Certified: The CISSP Audio Course
Episodes
Welcome to the ISC2 CISSP Audio Course
14 Oct 2025
Contributed by Lukas
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world ...
Episode 140: What to Do If You Fail the CISSP
23 Jun 2025
Contributed by Lukas
Not everyone passes on the first try—but failure doesn’t define your journey. In this episode, we guide you through a structured plan for recovery...
Episode 139: What Comes After the CISSP: Career and Certification Roadmap
23 Jun 2025
Contributed by Lukas
Earning your CISSP opens new doors—but where you go next depends on your goals. In this episode, we explore the post-CISSP landscape, including lead...
Episode 138: Adaptive Testing Tips and Time Management
23 Jun 2025
Contributed by Lukas
The CISSP exam uses Computerized Adaptive Testing (CAT), which means question difficulty and test length vary based on your performance. In this episo...
Episode 137: Understanding "Best", "First", and "Most Likely" Wording
23 Jun 2025
Contributed by Lukas
CISSP exam questions often hinge on a single word that changes everything. In this episode, we examine how to interpret qualifiers like “best,” “...
Episode 136: How to Deconstruct CISSP Questions
23 Jun 2025
Contributed by Lukas
CISSP exam questions are known for being complex, layered, and sometimes intentionally confusing. In this episode, we teach you how to break questions...
Episode 135: Memory Tricks and Mnemonics for the CISSP
23 Jun 2025
Contributed by Lukas
With so much material to retain, memory tools are a CISSP candidate’s secret weapon. In this episode, we provide proven mnemonics, visual associatio...
Episode 131: Top 10 Hardest CISSP Concepts Demystified
23 Jun 2025
Contributed by Lukas
Some CISSP topics consistently challenge even experienced professionals. In this episode, we break down ten of the most difficult concepts on the exam...
Episode 130: DevSecOps Culture and Continuous Assurance
23 Jun 2025
Contributed by Lukas
DevSecOps is not just a toolset—it’s a culture that integrates security into every phase of the software development lifecycle. In this episode, w...
Episode 129: Secure APIs and Service Integration
23 Jun 2025
Contributed by Lukas
APIs enable system integration but can expose your infrastructure to serious vulnerabilities if not secured properly. This episode focuses on how to d...
Episode 128: Mobile Application Security and Reverse Engineering
23 Jun 2025
Contributed by Lukas
Mobile apps introduce unique risks due to their widespread use, diverse platforms, and limited control over user devices. In this episode, we explore ...
Episode 127: Application Whitelisting and Sandboxing
23 Jun 2025
Contributed by Lukas
Not all applications should be allowed to run in your environment. This episode explores application control mechanisms like whitelisting and sandboxi...
Episode 126: Version Control and Code Integrity
23 Jun 2025
Contributed by Lukas
Version control systems track changes to code—but they also need to be protected themselves. This episode explores how tools like Git help enforce c...
Episode 125: Configuration Management and CI/CD Pipelines
23 Jun 2025
Contributed by Lukas
Secure development doesn't stop at writing code—it includes how that code is built, tested, and deployed. In this episode, we explore configuration ...
Episode 124: Code Repositories and Access Controls
23 Jun 2025
Contributed by Lukas
Source code repositories are central to modern software development—and to software security. This episode covers the security considerations for us...
Episode 123: Security Testing: SAST, DAST, IAST
23 Jun 2025
Contributed by Lukas
Security testing helps ensure software behaves as intended under hostile conditions. In this episode, we explore different application security testin...
Episode 122: Buffer Overflows, SQL Injection, and Common Flaws
23 Jun 2025
Contributed by Lukas
Many devastating cyberattacks originate from well-known coding flaws. This episode examines classic vulnerabilities including buffer overflows, SQL in...
Episode 121: OWASP Top 10 Threats and Controls
23 Jun 2025
Contributed by Lukas
The OWASP Top 10 is a widely recognized list of the most critical security risks to web applications. In this episode, we walk through each entry—fr...
Episode 120: Input Validation and Output Encoding
23 Jun 2025
Contributed by Lukas
User input is one of the most common vectors for exploitation in modern applications. In this episode, we focus on two critical programming techniques...
Episode 119: Secure Design and Secure Coding Guidelines
23 Jun 2025
Contributed by Lukas
Secure applications start with secure design. In this episode, we explore how to incorporate security into architecture and code from the very beginni...
