSP.
There's no question about it.
Well, let me help you with that.
You know what?
When I took it the first timeand I failed, it's because I
didn't have this program inplace.
I have a blueprint that's set upspecifically, specifically to
help you pass this exam.
It's going to walk you throughstep by step.
(12:18):
I had an employee or anemployee, I had a student ask me
just, I was doing a conversationwith her.
Uh, she's in the UK area, and Ihad a conversation with her,
actually in Germany, about this.
And one thing that she said, Iunderstand risk.
I understand all parts of it,but this is really overwhelming.
There's so much informationhere, and she's right, the CISSP
(12:39):
is a challenging test, and it'sexpecting you to know a lot of
information about a lot ofdifferent areas.
Well, utilize the CISSP CyberTraining and utilize all the
content that I have available toyou to help you pass the CISSP
the first time.
You don't want to waste yourtime on trying to go back and
take it again.
You want to do it again.
(13:00):
You want you want to make sureyou pass it the first time and
not have to go back and do itagain.
So go to CISSP Cyber Training,check it all out.
Again, lots of free stuff, lotsof good stuff there for you.
All right, let's get into ourquestions today.
Okay, so these are the domathree deep dive questions that
are available for you on CISSPCyber Training.
You can get access to these andgo over all of them.
(13:22):
You can take the quiz and it'llsee how you did.
All right, let's get started onthe first question.
Question A global financialinstitution is redesigning its
internal network after a breach.
They revealed extensive lateralmovement between the application
tiers.
The organization operates ahybrid environment which is
on-prem and cloud and mustsupport legacy systems that
(13:43):
cannot easily be modified.
I've seen this done that.
Live the life.
Which architectural approachbest reduces lateral movement
while maintaining operationalflexibility?
Okay, so let's see what theysay.
So again, financialinstitutions, so highly
regulated.
It's got an internal networkafter breach revealed that that
had extensive lateral movementbetween application tiers,
(14:05):
typically happens.
The organization operates ahybrid environment which is
on-prem and cloud and mustsupport legacy systems that
cannot be easily modified.
Which architectural approachbest reduces lateral movement
while maintaining operationalflexibility?
Alright, so A.
Deploy next generation firewallsat all perimeter ingress and
(14:26):
egress locations.
Okay, that's positive, but we'llsee.
B.
Implement VLAN-basedsegmentation across the internal
networks.
C adopt micro segmentationenforced at workload and or host
level.
Or D indecrease IDS coverage foreast and west traffic.
Okay, so let's talk about that.
(14:47):
So if you're looking at all ofthose have valid points within
your organization, but not allof them are the best way to
reduce lateral movement.
So let's start with increase IDScoverage for east and west
traffic.
So typically east and westtraffic is basically determined
within your network.
Okay, so north and south is inand out of the organization,
east and west is within theorganization.
(15:08):
The IDS will improve adetection, but does not prevent
lateral movement.
So it's gonna tell you you'vegot a problem.
Houston, we have a problem, butit's not going to do anything
other than that.
It's not gonna stop it, it's notgonna limit the lateral
movement, it's just gonna tellyou that we got things moving
through your organization.
Now, that also being said, Idon't know how the IDSs today I
(15:32):
don't know how much they'regonna actually give you.
They're gonna may tell you youhave an issue, and unless you
have done a really good jobtuning them, it may not be
something that is gonna beproviding a whole lot of value.
I've seen it in places wherethey will have IDSs and IPSs in
front of uh areas, VLANs thatare maybe very sensitive, but
short of that, I think it justcreates noise myself.
(15:53):
Uh implement VLAN-basedsegmentation across all internal
networks.
Now, VLAN segmentation islimited by network boundaries
and does not scale well with adynamic environment.
What does that mean?
Well, you've got a cloudenvironment that's dynamic.
Uh, you most times your on-premstuff's gonna be very static,
very set in one place, but whenyou're dealing with the cloud,
(16:14):
you're gonna have a very dynamicenvironment.
