PodParley PodParley
PodParley
Certified: The CompTIA Security+ V8 / SY0-801 Audio Course cover art
#
Title
1

Welcome to the CompTIA Security+ Audio Course!
2

Episode 118 — Final Objectives Update: What Changed When CompTIA Finalized SY0-801 (Update)
3

Episode 117 — Full-Course Review: The SY0-801 Memory Map (Review)
4

Episode 116 — PBQ Strategy: Turning Objectives into Scenario Decisions (Review)
5

Episode 115 — Awareness Delivery and Effectiveness: LMS, Self-Service, Metrics, Behavior Risk Scoring, BEC, BYOD, and Remote Work (5.6)
6

Episode 114 — Security Awareness Training: Onboarding, Ongoing, Targeted, and Corrective Training (5.6)
7

Episode 113 — Penetration Testing, Reconnaissance, Frameworks, Functional Testing, and Behavioral Testing (5.5)
8

Episode 112 — Audit Scope and Engagements: Charters, Gap Analysis, Internal Reviews, External Reviews, and Benchmarking (5.5)
9

Episode 111 — Audit Data Gathering: Sampling, Questionnaires, Interviews, Assertions, and Reference Sources (5.5)
10

Episode 110 — Non-Compliance, Privacy Rights, Legal Holds, Legal Orders, and Retention (5.4)
11

Episode 109 — Compliance Training and Monitoring: Data Handling, AML/CTF, Anti-Bribery, and Attestations (5.4)
12

Episode 108 — Vendor Constraints and Rules of Engagement: Jurisdiction, ROI, Lock-In, and Assurance Mechanisms (5.3)
13

Episode 107 — Agreements and Monitoring: SLA, SLO, MOU, MOA, NDA, MSA, SOW, and Right to Audit (5.3)
14

Episode 106 — Third-Party Risk: Vendor Selection, RFP, RFI, RFQ, EOI, Due Diligence, and Conflicts (5.3)
15

Episode 105 — Risk Treatment and Business Impact: Transfer, Accept, Avoid, Mitigate, BIA, Appetite, Residual Risk, SLE, ALE, and ARO (5.2)
16

Episode 104 — Risk Analysis and Registers: Impact, Likelihood, Owners, Current Mitigations, and Qualitative vs. Quantitative Risk (5.2)
17

Episode 103 — Risk Identification and Assessment: Assets, Stakeholders, Scoring, and Categorization (5.2)
18

Episode 102 — Plans and Policies: BCP, DRP, BYOD, AUP, Clean Desk, Incident Response, Data Retention, Access Control, and Privacy (5.1)
19

Episode 101 — Standards and Procedures: Baselines, Passwords, Physical Security, RFCs, Encryption, SOPs, and Runbooks (5.1)
20

Episode 100 — GRC Artifacts: Guidelines, Benchmarks, Advisories, Implementation Guides, and Reference Architectures (5.1)
21

Episode 99 — Evidence and Stakeholders: File Integrity, Memory Dumps, Bit Copies, Snapshots, HR, Legal, and Log Parsing (4.8)
22

Episode 98 — Investigation Sources: Vulnerability Scans, Automated Reports, NetFlow/IPFIX, Surveillance, and Packet Captures (4.8)
23

Episode 97 — Investigation Data Types: Access, Device, Server, Application, Authentication, Communication, and Audit Logs (4.8)
24

Episode 96 — Containment Through Post-Incident: Isolation, Negotiation, Recovery, Reporting, Lessons Learned, and RCA (4.7)
25

Episode 95 — Identification and Investigation: Detection, Advisories, Threat Hunting, Forensics, and Chain of Custody (4.7)
26

Episode 94 — Incident Response Preparation: Training, Tabletop Exercises, Playbooks, Simulations, and Roles (4.7)
27

Episode 93 — AI in SecOps: Agentic AI, Chatbots, Predictive Analysis, AI-Augmented Baselines, and CI/CD (4.6)
28

Episode 92 — Automation Risks and Guardrails: Logic, Complexity, Financial Risk, and Process Risk (4.6)
29

Episode 91 — Automation Use Cases: Provisioning, Desired State, Anomaly Detection, and Ticketing (4.6)
30

Episode 90 — Access Models and Modern Authentication: JIT Access, Passkeys, Passwordless, and Credential Monitoring (4.5)
31

Episode 89 — MFA: Tokens, Biometrics, OTPs, Backup Codes, and Bypass Risks (4.5)
32

Episode 88 — Account Types and Privilege Models: User, Privileged, Service, Third-Party, and Emergency Access (4.5)
33

Episode 87 — Federation and SSO: SAML, LDAP, and OAuth (4.5)
34

Episode 86 — IAM Lifecycle: Provisioning, Deprovisioning, Permissions, and Identity Proofing (4.5)
35