Episode 118: Waterfall vs. Agile vs. DevOps Approaches
23 Jun 2025
Contributed by Lukas
Development methodologies have a direct impact on how security is integrated into software projects. This episode compares three major approaches—Wa...
Episode 117: Software Development Lifecycle (SDLC) Models
23 Jun 2025
Contributed by Lukas
Secure software doesn’t happen by accident—it’s the result of disciplined development practices. This episode explores common Software Developme...
Episode 116: Security Operations Center (SOC) Best Practices
23 Jun 2025
Contributed by Lukas
The Security Operations Center (SOC) is the nerve center of cybersecurity monitoring and incident response. In this episode, we explore SOC roles, res...
Episode 115: Personnel Security Controls and Separation of Duties
23 Jun 2025
Contributed by Lukas
People are at the heart of every security program—and also one of its greatest vulnerabilities. In this episode, we examine personnel security contr...
Episode 114: Physical Security Operations: Locks, Guards, Cameras
23 Jun 2025
Contributed by Lukas
Cybersecurity extends into the physical world, where threats like unauthorized access, theft, and sabotage can bypass digital defenses. In this episod...
Episode 113: Malware Analysis and Containment
23 Jun 2025
Contributed by Lukas
Understanding malware is essential for effective defense. This episode explores how security teams analyze and contain malicious software, including v...
Episode 112: Insider Threat Identification and Mitigation
23 Jun 2025
Contributed by Lukas
Not all threats come from the outside. Insider threats—whether malicious or accidental—pose a significant risk to organizational security. In this...
Episode 111: Endpoint Detection and Response (EDR)
23 Jun 2025
Contributed by Lukas
Endpoints remain a primary target for cyberattacks, and protecting them requires more than traditional antivirus solutions. This episode explores Endp...
Episode 110: Secure Disposal and Media Sanitization
23 Jun 2025
Contributed by Lukas
Data doesn’t disappear just because you delete it. In this episode, we focus on how to securely dispose of media and sanitize storage devices to pre...
Episode 109: Change Control and Approval Processes
23 Jun 2025
Contributed by Lukas
Security isn’t just about stopping bad changes—it’s about managing all changes effectively. In this episode, we examine the formal process of ch...
Episode 108: Patch Management and Configuration Control
23 Jun 2025
Contributed by Lukas
Unpatched systems are one of the leading causes of successful cyberattacks. In this episode, we explore the role of patch management and configuration...
Episode 107: Business Continuity Testing and Tabletop Exercises
23 Jun 2025
Contributed by Lukas
Plans are only useful if they’re tested. In this episode, we explore the various methods for testing business continuity and disaster recovery plans...
Episode 106: Disaster Recovery Planning: RTO, RPO
23 Jun 2025
Contributed by Lukas
When disaster strikes, organizations must restore operations quickly—and with minimal data loss. This episode focuses on Disaster Recovery Planning ...
Episode 105: Evidence Acquisition and Preservation
23 Jun 2025
Contributed by Lukas
The reliability of evidence hinges on how it’s handled. In this episode, we dive deeper into the principles and techniques for acquiring and preserv...
Episode 104: Digital Forensics and Chain of Custody
23 Jun 2025
Contributed by Lukas
Preserving and analyzing digital evidence requires precision, consistency, and legal awareness. This episode explores the fundamentals of digital fore...
Episode 103: Incident Management: Preparation and Response
23 Jun 2025
Contributed by Lukas
Incidents are inevitable, and how you respond can determine the scale of impact. In this episode, we walk through the phases of incident management—...
Episode 102: Logging, Event Correlation, and SIEM
23 Jun 2025
Contributed by Lukas
Capturing events is only the beginning—making sense of them is where the real value lies. This episode covers how organizations collect, normalize, ...
Episode 101: Daily Operations: Procedures, Monitoring, Checklists
23 Jun 2025
Contributed by Lukas
Security operations are built on consistency, structure, and clear documentation. In this episode, we explore the daily tasks that keep cybersecurity ...
Episode 100: Assessing Third-Party and Vendor Risk
23 Jun 2025
Contributed by Lukas
Vendors and service providers often have privileged access to your data and systems—making them a potential weak link. This episode focuses on third...
Episode 99: Continuous Monitoring and Feedback Loops
23 Jun 2025
Contributed by Lukas
Security is not a one-time event—it’s a continuous process. In this episode, we explore how continuous monitoring helps organizations detect chang...
