CCT 172: Exploring Media Protection, Encryption, and Mobile Security for the CISSP (Domain 7.5)

What if AI could be your company's best asset—and its biggest risk? Join me, Sean Gerber, on this enlightening episode of the CISSP Cyber Training Podcast, where we journey through the essentials of cybersecurity with a particular focus on media protection techniques from Domain 7.5 of the CISSP ISC² training manual. We’ll also navigate the secure-by-design principles crucial in the age of artificial intelligence. With AI transforming large enterprises, I’ll share eye-opening statistics on its adoption and delve into the risks it brings, such as cloud misconfigurations leading to severe breaches. Plus, we’ll discuss the alarming rise of deepfake scams with a real-world example that shook a UK energy firm to its core.

Ever wondered how to choose the best data encryption method for your needs? This episode has got you covered! We’ll discuss various encryption techniques like AES, RSA, and ECC, and why it's essential to select the right one based on media type. Trust me, understanding key management and rotation is vital for maintaining data integrity, especially when dealing with cloud storage and third-party providers. I’ll also walk you through secure erasure methods, from the DOD 5220.22-M standard to physical destruction techniques like shredding and degaussing, ensuring your data truly becomes irretrievable.

Lastly, don’t miss our deep dive into mobile device protection. I’ll highlight the critical software and physical security measures necessary to defend your devices against threats, emphasizing the importance of regular updates and robust antivirus solutions. We’ll explore strategies for data encryption, backup, and recovery, and clarify the differences between MTBF and MTTF and their relevance to your systems. Wrapping up with the environmental factors affecting device usage and data management, this episode is packed with actionable insights to elevate your cybersecurity game. Tune in now to arm yourself with the knowledge necessary to protect your digital world!

Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

TRANSCRIPT

Speaker 1: 0:00 

Welcome to the CISSP Cyber Training Podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Sean Gerber and I'm your host for this action-packed, informative podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started. Let's go. Cybersecurity knowledge.

Speaker 2: 0:24 

All right, let's get started. Hey, I'm Sean Gerber with CISSP Cyber Training, and hope you all are having a wonderfully beautifully day today. Today we got some great things we're going to be talking about and you know it couldn't be better. Today I'm actually recording live. Well, you won't be live when you get the podcast, but I'm recording through my camper. I'm sitting in a small town of Spirit Lake, iowa. Yes, took the Labor Day weekend off and went to go hang out with my family a little bit. So I am in Spirit Lake, iowa and so that's pretty amazing actually and my daughter we're actually getting pretty excited from the Gerber household. I'm heading my daughter's off to basic military training for the Air Force and we're going to be going to see her in October. So things are just happening and we can't complain at all. But you're not here to hear about my life story and what's going on. You are here to learn about CISSP training and stuff that's going to help you with the cyber career that you so want to be with, and one of the parts we're going to be talking about today is media protection techniques, and this is going to be over Domain 7, 7.5 actually the current CISSP ISE squared training manual. But again, like we talk about with CISSP Cyber Training, all of this content whether the book changes doesn't change over time. This stuff is all relevant and very useful for you as you are gaining your CISSP and as you're gaining your cybersecurity career. So, again, head on over to CISSP Cyber Training. If you want this content, it'll be available to you. Just go check it out. A lot of great stuff.

Speaker 2: 1:53 

But before we get into that, we're going to get into an article. I saw that was on security intelligence and it's about how to embrace secure by design principles while adopting AI. Now, if you all are aware, I mean obviously artificial intelligence, the machine learning, language models. All of those key pieces are changing the way we do business in the IT space all over the world. It really is, and there's some really great stuff that's going to come out of this. I really do believe that this is going to be a game changer, especially for the security folks. But unfortunately, as we know, this is also being used by attackers in various methods to be able to manipulate and go down this path. So what we're going to talk about, just real quickly, is this article and it goes into the various aspects. I highly recommend you reading it and going over it and digesting it, because there's a lot of really good stuff in here, but I'm just going to kind of highlight the main things that came out of it. It's kind of stood out to me.

