최고 Comptia Security 팟캐스트 (2025)

1
Welcome to the SEC+ Audio Course 1:54

7d ago1:54

1:54

Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world takeaways. In this trailer, you’ll hear the show’s promise, the format you can expect, and a sneak peek at the kinds of stories, tips, and expert insights coming your way. Hit follow to get new episodes…

1
Episode 221: Developing and Executing Security Awareness Programs (Domain 5) 18:41

4M ago18:41

18:41

Security awareness programs don’t happen by accident—they’re built with intent, tested with feedback, and refined over time. In this final episode of the series, we walk through how to develop and execute a successful awareness program, from defining goals and identifying target audiences to choosing content formats and delivery methods. We discuss…

1
Episode 220: Security Reporting and Monitoring (Domain 5) 18:01

4M ago18:01

18:01

A well-informed workforce should be empowered not just to avoid risk—but to report it. In this episode, we explore how organizations build clear, accessible reporting channels that encourage employees to share suspicious activity, policy violations, or near misses without fear of reprisal. We also examine how recurring reports—like monthly phishing…

1
Episode 219: Hybrid and Remote Work Security Awareness (Domain 5) 17:16

4M ago17:16

17:16

Remote and hybrid work models create new layers of security complexity—blending corporate environments with home networks, personal devices, and cloud-first workflows. In this episode, we explore the core topics of remote work security awareness, starting with safe home Wi-Fi configurations, strong authentication, and VPN use for secure connections…

1
Episode 218: User Guidance and Training (Part 3) (Domain 5) 17:32

4M ago17:32

17:32

Security training must evolve with the threat landscape—and that means addressing common but high-risk topics like removable media, social engineering, and operational security (OPSEC). In this episode, we explain how removable media—like USB drives and external hard drives—pose significant threats when plugged into unmanaged or infected systems. W…

1
Episode 217: User Guidance and Training (Part 2) (Domain 5) 17:38

4M ago17:38

17:38

Beyond basic policy understanding, users need targeted training in key risk areas that attackers frequently exploit—especially insiders, passwords, and privileged access. In this episode, we focus on insider threat awareness, teaching employees how to recognize red flags like excessive access, unusual behavior, or data hoarding by peers. We also co…

1
Episode 216: User Guidance and Training (Part 1) (Domain 5) 17:33

4M ago17:33

17:33

Users are often the first and last line of defense in cybersecurity, and their success depends on clear guidance and ongoing training. In this episode, we focus on policy awareness and handbooks, which provide employees with a foundational understanding of acceptable use, access controls, device handling, and reporting expectations. We explore how …

1
Episode 215: Anomalous Behavior Recognition (Domain 5) 18:18

4M ago18:18

18:18

Cyber threats often hide in plain sight, masquerading as normal user activity until they trigger something unexpected—and that’s why recognizing anomalous behavior is such a valuable skill. In this episode, we explore how to identify risky, unexpected, or unintentional actions that may indicate insider threats, compromised accounts, or social engin…

1
Episode 214: Effective Phishing Awareness (Domain 5) 18:17

4M ago18:17

18:17

Phishing remains one of the most effective—and dangerous—forms of cyberattack because it targets people, not systems. In this episode, we explore how to build an effective phishing awareness program that trains employees to recognize and report suspicious messages before damage is done. We discuss how simulated phishing campaigns help reinforce tra…

1
Episode 213: Reconnaissance Techniques (Domain 5) 17:59

4M ago17:59

17:59

Reconnaissance is the first phase of any attack—and the first opportunity for defenders to detect malicious intent. In this episode, we break down both passive and active reconnaissance techniques used by ethical hackers and adversaries alike. Passive recon relies on publicly available data, such as DNS records, social media, job postings, WHOIS da…

1
Episode 212: Penetration Testing Environments (Domain 5) 17:25

4M ago17:25

17:25

The value of a penetration test is closely tied to how realistic the environment is—and in this episode, we examine the types of environments in which pen tests are conducted: known, partially known, and unknown. A known environment test, also called white-box testing, gives the tester full knowledge of systems, code, or architecture—allowing them …

1
Episode 211: Fundamentals of Penetration Testing (Domain 5) 18:14

4M ago18:14

18:14

Penetration testing goes beyond identifying vulnerabilities—it simulates real-world attacks to see how systems, defenses, and teams hold up under pressure. In this episode, we explore the foundational concepts of penetration testing, starting with physical tests that assess physical security through social engineering, badge cloning, or simulated i…

1
Episode 210: External Audits and Assessments (Domain 5) 18:40

4M ago18:40

18:40

External audits provide an independent review of an organization’s security and compliance posture, often driven by regulatory mandates, certification requirements, or contractual obligations. In this episode, we explore different types of external audits and assessments, starting with regulatory audits that evaluate adherence to laws like HIPAA, P…