Episode 98: Metrics and KPIs for Security Performance
23 Jun 2025
Contributed by Lukas
What gets measured gets managed—and security is no exception. This episode focuses on security metrics and key performance indicators (KPIs) that he...
Episode 97: Reporting Assessment Results Effectively
23 Jun 2025
Contributed by Lukas
The value of a security assessment is only realized when the results are communicated clearly. In this episode, we discuss how to structure, write, an...
Episode 96: Threat Hunting and Red Team Exercises
23 Jun 2025
Contributed by Lukas
Proactive threat hunting involves searching for signs of compromise that automated tools may miss. In this episode, we explain how threat hunters use ...
Episode 95: Log Analysis for Forensics and Compliance
23 Jun 2025
Contributed by Lukas
Logs are a goldmine of insight—but only if you know how to analyze them effectively. This episode dives into log collection, normalization, and corr...
Episode 94: Compliance Auditing and Evidence Collection
23 Jun 2025
Contributed by Lukas
Audits provide assurance that an organization is following its security policies and regulatory obligations. In this episode, we explore how complianc...
Episode 93: Risk Assessment and Gap Analysis
23 Jun 2025
Contributed by Lukas
Risk assessments help prioritize security controls by identifying vulnerabilities, evaluating threats, and estimating potential impacts. In this episo...
Episode 92: Test Coverage and Measurement
23 Jun 2025
Contributed by Lukas
How do you know your security testing is thorough? In this episode, we examine test coverage metrics and how they help evaluate the effectiveness and ...
Episode 91: Security Test Data and Environment Management
23 Jun 2025
Contributed by Lukas
Security testing requires careful control over both the test environment and the data used within it. In this episode, we explore how to create and ma...
Episode 90: Code Review and Static/Dynamic Testing
23 Jun 2025
Contributed by Lukas
Code is a frequent source of vulnerabilities, and reviewing it is essential for secure software development. In this episode, we discuss secure code r...
Episode 89: Security Control Testing: Manual vs. Automated
23 Jun 2025
Contributed by Lukas
Security controls are only effective if they’re working as designed. In this episode, we explore how to test those controls using both manual and au...
Episode 88: Planning a Security Assessment
23 Jun 2025
Contributed by Lukas
Security assessments must be planned thoroughly to be effective, safe, and actionable. This episode walks through the planning phase of an assessment ...
Episode 87: Assessment Types: Vulnerability Scans, Pen Testing, Audits
23 Jun 2025
Contributed by Lukas
Security assessments come in many forms—each with a specific purpose. In this episode, we compare and contrast vulnerability scanning, penetration t...
Episode 86: Threats to IAM: Replay, Pass-the-Hash, Credential Stuffing
23 Jun 2025
Contributed by Lukas
Identity systems are high-value targets, and attackers use increasingly sophisticated techniques to exploit them. This episode examines key IAM-relate...
Episode 85: Session Management and Timeout Policies
23 Jun 2025
Contributed by Lukas
Controlling user sessions is a critical part of maintaining secure access. In this episode, we examine how session tokens are issued, maintained, and ...
Episode 84: Access Recertification and Review
23 Jun 2025
Contributed by Lukas
Access permissions tend to accumulate over time, creating a significant security risk if not reviewed regularly. This episode focuses on access recert...
Episode 83: Access Control Lists and Capability Tables
23 Jun 2025
Contributed by Lukas
Access control mechanisms determine who can access what—and how. In this episode, we compare two classic models: Access Control Lists (ACLs) and cap...
Episode 82: Credential Management and Recovery
23 Jun 2025
Contributed by Lukas
Managing credentials securely is critical to preventing unauthorized access and ensuring business continuity. This episode explores techniques for sec...
Episode 81: Identity-as-a-Service (IDaaS) and Cloud IAM
23 Jun 2025
Contributed by Lukas
Identity-as-a-Service (IDaaS) provides centralized identity and access management capabilities from the cloud. In this episode, we explore the archite...
Episode 80: Multi-Factor Authentication and Implementation
23 Jun 2025
Contributed by Lukas
Multi-Factor Authentication (MFA) significantly strengthens identity verification by requiring more than one authentication factor. In this episode, w...
Episode 79: Directory Services: LDAP, Active Directory
23 Jun 2025
Contributed by Lukas
Directory services are centralized databases that store and manage user credentials, permissions, and group memberships. In this episode, we explore h...
