Sign up to save your podcasts
Or
Share CCT 345: Practice CISSP Questions - Domain 8.4 (Replay)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
CCT 345: Practice CISSP Questions - Domain 8.4 (Replay)
Send us Fan Mail
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal looking” logins, you may not see the threat until it has already jumped domains.
From there, we pivot into CISSP Domain 8.4 thinking: how to evaluate acquired software without guessing. We break down what to look for in open source software (community activity, maintenance signals, orphaned project risk), what makes COTS software uniquely hard to assess (no source code visibility for deep vulnerability assessment), and what matters most for SaaS and managed services (encryption for data at rest and in transit, plus clear SLAs that define performance metrics and incident response expectations). We also cover why the shared responsibility model is non-negotiable for cloud security clarity, especially around account management and access control.
We round it out with hands-on evaluation methods that map to both the exam and real security programs: threat modeling to uncover dependency risk, dependency scanning to catch vulnerable libraries, sandbox testing in a controlled environment, and periodic reassessments as threats evolve. If you’re studying for the CISSP or building a safer vendor and software intake process, this one gives you a practical checklist mindset. Subscribe for more CISSP training, share this with a study partner, and leave a review with the software risk topic you want us to cover next.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
View all episodes
By Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur
4.5
3333 ratings
Send us Fan Mail
A single compromised identity can turn your whole environment into a hallway of unlocked doors and cross-domain attacks are built to exploit exactly that. We start with a timely real-world breach theme and use it to explain how adversaries move between endpoints, cloud platforms, and third-party connections by abusing identity and privileged access, not just by running noisy malware. If your organization relies on a patchwork of identity tools, limited visibility, and “normal looking” logins, you may not see the threat until it has already jumped domains.
From there, we pivot into CISSP Domain 8.4 thinking: how to evaluate acquired software without guessing. We break down what to look for in open source software (community activity, maintenance signals, orphaned project risk), what makes COTS software uniquely hard to assess (no source code visibility for deep vulnerability assessment), and what matters most for SaaS and managed services (encryption for data at rest and in transit, plus clear SLAs that define performance metrics and incident response expectations). We also cover why the shared responsibility model is non-negotiable for cloud security clarity, especially around account management and access control.
We round it out with hands-on evaluation methods that map to both the exam and real security programs: threat modeling to uncover dependency risk, dependency scanning to catch vulnerable libraries, sandbox testing in a controlled environment, and periodic reassessments as threats evolve. If you’re studying for the CISSP or building a safer vendor and software intake process, this one gives you a practical checklist mindset. Subscribe for more CISSP training, share this with a study partner, and leave a review with the software risk topic you want us to cover next.
Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.
Join now and start your journey toward CISSP mastery today!
More shows like CISSP Cyber Training Podcast - CISSP Training Program
View all
Stuff You Should Know
78,688 Listeners
TED Talks Daily
11,099 Listeners
The Ben Shapiro Show
153,989 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Software Engineering Daily
626 Listeners
Risky Business
371 Listeners
CyberWire Daily
1,028 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
CISO Series Podcast
195 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
The AI Daily Brief: Artificial Intelligence News and Analysis
688 Listeners
Reduce Cyber Risk Podcast - Cyber Security Made Simple
0 Listeners