Anthropic Claude Code Security - 5 High-Income Cyber Skills That Pair Perfectly with CISSP

Want a clear path from CISSP to top-tier pay without getting lost in buzzwords? We break down five high-income specialties that pair perfectly with CISSP leadership: modern GRC, cloud security as code, AI ethics and governance, advanced identity, and software supply chain security. Along the way, we unpack how AI reasoning tools like Claude Code Security are reshaping AppSec by cutting false positives and detecting logic flaws scanners miss, and we translate that shift into concrete workflows, better guardrails, and faster delivery.

We start with the career pivot many leaders are making—moving from generalist security management to “decision architect.” That means pairing risk fluency with hands-on understanding of Terraform, Kubernetes, and CI/CD gates, then proving value through resilient architectures and evidence-driven dashboards for boards. You’ll hear why GRC is exploding under new enforcement trends, how to automate continuous evidence to beat audit fatigue, and where vCISO opportunities command premium rates when strategy meets measurable outcomes.

From there, we get practical. We walk through cloud guardrails that stop drift before it hits prod, share how to navigate shared responsibility with AWS and Azure, and outline identity-first zero trust that tames API key sprawl and enables passwordless access. On AI, we go deep on shadow AI containment, prompt-injection red teaming, model transparency, and data loss prevention tuned for embeddings—governance that accelerates, not blocks. Finally, we turn to software supply chain security: SBOM mandates, signed artifacts, dependency risk, and the DevSecOps policies that keep pipelines moving while raising assurance.

If you’re mapping your next move, we also compare salary bands across roles and highlight bridge certifications—CISM for program leadership, AI governance credentials for compliance depth, and CISA for audit rigor—to level up fast. Subscribe, share this with a teammate plotting their niche, and leave a quick review to tell us which specialty you’re pursuing next.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

transcript

SPEAKER_00 0:00 

C L Speed Cyber Twin. C L Speed Sam. You need CISP exam. And roll your cyber checker in the boy.

