Jason Edwards
Certified - CCSP Audio Course
The Certified Cloud Security Professional (CCSP) Audio Course is your comprehensive, audio-first companion for mastering the (ISC)² CCSP certification—the global standard for cloud security expertise. Designed for professionals who learn best on the go, this Audio Course transforms the official exam domains into structured, accessible, and engaging lessons you can absorb anywhere. Each episode dives deep into the essential knowledge areas—covering cloud concepts, architecture, design, data security, platform and infrastructure security, application security, operations, and legal and complianc...
Author
Jason Edwards
Category
Podcast website
Latest episode
Oct 14, 2025
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Episode 100 — Emerging Regulations: AI, Sovereignty and Sector Rules 08.09.2025 33:36
The cloud landscape is constantly evolving, and regulations are racing to keep pace. This final episode explores emerging rules governing artificial intelligence, digital sovereignty, and sector-specific requirements in areas like healthcare, finance, and critical infrastructure. These developments will shape the future of cloud security practice, making adaptability a critical skill for professio...
Episode 99 — Records Management: Retention Schedules and Disposition 08.09.2025 34:12
Records management defines how information is retained, archived, and ultimately disposed of. In this episode, we cover how cloud systems enforce retention schedules, integrate with compliance requirements, and apply defensible disposition when data is no longer required. Poor records management not only creates legal risk but also inflates costs and complexity. On the exam, records management may...
Episode 98 — Intellectual Property: Licensing, OSS Use and Patents in Cloud 08.09.2025 35:25
Intellectual property concerns arise frequently in the cloud, where software, data, and designs may involve multiple stakeholders. This episode explores licensing models, use of open-source software (OSS), and patent issues that affect cloud adoption. We highlight why organizations must track licensing terms carefully and ensure OSS use complies with contractual and legal requirements. The CCSP ex...
Episode 97 — Legal for BCDR: Force Majeure, RTO/RPO and Notifications 08.09.2025 34:09
Business continuity and disaster recovery are not just technical exercises—they also carry legal obligations. This episode covers how contracts and laws address force majeure events, define Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO), and require notification to stakeholders when disruptions occur. These legal dimensions ensure that continuity planning is enforceable and acc...
Episode 96 — Ethics & Professionalism: Codes, Conflicts and Duty of Care 08.09.2025 34:35
Professionalism in cloud security goes beyond technical competence—it includes ethical conduct and adherence to codes of practice. This episode explains the ethical responsibilities of CCSP professionals, including conflict of interest management, duty of care, and adherence to industry codes such as the ISC2 Code of Ethics. We emphasize why trust, integrity, and transparency are central to the pr...
Episode 95 — Cloud Insurance: Coverage, Exclusions and Incident Costs 08.09.2025 34:50
Cyber insurance has expanded into cloud-specific policies, offering organizations financial protection against breaches, outages, and other incidents. This episode explores how cloud insurance is structured, including what is typically covered, common exclusions, and how claims are assessed. We discuss why organizations must carefully review policies to avoid gaps in coverage that leave critical r...
Episode 94 — Audit Readiness: Evidence Generation and Control Mapping 08.09.2025 36:22
Audits test whether organizations can prove compliance with standards and contractual obligations. In this episode, we discuss audit readiness in the cloud, focusing on evidence generation, control mapping, and continuous assurance. Documentation, automated reporting, and mapping provider controls to customer responsibilities all play vital roles in demonstrating compliance. The CCSP exam may incl...
Episode 93 — Third-Party Risk: Due Diligence and Continuous Monitoring 08.09.2025 35:35
Cloud adoption almost always involves third parties, and their risk becomes your risk. This episode explains how due diligence, contract clauses, and continuous monitoring are used to manage vendor relationships. We cover the importance of evaluating a provider’s certifications, financial stability, and security practices before onboarding, and why ongoing monitoring is just as critical as initial...
Episode 92 — Digital Evidence: Logging, Time Sync and Admissibility 08.09.2025 36:41
For evidence to be admissible in legal or regulatory contexts, it must be accurate, verifiable, and properly maintained. This episode explores how digital evidence is collected in cloud environments, focusing on logging, time synchronization, and data integrity. Logs must be complete, tamper-resistant, and tied to reliable time sources so investigators can reconstruct events. Without consistent ti...
Episode 91 — E-Discovery: Preservation, Collection and Production in Cloud 08.09.2025 36:11
E-Discovery obligations do not disappear in the cloud; in fact, they often become more complex. This episode explains how organizations must preserve relevant data during litigation, ensuring it cannot be altered or deleted once a legal hold is in place. We discuss the challenges of collection across distributed services, including multiple regions and third-party SaaS platforms, and highlight the...
Episode 90 — Privacy Regulations: Cross-Border Transfers and Consent 08.09.2025 37:20
Privacy regulations impose strict rules on how personal data is handled, especially in the cloud where cross-border transfers are routine. This episode explores the requirements for lawful transfers under frameworks such as GDPR, as well as consent obligations that ensure users’ rights are respected. We also discuss localization laws that may restrict where data can reside, creating architectural...