Episode 78: Privileged Access Management (PAM)
23 Jun 2025
Contributed by Lukas
Privileged accounts have elevated access and are among the most targeted assets in any organization. In this episode, we examine Privileged Access Man...
Episode 77: Federation and SSO: SAML, OAuth, OpenID
23 Jun 2025
Contributed by Lukas
Federated identity systems allow users to authenticate across multiple platforms using a single identity, often enabling Single Sign-On (SSO). In this...
Episode 76: Biometric Authentication Strengths and Weaknesses
23 Jun 2025
Contributed by Lukas
Biometric authentication uses unique physical or behavioral traits—like fingerprints, facial features, or voice—to verify identity. In this episod...
Episode 75: Password Policy Design and Management
23 Jun 2025
Contributed by Lukas
Passwords remain one of the most widely used—but frequently abused—authentication methods. In this episode, we explore how to design and manage ef...
Episode 74: IAM Lifecycle and Governance
23 Jun 2025
Contributed by Lukas
Identity and Access Management (IAM) is not just about technology—it’s a continuous lifecycle that requires strong governance. This episode walks ...
Episode 73: Authorization Techniques: RBAC, ABAC, MAC, DAC
23 Jun 2025
Contributed by Lukas
Once a user’s identity is authenticated, the system must decide what they are allowed to do. This episode focuses on common authorization models: Ro...
Episode 72: Identity Proofing and Registration Processes
23 Jun 2025
Contributed by Lukas
Before you can authenticate someone, you must first establish their identity through a process called identity proofing. In this episode, we cover how...
Episode 71: Authentication Factors and Methods
23 Jun 2025
Contributed by Lukas
Authentication is the process of verifying identity, and it forms the first line of defense in access control. In this episode, we explore the differe...
Episode 70: DDoS Protection and High Availability Networks
23 Jun 2025
Contributed by Lukas
Distributed Denial of Service (DDoS) attacks are designed to overwhelm systems and take down critical services. In this episode, we explain how these ...
Episode 69: Cloud Network Security (CASB, SASE, Virtual Firewalls)
23 Jun 2025
Contributed by Lukas
As more organizations move to the cloud, network security must evolve. This episode focuses on cloud-native controls including Cloud Access Security B...
Episode 68: Content Delivery Networks and Edge Security
23 Jun 2025
Contributed by Lukas
Content Delivery Networks (CDNs) accelerate access to web content by distributing it across global edge nodes, but they also introduce new attack surf...
Episode 67: Zero Trust and Software-Defined Networking (SDN)
23 Jun 2025
Contributed by Lukas
Zero Trust has emerged as a powerful model for modern cybersecurity, shifting the focus from perimeter defenses to granular, identity-centric control....
Episode 66: Network Monitoring and Traffic Analysis
23 Jun 2025
Contributed by Lukas
Continuous monitoring and traffic analysis are essential for detecting threats, performance issues, and policy violations. In this episode, we explore...
Episode 65: Network Address Translation and Proxy Usage
23 Jun 2025
Contributed by Lukas
NAT and proxy servers play important roles in hiding internal IP addresses, enforcing access policies, and controlling traffic flow. In this episode, ...
Episode 64: VOIP and Secure Communication Channels
23 Jun 2025
Contributed by Lukas
Voice over IP (VOIP) technologies have replaced traditional telephony in many organizations, but they come with their own set of security concerns. Th...
Episode 63: Wireless Network Security (WEP, WPA2/3, 802.1X)
23 Jun 2025
Contributed by Lukas
Wireless networks present a unique set of vulnerabilities due to their reliance on open air transmission. In this episode, we examine wireless securit...
Episode 62: VPNs, Remote Access, and Tunneling Protocols
23 Jun 2025
Contributed by Lukas
Episode 61: Secure Routing and Switching
23 Jun 2025
Contributed by Lukas
Secure routing and switching are foundational elements of network security. In this episode, we explore how routers and switches operate, and how atta...
Episode 60: Intrusion Detection and Prevention Systems
23 Jun 2025
Contributed by Lukas
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are crucial for identifying and stopping threats in real time. This episode e...
Episode 59: Defense in Depth with Firewalls and DMZs
23 Jun 2025
Contributed by Lukas
Layered security—known as defense in depth—is a core concept in cybersecurity architecture. This episode focuses on how firewalls and demilitarize...
