Certified: The Security+ Prepcast

Continuing our exploration of how vulnerabilities are identified, this episode focuses on external and community-driven methods, including penetration testing, bug bounty programs, responsible disclo…

Finding vulnerabilities before attackers do is a core function of modern cybersecurity, and this episode explores the technical methods used to identify them early and accurately. We begin with vulne…

Data retention policies define what data must be kept, for how long, and under what security controls—and when they’re done right, they strike a balance between legal obligations, operational needs, …

When assets reach the end of their lifecycle, they don’t just disappear—they become potential liabilities if not securely decommissioned. In this episode, we explore the processes and tools used for …

Security begins with visibility, and that means knowing what devices, systems, and software exist within your environment at all times. In this episode, we dive into asset monitoring and tracking, em…

To manage risk effectively, organizations must know what they own, who is responsible for it, and how critical it is—this is the basis of asset assignment, ownership, and classification. In this epis…

Security doesn’t start when a system is installed—it begins during the procurement process. In this episode, we examine how secure acquisition strategies reduce long-term risk by vetting vendors, est…

Isolation and monitoring form a defensive pairing that not only limits the spread of threats but enables rapid detection and response. In this episode, we discuss isolation technologies like sandboxi…

Applications are often the most exposed layer of an organization’s attack surface, and defending them requires both proactive development practices and reactive protection mechanisms. In this episode…

As wireless threats become more sophisticated, organizations must move beyond basic security measures and implement advanced techniques to protect access points and users. In this episode, we cover t…

Mobile devices connect through a variety of channels—cellular networks, Wi-Fi, and Bluetooth—each with its own risks and requirements for secure operation. In this episode, we examine the vulnerabili…

Mobile devices have become indispensable for productivity, but they also introduce unique security challenges due to their portability, connectivity, and often personal ownership. In this episode, we…

Wireless networks offer convenience, but they also expand the attack surface by broadcasting connectivity beyond physical boundaries, making them inherently riskier than wired alternatives. In this e…

Embedded systems and IoT devices often operate in environments where security is either underprioritized or extremely difficult to implement, making them prime targets for persistent threats. In this…

Continuing our discussion on hardening, this episode shifts focus to cloud infrastructure, servers, and industrial systems—each of which requires a tailored approach based on operational roles, archi…

Hardening is the practice of stripping down systems to only what they need to function securely, and this episode focuses on doing just that for mobile devices, workstations, switches, and routers. T…

Establishing a secure baseline is one of the most fundamental—and often overlooked—steps in managing system security. In this episode, we explain how baselines define the minimum acceptable security …

Without reliable power, even the most secure systems are at risk of failure—and in many environments, loss of power is both a security and safety issue. In this episode, we explore how power resilien…

Backups are only half of the story—the other half is how effectively you can recover from them. In this episode, we focus on data recovery techniques that turn dormant backups into operational system…