Browser security can feel like a small detail compared to network diagrams and cloud architectures, but for most people in your organization, the browser is where the real work happens. In this audio edition of our Tuesday “Insights” feature from Bare Metal Cyber Magazine, we walk through the essentials of browser security with a practical focus on extensions, cookies, and everyday web risks. You will hear how browser protections fit alongside endpoint, identity, and application security, and why a few small choices in the browser can change the outcome of a bad click.

Across this episode, we explore how modern browsers try to protect users, where extensions can either help or hurt, and how session cookies shape what attackers can do if they get a foothold. We look at everyday use cases you will recognize from your own environment, from managed work profiles to extension allowlists and browser isolation for risky tasks. You will also get an honest view of the benefits, trade-offs, and common failure modes, along with practical signals that show when browser security is actually working instead of just being written into a policy.

ITIL Foundation (Version 5), or ITIL 5 Foundation, is a practical starting point for understanding how modern technology work becomes organized, reliable, and valuable to the business. In this narrated version of my Monday “Certified” feature from Bare Metal Cyber Magazine, we walk through what the certification is, who it is for, what kind of thinking the exam rewards, and why service management fluency matters for early-career IT, cybersecurity, cloud, support, and governance professionals.
This episode also explains where ITIL 5 fits in a broader career path, especially for people moving from technical task work into service delivery, operations, coordination, or management. We also touch on how the Bare Metal Cyber Academy can support structured preparation through flexible certification resources, including audio-based review, guided study, and focused recall practice for busy professionals.

The GIAC Critical Controls Certification (GCCC) is a practical credential for professionals who want to understand how security controls become real defensive work. In this narrated version of my Monday “Certified” feature from Bare Metal Cyber Magazine, we walk through what the certification is, who it is built for, and why the CIS Critical Security Controls matter for security analysts, IT administrators, auditors, risk professionals, consultants, and early-career cybersecurity learners.
This episode also explains what GCCC really tests, including control purpose, implementation thinking, audit awareness, and the ability to connect security tasks to measurable risk reduction. You will hear how the credential fits into a broader career path and how learners can prepare with a balanced mix of reading, review, practice, and flexible study support through the Bare Metal Cyber Academy.

Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) both promise better application security, but they look at your systems in very different ways. In this audio Insight, we walk through what SAST and DAST actually are, where they sit in your development and delivery stack, and how they turn real code and real traffic into security findings. You will hear a clear, vendor-neutral explanation of how each approach works, from early pipeline scans on source code to live probing of running applications in test or staging environments.

The narration follows the Tuesday “Insights” feature from Bare Metal Cyber Magazine and focuses on practical use. We explore everyday use cases, quick wins for smaller teams, and more strategic patterns for organizations that want SAST and DAST to support continuous improvement instead of just compliance. You will also hear an honest look at benefits, trade-offs, and limits, plus common failure modes and healthy signals that show these tools are actually reducing risk rather than just adding noise.

Network egress controls can be the difference between a noisy but contained incident and a quiet data leak that nobody spots until it is too late. In this audio Insight, we walk through what network egress controls are in practical, plain language and where they sit in your security architecture across on-premises and cloud environments. You will hear how they complement identity, endpoint, and application controls instead of trying to replace them, and why treating outbound access as a design decision, not a default setting, is so important for working security and IT teams.

This narrated episode walks through ISACA Advanced in AI Security Management (AAISM) in plain English for professionals who want to understand where AI security leadership is heading. Based on my Monday “Certified” feature from Bare Metal Cyber Magazine, it explains what the credential is, who it is really for, and why it is aimed at experienced security managers rather than beginners looking for a first cybersecurity certification.
The episode also breaks down what AAISM really tests, including AI governance, risk management, control oversight, vendor exposure, and incident readiness. It places the credential into a broader career path so listeners can see what usually comes before it, what kinds of roles it supports, and how the Bare Metal Cyber Academy fits as the broader home for related certification resources.

In this episode of my Monday “Certified” feature from Bare Metal Cyber Magazine, we take a clear look at GIAC Strategic Planning, Policy, and Leadership (GSTRT) and what it really represents in a cybersecurity career. This is not a certification centered on tools, commands, or deep technical execution. Instead, it focuses on the leadership side of security work, including planning, policy, communication, program direction, and the ability to connect security priorities to business needs. If you have ever wondered how security professionals grow from doing the work to helping lead the work, this episode walks through that transition in plain English.
We also explore who GSTRT is really for, what the exam tends to reward, and where it fits in a larger certification path. That includes a practical discussion of how leadership-focused exams differ from technical ones, why experience matters, and how candidates can prepare without overcomplicating the process. As with the rest of this certification’s learning path, the episode fits naturally into the broader Bare Metal Cyber Academy, where the audio course, Study Guide, and Flash Cards work together as flexible resources for busy professionals trying to build confidence and move forward with purpose.

In this episode, we walk through what CompTIA SecurityX (SecurityX) is, why it exists, and who it is really designed for. Rather than treating it like a beginner cert, this narration explains where it fits in the cybersecurity landscape and why it is aimed at people moving into more advanced technical roles. Based on my Monday “Certified” feature from Bare Metal Cyber Magazine, the episode breaks down the certification in plain English so listeners can understand the level, the audience, and the kind of professional growth it is meant to support. It is built for anyone who wants a clearer view of where a serious hands-on cybersecurity path can lead.
The episode also explores what the exam really tests, including the mix of architecture, engineering, operations, and risk thinking that makes SecurityX different from more foundational certifications. You will hear how the exam fits into a bigger career path, what kinds of jobs it can support, and why it may be a strong future target even if it is not the right next step for everyone today. The Bare Metal Cyber Academy serves as the broader home for the connected resources around this certification, giving busy learners a more flexible way to prepare and build confidence over time.