Sign up to save your podcasts
Or
Share CCT 328: Security Impact for Acquired Software (Domain 8)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 328: Security Impact for Acquired Software (Domain 8)
Send us Fan Mail
Stop guessing which software to trust. We break down a clear, repeatable path to evaluate commercial off-the-shelf tools, open source projects, custom third‑party builds, and cloud services so you can pass CISSP Domain 8.4 with confidence and protect your environment in the real world. We start with exam-winning tactics—how to slow down, read for intent, and think like a manager—then move into concrete practices that tame software risk without stalling delivery.
You’ll hear how to interrogate vendor claims, separate real certifications from marketing fluff, and judge patch cadences and incident response maturity. We dig into open source realities: vetting contributors, scanning dependencies against the NVD, building and maintaining an SBOM, and avoiding abandoned projects that explode under pressure. For third-party development, we outline what strong contracts look like—SLAs with teeth, security clauses, indemnity—and the proof you should see: code audits, SAST/DAST, penetration tests, and meaningful logging around integrations.
Cloud isn’t a shortcut; it’s a shift in responsibility. We map the questions that matter for SaaS, IaaS, and PaaS: data protection, tenant isolation, hypervisor hardening, API security, and event visibility into your SIEM. Then we stitch it all into an evaluation workflow you can run every time: functional fit, vendor validation, layered security assessment, compliance and licensing review, sandbox integration testing, and a deployment plan that defines fix‑forward and rollback before anything hits production. Wrap it with monitoring, periodic reassessment, and documentation that procurement, IT, and security can actually use, and you’ve built a trustworthy software supply chain.
If this helped you think sharper about software risk and the CISSP exam, subscribe, share it with a teammate, and leave a quick review telling us your top vendor vetting question. Your feedback shapes future episodes.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.5
3333 ratings
Send us Fan Mail
Stop guessing which software to trust. We break down a clear, repeatable path to evaluate commercial off-the-shelf tools, open source projects, custom third‑party builds, and cloud services so you can pass CISSP Domain 8.4 with confidence and protect your environment in the real world. We start with exam-winning tactics—how to slow down, read for intent, and think like a manager—then move into concrete practices that tame software risk without stalling delivery.
You’ll hear how to interrogate vendor claims, separate real certifications from marketing fluff, and judge patch cadences and incident response maturity. We dig into open source realities: vetting contributors, scanning dependencies against the NVD, building and maintaining an SBOM, and avoiding abandoned projects that explode under pressure. For third-party development, we outline what strong contracts look like—SLAs with teeth, security clauses, indemnity—and the proof you should see: code audits, SAST/DAST, penetration tests, and meaningful logging around integrations.
Cloud isn’t a shortcut; it’s a shift in responsibility. We map the questions that matter for SaaS, IaaS, and PaaS: data protection, tenant isolation, hypervisor hardening, API security, and event visibility into your SIEM. Then we stitch it all into an evaluation workflow you can run every time: functional fit, vendor validation, layered security assessment, compliance and licensing review, sandbox integration testing, and a deployment plan that defines fix‑forward and rollback before anything hits production. Wrap it with monitoring, periodic reassessment, and documentation that procurement, IT, and security can actually use, and you’ve built a trustworthy software supply chain.
If this helped you think sharper about software risk and the CISSP exam, subscribe, share it with a teammate, and leave a quick review telling us your top vendor vetting question. Your feedback shapes future episodes.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Stuff You Should Know
78,707 Listeners
TED Talks Daily
11,158 Listeners
The Ben Shapiro Show
154,137 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Software Engineering Daily
630 Listeners
Risky Business
372 Listeners
CyberWire Daily
1,026 Listeners
Darknet Diaries
8,075 Listeners
Cybersecurity Today
177 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
682 Listeners
Reduce Cyber Risk Podcast - Cyber Security Made Simple
0 Listeners