Certified: The CISM Audio Course
The Bare Metal Cyber CISM Audio Course is your comprehensive, exam-focused audio companion for mastering the Certified Information Security Manager (CISM) certification. Designed to guide aspiring security leaders through all four domains of the CISM exam, this prepcast translates complex risk, governance, and incident response concepts into clear, structured, and easy-to-follow episodes. Whether you're transitioning from a technical role or already managing security programs, the series offers over 70 expertly crafted sessions to reinforce key principles, strengthen exam readiness, and accelerate your journey to certification. Ready to start your journey with confidence? Learn more at BareMetalCyber.com.
- Update frequency
- every day
- Average duration
- 11 minutes
- Episodes
- 71
- Years Active
- 2025
Episode 31: Writing Actionable Procedures and Guidelines
Policies set direction—but procedures make things happen. This episode teaches you how to translate security policies into actionable procedures and practical guidelines. You’ll learn what ISACA expe…
Episode 30: Developing Effective Security Policies
Every security program is built on policy. In this episode, we cover how to draft policies that support governance, define behavior, and reflect organizational risk appetite. We also walk through pol…
Episode 29: Applying Industry Standards and Frameworks to Your Security Program
Domain 3 expects you to apply security frameworks—not just memorize them. In this episode, we explain how to align your program with standards like ISO 27001, NIST SP 800-53, and COBIT. Learn how to …
Episode 28: Information Asset Identification and Classification Fundamentals
CISM professionals must protect what matters most. This episode covers how to identify, categorize, and classify information assets, including systems, data, and services. You'll also learn how asset…
Episode 27: Selecting and Implementing Security Tools and Technologies
Technology supports security—but strategy drives selection. This episode helps you evaluate tools based on business needs, risk reduction, and operational fit. You’ll also learn how to plan for integ…
Episode 26: Staffing and Managing Security Teams
Domain 3 covers security program development—and that includes managing people. In this episode, we examine how to build and lead an effective security team, define roles, manage talent, and align pe…
Episode 25: Best Practices in Risk Monitoring and Reporting
CISM exam scenarios often involve risk communication. This episode covers how to monitor risks over time and report findings in ways that drive decision-making. You'll learn how to use KRIs, track co…
Episode 24: Establishing Risk and Control Ownership
Ownership is essential to accountability. In this episode, we explain how to assign ownership for risks and controls, and how to ensure those responsibilities are clearly communicated and understood …
Episode 23: Risk Transfer and Avoidance Strategies
Sometimes the best risk response is walking away—or handing it off. This episode focuses on transferring and avoiding risk, from insurance and outsourcing to project termination and architecture rede…
Episode 22: Risk Mitigation and Acceptance Strategies
When risks can't be eliminated, they must be managed. This episode covers the two most frequently used risk treatment options: mitigation and acceptance. Learn how to assess control effectiveness, do…
Episode 21: Conducting Effective Risk Analysis Workshops
CISM candidates must know how to facilitate cross-functional risk workshops. In this episode, we walk through the process—from identifying participants and setting objectives to analyzing risk scenar…
Episode 20: Quantitative vs. Qualitative Risk Assessment
Understanding how to evaluate risk is a CISM must-have. In this episode, we break down qualitative and quantitative assessment methods—including likelihood, impact, and exposure calculations. You’ll …
Episode 19: Conducting Vulnerability and Control Deficiency Analysis
Risk management starts with understanding where you’re weak. This episode teaches you how to identify control gaps and vulnerabilities, distinguish between the two, and document their business impact…
Episode 18: Identifying and Managing Emerging Risks (AI, Quantum, IoT)
Emerging tech means evolving risk. In this episode, we cover how technologies like AI, IoT, and quantum computing introduce new security threats—and what CISM candidates need to understand to manage …
Episode 17: Current Cyber Threat Landscape
CISM Domain 2 begins here—with risk identification. This episode explores common and emerging threats, including ransomware, insider risk, APTs, and supply chain compromise. We’ll also look at how th…
Episode 16: Strategic Planning Essentials – Budgets, Resources, and the Business Case
Security managers must think like business leaders. This episode focuses on how to plan strategically: building security budgets, aligning resources with business priorities, and creating business ca…
Episode 15: Deep Dive into NIST Cybersecurity Framework (CSF)
The NIST CSF is another framework CISM candidates must understand. In this episode, we explain the five core functions—Identify, Protect, Detect, Respond, Recover—and how to apply them to build organ…
Episode 14: Deep Dive into ISO 27001 and ISO 27002
ISO 27001 and ISO 27002 show up frequently on the CISM exam. This episode covers their purpose, structure, and use in implementing and managing an Information Security Management System (ISMS). You’l…
Episode 13: Deep Dive into COBIT Framework
COBIT is more than just a buzzword—it’s a cornerstone of enterprise governance. In this episode, we explore COBIT’s structure, goals cascade, governance vs. management domains, and how to use COBIT t…
Episode 12: Overview of Major Governance Frameworks (COBIT, ISO, NIST)
Expect questions about governance frameworks on the CISM exam. This episode introduces COBIT, ISO 27001/27002, and the NIST Cybersecurity Framework. We explain how each one supports strategy, policy,…