1
Episode 209: Internal Audit Structures (Domain 5) 18:43

4M ago18:43

18:43

The effectiveness of internal audits depends not just on what’s reviewed, but on how the audit function is structured within the organization. In this episode, we examine audit committees—teams responsible for planning, conducting, and overseeing internal audits to ensure objectivity and alignment with organizational goals. We discuss how committee…

1
Episode 208: Attestation and Internal Audits (Domain 5) 18:25

4M ago18:25

18:25

Attestation and internal audits are two of the most powerful tools for ensuring your security program is functioning as intended. In this episode, we start by exploring attestation—formal declarations that certify compliance with policies, procedures, or external frameworks. Attestations are used in vendor contracts, employee training, and system c…

1
Episode 207: Data Management and Compliance (Domain 5) 17:24

4M ago17:24

17:24

Effective data management is critical for both operational success and regulatory compliance, and in this episode, we explore how organizations maintain control over what they collect, where it’s stored, and how long it’s retained. We begin with the concept of data ownership—assigning clear accountability for specific datasets to ensure someone is …

1
Episode 206: Privacy and Legal Implications of Compliance (Domain 5) 20:19

4M ago20:19

20:19

Privacy and compliance are deeply intertwined, especially as global regulations push organizations to safeguard personal data across jurisdictions. In this episode, we examine how privacy laws operate at local, national, and international levels—highlighting frameworks like GDPR in Europe and CCPA in California, and exploring how they shape data co…

1
Episode 205: Data Inventory, Retention, and the Right to Be Forgotten (Domain 5) 18:43

4M ago18:43

18:43

Managing personal data effectively starts with knowing exactly what you have, where it lives, how long you keep it, and what rights users have over it. In this final episode, we explore how to build and maintain a data inventory that tracks types of data collected, processing activities, access permissions, and storage locations. We also discuss re…

1
Episode 204: Privacy Laws and Global Compliance (Domain 5) 18:01

4M ago18:01

18:01

Data privacy is no longer just a legal issue—it’s a global business imperative, and this episode explores the complex and evolving landscape of privacy laws. We cover key regulations such as the European Union’s GDPR, California’s CCPA, Brazil’s LGPD, and other region-specific rules that govern how personal data is collected, processed, stored, and…

1
Episode 203: Attestation and Acknowledgement in Compliance (Domain 5) 19:08

4M ago19:08

19:08

Attestation and acknowledgement are critical for ensuring that individuals and third parties formally understand and accept their roles in maintaining security and compliance. In this episode, we explain how attestation involves signing a formal statement that certifies understanding or adherence—used in contexts like security training, policy acce…

1
Episode 202: Consequences of Non-Compliance (Domain 5) 19:31

4M ago19:31

19:31

Failing to meet regulatory or contractual obligations can carry severe consequences, both financially and reputationally. In this episode, we break down the real-world impacts of non-compliance—including fines, sanctions, lawsuits, contract termination, and loss of certifications or business licenses. We examine examples where organizations were pe…

1
Episode 201: Effective Compliance Reporting (Domain 5) 18:34

4M ago18:34

18:34

Compliance reporting ensures that an organization can demonstrate adherence to regulatory, contractual, and internal security requirements—and in this episode, we explore how to make it both accurate and efficient. We cover internal reporting practices, such as monthly compliance dashboards and policy enforcement summaries, as well as external repo…

1
Episode 200: Ongoing Vendor Monitoring and Engagement (Domain 5) 18:58

4M ago18:58

18:58

Vendor risk doesn’t stop after the contract is signed—ongoing monitoring and relationship management are critical for maintaining visibility and accountability. In this episode, we explore how organizations track vendor performance through periodic assessments, SLA reviews, compliance reports, and security questionnaires. We highlight how to use co…

1
Episode 199: Agreement Types and Contractual Security (Domain 5) 18:08

4M ago18:08

18:08

Contracts are one of the most powerful tools in managing cybersecurity obligations, and in this episode, we break down the types of agreements that define roles, responsibilities, and expectations with external parties. We cover Service-Level Agreements (SLAs), which outline performance and availability targets; Memorandums of Understanding (MOUs) …

1
Episode 198: Vendor Risk and Supply Chain Considerations (Domain 5) 19:11

4M ago19:11

19:11

A growing portion of cybersecurity risk now comes from outside the organization—specifically, through third-party vendors, suppliers, and service providers. In this episode, we examine how to assess and manage vendor risk across the full lifecycle, starting with due diligence during procurement and continuing through onboarding, monitoring, and off…