Speaker 2: 2:49 

Now they're tying in here. About 42% of all large enterprises have adopted AI and I would say, coming from my enterprise that I was in before we were in AI, the company that I'm working with now they're not so much into AI, but they understand they have to do something with it and both of those are extremely large enterprises, but you have to understand that it's going to continue to grow. They also said 30% of knowledge work activities in various sectors, including sales, marketing, finance and customer service, will be impacted with this automation. Totally see it going to happen. So, as a cybersecurity professional, you are going to need to understand how to deal with this. Well, one of the things that came up and I've seen this personally is the move to the cloud transformation piece of this and, as we get into AI, this cloud adoption is a huge part of what's going to happen with building out these programs for your organization.

Speaker 2: 3:43 

One of the things that comes out of the cloud transformation piece of this is the fact of disaster recovery, and there are ways to be able to deal with the potential high impact breaches that have come with this, because, from a disaster recovery standpoint, many folks have all of their data in the cloud. Well, as you have all of your data in the cloud and now it gets pwned, how do you deal with that? And it comes down to a situation where it can be extremely high profile, it can be extremely large and impactful to your organization. So they're saying here is that misconfigurations in the cloud will cost on average of about $4 million. Seen it, I experienced it. See it even today, where these cloud folks that are doing working in the cloud may not have full grasp of all the things that they're actually configuring within that. The reason I say all of this is that many of them believe that the AI piece of this is going to take advantage of this, and it's going to take advantage of how these misconfigurations are done, especially within the cloud. And so if you're going to be moving into this transformation space, whether it's AI on-prem, whether it's AI in the cloud, whether you're using that as a chat bot for helping your sales and marketing team, however, you're baking this into your overall organization, there are some key things for you to keep in mind. Now I say all of this this is, if you're listening to this podcast, you probably are well aware of many of these, but it's helpful to reiterate some of the challenges that you're going to run into with AI, whether it's on-prem again, like you have your own server stood up, or you have it in the cloud itself.

Speaker 2: 5:17 

Some of the things they brought up quickly are deepfake scans. This is where the UK they have an example of. The UK energy firm's CEO was duped into transferring about $200,000, believing he was speaking with his boss. This scam took deepfake technology and highlighted the fact that the AI was an AI-driven fraud issue. Data poisoning attacks this is where the attacker will corrupt the AI model and put in basically malicious data during its training processes model and put in basically malicious data during its training processes and which leads to erroneous outputs, something that could actually affect your company in certain different ways. And then another one is AI model exploits, and these are the vulnerabilities which we've seen, even with chat GPT, where these exploits are utilized against the AI models.

Speaker 2: 6:00 

So it's important for you to kind of just think about this If you're deploying AI within your environment. One, is it in the cloud? Is it configured correctly? Do you have ways to ensure that you're not going to get pwned by some of these other scams that may be occurring? And then, how much are you relying on it within your organization as well? Things that deal with the implications of AI security breaches obviously, financial loss, operational disruption that's a big one that I don't think we actually spend enough time on, but that's impacting your overall operational plan Reputational damage again, damage to your company's overall reputation in the business environment, and then also eroding customer trust and market share. All of those things are important that you may run into with dealing with a situation that may occur so well, how does this all come full circle?

Speaker 2: 6:48 

Well, the thing you need to consider when you're securing AI applications is how do you collect the data? How do you handle the data? That's one aspect. Two is what does your model development look like and the training behind it? And then model inferences and its live use, and one of the things. The first two are pretty obvious, right, but the third one is where you have to monitor your AI systems in real time to ensure that there's assessments being done to ensure that, if there's any issues, you are mitigating any potential risks. One, you detect them and then two, you're mitigating them. So it's a really great article and it goes into a little bit more detail from IBM standpoint and how they can potentially help you. But the overall point of this is, as a cybersecurity professional, you need to be aware of so many aspects and if you don't know, ask, and if you don't know, get research on it. So it's really really important for you to go down this path and to really kind of consider what is your overall game plan.

Speaker 2: 7:42 

Okay, so media protection techniques right. What does this mean? Well, as you know, there's various different media types that are going in within your organization and you need to understand how do you best protect them. So if you go to CISSP Cyber Training, this training deck is there, is available You'll actually be able to watch this video and it'll help you also add a little bit more context to this conversation. But on the podcast, unless you've got a self-driving car, I would not recommend looking at this. And even if you have a self-driving car, probably not a good idea to keep your eyes off the road right, just because you never know. Elon's had problems with his self-driving technology and you don't want to be one of the statistics. So let's get real quickly into media protection techniques.