AI’s Rise In CISSP And AppSec

Why Reasoning AIs Beat Scanners

CISSP As License To Lead

2026 Shift To Decision Architects

Modern GRC Becomes A Profit Center

Life In GRC: Dashboards & Audits

Cloud Security As Code

SPEAKER_01 0:25 

Hey, I'm Sean Gerber with CISSP Cyber Training, and hope you all are having a beautifully blessed day today. Today is Monday, and today we talk about the CISSP various aspects of it and what's related to getting, taking the test and passing the exam. But today we're going to be talking a little bit about the income that you can make and some of the different pieces that are tied to that are pair specifically with the CISSP. So I'm going to focus on five high-income cyber skills that will pair perfectly with the CISSP. So the goal is to talk about the CISSP, getting the certification, and then what you can use with it down the road. But before I do, there was actually an article I wanted to share with you guys that I thought was really interesting. And one of the big aspects we know with the CISSP that's changing in April is there's going to be a lot more around AI. So the goal of this is to provide you some more skills around the AI piece of this because you're going to be dealing with it more and more. So what it comes right down to is anthropic is unveiling the Clawed Code Security to detect and fix code bugs. Now this is on the Security Affairs, and if you go out to Security Affairs, you can actually, if you just Google it, you'll find it. But the point of it is Anthropic, so that's Claude. If you have any of you all dealt with Claude, it's an AI tool designed to find and suggest fixes for software vulnerabilities. Now we all know that this is a huge factor, I think, and I think it's going to be a game changer and it relates to a lot of security issues that we deal with coming in code development. And as you all know, that domain eight is around DevSecOps and all of the aspects that are associated with it. So one of the pieces is around code security. Now, this is going to be a big factor in how we do SaaS, SAAS, you know, static uh application software testing, as well as dynamic application software testing, there's, I see this gonna be a huge game changer, and it's actually gonna be a big win for the development teams. So the one big thing around this is that unlike traditional scanners, it's going to reason about the code logic and the data flows that are there. So it's gonna start looking at the patterns rather than just looking at specific code in and of itself. So a lot of these different scanners are just looking at code, looking for traditional vulnerability. It's gonna actually have that reasoning to look for, okay, if this goes here and this goes there, how is that going to affect the overall vulnerability that could be in place? So one thing to consider is that a lot of times, in many, I should say in many cases, that the software vulnerability that might just come up as a low risk actually has cascading issues that could cause you bigger problems down the road. And the the traditional scanners don't pick up on that. So that's where the logic of a human comes in and starts kind of winding their way through that. Now, I will tell you that that is a laborious process. It can be very painful, and there are typically a lot of the scanners will provide a lot of false positives that you then have to go and chase. If this isn't half as good as what we anticipate it could be, it could dramatically change the amount of time that's spent focusing on vulnerabilities that don't need to be. And what ends up happening with developers is they get all these vulnerabilities they have to go associate and try to find. What do they do? Well, we're all lazy in some respects. I'm not saying all developers are lazy. I'm not saying that. I'm saying when you get overwhelmed with all the development work that you have to do, sometimes this piece can also get pushed to the side a bit. It isn't get the focus that it needs to. Well, now this with anthropic could potentially change a lot of that. Now, the ultimate point of this is that they're recommending there's no automatic patching involved. This is gonna be human review, it's gonna be required. So it's gonna focus on finding these fixes, giving you a potential fix, it's gonna have a confidence score on how it thinks, you know, what how bad is this, and then it's gonna require you to actually go and make the fix, which is fine because I would rather have that than having it just giving me, say, hey, does there's an issue and go fix the problem? So this is framed as part of the AI arms race. Basically, attackers will use AI, so the defenders must as well. And we've mentioned this a time or two in CISSP cyber training on the podcast is that the the attackers are using it in every which way they can. Well, now the defenders need to kind of consider it. Now, this is just focused on application testing and the different development piece. And we also talked about how Gronk and uh Microsoft Copilot were using the uh the ability to use um the third parties that are then providing a basically command and control process. Well, that's more of an application process, right? That's the overall process involved. This is gonna be focused specifically around just the code development piece. But as you see, we are gonna have to use AI more and more. Now, how is this gonna impact your static testing, your SAS pieces? Obviously, SAS are rule and signature based, and they have high false positives. I don't know if you've dealt with a SAS scanner, but they do. They provide a lot of false positives, and it just makes the developers kind of cringe because now they have to go and try to figure all this out. The goal then is that this will help with these AI-assisted reasoning engines, will actually become more than just a specific scanner. The same thing is gonna happen with the dynamic testing, right? The traditional dynamic testing, it's a black box scanning, and they have limited