So, as a dynamic environment,VLAN-based segmentation just
adds more complexity.
I went to uh one of thegentlemen that I looked at, he
well, he was in my organizationuh through a company we acquired
and looked at what he createdwhen after we met with him, and
he had 32 VLANs within hiscompany.
(16:35):
I mean, it was absolutenightmare.
And I and this was a very smalllocation.
This wasn't like multipleplaces, this was at one
location.
So all the VLANs were great, butthey just added way too much
complexity.
And he he wasn't really fond ofwhen I said, hey dude, this
isn't gonna work so well.
So um, yeah, that again, VLANsare good.
(16:55):
I'm not saying they're not, butyou need to use them with
moderation.
It's like salt.
Don't use them on everything.
Uh okay, then deploy nextgeneration firewalls at the
perimeter, ingress and egresspoints.
Okay, so deploying firewalls atthe perimeter does not control
east and west traffic.
Obviously, we talked about onceattack attackers inside, then
it's a soft GUI center, and theycan get to whatever they need
(17:15):
to.
So again, firewalls are great,but not for all the stuff when
people are migrating or doinglateral movement within your
company.
So the correct answer is C.
Adopt micro-segmentation forcedat the workload or host level.
Microsegmentation doesn't forcepolicies closest to the workload
or the application, as it wasmentioned, which is critical in
(17:36):
a high-red or cloud environment.
You really truly need to havesome level of micro
segmentation.
Now, you may not do everythingas it's segmented that way.
You may just have parts of yourorganization that are that way.
All right, the next question (17:47):
an organization is deploying a high
availability application thatrequires real-time data
synchronization between datacenters.
Okay, so you got highavailability, which can cause
some challenges, uh, and whichbasically, for your lack of
knowledge, you have twofirewalls, and each firewall is
has a traffic going through it.
If one were to fail, the otherone would pick up the slack, and
(18:09):
therefore you have don't have toworry about an outage occurring
when you have high availabilityin place.
So they have an applicationthat's high availability
requiring real-time datasynchronization between data
centers.
So there means there's more thanone data center.
Security leadership is concernedabout performance degradation
caused by inline securitydevices.
Which network design choice mostappropriately balances security
(18:31):
and availability?
Okay, so A.
Implement security controls andnetwork at network choke points
only.
B route all interdata centertraffic through centralized
firewalls.
C use out-of-band monitoringinstead of inline inspection, or
D apply encryption withselective inline inspection
where risk is highest.
(18:53):
Okay, so high availabilityrequires real-time data
synchronization.
They're worried aboutperformance degradation caused
by inline security devices.
Okay, so let's talk about theones that are not correct.
Implement security controls atnetwork choke points only.
So by implementing a securitycontrol at your choke point,
that's a very legacy type ofactivity.
And it's only going to it'sgonna ignore your east-west and
(19:17):
your service-to-service traffic.
So it's it's just basicallyeverything coming in.
It's it's a very hub and spokekind of thought process.
Uh, so it's not the best option.
And a lot of it is thateast-west traffic, the lateral
movement, it's not gonna pickany of that up.
Route all inner data centertraffic through centralized
firewalls.
Again, that one is very oldschool.
(19:37):
Centralized firewalls introducelatency and single points of
failure.
Had this happen in a previouslife, uh, when I started uh with
the company after I left themilitary, they had all central
firewalls and it was anightmare.
It was an absolute nightmarebecause everything went through
them and you had to have HApairs, and then you had issues
with one and you couldn'tdiagnose the aspects.
(19:58):
It was just painful.
It was truly painful.
Uh use out of out-of-bandmonitoring instead of inline
inspection.
Okay, so out-of-band monitoringis good, but it's not the best
because it doesn't prevent anysort of attacks.
If it has the ability to blockattacks, then that would be
important.
The last one, which is the rightanswer, is apply encryption,
(20:18):
which we'll talk about.
It really isn't part of thisquestion, but it is.
Apply encryption with selectiveinline inspection where the risk
is highest.