Speaker 2: 8:26 

One is data classification and labeling. So, as you're looking at protecting your information, you really need to understand how do you get this data, how do you have granular control of the data? And this comes down to doing a couple different things. So when you're understanding data classification for your organization, it's extremely important that you do understand the level of data. What is it meant for, who is it meant for, what is the purpose behind it, and then what are some aspects around potentially labeling that information to ensure that it is properly used. So ways that you can get more into this, to get a granular look of your classification, is doing what we call a business impact analysis.

Speaker 2: 9:04 

Now we talk about BIAs in various formats. It could be from your operational standpoint, how much is this situation going to take? So you have a disaster recovery plan and you have an outage and you want to go. Well, I'm going to do a BIA to ensure how much of an output, how much of a problem this would be for my organization. You would do a BIA. Well, the same with data classification. You may want to look at the potential impact of data loss or exposure to determine what is the overall classification level for your data.

Speaker 2: 9:33 

You also want to look at contextual classification. So you have your basic data, but then you also want to understand the data sensitivity as a whole and also the regulatory requirements that go around that. So, as an example, say, contextual aspects I have data that is in a manufacturing facility. In this manufacturing facility the data if you were just to look at it on face value you would go, eh, it's not worth a whole lot from a guy that's a security guy not working on the plant floor. But if you talk to a VP of operations, he will say he or she will say, yeah, that's extremely important to us and therefore it needs to be protected in a better way. So it's understanding that you need to take the paradigm off of what you are understanding the data means and then try to put yourself in the shoes of the vice president of the person on the shop floor, whoever is a person that would deal with that data on a daily basis. When you work with them. You may figure out real quickly that this information is much more important than what you might think it might be. There's also regulatory requirements. So if you work for health care, you may have certain data that is regulated, that is managed by a government or someone else that is forcing you to put specific protections around it. So you need to understand the contextual classification aspects.

Speaker 2: 10:52 

Now, when we get into labeling, what are some best practices around labeling? The labeling is adding it where we've talked about various podcasts that you have a document and in this document is all of your super secret sauce that makes your stuff more important than everybody else. And I'd like to make the comment about it's either walmart or gucci, whatever takes your product from being the walmart type, the consumer base, to gucci. That is your secret sauce. Well, if you have specific types of data, that makes your secret sauce special, right, you want to have the label that label the data in a certain way. So you want to have consistency around how do you label your data. You also want to have visibility into making these labels visibly visible to users and to systems. So it may be as simple as you have a three ring binder that has this is super secret sauce, do not distribute. Or you may have that in a data form and then you maybe label your data so that it says super secret sauce, do not distribute. There's various pieces to that, but you also want to implement some level of automation around labeling this and also about detecting when you may have a potential data issue right, not necessarily a data breach, but a data discovery or a data incident. So it's important for you to really try to put that in perspective.

Speaker 2: 12:16 

The next one is data encryption. Now we've talked about this around from a data protection standpoint for your media is you need to incorporate some level of data encryption. Now, it's going to really depend a lot on the type of media that you're using. If you're using a USB stick, you will have, potentially, a. The encryption will be incorporated within the USB stick itself, and we talk about different FIPS brands. There's the FIPS standards and the 140,. There's 140-1, 140-2, 140-3. You want to make sure that you utilize the right format for your specific information. Now, that's using USBs. It could also be the fact is that you want to store your data in the cloud and then, therefore, you may use something called a hardware security module or an HSM to help ensure that the data is secure.

Speaker 2: 13:06 

One thing you need to consider as a security person is. If you are letting a third party, an outside entity, store your data, you really truly want to understand how are they protecting it? Do they have an HSM in place? If that HSM is in place, who has access to the keys to this HSM? Is this HSM serving multiple clients? Is it just me as your client, or is it multiple clients? So the bottom line is that if someone were to get access to that HSM, they now get access to my data and everybody else's data potentially. Those are considerations you need to think about as a security professional going do I want to put my very sensitive information with these people?

Speaker 2: 13:46 

Another one is key rotation. Regularly rotate the keys to ensure that you reduce the risk of compromise. It's like if you have a key to open up the closet and you have this key. Actually, it's a better example. So you're in a high school and in the high school the janitor's got all the keys on their little key chain. But the janitor's been there since 1970. Okay, so he's like really old, but he's got all the keys and guess what? The keys have never changed. And he also didn't tell you that the janitor's lost the keys more than one time. So, since the keys haven't changed, the janitor's old and forgot what he's doing. I say that saying tongue in cheek, right, I think that's the term because I'm old. But the bottom line is that you can't trust those. You need to rotate the keys to mitigate potential risks of compromise.

