All Episodes
Displaying 41 - 60 of 83 in total
Episode 41 — Control Cloud Data Exposure: Storage Permissions, Keys, and Configuration Drift
This episode focuses on preventing cloud data exposure by controlling the practical failure points that most often cause leaks, which aligns with exam expectations aro...
Episode 42 — Manage Cloud Risk With Baselines, Policies, and Exception Handling That Scales
This episode teaches how to scale cloud security using enforceable baselines and disciplined exception handling, a core exam concept because it tests whether leaders c...
Episode 43 — Protect Data in Transit Using TLS Choices and Certificate Hygiene
This episode explains how to protect data in transit using TLS and disciplined certificate management, a topic that appears on the exam through encryption, identity as...
Episode 44 — Protect Data at Rest Using Encryption, Key Custody, and Access Patterns
This episode teaches how to protect data at rest so theft of media or unauthorized access does not automatically become disclosure, connecting exam objectives across e...
Episode 45 — Translate Privacy Requirements Into Controls: Minimization, Retention, and Access
This episode explains how to translate privacy requirements into enforceable security controls, a recurring exam theme because leaders must connect compliance concepts...
Episode 46 — Align Compliance Expectations With Practical Security Evidence and Continuous Checks
This episode teaches how to meet compliance expectations by building evidence into daily operations, a key exam concept because it tests whether leaders can sustain co...
Episode 47 — Negotiate Security Outcomes With Vendors Using Requirements, Evidence, and Leverage
This episode explains how to negotiate security outcomes with vendors so obligations are measurable and enforceable, reflecting exam objectives around negotiation, thi...
Episode 48 — Build Vendor Risk Management: Intake, Due Diligence, and Ongoing Monitoring
This episode teaches vendor risk management as a lifecycle that begins before purchase and continues through renewal and offboarding, matching exam expectations that l...
Episode 49 — Manage Third-Party Contracts: SLAs, Audit Rights, Breach Terms, and Ownership
This episode focuses on third-party contracts as the mechanism that turns security expectations into enforceable obligations, a leadership skill tested on the exam thr...
Episode 50 — Run Security Projects: Scope, Schedule, Risk, and Stakeholder Commitments
This episode teaches security project execution as disciplined delivery, emphasizing exam-relevant project management concepts like scope control, stakeholder alignmen...
Episode 51 — Build Business Support for Security Work Using Value, Cost, and Tradeoffs
This episode teaches how to gain business support for security initiatives by framing decisions in terms executives and stakeholders can evaluate, which aligns with ex...
Episode 52 — Handle Project Drift: Change Control, Dependencies, and Delivery Evidence
This episode explains how to recognize and correct project drift before it derails outcomes, which is exam-relevant because leaders must manage scope, schedule, qualit...
Episode 53 — Assess Human Risk Drivers: Roles, Behaviors, and Likely Failure Points
This episode teaches how to assess human risk as a predictable set of behaviors shaped by roles, access, and workflow pressure, aligning with exam objectives on securi...
Episode 54 — Design Security Awareness That Changes Behavior and Reduces Real Incidents
This episode explains how to build an awareness program that drives measurable behavior change, a certification objective that often appears in exam questions about pr...
Episode 55 — Mature Awareness Programs Using Metrics, Reinforcement, and Targeted Campaigns
This episode focuses on maturing an awareness program over time using metrics and targeted reinforcement, matching exam objectives that emphasize programs which evolve...
Episode 56 — Write Security Policies That People Can Follow and Auditors Can Verify
This episode teaches how to write security policies that are clear, enforceable, and measurable, aligning with exam objectives that emphasize the role of governance ar...
Episode 57 — Distinguish Policies, Standards, Guidelines, Baselines, and Procedures Correctly
This episode clarifies the differences between key governance document types, which is exam-relevant because many questions test whether leaders can choose the right i...
Episode 58 — Align Policy With Risk Appetite, Exceptions, and Accountability Mechanisms
This episode teaches how to align policy with risk appetite and create exception and accountability mechanisms that prevent governance from becoming symbolic, a topic ...
Episode 59 — Recognize Client-Side Attacks Leaders Must Anticipate and Prevent
This episode explains client-side attacks and why they remain a dominant path for compromise, aligning with exam objectives on system security, awareness, and monitori...
Episode 60 — Reduce Malware Risk With Controls: Hardening, EDR Strategy, and Response Hooks
This episode teaches a balanced approach to reducing malware risk through hardening, endpoint detection and response strategy, and response hooks that enable rapid con...