All Episodes

Welcome to the GIAC GCCC Audio Course

Episode 59 — Validate resilience after fixes with retesting and durable closure evidence

Episode 58 — Translate pen test findings into remediation priorities and measurable control improvements

Episode 57 — Plan penetration tests safely: scope control, rules of engagement, and reporting clarity

Episode 56 — Improve response capability with lessons learned and continuous program refinement

Episode 55 — Execute incident response under pressure: detection, containment, and evidence handling

Episode 54 — Build incident response readiness with roles, playbooks, and communications discipline

Episode 53 — Reinforce skills over time with role-based focus, coaching, and timely feedback

Episode 52 — Measure training effectiveness with metrics tied to real risk reduction outcomes

Episode 51 — Build awareness programs that change behavior, not just complete training requirements

Episode 50 — Monitor third-party risk continuously with signals, assessments, and escalation triggers

Episode 49 — Enforce provider accountability through contracts, controls, and ongoing assurance reviews

Episode 48 — Evaluate service providers with due diligence that matches risk and criticality

Episode 47 — Detect and remediate weaknesses with testing evidence, prioritization, and closure proof

Episode 46 — Reduce application risk by managing dependencies and patching weak components quickly

Episode 45 — Secure the software lifecycle end-to-end: design, build, deploy, and operate safely

Episode 44 — Prove recoverability with restore tests, integrity checks, and documented results

Episode 43 — Protect backups as high-value targets: access controls, encryption, and isolation strategy

Episode 42 — Define recovery objectives that fit business reality: RPO, RTO, and scope decisions

Episode 41 — Retain and dispose of data safely with automation, approvals, and audit evidence

Episode 40 — Protect data with access boundaries, encryption decisions, and controlled sharing patterns

Episode 39 — Classify data in practice: sensitivity tiers, handling rules, and real-world exceptions

Episode 38 — Confirm email and browser protections work with testing and measurable outcomes

Episode 37 — Harden web browsing with technical safeguards and safer execution pathways

Episode 36 — Reduce phishing success with email controls that block, warn, and verify safely

Episode 35 — Improve monitoring outcomes with tuning, validation, and gap-driven coverage fixes

Episode 34 — Detect threats faster with triage workflows, escalation rules, and response coordination

Episode 33 — Design network visibility that matters: telemetry selection and baseline behavior modeling

Episode 32 — Control network changes safely with baselines, approvals, and rollback discipline

Episode 31 — Harden network device management planes to reduce takeover and tampering risk

Episode 30 — Inventory network infrastructure: devices, services, dependencies, and ownership clarity

Episode 29 — Validate malware defenses with testing, tuning, and incident-driven improvement loops

Episode 28 — Contain malware spread with segmentation, privilege limits, and rapid isolation routines

Episode 27 — Prevent malware execution using layered controls across endpoints and servers

Episode 26 — Turn logs into outcomes: alerting strategy, review routines, and noise reduction

Episode 25 — Centralize and normalize logs for correlation, retention integrity, and fast search

Episode 24 — Decide what to log and why: events that power detection and investigations

Episode 23 — Close vulnerabilities with verification evidence, rollback planning, and durable tracking

Episode 22 — Prioritize vulnerabilities with risk context, exploitability, and exposure-driven triage

Episode 21 — Build continuous vulnerability management: coverage, scan cadence, and owner assignment

Episode 20 — Validate access control effectiveness with reviews, testing, and corrective action

Episode 19 — Build authorization models that match real work without privilege creep

Episode 18 — Strengthen authentication foundations: factors, session controls, and identity assurance

Episode 17 — Deprovision accounts cleanly to eliminate orphaned access and lingering entitlements

Episode 16 — Provision accounts safely with approvals, role fit, and minimum privilege intent

Episode 15 — Clarify account types and lifecycles: user, admin, service, shared, and temporary

Episode 14 — Prove configuration compliance with sampling, evidence, and exception governance

Episode 13 — Control configuration drift with monitoring, remediation workflows, and change discipline

Episode 12 — Design secure configuration baselines that are measurable, repeatable, and realistic

Episode 11 — Prevent unapproved execution with allowlisting logic and tightly governed exceptions

Episode 10 — Detect unauthorized software quickly using discovery signals, baselines, and change patterns

Episode 9 — Establish software asset authority: approved lists, licensing realities, and control points

Episode 8 — Validate enterprise asset inventory quality with drift checks and audit-ready evidence

Episode 7 — Discover enterprise assets continuously using multiple sources and reconciliation discipline

Episode 6 — Define enterprise asset scope: what counts, why it matters, who owns accuracy

Episode 5 — Operationalize CIS Controls governance: owners, metrics, reporting, and accountability

Episode 4 — Map CIS Controls to major security standards and governance expectations

Episode 3 — Understand CIS Controls v8 history, purpose, and how the model is organized

Episode 2 — Build an audio-first study plan: recall cycles, review rhythm, and exam-day flow

Episode 1 — Decode the GCCC blueprint: domains, scoring, pacing, and what 71% demands