Speaker 2: 14:34 

Now we've talked about different encryption standards. You've got AES, you've got RSA and you've got ECC. Your AES is your Advanced Encryption Standard Okay, it's widely used. Rsa is your Revis, schemmer, alderman, and that's a popular asymmetric key that's being used. And then ECC that is also being properly used as well. Different types of encryption standards that are available. And then we have a whole new podcast just specifically on the different types of encryption standards that are available. And then we have a whole new podcast just specifically on the different types of encryption standards. But you need to consider which one are you using and does it best meet the needs of the media that you're trying to protect?

Speaker 2: 15:09 

Data sanitization Okay, what is that? Now? That's when we're going to look at sanitizing the data that's on the device itself. Now this can be done in a couple different ways. It could be done through secure erasure or it could be done through physical destruction. What is secure erasure. Well, that we've talked about in the past, where you have and if you go to CISSP Cyber Training, in the training that I have available to you, you have the ability to have overriding patterns. Now there's a DOD standard that's out there DOD 5220.22-M okay and it's designed to overwrite data.

Speaker 2: 15:41 

Multiple times when I worked in a classified space you had to have, if you were going to deal with any sort of hard drives that were going to be reused. Potentially you would have to run through and do a overwrite. But it even got to the point where, if you were doing a classified like I say, top secret hard drive, you would still do the overwrite and then you would put them in some sort of physical destruction aspect where you were shredding, incinerating, degaussing, whatever it might be, with the thought process, and you might be asking well, if you're going to shred it, why do you need to erase it with ones and zeros? Because you never know if somebody were to accidentally not put it in the shred pile and they put it in the keep pile. So the goal then is that if you overwrite it and it for some reason makes its way out of the shred pile, it's at least been overwritten Cryptographic erasure. This is again where you use cryptographic techniques to overwrite data with random or pseudo-random values. But the point of secure erasure is using a data-driven product, an IT-based product, to physically overwrite the information that's on there, making it useless.

Speaker 2: 16:47 

The other option is a physical destruction, which we talked about the shredding. You get big, cool, nasty shredders that will just shred anything, including your hand, and you drop stuff in there and it just pulverizes, it turns it into dust. It's amazing incineration. This actually burns it right. So my kids would love to burn stuff. My son just loved burning. So you destroy it by burning it and then degaussing. Obviously you run it through a very large magnetic field and you just, if you're dealing with a hard disk drive, it just ruins it. Now an sdd, on the other hand, this will work. So you have to understand the media, that which you're using and which the product in which you're going to try to destroy it SDDs. You know your solid state, kind of just basically a chip, that thing. You want to shred it because degaussing it ain't going to work. If you got platters that are using an old hard disk drive, yes, that's where the degaussing piece comes into play. So you got to understand the media itself. Secure erasure standards we got the NIST 800-88, the ITU-T. Each of these one will provide the secure data methods based on NIST, the National Institute of Technology standards, and then the data deletion standards is based on ITU-T.

Speaker 2: 18:00 

There's different data recovery challenges that you may run into and one of those is a physical damage right. So I've seen it before and I've had it happen to me, where you have a hard drive and you can't get the data off of it. One of the techniques was throw it in the freezer and then, hopefully, you plug it in. It will work. Yeah, not so much, but it could. The other part that runs into situations is multiple overwrites can significantly reduce the chances of a successful recovery. If you're dealing with a hard disk drive and you're using it a lot over time, those platters become degraded and therefore they become very hard to use. Data fragmentation, again that's where you have the data. That's typically on a hard disk drive. They go and it has a pattern, but for whatever reason, due to the software, the data might be fragmented. It might be potentially not useful I can't think of the right term, but those are aspects that you may run into when you're trying to recover the data and it doesn't work.

Speaker 2: 18:55 

So again, data protection. You need to understand if you're dealing with old stuff, what do you want to do to protect it? Also, can you recover it from a situation? If you can't, if you need to? So, media handling and storage some key things to consider. You got your environmental controls. You got storage, best practices, environmental controls, temperature, humidity Again, all of those keeping them at an optimal condition will prevent media degradation, dust and contaminants. Obviously you want to protect it from all of those things. One thing we ran into when I was in the desert during desert storm is the fact that when folks were having hard drives in this really fine dust yeah, electronics do not like that very well at all, so you got to watch out for the dust and contaminants.