insight into the business logic and what's occurring. The AI piece of this is now gonna act like a person and they're gonna kind of filter through and understand that. And it's gonna get smarter with the overall business logic for the business. Now, the other interesting piece in this, which I really am excited with the AI aspects, is when you add that into it, you add the person into it, or the the AIs now can think like the person, it's gonna actually have better insight than most analysts will have. So it's gonna be pretty, pretty cool. I'm I'm I say pretty, pretty, quite right, because it's it's gonna be awesome. I'm pretty excited about it. I'm very excited about it. Bottom line, what is it gonna do? It's gonna reduce your false positives, it's gonna speed up the vulnerability discovery, and it's gonna push security earlier into the SDLC environment. It's not gonna replace your app sec teams. It's not gonna do that. Now, will it go from having a large app sec team to maybe a little bit smaller one? Yeah, it's very possible. Uh so again, it isn't the goal in all this isn't to reduce jobs, it's to make you be have give you the ability to use your time better in more productive ways. However, it can be scary to all of us, right? I'm an old guy, and what's gonna happen to me, right? I don't know. So the thought process is though, is if you either embrace it or it's gonna run you over. And I would rather be the person that's gonna embrace this technology than be taken over by it. So, again, important part. This is on security affairs. Anthropic unveils clawed code security to detect and fix code bugs. Okay, so let's get into what we're gonna be talking about today. Hi, I'm Sean Griber with CISSP Cyber Training, and this video is to kind of talk about some things that I know was really near and dear to many of your hearts. It's about how do I make more money? So this is focused on how five high-income cyber skills that pair directly and perfectly with the CISSP. And this is one of the things I've learned over the 20-some years of doing this that it's at things are changing. But the CISSP is a key certification if you really want to up your game as far as from an income standpoint. So let's get into what we're gonna talk about today: the power of the strategic specialist. Okay, so what did CISSP, as we all know, is designed around management, management of cybersecurity assets, how to make it work, and think more like a manager. And you've talked about it in my podcast that I have, I've talked about on my videos that I've got in my location at CISSP Cyber Training, as well as you've seen here on YouTube that talk a lot about the fact that it is about the manager. It's about running an organization and making decisions based on risk. So the CISSP is your license to lead. It is the thing that when you get the certification, it does come with a role in many ways that has a leadership type of role. Now, the specialization is your license to earn. Okay, and your point of license to learn is that the more that you have in a specialized skill from your CISSP, you now can earn higher potential income. So that's the overall concept. Getting the CISSP is an important part, but then you should you should focus on areas within the CISSP in cybersecurity to help increase your earning potential. So in 2026, companies are moving away from what they call the general security management. So what that really comes down to is you were hired as a security professional, that is the security management position that you would take. In the past, when I was a CISO, we would have a security architect, or you'd have maybe a security analyst. That's more of a general security thing that you would do. Now, those haven't gone away, and they're still going to be there for the time foreseeable future. But the real thing that people are asking about is what they call a decision architect. And they don't really call that in a job description. I need a decision architect. No, that's not really what they're looking for. They're looking in many cases for a security architect or a senior security architect. The expectation is that many of these architects are the ones that will help them make decisions and have great deep technical understanding that they can then help them make some of the decisions they have to make for their organization. Now they're really looking for this in areas such as AI and cloud. Cloud's been going for a while, and I will tell you that the cloud, my cloud experience has grown over the years. Is it where it needs to be? No, it's not. It is, it's actually, I feel in some cases I've probably fallen behind because it is moving so fast. But that technical expertise is extremely important. So as you go in that now in the AI world that is now fast approaching us, and it's been in the business for about three years that we've actually had it, or maybe it's been closer to four, in the public forum, you now have the ability to take something that's relatively new and build upon it and grow with it. So I would highly recommend that you get some level of knowledge in this and then continue to grow and expand on this on a daily basis. Small little nuggets like podcasts, small little nuggets as far as seeing videos will go a long way in helping you increase your earning potential. The goal is bridging the gap between the eight domains and the specialized modern tech stack. What does that really mean? What it means is that we all know the eight domains cover so many different areas, right? From GRC to security operations to the dev environment, it's all there within all of the domains. Well, in 2026, they're actually adding in, as they modify the ISC squared CISSP exam, they're adding in AI capability as well. So we know that the more that the that this overall world expands, it's going to increase the amount of knowledge you are going to have to know as a security professional. So let's look at skill one, modern GRC, governance, risk, and compliance. Now