Episode 89 — Compliance Frameworks: ISO, SOC and Cloud-Specific Standards 08.09.2025 37:43
Compliance frameworks provide benchmarks for cloud providers and customers alike. In this episode, we cover widely adopted standards such as ISO 27001, SOC 2, and cloud-specific programs like CSA STAR. We explain how frameworks provide assurance to regulators, customers, and partners, while also reducing duplication of effort through recognized certifications. The exam often tests knowledge of com...
Episode 88 — Governance & Risk: ERM, Risk Appetite and Cloud Policies 08.09.2025 35:36
Governance provides the structure for aligning cloud security with business strategy. This episode explains how enterprise risk management (ERM) frameworks define risk appetite, set tolerance levels, and establish policies that guide cloud decisions. We examine how risk assessments inform governance structures and how policies translate high-level goals into enforceable rules. The CCSP exam often...
Episode 87 — Contracts & SLAs: Security, Privacy and Audit Clauses 08.09.2025 36:15
Contracts and service-level agreements (SLAs) form the legal foundation of cloud relationships. This episode explores how security, privacy, and audit clauses define accountability between providers and customers. We highlight the importance of specifying uptime commitments, incident response expectations, and audit rights to ensure transparency and enforceability. On the exam, contract questions...
Episode 86 — Domain 6 Overview: Legal, Risk and Compliance 08.09.2025 36:33
The sixth domain of the CCSP exam shifts attention from technical controls to the legal, risk, and compliance frameworks that govern cloud operations. In this episode, we introduce the core themes, including contracts, service-level agreements, international privacy rules, and regulatory obligations. While technical knowledge is essential, professionals must also navigate laws and standards that d...
Episode 85 — Service Catalog: Standard Builds and Self-Service Controls 08.09.2025 35:18
A service catalog provides pre-approved templates and builds that standardize cloud deployment. In this episode, we discuss how catalogs simplify operations, reduce risk, and accelerate adoption by giving users secure, vetted options. Self-service access is controlled through catalog entries, ensuring that only compliant resources can be launched without manual oversight. The CCSP exam often highl...
Episode 84 — Cost & Security: Guardrails for Spend with Least Privilege 08.09.2025 36:38
Cloud introduces new financial dimensions to security. This episode explores how cost optimization intersects with security, showing how excessive privileges or poorly controlled resources can drive unexpected expenses and risks. We explain how budgets, quotas, and automated guardrails ensure both financial discipline and security hygiene. Cost governance is increasingly seen as part of the shared...
Episode 83 — Business Continuity: Failover, Runbooks and Exercises 08.09.2025 34:43
Business continuity in the cloud goes beyond disaster recovery; it ensures that critical services remain available under any condition. In this episode, we cover failover strategies across regions, the creation of detailed runbooks that guide recovery actions, and the role of exercises in validating readiness. Continuity planning in the cloud benefits from provider redundancy but still requires cu...
Episode 82 — Access Reviews: Just-In-Time and Just-Enough Access Workflows 08.09.2025 33:48
Access control is only effective if it remains accurate over time. This episode explains how access reviews confirm that permissions align with roles and responsibilities, ensuring least privilege is preserved. We highlight advanced workflows such as Just-In-Time (JIT) access, which grants temporary credentials, and Just-Enough Access (JEA), which narrows rights to the minimal actions required. Th...
Episode 81 — Key & Secret Operations: Rotation, Expiry and Escrow 08.09.2025 27:57
Keys and secrets are not static assets; they must be actively managed to maintain security. In this episode, we explore operational practices such as regular rotation, enforced expiry, and escrow arrangements that ensure continuity in case of emergencies. Keys left unrotated for years become predictable targets, while secrets without expiration can outlive their intended use, creating hidden risks...
Episode 80 — Vulnerability Operations: Prioritization and Remediation at Scale 08.09.2025 28:32
Vulnerability operations extend beyond scanning, focusing on how findings are prioritized, tracked, and remediated across thousands of resources. This episode covers how risk-based prioritization ensures that critical flaws are addressed first, while less urgent issues are scheduled for later remediation. We also explore automation and orchestration in closing vulnerabilities at scale. Exam scenar...
Episode 79 — Configuration Management: Baselines and Continuous Compliance 08.09.2025 28:07
Configuration management goes hand in hand with posture and change management, ensuring systems remain aligned with secure baselines. This episode discusses how baselines are established, how continuous compliance tools monitor against them, and how automated remediation closes gaps quickly. In the cloud, where drift happens rapidly, configuration management is indispensable. On the CCSP exam, que...
Episode 78 — Change Management: Guardrails, Approvals and Exceptions 08.09.2025 27:41
Change management ensures that updates to cloud environments are controlled, predictable, and secure. In this episode, we explore how guardrails, approval workflows, and documented exceptions keep systems stable while still allowing agility. We highlight the tension between speed and control, showing how automation can reduce friction while preserving accountability. Exam questions may challenge y...
Episode 77 — Forensics in Cloud: Acquisition, Chain of Custody and Tools 08.09.2025 29:04
Forensics in the cloud is complicated by lack of physical access, but it remains essential for investigations. This episode examines how evidence is acquired from cloud platforms, how chain of custody is maintained, and which tools support forensic readiness. We emphasize that evidence must be gathered in a way that preserves integrity, even when dealing with ephemeral workloads. On the exam, fore...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.