Speaker 2: 19:41 

Physical security You've also got to ensure that these devices are connected to something so that they don't just get legs and walk off. You need to ensure that they are protected in that regard. Do you lock up the hard drives at night? Do you lock up the computers at night? How do you maintain your media handling and storage of that? Things to think about when you're storing hard drives. Obviously, store backups in secure locations away from primary sites.

Speaker 2: 20:05 

Media rotation, which means you should regularly rotate media or devices so that you prevent wear and tear reductions. And this could be as simple. You're talking an SDD, so let's just say, example you have a one terabyte hard drive. If you plug that thing into your computer on a routine basis, just the plugging in of a USB-C, that will end up causing wear. It'll cause breakage. So therefore, if you're going to be unplugging and plugging things in, you rotate this whole process Inventory management, ensuring you have accurate records and media storage of your locations. Again, maintaining a positive control of all of this is crucial for your media storage of your locations. Again, maintaining a positive control of all of this is crucial for your overall protection of your data.

Speaker 2: 20:46 

Digital forensics so when you're dealing with digital forensics, it's also important that you keep the data as well, and this comes down to document handling and transferring of evidence to maintain integrity. Preservation techniques using write blocking devices to prevent accidental modifications of evidence. So if you're now you're in a forensic case ability or forensics product and you are trying to look at ways to you're part of that team you want to put in some level of protections around these hard drives to protect them from accidental erasure, accidental adding of data. So we talk about the chain of custody process, which we've had to in various podcasts. If you are having positive control of your data and of your hard drives, you need to ensure that that data is properly protected. Is it in a caged environment? Is it a check-in, check-out policy? Who has access to the cage? Who has access to the data? Are there accurate records on when this was done? All of those things have to be in place to prevent potential issues, especially from a digital forensic standpoint, far from an analyzing standpoint, forensic software that goes in and just basically uses like a vacuum cleaner and sucks up all the information. It has to employ special ways and special techniques to show that it doesn't write to the data that it's protecting the USB drive. One of the examples that comes into is when you use a USB or a hard drive, you would copy the data from one hard drive to another and any sort of forensics would be done on the copy, not on the original. Again, that has to all play out in the overall plan within the court system when you're dealing with chain of custody.

Speaker 2: 22:29 

File carving is another part of analysis tools is that you can recover deleted or fragmented files from storage media. Is there a way to do that when you're dealing with network forensics? Can you recover deleted or fragmented files from storage media? Is there a way to do that? When you're dealing with network forensics, can you modify or analyze the network traffic using, maybe, full packet captures, and then you can potentially use that information to help you build out a better case? So, again, all of those pieces run into the overall plan around media protection, things you got to think about with digital forensics legal considerations, obviously right, search warrants, electronic discovery or e-discovery. You got to make sure you have the legal side on your case when you do this. The point, though, is is that, even with media protection, physical protection is part of it, but you also have to have the paperwork that goes behind it to ensure that you're properly tracking and protecting the information, both from a physical standpoint and an overall contextual standpoint.

Speaker 2: 23:23 

So how do you deal with mobile devices? We're going to talk about mobile devices around media protection and then also MTTF. So MTTF is mean time to failure, and this is a measure of reliability indicating the average time a device is expected to operate before it specifically fails, and they talk about this in the ISC squared and the CISSP, between MTTF and MTBF and we'll get into MTBF in just a minute. But MTTF is, when considering media protection for mobile devices especially. You need to understand how it plays an important role in overall ensuring the data integrity and the availability of the overall device. So meantime to failure, that's when it doesn't work anymore, all right, and that's the measure of reliability, indicating the average time the device is expected to operate before it completely goes dead.

Speaker 2: 24:13 

So when you're dealing with MTF and mobile devices, you need to understand physical protection and software security. Obviously, physical protection deals with cases, covers all those things, screen protectors all that path goes into MTF. Software security is another part of this is ensuring that you have regular updates, antivirus, malware protection. All of those pieces go into the protection of mobile devices as well, and when I say mobile devices, that doesn't just necessarily mean phones. Could be tablets, could be USB sticks, anything that is a mobile type of connector. I've got a one terabyte hard drive that sits on my desk right now. That would fall under the mobile device kind of capability. What am I doing to ensure that it's protected?