Episode 58: Network Segmentation and Microsegmentation
23 Jun 2025
Contributed by Lukas
Segmentation limits the spread of attacks and improves control over traffic flows within a network. In this episode, we examine both traditional netwo...
Episode 57: Secure Protocols: HTTPS, SSH, SFTP, SNMPv3
23 Jun 2025
Contributed by Lukas
Secure communication protocols form the backbone of protected digital environments. In this episode, we explore widely used secure protocols like HTTP...
Episode 56: OSI and TCP/IP Models Refresher
23 Jun 2025
Contributed by Lukas
The OSI and TCP/IP models provide a layered approach to understanding how data is transmitted, received, and managed across networks. In this episode,...
Episode 55: Network Architecture: LAN, WAN, Internet
23 Jun 2025
Contributed by Lukas
Understanding how networks are built and connected is foundational for any security professional. In this episode, we review core network architecture...
Episode 54: Fault Tolerance, Redundancy, and High Availability
23 Jun 2025
Contributed by Lukas
Downtime is not an option for mission-critical systems. In this episode, we dive into fault tolerance, redundancy, and high availability—design stra...
Episode 53: SCADA and Embedded System Security
23 Jun 2025
Contributed by Lukas
Supervisory Control and Data Acquisition (SCADA) systems and embedded devices operate some of the most critical infrastructure in the world—from ene...
Episode 52: Emerging Technologies and Security Architecture (e.g., IoT, AI)
23 Jun 2025
Contributed by Lukas
Technological innovation continues to transform the security landscape. In this episode, we examine how emerging technologies such as the Internet of ...
Episode 51: Security Boundaries and Isolation Techniques
23 Jun 2025
Contributed by Lukas
Security boundaries are essential for creating logical separations between systems, users, and data flows. In this episode, we explore how boundaries ...
Episode 50: Security Evaluations: Common Criteria, RMF, ISO/IEC
23 Jun 2025
Contributed by Lukas
Security evaluations provide assurance that systems meet defined security requirements. In this episode, we examine key evaluation frameworks includin...
Episode 49: Cryptanalysis and Attacks Against Crypto
23 Jun 2025
Contributed by Lukas
No cryptographic system is immune to attack, and CISSPs must understand the methods used to break or weaken them. In this episode, we explore cryptana...
Episode 48: PKI, Digital Certificates, and Trust Models
23 Jun 2025
Contributed by Lukas
Public Key Infrastructure (PKI) is essential for enabling secure communication and verifying digital identities. This episode breaks down how PKI work...
Episode 47: Key Management and Key Escrow
23 Jun 2025
Contributed by Lukas
Cryptographic systems are only as secure as the keys they use—and how those keys are managed. In this episode, we delve into key management principl...
Episode 46: Hashing and Message Integrity
23 Jun 2025
Contributed by Lukas
Hashing ensures that data remains unchanged during storage or transmission—a core requirement for integrity. In this episode, we explore how cryptog...
Episode 45: Cryptographic Lifecycle: Algorithms, Strength, Obsolescence
23 Jun 2025
Contributed by Lukas
Cryptographic tools aren’t set-and-forget solutions—they require lifecycle management. This episode explores how organizations select, deploy, and...
Episode 44: Cryptographic Concepts: Symmetric and Asymmetric
23 Jun 2025
Contributed by Lukas
Cryptography is the backbone of digital security, and understanding its core principles is essential. In this episode, we explain the difference betwe...
Episode 43: Common Security Flaws in Architecture
23 Jun 2025
Contributed by Lukas
Flawed architecture is one of the most serious vulnerabilities in any system. In this episode, we explore common architectural security weaknesses, in...
Episode 42: Secure Baseline and Configuration Management
23 Jun 2025
Contributed by Lukas
Systems don’t stay secure by accident—they stay secure through consistent configuration and control. In this episode, we cover the concepts of sec...
Episode 41: Virtualization and Cloud Infrastructure Considerations
23 Jun 2025
Contributed by Lukas
Virtualization and cloud computing are cornerstones of modern IT, but they also introduce unique security challenges. In this episode, we examine the ...
Episode 40: Secure Hardware Architecture and TPM
23 Jun 2025
Contributed by Lukas
Security isn’t only about software—hardware matters too. This episode introduces key elements of secure hardware architecture, including trusted c...
Episode 39: Architecture Layers: OSI, System, Application
23 Jun 2025
Contributed by Lukas
Security must be applied across all layers of a system, from the physical infrastructure to the application interface. In this episode, we explore the...