Sign up to save your podcasts
Or
Share CCT 293: CISSP Rapid Review - Domain 8
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 293: CISSP Rapid Review - Domain 8
Send us a text
Quantum threats aren’t waiting politely on the horizon, and neither should we. We kick off with Signal’s bold move to deploy post-quantum encryption, unpacking the “belt and suspenders” approach that blends classical cryptography with quantum-resistant algorithms. No jargon traps—just clear takeaways on why this matters for privacy, resilience, and the pressure it puts on other messaging platforms to evolve. We point you to smart reads from Ars Technica and Bruce Schneier that make the technical guts approachable and actionable.
From there, we switch gears into a focused CISSP Domain 8 walkthrough: how to weave security into every phase of the software development lifecycle. We talk practical integration across waterfall, agile, and DevOps; show why change management, continuous monitoring, and application-aware incident response are non-negotiable; and explain how maturity models like CMMI and BSIMM help teams move from reactive to repeatable. We also break down the developer’s toolbox—secure language choices, vetted libraries with SCA, hardened runtimes, and IDE plugins that surface issues in real time—so teams can ship faster without trading away safety.
Speed meets rigor in the CI/CD pipeline, where shift-left security comes alive with SAST, DAST, and SOAR-driven checks. We cover repository hygiene, secret scanning, and how to measure effectiveness with audit trails and risk analysis that map code issues to business impact. You’ll get a clear view of third-party risk across COTS and open source, the shared responsibility model for SaaS, PaaS, and IaaS, and the daily practices that keep APIs from leaking data: least privilege, strict authorization, input validation, and rate limiting. We close with software-defined security—policies as code—bringing consistency, versioning, and automation to your defenses. Subscribe, share with a teammate who owns your pipeline, and leave a review to tell us the next Domain 8 topic you want us to deep-dive.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.4
3232 ratings
Send us a text
Quantum threats aren’t waiting politely on the horizon, and neither should we. We kick off with Signal’s bold move to deploy post-quantum encryption, unpacking the “belt and suspenders” approach that blends classical cryptography with quantum-resistant algorithms. No jargon traps—just clear takeaways on why this matters for privacy, resilience, and the pressure it puts on other messaging platforms to evolve. We point you to smart reads from Ars Technica and Bruce Schneier that make the technical guts approachable and actionable.
From there, we switch gears into a focused CISSP Domain 8 walkthrough: how to weave security into every phase of the software development lifecycle. We talk practical integration across waterfall, agile, and DevOps; show why change management, continuous monitoring, and application-aware incident response are non-negotiable; and explain how maturity models like CMMI and BSIMM help teams move from reactive to repeatable. We also break down the developer’s toolbox—secure language choices, vetted libraries with SCA, hardened runtimes, and IDE plugins that surface issues in real time—so teams can ship faster without trading away safety.
Speed meets rigor in the CI/CD pipeline, where shift-left security comes alive with SAST, DAST, and SOAR-driven checks. We cover repository hygiene, secret scanning, and how to measure effectiveness with audit trails and risk analysis that map code issues to business impact. You’ll get a clear view of third-party risk across COTS and open source, the shared responsibility model for SaaS, PaaS, and IaaS, and the daily practices that keep APIs from leaking data: least privilege, strict authorization, input validation, and rate limiting. We close with software-defined security—policies as code—bringing consistency, versioning, and automation to your defenses. Subscribe, share with a teammate who owns your pipeline, and leave a review to tell us the next Domain 8 topic you want us to deep-dive.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
376 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,022 Listeners
Smashing Security
321 Listeners
Click Here
415 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
189 Listeners
AWS Podcast
201 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
136 Listeners
Risky Bulletin
46 Listeners
CISSP Central
2 Listeners