Speaker 2: 24:56 

So you'll need to also understand do you put data encryption on these devices. Is it a full device encryption? Is it a partial device encryption? Is your laptop, does it have BitLocker on it? Does it have Apple's version of that? Is your cloud storage, which your computers sync to? Is that encrypted as well? So those are other factors to think about when you're dealing with mobile device protection, which is obviously media protection, which all falls under. Is it going to be protected? Right? Backup and recoveries Are you having regular backups? Are your backups encrypted? What are your recovery plans? How do you plan to recover the data in the event of device failure or data loss, which falls into the MTTF, right? So if you know that a laptop you'll get two years out of it, how are you going to deal with all the data that's on there after two years and it fails? Do you have a plan to deal with that specifically? Also understand, when you're dealing with mobile devices, what are the usage habits behind this. Is it used in hot temperatures? Is it used in the desert? Is it used underwater? That would probably not be too good if it's being used underwater. Is it being used in the snow? Is it being used in a humid environment? All of those things have to be considered to ensure that you can then figure out is the data best protected and what is the potential mean time to failure.

Speaker 2: 26:11 

Now the one thing I talk about is MTTF versus MTBF, and that you'll see this in the ISC squared book. They talk about MTBF. What does that mean? So MTBF, which is your Mike Tango, bravo, foxtrot, versus MTTF, which is Mike Tango, tango, foxtrot. Both are metrics used to measure the reliability of the system. They're often used interchangeably, but there is a distinct distinction between the two. So if you see MTBF and MTTF, know which you might have to see a question on this the differences between them.

Speaker 2: 26:46 

Mtbf deals that it is applicable to repairable systems. Mttf Mike Tango, tango, foxtrot, versus Mike Tango, baker, foxtrot, bravo, foxtrot is different in the fact that MTBF is a repairable system. Mttf is not repairable. Mtbf, as in Bravo, predicts the potential future failures. And so, for an example, we'll say a server. The mtbf would indicate the average time between hardware failures that can be repaired. Mttf would say that's when it's dead. You can't ever repair it, ever again. So you just need to understand. If you hear see a question based on mttf versus mtbf, you need to understand the differences and that will help with the context of the overall question. So again, mttf is applicable to non-repairable systems. It predicts the end of life of the system and, for an example with that would be a disposable battery, the MTTF would indicate the average time before it completely fails and can no longer be used. That would fall under MTTF. So again, key little nugget MTBF, the systems can be repaired. Mttf, the systems cannot be repaired. Keep things to keep in mind.

Speaker 2: 28:06 

Okay, that's all I've got. It was down and dirty pretty quick for you, I know, but you know what I just got to go through a lot of information at you as fast as I can, because I know you guys are studying for your CISSP. I get lots of feedback. Please keep sending me any feedback you have. I'll answer your emails you may have, but send them to contact at cisspcybertrainingcom. I'm happy to answer the questions if I have time, more than happy to do so. I'm getting a lot of great feedback from people who've passed their CISSP the first time and the podcast has been beneficial to them. I'm not telling you to point fingers at me saying I'm anything. I'm great by any stretch of the imagination. It's the opposite of that. The ultimate goal is I'm very excited that people are getting value out of this podcast and value out of my products.

Speaker 2: 28:49 

Putting a plug in for my products Again, if you go to CISSP Cyber Training and you purchase any of my products, they all go to a nonprofit. So just knowing the fact that there isn't some guy sitting in Kansas getting rich off of this, that ain't the case. We are. The ultimate goal is to give you great information at a low price basically free or a very low price and give you the information you need to be successful in your CISSP.

Speaker 2: 29:12 

But I also want to let you know that I'm here for you and your CISSP. But I also want to let you know that I'm here for you as your CISSP journey grows, because I got a lot of guys that contact me that have been around for a while and they are senior people within their organization that are trying to figure out what they want to do with security and how they want to incorporate that within their organization. I'm here for you there as well, so you can go to also reducecyberriskcom and you can check out anything we have there to help you and your company. Got to put the plugs in right. Just got to do it All right, have a wonderful, wonderful day, and we will catch you on the flip side, see ya