CCT 293: CISSP Rapid Review - Domain 8

CISSP Cyber Training Podcast - CISSP Training Program

المحتوى المقدم من Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur, Shon Gerber, VCISO, CISSP, and Cybersecurity Consultant أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

23d ago 39:02

MP3•منزل الحلقة

Send us a text

Quantum threats aren’t waiting politely on the horizon, and neither should we. We kick off with Signal’s bold move to deploy post-quantum encryption, unpacking the “belt and suspenders” approach that blends classical cryptography with quantum-resistant algorithms. No jargon traps—just clear takeaways on why this matters for privacy, resilience, and the pressure it puts on other messaging platforms to evolve. We point you to smart reads from Ars Technica and Bruce Schneier that make the technical guts approachable and actionable.
From there, we switch gears into a focused CISSP Domain 8 walkthrough: how to weave security into every phase of the software development lifecycle. We talk practical integration across waterfall, agile, and DevOps; show why change management, continuous monitoring, and application-aware incident response are non-negotiable; and explain how maturity models like CMMI and BSIMM help teams move from reactive to repeatable. We also break down the developer’s toolbox—secure language choices, vetted libraries with SCA, hardened runtimes, and IDE plugins that surface issues in real time—so teams can ship faster without trading away safety.
Speed meets rigor in the CI/CD pipeline, where shift-left security comes alive with SAST, DAST, and SOAR-driven checks. We cover repository hygiene, secret scanning, and how to measure effectiveness with audit trails and risk analysis that map code issues to business impact. You’ll get a clear view of third-party risk across COTS and open source, the shared responsibility model for SaaS, PaaS, and IaaS, and the daily practices that keep APIs from leaking data: least privilege, strict authorization, input validation, and rate limiting. We close with software-defined security—policies as code—bringing consistency, versioning, and automation to your defenses. Subscribe, share with a teammate who owns your pipeline, and leave a review to tell us the next Domain 8 topic you want us to deep-dive.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

فصول

1. Welcome And Today’s Focus (00:00:00)

2. Signal’s Post‑Quantum Encryption Overview (00:00:56)

3. Belt And Suspenders Crypto Approach (00:03:33)

4. Why Vendor Pressure Matters (00:05:18)

5. Domain 8 Overview And Weighting (00:06:36)

6. Recommended Reading And Sources (00:06:40)

7. Free And Paid Study Resources (00:09:06)

8. 8.1 Security In The SDLC (00:10:39)

9. Change Management And IPTs (00:14:05)

10. 8.2 Securing Dev Environments (00:17:41)

11. CI/CD And Shift‑Left Security (00:22:04)

12. Repos, SAST, And DAST (00:24:11)

13. 8.3 Measuring Security Effectiveness (00:26:27)

14. COTS, Open Source, Third Parties (00:29:12)

15. 8.4 Cloud Models And Shared Duty (00:31:23)

16. 8.5 Secure Coding And APIs (00:33:00)

17. Software‑Defined Security (00:36:08)

18. Wrap‑Up And How To Get Help (00:36:23)

19. Reviews, YouTube, And Free Questions (00:38:24)

302 حلقات

#CISSP #Cyber Security #Cybersecurity #Cyber Training #Cybersecurity Consultant #Shon Gerber #Cissp Course #Cissp Boot Camp #Cissp Exam #Cissp Practice Exam #Cissp Practice Test #Higher Education #Podcasting Education #CISSP Training