I'll tell you when I first was in the security, GRC was like, oh, what does that mean? Yawn, I don't want to deal with this. This is what ah, this is just paperwork stuff. Bluh. Okay, that's changed. And I it never really did change. It was just, I changed me. That the GRC piece of this is actually exploding because of all the regulatory requirements that are happening that are in place that you are gonna have to be prepared for. So they they're talking in 2026 is the year of enforcement for many of the different things that are going on in the cyberspace, to include AI, to include the different uh requirements related to regulatory aspects. It is a never-ending cycle. So GRC is no longer about being air quotes legal, but it's about ensuring the company's brand and the infrastructure remains resilient, key term against litigation and fines. So now we talk about litigation, that's an important part, but we talk about resilience, that's even more important. And we get resilient related to litigation and fines, but it's also resilient related to your overall environment. Can your environment withstand a cyber attack or an incident that occurs? So you need to make sure that you have this in place. So, what are companies doing? They know they don't understand it, they know they can't get people out of college that really understand GRC. They think they do, but they don't. And so now they're looking for people that have these specialized skills that can then in turn help them grow with their overall company. But they know because of the aspects of between the litigation, the fines, and the overall legal uh exposure they have, they want to make sure they have the right people from a GRC standpoint. The VC Zo path, this is a skill of the primary driver for many of the virtual CISO roles, which really have some of the highest hourly rates in the industry. You're talking any upwards of three to four hundred dollars an hour for a CISO and a virtual CISO. And the reason is is because they go, I don't understand this stuff. I need someone who has years of experience, can then come in and help me understand the governance, risk, and compliance piece of it. I did GRC for years as a CISO. That was like your primary role in so many ways. So that is a big factor in why the V CISO is an important part. So as you guys are all listening to this video and you're watching this going, well, what do I do? There's great opportunities for you because there's as this keeps expanding and your knowledge keeps growing, within a few years, you can be in a really great position to each each couple of years increasing your overall revenue that you bring in just by getting these skills and enhancing this path from getting the CISSP. So, what is a day in the life of someone who's in the GRC world? Architecting real-time dashboards for boards of directors. And you're going like, really? Yeah. I mean, it's a you're like, I'm just a paper guy, right? Moving stuff around, making dashboards. It's more than that. Because what's going to have to happen is you're going to have to be the one in many cases that's going to have to go out there and explain what is going on with the board of directors. So you're going to come up with this overall plan, and then you're going to have to brief them on what is actually going on and what is the risk to their organization. Automating continuous evidence collection to eliminate audit fatigue. If you're in a highly regulated environment, lots of auditing happens, right? And there's a ton of audit fatigue that can occur. So therefore, it's imperative that you have a good plan related to this. And the fact is that you understand how to deal with it. This is an important part in your modern GRC world is understanding audits and how to manage and deal with the overall audits and assessments. Okay, a second skill is cloud security architecture. And I mean this in the fact that understanding cloud is a key driver. And what we mean by cloud, as you all are aware, it's just that your data center is or your infrastructure is in a third party, either in somebody's data center or it's in code, but it's not resident within your environment. It's someplace else. That's the cloud. Basically, it comes right down to it, right? Well, software-defined security in 2026, we don't configure firewalls. We write code using Terraform or Terra Grunt that creates secure environments. This has been an experience for me. I've been working with a company that has uh Terra Grunt, Terra uh Terraform in it, and I've been understanding how their infrastructure as code actually works. It's amazing and it has so much capability. But the fact of the matter is that I didn't understand it really at first. I knew it from a tangential standpoint, from a large point of view, but now as I'm getting smarter on how it runs and how it operates within an environment, it has actually made me much more, I'd say, lucrative from understanding what I can do. So there's an important part. Software divine security is a big, big factor. And taking that knowledge and growing on it each and every day is a critical piece in you in your growth as a CISSP. Now, the drift problem, companies lose millions due to configuration drift. Now, experts who can implement automated grade our guardrail rails, I can't speak, to are rare and are highly paid. What does this mean? Well, as you're integrating now with AI, if you can put guardrails in place as you are building these cloud environments up, that's going to go wonders in helping you overall protect your environment as well. So again, the drift problem, I've seen this when we're dealing with putting going from an on-prem environment to a cloud environment. There's so often that you one, you deploy things that you don't even realize you deployed, they're running and you don't even know it because of a configuration aspect. So there's so many pieces of this that you as a security professional can pay close attention to and save hundreds, if not hundreds