Sign up to save your podcasts
Or
Share CCT 338: LinkedIn Monitoring - Support for Patch and Vulnerability Management (Domain 7)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 338: LinkedIn Monitoring - Support for Patch and Vulnerability Management (Domain 7)
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
LinkedIn might be doing more in your browser than you think. We start with a report dubbing it “BrowserGate” a claim that LinkedIn quietly checks for installed Chrome extensions using hidden JavaScript, raising real questions about privacy, browser fingerprinting, and what platforms should disclose to users when collecting device level signals tied to real identities and jobs.
From there, we shift into a core CISSP topic that shows up everywhere in real security work: implementing and supporting patch vulnerability management (CISSP Domain 7.8). We talk about why patching is not just maintenance, but a primary security control that shrinks your attack surface across the entire ecosystem, including servers, endpoints, cloud services, mobile devices, and OT/ICS environments where uptime and safety make patching harder. We also cover the uncomfortable reality of unpatchable legacy systems and how compensating controls like micro-segmentation and network isolation help manage risk when a vendor will never ship an update.
We ground the conversation with the Apache Struts remote code execution lesson and the Equifax breach, then walk through a practical patch management lifecycle: evaluate applicability, test in non-production when needed, follow change management approvals, deploy with rollback plans, and verify with follow-up scans. You’ll also hear clear CISSP-ready distinctions between hotfix vs patch vs update, authenticated vs unauthenticated vulnerability scanning, CVE feeds, CVSS prioritisation, MTTR metrics, and how to respond when a zero-day vulnerability has no patch yet.
If this helps your CISSP prep, subscribe, share the episode with a study partner, and leave a review so more security learners can find it. What part of patch and vulnerability management is hardest in your environment right now?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.5
3333 ratings
Send us Fan Mail
Check us out at: https://www.cisspcybertraining.com/
Get access to 360 FREE CISSP Questions: https://www.cisspcybertraining.com/offers/dzHKVcDB/checkout
Get access to my FREE CISSP Self-Study Essentials Videos: https://www.cisspcybertraining.com/offers/KzBKKouv
LinkedIn might be doing more in your browser than you think. We start with a report dubbing it “BrowserGate” a claim that LinkedIn quietly checks for installed Chrome extensions using hidden JavaScript, raising real questions about privacy, browser fingerprinting, and what platforms should disclose to users when collecting device level signals tied to real identities and jobs.
From there, we shift into a core CISSP topic that shows up everywhere in real security work: implementing and supporting patch vulnerability management (CISSP Domain 7.8). We talk about why patching is not just maintenance, but a primary security control that shrinks your attack surface across the entire ecosystem, including servers, endpoints, cloud services, mobile devices, and OT/ICS environments where uptime and safety make patching harder. We also cover the uncomfortable reality of unpatchable legacy systems and how compensating controls like micro-segmentation and network isolation help manage risk when a vendor will never ship an update.
We ground the conversation with the Apache Struts remote code execution lesson and the Equifax breach, then walk through a practical patch management lifecycle: evaluate applicability, test in non-production when needed, follow change management approvals, deploy with rollback plans, and verify with follow-up scans. You’ll also hear clear CISSP-ready distinctions between hotfix vs patch vs update, authenticated vs unauthenticated vulnerability scanning, CVE feeds, CVSS prioritisation, MTTR metrics, and how to respond when a zero-day vulnerability has no patch yet.
If this helps your CISSP prep, subscribe, share the episode with a study partner, and leave a review so more security learners can find it. What part of patch and vulnerability management is hardest in your environment right now?
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Stuff You Should Know
78,688 Listeners
TED Talks Daily
11,099 Listeners
The Ben Shapiro Show
153,989 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Software Engineering Daily
626 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
Reduce Cyber Risk Podcast - Cyber Security Made Simple
0 Listeners