x

75% of people globally want unbiased news (Pew Research) but are concerned they're not getting that.

Get balanced coverage with Symby. See how stories are covered across diverse outlets and spot when one side covers a story the other skips.

PODCAST

Certified - CompTIA CYSA+ Audio Course

Dr. Jason Edwards

The CYSA+ Audio Course is your complete, exam-focused companion for mastering the CompTIA Cybersecurity Analyst (CYSA+) certification. Designed for learners who are always on the move, this Audio Course transforms the official exam objectives into clear, structured, and easy-to-follow lessons. Each episode helps you understand, retain, and apply key cybersecurity analysis skills—covering threat detection, vulnerability management, security architecture, and incident response. Whether you’re studying

education courses

All Episodes

13:58

Episode 111: Indicators of Compromise (IoCs) –...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Detecting an attack starts with recognizing the signs. In this episode, we explore Indicators of Compromise (IoCs)—artifacts that suggest an organization may have been breached or is under active threat. You’ll learn how IoCs include file hashes, domain names, IP addresses, registry keys, and behavioral anomalies, and how analysts discover them during investigations or receive them through threat intelligence feeds.We’ll also discuss how IoCs are categorized, how they are validated, and how

en

13:58

Episode 110: Open Source Security Testing Methodology...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

The OSSTMM is often overlooked—but it provides a rigorous, standards-based approach to security testing that aligns with the goals of CySA+ and many compliance frameworks. In this episode, we explain what the Open Source Security Testing Methodology Manual is, why it matters, and how it provides structure to everything from reconnaissance and vulnerability validation to operational control assessment and human interaction testing.You’ll hear how OSSTMM complements tools and frameworks you

en

15:29

Episode 109: MITRE ATT&CK Framework for Analysts

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

In this episode, we explore the MITRE ATT&CK Framework—a living matrix of adversary behaviors that has transformed how cybersecurity professionals track and respond to attacks. You’ll learn how the framework maps tactics (the goals of an attacker) to techniques (the methods they use), and how analysts use ATT&CK to build detection logic, design threat hunts, and improve coverage in SIEMs and EDR tools.We also explain how CySA+ expects you to understand the practical uses of MITRE

en

16:09

Episode 108: The Diamond Model of Intrusion Analysis

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

What happens when we move beyond events and look at the relationships between adversaries, capabilities, victims, and infrastructure? In this episode, we introduce the Diamond Model of Intrusion Analysis—a framework that gives analysts a structured way to examine threats by looking at key attributes and how they interact. You’ll learn how this model complements the cyber kill chain and provides a deeper understanding of the “who,” “what,” “where,” and “how” of an attack.We’ll walk through

en

14:26

Episode 107: Cyber Kill Chains – From Recon to...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

To stop an attack, you must understand its progression. In this episode, we explore the Lockheed Martin Cyber Kill Chain—a widely used framework that maps the stages of a cyberattack from initial reconnaissance through delivery, exploitation, command and control, and beyond. You’ll learn how attackers move through each phase, and how defenders can detect and disrupt their efforts at multiple points along the chain.We also discuss how kill chain thinking supports proactive defense, threat

en

14:50

Episode 106: Domain 3 Overview – Mastering Incident...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Welcome to Domain 3 of the CySA+ PrepCast, where we move from prevention and vulnerability management into response and containment. In this episode, we provide an overview of what incident response means in modern organizations and how it’s structured in the CySA+ exam. You’ll learn how incident response differs from general troubleshooting, and why having a clear plan, chain of command, and communication strategy is just as important as having technical tools.We also explain how Domain 3

en

13:38

Episode 105: Domain 2 Review – From Scanning to...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Before moving forward, it’s time to reflect. In this comprehensive recap, we walk through the critical knowledge areas covered in Domain 2: Vulnerability Management. From scanning types and validation workflows to secure coding, asset prioritization, compensating controls, and risk decisions—you’ll get a structured review that reinforces everything you’ve learned so far.We’ll also offer tips for navigating CySA+ questions in this domain, including common traps, terminology misuses, and how

en

13:59

Episode 104: Threat Modeling for Analysts

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

What if you could anticipate the attacker’s plan before they even launch it? In this episode, we introduce threat modeling as a method for identifying and prioritizing potential threats based on how applications and systems are designed. You’ll learn how threat modeling is performed using techniques like STRIDE, kill chain analysis, and data flow diagrams—and how it’s used to predict, prevent, and mitigate attacks before code is deployed or systems are exposed.We also cover how security

en

14:05

Episode 103: Secure Software Development Lifecycle...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Security that begins in production is already behind schedule. In this episode, we take a holistic view of the Secure Software Development Lifecycle (SDLC), explaining how security is integrated into every phase of software creation—from planning and design to development, testing, deployment, and maintenance. You'll learn how threat modeling, secure coding standards, automated testing, and static/dynamic analysis help catch vulnerabilities early—before attackers do.We’ll also explore how

