Certified - CompTIA CYSA+ Audio Course

The OSSTMM is often overlooked—but it provides a rigorous, standards-based approach to security testing that aligns with the goals of CySA+ and many compliance frameworks. In this episode, we explain…

In this episode, we explore the MITRE ATT&CK Framework—a living matrix of adversary behaviors that has transformed how cybersecurity professionals track and respond to attacks. You’ll learn how the f…

What happens when we move beyond events and look at the relationships between adversaries, capabilities, victims, and infrastructure? In this episode, we introduce the Diamond Model of Intrusion Anal…

To stop an attack, you must understand its progression. In this episode, we explore the Lockheed Martin Cyber Kill Chain—a widely used framework that maps the stages of a cyberattack from initial rec…

Welcome to Domain 3 of the CySA+ PrepCast, where we move from prevention and vulnerability management into response and containment. In this episode, we provide an overview of what incident response …

Before moving forward, it’s time to reflect. In this comprehensive recap, we walk through the critical knowledge areas covered in Domain 2: Vulnerability Management. From scanning types and validatio…

What if you could anticipate the attacker’s plan before they even launch it? In this episode, we introduce threat modeling as a method for identifying and prioritizing potential threats based on how …

Security that begins in production is already behind schedule. In this episode, we take a holistic view of the Secure Software Development Lifecycle (SDLC), explaining how security is integrated into…

You don’t need to be a developer to influence secure code—but you do need to understand what secure coding looks like. In this episode, we break down the most important secure development practices t…

You can't protect what you can't see. In this episode, we explore the evolving discipline of attack surface management (ASM)—a proactive process that helps security teams identify, map, and reduce th…

In a world where thousands of vulnerabilities exist, how do you decide which to address first? In this episode, we break down the art and science of vulnerability prioritization—how analysts combine …

Cybersecurity doesn’t happen in a vacuum—it happens under governance. In this episode, we explain how policies, governance structures, and service-level objectives (SLOs) shape the work of the securi…

Effective vulnerability management is built on sound risk management principles. In this episode, we explore the four classic risk response strategies—accept, avoid, transfer, and mitigate—and how th…

Sometimes a vulnerability can’t be fixed—at least, not right away. In this episode, we explain how analysts and risk managers document and process exceptions: formal records of accepted risk where vu…

Security teams can’t just apply patches whenever they want—especially in enterprise environments where uptime and availability are critical. In this episode, we explore how maintenance windows are sc…

Vulnerabilities don’t just exist—they persist, especially when patch and configuration management processes are weak. In this episode, we walk through the full lifecycle of patching and secure config…

Not all security controls serve the same function. In this episode, we explain the various types of controls used across cybersecurity programs and why it’s important to understand their classificati…

What happens when you can’t fix a vulnerability directly? In this episode, we introduce the concept of compensating controls—alternative safeguards put in place to reduce risk when a vulnerability ca…

Sometimes attackers don’t need to upload malicious files—they just need to include them. In this episode, we explore Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities, which …

Attackers often start with limited access—but they rarely stay there. In this episode, we break down privilege escalation vulnerabilities, which allow attackers to move from low-level accounts to adm…