1
Episode 197: Mean Time Metrics and System Resilience (Domain 5) 20:03

4M ago20:03

20:03

System resilience depends not only on planning but on measurable performance—and in this episode, we explore four key metrics that define how systems behave under failure: Mean Time to Repair (MTTR), Mean Time Between Failures (MTBF), Mean Time to Detect (MTTD), and Mean Time to Respond (MTTR—the other one). MTTR (repair) reflects how long it takes…

1
Episode 196: Understanding Recovery Objectives (Domain 5) 17:48

4M ago17:48

17:48

Recovery objectives define how quickly and how completely a system must return to functionality after a disruption—and in this episode, we explore two of the most critical metrics: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO sets the maximum allowable downtime before business operations suffer unacceptable consequences, wh…

1
Episode 195: Business Impact Analysis (Domain 5) 20:14

4M ago20:14

20:14

Business Impact Analysis (BIA) is the foundation of business continuity and disaster recovery planning, helping organizations understand which processes matter most and how downtime affects operations. In this episode, we break down how BIAs identify critical systems, estimate recovery time objectives (RTOs) and recovery point objectives (RPOs), an…

1
Episode 194: Risk Reporting and Communication (Domain 5) 19:23

4M ago19:23

19:23

Risk is meaningless if it isn’t communicated effectively—and in this episode, we focus on how risk reporting bridges the gap between technical findings and business leadership. We explore how to craft reports that align with the audience: dashboards and trend lines for executives, technical remediation plans for IT, and regulatory compliance summar…

1
Episode 193: Risk Management Strategies (Domain 5) 20:03

4M ago20:03

20:03

Once risks are identified and analyzed, organizations must decide how to respond—and in this episode, we examine the five primary risk management strategies: mitigate, transfer, accept, avoid, and exempt. Mitigation involves applying controls to reduce risk impact or likelihood, such as enabling MFA or installing endpoint protection. Transferring r…

1
Episode 192: Risk Appetite, Tolerance, and Thresholds (Domain 5) 19:12

4M ago19:12

19:12

Every organization must decide how much risk it is willing to accept in pursuit of its goals—and this decision informs every security investment, policy, and control. In this episode, we break down the concepts of risk appetite (what you’re willing to pursue), risk tolerance (what you’re willing to withstand), and risk thresholds (the hard lines th…

1
Episode 191: Risk Registers and Key Risk Indicators (Domain 5) 19:42

4M ago19:42

19:42

Managing risk at scale requires tools that provide structure and visibility, and in this episode, we examine two of the most important: risk registers and key risk indicators (KRIs). A risk register is a living document that catalogs identified risks, their likelihood, potential impact, status, ownership, and mitigation plans. It enables organizati…

1
Episode 190: Risk Analysis and Scoring (Domain 5) 19:38

4M ago19:38

19:38

After risks are identified, they need to be analyzed and prioritized—and that’s where risk scoring comes in. In this episode, we break down both qualitative methods (like high/medium/low ratings and heat maps) and quantitative techniques (like Single Loss Expectancy, Annualized Loss Expectancy, and Annualized Rate of Occurrence). We explain how the…

1
Episode 189: Conducting Risk Assessments (Domain 5) 20:00

4M ago20:00

20:00

Risk assessments provide the data organizations need to make informed security decisions, and in this episode, we explore the different types of assessments and how they’re conducted. We start by comparing ad hoc, recurring, one-time, and continuous assessments, each of which serves different operational or compliance needs. We explain how to scope…

1
Episode 188: Risk Management Fundamentals (Domain 5) 22:13

4M ago22:13

22:13

Risk management is the engine that drives strategic decision-making in security, helping organizations focus their efforts on what matters most. In this episode, we explain how to identify risks, evaluate their likelihood and impact, and decide whether to accept, avoid, mitigate, or transfer them. We cover key concepts like threat, vulnerability, a…

1
Episode 187: Governance Structures and Roles (Part 2) (Domain 5) 20:53

4M ago20:53

20:53

Having a governance structure is only the beginning—the real value comes from clearly defining roles and responsibilities within that structure. In this episode, we examine the key roles involved in managing data and systems securely, including data owners, custodians, stewards, processors, and controllers. Data owners are responsible for setting c…

1
Episode 186: Governance Structures and Roles (Part 1) (Domain 5) 20:36

4M ago20:36

20:36

Security governance relies on a clear structure that defines how decisions are made, who enforces them, and how oversight is maintained. In this episode, we explore governance structures such as boards, steering committees, and cross-functional security councils, each playing a role in shaping strategy, prioritizing risks, and allocating resources.…

1
Episode 185: Monitoring and Revising Governance Policies (Domain 5) 21:02

4M ago21:02

21:02

Security policies must evolve with technology, threat landscapes, and business goals—and that’s why continuous monitoring and revision are essential. In this episode, we explore how organizations maintain governance effectiveness by regularly reviewing policies, tracking their implementation, and auditing their relevance. We cover methods like poli…

