CISSP Cyber Training Podcast - CISSP Training Program

Join Shon Gerber on his weekly CISSP Cyber Training podcast, where his extensive 23-year background in cybersecurity shines through. With a rich history spanning corporate sectors, government roles, and academic positions, Shon imparts the essential insights and advice necessary to conquer the CISSP exam. His expertise is not just theoretical; as a CISSP credential holder since 2009, Shon translates his deep understanding into actionable training. Each episode is packed with invaluable security strategies and tips that you can implement right away, giving you an edge in the cybersecurity realm. Tune in and take the reins of your cybersecurity journey—let’s ride into excellence together! 🚀

Episodes

CCT 353: AI Agent Governance Essentials - CISSP Practice Questions

AI agents are landing in production faster than most security teams can track them, and the scariest part is how normal they can look. When an autonomous agent runs the same workflow 10,000 times, your SIEM and EDR may see “nothing to worry abo...

May 28, 2026 • Season 3 • Episode 353 • 28:26

CCT 352: Data Security Controls and Compliance Requirements for the CISSP (Domain 2.3) - REPLAY

Your security program can be airtight and still get wrecked by someone else’s breach. We open with a Wired-style reality check: third-party app ecosystems and data brokers collecting location analytics at massive scale, then getting hacked or r...

May 25, 2026 • Season 3 • Episode 352 • 40:19

CCT351: BitLocker Bypass Reality Check (YellowKey) and CISSP Practice Questions

BitLocker feels like a safety net until you see how a single bypass can change the whole risk picture. Today we react to the Yellow Key vulnerability (noted in the news and referenced as CVE 2645585) and use it as a practical CISSP training mom...

May 21, 2026 • Season 3 • Episode 351 • 24:28

CCT 350: Investigation Types Made Simple - CISSP Training (Replay)

Default passwords are the kind of problem everyone “knows” about and yet they still open doors for attackers every day. We start with a quick reality check on router security and why factory settings, legacy gear, and unmanaged IoT and OT devic...

May 18, 2026 • Season 3 • Episode 350 • 44:49

CCT 349: FOXCONN Hack and Domain 7 CISSP Practice Questions

Eight terabytes of stolen schematics is not just a scary number, it is a reminder that cyber risk becomes business risk fast. We start with the Wired report on the Foxconn ransomware attack and unpack what a claim like that could mean in the re...

May 14, 2026 • Season 3 • Episode 349 • 28:20

CCT Vendor 04: The Practical Realities of Geopolitical Cyber Risk - Next Peak Interview

Next Peak: https://nextpeak.net/services/icr/A regional conflict can spike your cyber risk even if your offices never move and your headcount never changes. That is the uncomf...

May 13, 2026 • 28:20

CCT 348: ClaudeBleed - The Hidden Risk In AI Browser Extensions and CISSP Domain 3

Your browser just became a security boundary you can’t afford to ignore. We start with ClaudeBleed, a vulnerability in the Claude AI Chrome extension that shows how an AI browser agent can be hijacked by another malicious extension, even one wi...

May 11, 2026 • Season 3 • Episode 348 • 34:00

CCT 347: AI Poisoning the Quiet Enterprise Threats and CISSP Questions (Domain 1)

Quiet failures are the ones that scare me most, and enterprise AI creates a brand-new way for them to spread. If a chatbot becomes the “trusted employee” everyone relies on, a slow drip of bad documents, outdated procedures, or deliberately man...

May 07, 2026 • Season 3 • Episode 346 • 28:05

CCT 346: Testing Disaster Recovery Plans and Why BEC Still Works Despite MFA (CISSP Domain 7)

MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because ...

May 04, 2026 • Season 3 • Episode 346 • 26:53

CCT 345: Practice CISSP Questions - Domain 8.4 (Replay)

A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move...

April 30, 2026 • Season 3 • Episode 345 • 22:51

CCT 344: Trigona RaaS - CISSP 3.7 Crypto - Board Translation Framework (Segment 3)

Ransomware actors are getting quieter, faster, and more custom and that should change how you study for the CISSP and how you defend your environment. We start with a quick personal update on a new CISSP Sprint: an eight-week live cohort built ...

April 27, 2026 • Season 3 • Episode 343 • 36:07

CCT 343: Microsoft Defender - CISSP EOL-EOS (Part 2) - Board Translation (Segment 2)

Three Microsoft Defender zero-days are reportedly being exploited, and that is the kind of headline that tests whether our security program is real or just optimistic. I break down what we know, including BlueHammer (CVE-2026-33825) landing in ...

April 23, 2026 • Season 3 • Episode 343 • 31:21

CCT 342: US Govt and Mythos - CISSP EOL-EOS (Part 1) - Board Translation (Segment 1)

The next wave of AI in cybersecurity is not a theory project, it’s an operational deadline. I open with a timely look at reporting that the White House wants federal agencies to get access to Anthropic’s Claude Mythos, and why that scramble mat...

April 20, 2026 • Season 3 • Episode 342 • 38:29

CCT 341: Deepfake Nudify (Wired) - CISSP Exam Practice Test (Deep Dive)

AI didn’t just make deepfakes easier. It made targeted sexual abuse scalable. I open with a Wired-reported reality that’s hitting schools worldwide: AI tools that can generate fake nude images from ordinary photos, spread through bots and subsc...

April 16, 2026 • Season 3 • Episode 341 • 31:17