Mastering Cybersecurity: The Cyber Educational Audio Course

Certified: GCCC and the Practical Side of Critical Security Controls

16 min · 1. juni 2026
episode Certified: GCCC and the Practical Side of Critical Security Controls cover

Description

The GIAC Critical Controls Certification (GCCC) is a practical credential for professionals who want to understand how security controls become real defensive work. In this narrated version of my Monday “Certified” feature from Bare Metal Cyber Magazine, we walk through what the certification is, who it is built for, and why the CIS Critical Security Controls matter for security analysts, IT administrators, auditors, risk professionals, consultants, and early-career cybersecurity learners. This episode also explains what GCCC really tests, including control purpose, implementation thinking, audit awareness, and the ability to connect security tasks to measurable risk reduction. You will hear how the credential fits into a broader career path and how learners can prepare with a balanced mix of reading, review, practice, and flexible study support through the Bare Metal Cyber Academy.

Comments

0

Be the first to comment

Sign up now and become a member of the Mastering Cybersecurity: The Cyber Educational Audio Course community!

Get Started

1 month for 9 kr.

Then 99 kr. / month · Cancel anytime.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

All episodes

106 episodes

episode Insight: Making Sense of the Cloud Shared Responsibility Model artwork

Insight: Making Sense of the Cloud Shared Responsibility Model

When a cloud service goes down or behaves strangely, the first minutes are often spent arguing about ownership instead of solving the problem. This narrated Insight walks through the Cloud Shared Responsibility Model in clear, practical terms so that security and IT teams can decide, in advance, who owns what when something breaks. You will hear how responsibility shifts across Infrastructure as a Service, Platform as a Service, and Software as a Service, and what that means for controls around identity, data, configuration, and monitoring in your real environment. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine. Across two focused segments, we explore everyday use cases where the Cloud Shared Responsibility Model shows up, from cloud migrations and SaaS onboarding to incident response and audit work. You will hear both quick-win applications for a single, high-impact service and more strategic ways to standardize responsibility mapping across your portfolio. Along the way, we highlight common failure modes, like treating “the cloud” as one thing or assuming the provider secures everything, and contrast them with healthy signals such as current, widely-used responsibility maps that guide real decisions.

7. juli 202614 min
episode Certified: ISSMP and the Security Management Career Path artwork

Certified: ISSMP and the Security Management Career Path

This narrated episode walks through the Information Systems Security Management Professional (ISSMP) certification in plain English for professionals who want to understand where security management fits in a cyber career path. Based on my Monday “Certified” feature from Bare Metal Cyber Magazine, the episode explains what the credential is, who it is designed for, and why it matters for people moving beyond individual technical tasks into program leadership, governance, risk management, security operations, continuity planning, and executive-facing responsibility. The episode also looks at what the exam really tests, including the kind of judgment needed when security decisions involve business priorities, legal obligations, budgets, operational pressure, and organizational risk. It places ISSMP in a broader certification path and helps listeners decide whether this credential fits their current stage or belongs farther down the road. The Bare Metal Cyber Academy serves as the broader home for the connected certification resources, including flexible study support for busy professionals.

6. juli 202614 min
episode Insight: How User and Entity Behavior Analytics Spots Trouble Early artwork

Insight: How User and Entity Behavior Analytics Spots Trouble Early

This narrated Insight walks through User and Entity Behavior Analytics (UEBA) as a practical tool for spotting the weird stuff early. You will hear how UEBA builds a picture of “normal” behavior for users, service accounts, and systems, then uses that context to highlight the logins, data access, and admin activity that really deserve your attention. We explore where it sits alongside your SIEM, XDR, and identity tools, and why it works best as a behavioral lens on top of the data you already collect. The narration is based on my Tuesday “Insights” feature from Bare Metal Cyber Magazine. In the episode, we move from fundamentals to real-world application. You will hear everyday use cases, from compromised credentials and privileged account monitoring to insider risk and cloud-heavy environments. We talk through the benefits UEBA can bring to a busy security operations center, as well as the trade-offs around data quality, tuning, and cost. Finally, we cover the most common failure patterns and the healthy signals that show UEBA is actually driving better decisions, not just adding another dashboard.

30. juni 202613 min
episode Certified: CIPT and the Technical Side of Privacy artwork

Certified: CIPT and the Technical Side of Privacy

This episode walks through Certified Information Privacy Technologist (CIPT), a privacy credential for professionals who want to understand how data protection works inside real technology systems. Based on my Monday “Certified” feature from Bare Metal Cyber Magazine, it explains who the certification is for, why it matters, and how it connects privacy, security, product design, engineering, cloud systems, and data governance. The focus is practical: how privacy becomes part of collection, use, retention, sharing, deletion, user control, and technical risk reduction. We also look at what the CIPT exam really tests, including privacy by design, privacy engineering, responsible data use, and scenario-based decision-making. This episode is designed for early-career cyber, IT, cloud, GRC, and privacy professionals who want a clearer path into privacy technology. The Bare Metal Cyber Academy is also introduced as the broader home for the connected certification resources, including the free audio course and companion books for structured, flexible preparation.

29. juni 202614 min
episode Insight: Understanding the Ransomware Attack Lifecycle artwork

Insight: Understanding the Ransomware Attack Lifecycle

Ransomware attacks do not begin with the ransom note – they unfold through a quiet sequence of steps that often look like routine activity. In this Tuesday “Insights” episode, developed by Bare Metal Cyber, we walk through the modern ransomware attack lifecycle from initial access and foothold to lateral movement, privilege abuse, data theft, backup tampering, and finally encryption. You will hear how real attacks typically progress over days or weeks, which signals show up in identity, endpoints, networks, and backups, and why so many organizations only notice the threat at the worst possible moment. We then translate that lifecycle into practical interruption points, so security and IT teams can see where to focus, how to use the tools they already have, and how to make recovery less dependent on paying an attacker.

23. juni 202612 min