Okay, so if you encrypt thedata, it's going to help
encrypting internal data is anextremely important part for
keeping the bad guys and girlsfrom understanding what's going
on.
Now it can be bad in the factthat if you don't have good
packet decryption capabilities,uh you're just basically now
(20:41):
making yourself blind.
But having encryption in placewith specific inline inspections
where your risk is highest wouldbe your most valuable plan.
So I would highly recommend thatyou kind of think about it that
way.
So there isn't, again, all ofthose are good, but some of them
are better than others.
But the best is applyingencryption with selective inline
(21:02):
inspection where your risk ishighest.
Next question a securityarchitect is defining trust
boundaries with zero trustaligned enterprises.
Okay, so now you get zero trust,and you're looking at how do you
deploy something like this?
Which practice is leastappropriate when defining
network trust zones?
Okay, so we're talking aboutnetwork trust zones within your
(21:23):
organization.
And this is dealing with zerotrust.
So a in treating internalnetworks as untrusted by
default.
B enforcing authentication andauthorization at zone
boundaries.
C logging and monitoring trafficacross trust boundaries, or D
allowing unrestrictedcommunication within a security
(21:44):
zone.
Okay, so now the big thing hereis least appropriate.
So when you're looking atquestions, you want to
understand which question isactually something negative than
what you're used to having froma security protection
standpoint.
So treating internal networks isuntrusted by default.
Well, that's part of zero trust,is that you're supposed to treat
everything with uh that's nottrusted.
(22:05):
That's the goal.
Then this, if you didn't dothis, this actually conflicts
with the zero trust principles.
Enforcing authentication andauthorizations at zone
boundaries is what you want.
That is an important part.
So therefore, that is notappropriate in this actual
question.
And then logging and monitoringtraffic crossing trust
boundaries.
This is an important part,especially when you're dealing
(22:27):
with any sort of activity goingacross the various trusts.
You want to log and monitor anytraffic because you're looking
for any east-west movement.
So again, those are the onesthat are positive.
Those are the ones that areactually more appropriate than
least appropriate.
The least appropriate isallowing unrestricted
communications within a securityzone, right?
Unrestricted cops within asecurity zone assumes that you
(22:49):
have implicit trust, whichcontradicts the zero trust
principles.
So again, the correct answer,which is least appropriate, is
allowing unrestrictedcommunication within a security
zone.
All right, next question.
Which component must is mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
(23:11):
Again, which component is mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
A network-based IDSs.
B traditional layer threefirewalls.
C host-based firewall withidentity aware rules, or D a
passive network tap.
(23:31):
Okay, so which is the mosteffective at enforcing security
policy for encrypted east-westtraffic in a modern data center?
So the ones that are notcorrect, passive network taps.
I love passive network taps.
They work great, they'reawesome.
Uh they're they're of that bumpin the line, but the thing is is
they're allowing all traffic togo through and they're just kind
of sniffing or smelling thetraffic as it goes across.
(23:54):
The problem is, is they don'treally help you for enforcement.
So if you're looking to enforceyour security policy, the
passive network tap was not thebest choice.
Your network-based IDS systems.
Okay, so network-based IDScannot inspect encrypted traffic
without decrypting it.
So again, it's not the mosteffective for enforcing your
policy.
So if you have some level ofencryption, it's not going to
(24:17):
really help you much at all.
Traditional layer threefirewalls.
These lack application identityawareness.
So therefore, they would fail inthe fact they're just allowing
traffic.
They're the standard rules thatyou would have in place for your
different types of rules.
I mean, your any-any rulesversus your one-to-any, all
those types of activities withinyour firewalls, they will not
(24:40):
have that ability to help you.
So the correct answer ishost-based firewalls with
identity aware rules.
Now, host-based firewalls canenforce policies after
decryption and they incorporateidentity and context into your
overall plan.
So the most effective is yourhost-based firewall with
identity aware rules.
(25:00):
Okay, last question.
An enterprise plans to collapsemultiple security layers to
reduce cost by relying heavilyon a single, highly capable
security appliance.
