Episode Details

Send us Fan Mail

MFA feels like the finish line until you watch a company wire tens of millions of dollars to an attacker without a single password being stolen. We dig into why business email compromise (BEC) still works even in “secure” environments, because the real target is the decision point: trust, timing, urgency, and authority. When attackers can spoof executives or use deepfake voice and video, the authentication layer often never gets challenged in a meaningful way.
 
We break down practical, real-world defenses that go beyond “more tools”: fixing payment and approval workflows, defining what counts as a high-risk transaction, forcing out-of-band verification using known contact details, adding mandatory pauses for unusual transfers, and training teams with realistic BEC scenarios during end-of-quarter and holiday pressure. The big takeaway is that blocked phishing emails are not the same thing as protected money movement, and leadership has to own that gap.
 
Then we pivot into CISSP Domain 7 with a clear, test-focused walkthrough of disaster recovery plans. A DR plan on paper is not resilience, so we cover the five primary DR testing types: read-through checklist, walkthrough and tabletop, simulation, parallel, and full interruption. You will learn what each test proves, why most organizations stop at simulation, and how to build toward higher-confidence testing without taking reckless risks.
 
If this helps you, subscribe for weekly CISSP-focused cyber training, share the episode with a teammate, and leave a review so more people can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!