Episode 85 — Monitoring Protocols and Data Flow: NetFlow, SNMP, Syslog, SCAP, Port Mirroring, and Dashboards (4.4)
36

Episode 84 — Monitoring Tools: SIEM, DLP, Vulnerability Scanners, Orchestration, and Packet Analyzers (4.4)
37

Episode 83 — Alerting Operations: Scanning, Archiving, Reporting, and Alert Tuning (4.4)
38

Episode 82 — Monitoring Resources: Systems, Applications, Infrastructure, and Log Aggregation (4.4)
39

Episode 81 — External Reporting: Bug Bounties and Responsible Disclosure (4.3)
40

Episode 80 — Remediation, Verification, and Internal Reporting (4.3)
41

Episode 79 — Prioritization: Severity, Business Impact, and Pen Test Report Review (4.3)
42

Episode 78 — Vulnerability Management Overview: Scanning, IPAM, CSPM, and Source Code Review (4.3)
43

Episode 77 — Planning, Procurement, Assignment, Tracking, Disposal, and Decommissioning (4.2)
44

Episode 76 — Asset Management: Hardware, Software, and Data Life Cycle (4.2)
45

Episode 75 — Email and OS Security: DMARC, SPF, DKIM, BIMI, Group Policy, and SELinux (4.1)
46

Episode 74 — Repository, Application, and Code Security: Secrets Scanning, Input Validation, Secure Cookies, Static Analysis, and Code Signing (4.1)
47

Episode 73 — Endpoint and Network Access Control: EDR, XDR, Antivirus, Captive Portals, 802.1X, and Posture (4.1)
48

Episode 72 — Firewalls and Filtering: WAF, UTM, Layer 4/Layer 7, Rate Limiting, and DLP (4.1)
49

Episode 71 — Monitoring, MDM, Allow Lists, Block Lists, IDS, IPS, and WIPS (4.1)
50

Episode 70 — Deception and Disruption: Honeypots, Honeynets, Honeyfiles, Honeytokens, and Canary Accounts (4.1)
51

Episode 69 — Mitigating Controls Overview: Segmentation, Access Control, Hardening, and Sandboxing (4.1)
52

Episode 68 — Recovery Metrics: RTO, RPO, MTTR, and MTBF (3.4)
53

Episode 67 — Disaster Recovery and Business Continuity: Failover, Simulation, Parallel Processing, and Capacity Planning (3.4)
54

Episode 66 — Power, Storage, Backups, Immutability, and Restoration Testing (3.4)
55

Episode 65 — Platform Diversity, Load Balancing, Clustering, Autoscaling, and High Availability (3.4)
56

Episode 64 — Resilience Sites: Hot, Warm, Cold, and Environmental Planning (3.4)
57

Episode 63 — Data Handling, Geofencing, Lifecycle, Retention, Disposal, and Compliance (3.3)
58

Episode 62 — Data Protection Roles: Owner, Custodian, Steward, Operator, Controller, and Subprocessor (3.3)
59

Episode 61 — Securing Data: Masking, Hashing, Filtering, Tokenization, Encryption, and Obfuscation (3.3)
60

Episode 60 — Data Classification: Public to Top Secret, Sensitive to Restricted (3.3)
61

Episode 59 — Data Types and States: Structured, Unstructured, At Rest, In Use, and In Transit (3.3)
62

Episode 58 — Identity Architecture: gMSAs, Least Privilege Accounts, Privilege Creep, and Failure Modes (3.2)
63

Episode 57 — Out-of-Band Management, File Transfer, and Security Service Edge (3.2)
64

Episode 56 — Secure Access: VPNs, Remote Access, Tunneling, and Encrypted Messaging (3.2)
65

Episode 55 — Zero Trust Architecture: User, Device, and Application Decisions (3.2)
66

Episode 54 — Infrastructure Protection: Device Placement, Security Zones, Attack Surface, and Diversity (3.2)
67

Episode 53 — Scalability, Environmental Requirements, Risk, and Recovery Decisions (3.1)
68

Episode 52 — Business Architecture Tradeoffs: Data Sovereignty, Classification, Cost, and Ownership (3.1)
69

Episode 51 — Technical Architecture Tradeoffs: Availability, Resilience, Open Source, and Usability (3.1)
70

Episode 50 — OT, Air-Gapped Networks, Microservices, and Segmentation
71

Episode 49 — Serverless, Multicloud, and Infrastructure as Code
72

Episode 48 — Architecture Models: Cloud, On-Premises, Hybrid, Private, Public, and Community Cloud
73

Episode 47 — AI Abuse: Jailbreaking, Evasion, Privacy, Session Hijacking, and Code Execution
74