From a secure networkarchitecture perspective, what
is the primary risk of thisapproach?
So again, they're collapsingmultiple security layers.
So it had they had originallyhad a lot of security layers in
(25:22):
place, which is good, to reducecost by relying heavily on a
single, highly capable securityappliance.
So you're going from manydifferent types of appliances to
one.
For a secure networkarchitecture perspective, what
is the primary risk of thisapproach?
A increased administrationoverhead.
B creation of a single point offailure.
(25:43):
C reduced encryption strength,or D, inability to monitor
network traffic.
Okay, so the primary risk,primary, in air quotes, let's go
with the ones that are notcorrect.
Inability to monitor networktraffic.
So monitoring depends onconfiguration, not the overall
architecture.
So it it's not giving you thethat's not really the best
(26:03):
architecture plan of this.
Uh, and it's not the primaryrisk behind it.
It's just is it is it correctlyconfigured or not?
Reducing encryption strength,that really has nothing to do
with this overall plan.
So uh it's really not even areally risk around that.
So the encryption is going to bewhat the encryption is going to
be.
And then a increasedadministrative overhead.
(26:24):
That one is not a primary riskas well, because it will create
overhead.
There's no question about that,potentially.
Now, I say it will and it willreduce it.
It may end up creating moreadministrative overhead because
now you're in one system andthere might be a lot more bells
and whistles you have toconfigure.
In the old system that they had,obviously with multiple layers,
that could have had a lot ofoverhead as well.
(26:46):
But it's again, it's kind oflike meh, it's not the primary
risk in this situation.
The primary risk in thissituation is the creation of a
single point of failure.
So again, you have your securitycontrols in place.
If this device goes down, itcould lead to catastrophic
failure.
So I mean, not knowing the fullarchitecture and how it's all
planned, there are pros and consto both sides of this, but I
(27:08):
would highly recommend that theywould do a single point of
failure type of situation,especially when you're reducing
your security.
You think you're saving money,but in reality, you're actually
causing yourself a lot morepain.
Or if you're the guy that'sgoing to be leaving the
organization, you know, you'rethe CISO and you're saying, hey,
you know what?
I'm going to do this to savesome money so I look good and
get a good bonus, and then I'lllet Bob, who's my replacement,
(27:29):
figure it out.
Well, that, yeah, that's kickingthe can down the road a little
ways, and it's causing Bob tohave some more challenges.
But that's okay for Bob.
Not and it's okay for you,right?
All right, that's all I've gotfor you today.
Head on over to CISSP CyberTraining.
Check it out.
There's a lot of great stuff foryou.
And hopefully, in this one, youget in this podcast, you guys
(27:49):
don't catch from my editsbecause it's been an early
morning and I was really tired.
So hopefully, there's not anygoofy edits in this as this
thing goes out.
All right, thanks again.
Have a great day, and we'll talkto you all and catch you all on
the flip side.
See ya.
Thanks so much for joining metoday on my podcast.
If you like what you heard,please leave a review on iTunes
as I would greatly appreciateyour feedback.
(28:12):
Also, check out my videos thatare on YouTube, and just head to
my channel at CISSP CyberTraining, and you will find a
plethora or a conocopia ofcontent to help you pass the
CISSP exam the first time.
Lastly, head to CISSP CyberTraining and sign up for 360
free CISSP questions to help youin your CISSP journey.
SPEAKER_00 (28:32):
Thanks again for listening.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
Two Guys, Five Rings: Matt, Bowen & The Olympics
Two Guys (Bowen Yang and Matt Rogers). Five Rings (you know, from the Olympics logo). One essential podcast for the 2026 Milan-Cortina Winter Olympics. Bowen Yang (SNL, Wicked) and Matt Rogers (Palm Royale, No Good Deed) of Las Culturistas are back for a second season of Two Guys, Five Rings, a collaboration with NBC Sports and iHeartRadio. In this 15-episode event, Bowen and Matt discuss the top storylines, obsess over Italian culture, and find out what really goes on in the Olympic Village.