en

15:13

Episode 102: Secure Coding Best Practices for Analysts

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

You don’t need to be a developer to influence secure code—but you do need to understand what secure coding looks like. In this episode, we break down the most important secure development practices that analysts should know when evaluating application risk or reviewing vulnerability reports. Topics include input validation, output encoding, secure session management, proper authentication handling, and safe data storage.We also explore the role of parameterized queries in preventing

en

14:45

Episode 101: Attack Surface Management in Action

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

You can't protect what you can't see. In this episode, we explore the evolving discipline of attack surface management (ASM)—a proactive process that helps security teams identify, map, and reduce the ways in which an attacker could compromise an organization. You'll learn how ASM incorporates both internal and external assets, including shadow IT, exposed APIs, forgotten subdomains, and misconfigured cloud services.We cover techniques like edge discovery, passive reconnaissance, and

en

14:40

Episode 100: Vulnerability Prioritization and Escalation

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

In a world where thousands of vulnerabilities exist, how do you decide which to address first? In this episode, we break down the art and science of vulnerability prioritization—how analysts combine CVSS scores, asset value, exploitability, and business context to triage effectively. You’ll learn how to identify which issues must be escalated to leadership or incident response teams, and which can be handled within standard operating procedures.We also walk through real-world prioritization

en

14:42

Episode 99: Policy, Governance, and SLO Integration

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Cybersecurity doesn’t happen in a vacuum—it happens under governance. In this episode, we explain how policies, governance structures, and service-level objectives (SLOs) shape the work of the security analyst. You’ll learn how vulnerability management policies define scan frequency, remediation timelines, and exception criteria—and how governance teams enforce consistency across business units and technical teams.We also discuss how SLOs are used to track performance, measure success, and

en

15:44

Episode 98: Risk Management Principles for...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Effective vulnerability management is built on sound risk management principles. In this episode, we explore the four classic risk response strategies—accept, avoid, transfer, and mitigate—and how they apply to real-world cybersecurity scenarios. You'll learn how security analysts recommend and evaluate responses based on the nature of the vulnerability, the criticality of the asset, the threat landscape, and the organization's tolerance for risk.We also walk through how these decisions are

en

14:08

Episode 97: Documenting and Handling Exceptions

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Sometimes a vulnerability can’t be fixed—at least, not right away. In this episode, we explain how analysts and risk managers document and process exceptions: formal records of accepted risk where vulnerabilities are not remediated within standard timelines. You’ll learn when exceptions are appropriate, what approvals are required, and how expiration dates, revalidation, and compensating controls keep risk within acceptable limits.We also cover the importance of aligning exception handling

en

13:46

Episode 96: Maintenance Windows and Update Timing

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Security teams can’t just apply patches whenever they want—especially in enterprise environments where uptime and availability are critical. In this episode, we explore how maintenance windows are scheduled, documented, and coordinated to apply updates without disrupting core business operations. You’ll learn how organizations balance risk reduction with service availability, and how scheduling decisions are influenced by system criticality, time zones, SLAs, and business cycles.We’ll also

en

15:13

Episode 95: Patch and Configuration Management Lifecycle

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Vulnerabilities don’t just exist—they persist, especially when patch and configuration management processes are weak. In this episode, we walk through the full lifecycle of patching and secure configuration: from initial discovery and testing, to staged deployment, validation, and rollback planning. You'll learn how patch management tools integrate with vulnerability scanning platforms and how change control is enforced to prevent accidental disruptions.We also explore configuration

en

15:13

Episode 94: Control Types and Their Purposes

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Not all security controls serve the same function. In this episode, we explain the various types of controls used across cybersecurity programs and why it’s important to understand their classification. You’ll learn the difference between managerial, operational, and technical controls—and how each can be preventative, detective, responsive, or corrective in nature.We’ll walk through real examples: how a firewall represents a technical preventive control, how log reviews are an operational

en

16:47

Episode 93: Compensating Controls in Vulnerability...

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

What happens when you can’t fix a vulnerability directly? In this episode, we introduce the concept of compensating controls—alternative safeguards put in place to reduce risk when a vulnerability cannot be immediately remediated. You’ll learn how network segmentation, monitoring, air gapping, and tightly scoped access policies are used to minimize exposure and limit an attacker’s options.We also discuss how compensating controls are documented and justified in risk assessments and

en

14:59

Episode 92: Local/Remote File Inclusion (LFI/RFI)

Certified - CompTIA CYSA+ Audio Course ·

2025/07/15

Sometimes attackers don’t need to upload malicious files—they just need to include them. In this episode, we explore Local File Inclusion (LFI) and Remote File Inclusion (RFI) vulnerabilities, which allow attackers to manipulate file paths in application inputs and force systems to load unintended or external code. You’ll learn how LFI can be used to read sensitive server-side files, and how RFI opens the door for full remote code execution.We also cover common exploit techniques, such as

en

131 results

Similar Podcasts

Science Talk

Albert Einstein College of Medicine

五分钟心理学

柠檬心理

Daily Facts

Amalia Dupray and Montgomery Jones.

Les dents et dodo

BFMTV

Veterinary Clinical Podcasts

The Royal Veterinary College