1
Episode 184: External Security Governance Considerations (Domain 5) 20:59

4M ago20:59

20:59

Security doesn't operate in a vacuum—organizations must navigate a complex web of external considerations that shape how security is governed. In this episode, we explore regulatory requirements (like GDPR, HIPAA, and PCI-DSS), industry standards, and legal obligations that influence security architecture, policies, and practices. We also cover how…

1
Episode 183: Procedures and Playbooks (Domain 5) 21:31

4M ago21:31

21:31

Procedures and playbooks are the operational backbone of a mature security program—translating policy into detailed, repeatable steps for responding to specific threats or performing security tasks. In this episode, we explain the difference between general procedures (e.g., user onboarding or access review) and incident-specific playbooks (e.g., m…

1
Episode 182: Security Standards and Physical Controls (Domain 5) 21:25

4M ago21:25

21:25

Standards and controls turn high-level policy into actionable, enforceable security, and in this episode, we explore how physical controls and documented standards create consistent, measurable protection. We discuss the value of security standards like password complexity requirements, encryption levels, and access review intervals that ensure sys…

1
Episode 181: Incident Response Policies and Procedures (Domain 5) 22:32

4M ago22:32

22:32

An effective incident response program starts with well-defined policies and procedures that guide every action, role, and escalation during a security event. In this episode, we explore the components of an incident response policy—covering scope, roles, definitions, response timelines, and classification levels. We then break down procedures into…

1
Episode 180: Key Security Policies and Standards (Domain 5) 22:40

4M ago22:40

22:40

Policies and standards are the written expression of an organization’s security expectations—and in this episode, we explore how they’re developed, communicated, and enforced. We cover essential policies such as Acceptable Use Policies (AUPs), information security policies, disaster recovery policies, and software development lifecycle (SDLC) stand…

1
Episode 179: Introduction to Security Governance (Domain 5) 22:31

4M ago22:31

22:31

Security governance is the blueprint for how an organization manages its security strategy, aligns it with business goals, and ensures accountability across all levels of operation. In this episode, we introduce the core elements of effective governance, including the development of security policies, acceptable use standards, change management pro…

1
Episode 178: Introduction to Domain Five — Security Program Management and Oversight 24:12

4M ago24:12

24:12

Cybersecurity isn’t just about blocking attacks and managing firewalls. It’s also about building policies, assessing risk, managing vendors, and aligning security with the overall goals of the business. That’s the focus of Domain Five: Security Program Management and Oversight. This domain gives you the big-picture understanding of how security fit…

1
Episode 177: Packet Captures in Investigations (Domain 4) 22:43

4M ago22:43

22:43

Packet captures are the most detailed and revealing form of network data available to defenders—showing not just what happened, but exactly how it happened, byte by byte. In this episode, we explain how tools like Wireshark and tcpdump allow analysts to capture and inspect network packets for signs of malicious activity, protocol abuse, data leakag…

1
Episode 176: Dashboards and Visualization Tools (Domain 4) 22:10

4M ago22:10

22:10

A well-designed dashboard can turn complex security data into fast, actionable insight—and in this episode, we explore how visualization tools help analysts, engineers, and executives understand the health of their security environments at a glance. We discuss how dashboards consolidate metrics like open vulnerabilities, login anomalies, firewall e…

1
Episode 175: Vulnerability Scan Data and Automated Reporting (Domain 4) 20:48

4M ago20:48

20:48

Vulnerability scan data is only useful when it’s collected, organized, and presented in a way that drives action—and this episode explains how automated reporting transforms raw scan results into operational intelligence. We begin by examining the structure of scan output: severity levels, CVSS scores, affected assets, and remediation recommendatio…

1
Episode 174: Leveraging Log Data (Part 2) (Domain 4) 23:29

4M ago23:29

23:29

In this continuation of our log analysis discussion, we shift from collection to interpretation—examining how different data sources support threat detection, forensic investigation, and compliance reporting. We explore how packet capture tools, vulnerability scanners, dashboards, and automated reports enrich raw logs with context, allowing for fas…

1
Episode 173: Leveraging Log Data (Part 1) (Domain 4) 24:27

4M ago24:27

24:27

Logs are the record books of your infrastructure, capturing who did what, when, and where—and in this episode, we explore how to extract value from them. We start with common log types including firewall logs, application logs, operating system logs, and security-specific logs like authentication events, audit trails, and IDS alerts. Each source pr…

들어볼 가치가 있는 팟캐스트

Comptia Security 팟 캐스트

들어볼 가치가 있는 팟캐스트

빠른 참조 가이드