Episode 46 — AI Failure Risks: Data Loss, Bias, Explainability, Hallucinations, and Ethics
75

Episode 45 — AI Threats: Model Manipulation, Poisoning, and Prompt Injection
76

Episode 44 — Credential Attacks: Password Spraying, Brute Force, User Enumeration, and MFA Bypass
77

Episode 43 — Application Attacks: Injection, Buffer Overflow, Replay, Privilege Escalation, Forgery, and Traversal
78

Episode 42 — Indicators of Compromise: Hashes, Domains, Timestamps, Log Manipulation, and Impossible Travel
79

Episode 41 — Social Engineering Indicators: Smishing, Vishing, Whaling, Quishing, and Deepfakes
80

Episode 40 — Physical and Network Attack Indicators (2.5)
81

Episode 39 — Malware Indicators: Ransomware, Trojans, Worms, Spyware, and Fileless Malware (2.5)
82

Episode 38 — LLMs, Misconfigurations, Public Repositories, and Public Object Storage (2.4)
83

Episode 37 — Stale Credentials, Rogue Devices, Shadow IT, Wireless, Mobile, and Identity Provider Risks (2.4)
84

Episode 36 — Code Weaknesses: Hardcoded Secrets and Unsafe Exception Handling (2.4)
85

Episode 35 — Ports, Services, Applications, Race Conditions, and Malicious Updates (2.4)
86

Episode 34 — Unsupported, Unpatched, Obsolete, and Unmanaged Systems (2.4)
87

Episode 33 — Supply Chain, SaaS, USB, Human, IoT, OT, Physical, Bluetooth, RF, and NFC Threats (2.3)
88

Episode 32 — Network, Remote Access, and Endpoint Threat Sources (2.3)
89

Episode 31 — Browser-Based Attacks: Extensions, JavaScript, Cookies, Password Managers, and Session Tokens (2.3)
90

Episode 30 — Image and Attachment Attacks: QR Codes, CAPTCHA Abuse, Macros, PDFs, and RTF (2.3)
91

Episode 29 — Message-Based Attacks: Email, SMS, RCS, IM, and Collaboration Tools (2.3)
92

Episode 28 — APTs and the Modern Threat Vector Map (2.3)
93

Episode 27 — Motivations and Capabilities: Money, Espionage, Ideology, and Extortion (2.2)
94

Episode 26 — State-Sponsored, Competitors, Accidental, and Unskilled Attackers (2.2)
95

Episode 25 — Threat Actors: Organized Crime, Terrorists, Hacktivists, and Insiders (2.2)
96

Episode 24 — Vulnerability Types and Risk-Based Decisions (2.1)
97

Episode 23 — Vulnerability Scoring: CVSS, CVEs, and Prioritization (2.1)
98

Episode 22 — Threat Feeds and Intelligence Sources (2.1)
99

Episode 21 — Threats vs. Vulnerabilities: Likelihood, Impact, and Life Cycle (2.1)
100

Episode 20 — Hashing, Salting, Digital Signatures, Obfuscation, and Crypto Tools (1.3)
101

Episode 19 — Key Exchange, Algorithms, Key Length, and Protocol Selection (1.3)
102

Episode 18 — Encryption Levels: Disk, File, Volume, Database, and Record (1.3)
103

Episode 17 — Symmetric vs. Asymmetric Encryption (1.3)
104

Episode 16 — CSRs, Wildcards, Root of Trust, and Key Escrow (1.3)
105

Episode 15 — Revocation and Validation: CRLs, OCSP, and Trust Problems (1.3)
106

Episode 14 — Certificates and Certificate Authorities (1.3)
107

Episode 13 — PKI Foundations: Public Keys, Private Keys, and Trust (1.3)
108

Episode 12 — Technical and Documentation Impacts of Change (1.2)
109

Episode 11 — Backout Plans vs. Fail Forward: Recovering from Bad Changes (1.2)
110

Episode 10 — Impact Analysis, Test Results, and Maintenance Windows (1.2)
111

Episode 9 — CABs, Approvals, Ownership, and Stakeholders (1.2)
112

Episode 8 — Change Management: Why Security Breaks During Normal Updates (1.2)
113

Episode 7 — Control Categories and Control Types (1.1)
114

Episode 6 — Zero Trust Principles: Never Trust, Always Verify (1.1)
115

Episode 5 — Non-Repudiation, Least Privilege, and Trust Decisions (1.1)
116

Episode 4 — CIA and AAA: The Core Security Models (1.1)
117

Episode 3 — Defense in Depth: Layering Controls So One Failure Doesn’t Sink You (1.1)
118

Episode 2 — How to Study with an Audio-First Security+ Plan
119

Episode 1 — SY0-801 at a Glance: What Changed from Security+ 701