of thousands of dollars for these organizations. Shared responsibility, mastering the legal and technical boundaries between your company and providers like AWS and Azure. So this is a key part, right? I'm dealing with developers right now, and these guys are super smart and brilliant people, right? Extremely intelligent. The thing though that they don't understand and they want to know more is the legal aspects around it and what are some of the technical boundaries they have that keep the legal pieces tied together. So, example, if you are in hosting your data center within the United States and you're in AWS East or West, what can happen with your data that leaves that organization? How to can what are some technical boundaries we can put in place to keep that data from leaving the United States if that's the case? So there's pieces in there that you have to understand, but as your knowledge and experience grows with the company you're with, then I would focus on how can that expand it in the future. So something to consider as you are looking into new opportunities and new jobs, look at ones that will help take you to the next level, areas that you can learn more, that you then can turn around and use that knowledge and move on to the next option and opportunity. So that's every time I looked at a job, I always looked at that job in a way that it would take me from one position to the next position. I'm very selective. And even if you ended up turning down a job that you felt was, well, this was probably my a job that would be good for me because it puts money on the table. Again, you have to weigh that out. The fact is that if it helps you and learn things and scale where you want to be in the next five years, I would take a job even if the pay was not exactly what you anticipated or expected. Because, as an example, if you're working in a startup, you get knowledge and experience that you may not get in an enterprise because in the enterprise they have people specifically designed for those tasks. You get into a startup environment, you may get exposed to technologies that you would never get exposed to in an overall enterprise. So think about that when you're looking at jobs and your opportunities. A day in a life of me, writing Terraform policies as code to auto-block insecure deployments and designing zero trust networks and micro segmentations in Kubernetes clusters. That might be something you would understand. Also, something to consider as you're in the security space, you may not be writing the code, you might be providing guidance and recommendations to the developers who are actually doing that. So, again, that's an incredible part that you can learn, and you can do that now while you're studying for your CISSP and while you are in your job that you currently have and expanding. So lots of great opportunities for you. You just have to decide decide which one do you want to follow, which one are you gonna go after. AI ethics and governance. Okay, now this one, as of probably three years ago, we saw it coming. We knew it was gonna happen at some point, but it hadn't really caught up. Now we're seeing this more and more with the development and use of AI within businesses. And I mean, you see news articles all the time that there is somebody getting laid off because of AI. Well, the AI piece of this is needs individuals who are in cybersecurity who may not, let's just be honest. You there's very few people out there that know AI. I understand it. There's very few people out there like that. They all have knowledge around it, but they don't know it from A to Z. Therefore, you as a cybersecurity professional and working on your CISSP can take that knowledge and you can expand on it. The world is open to you. The shadow AI threat. Employees are sending data, proprietary trade secrets, into public LLMs all the time. And you must, as a security professional, build what they call a containment framework. I had it deal with just even when I got into as a CISO, we just had LLMs being deployed, and it was already a problem. And this was like day one. I had engineers trying to throw stuff up into LLMs. So you're gonna have to understand this. How much are you willing to allow to go out to these LLMs and what within your company are you going to deal with related to containing this framework or containing this data from leaving? So there's also algorithmic accountability. If an AI makes a biased hiring or credit decision, the GRC leader is on the hook. So you as a security professional need to understand what that means. So if this AI thing says, I'm gonna hire this person, but at the end of it, it isn't a good hire, somebody's head's gonna roll. So understanding all of the algorithms that go with it. The emerging domain nine, AI governance, is effectively the unofficial ninth domain of modern security. Now that they're gonna see how they deploy that within the ISC Squared, but realistically, it is true. It is a ninth domain in modern security times because it is being interwoven between everything that we do, from the video that this is being created to the content that is in here, to the thumbnail that's put on the screen, all of that stuff. And you can even make me into AI. I'm not, by the way, but you can. You can make me into AI. And they could do all of that is available to you at a hand within your grasp. So again, the ninth domain of AI security is incredibly. Incredibly, and it's coming very, very quickly. So, what does a day in the life look like, right? So, running red teams, prompt injection tests against modern AI models. Do you have a good plan around that? Are you integrated with your folks that are creating LLMs that are both internal or are they using ones that are external? Do you have governance oversight into what they're actually putting out there? Do you have DLP or data loss prevention policies in place to limit the amount of data leakage that's going out to your organization? Then again, auditing, training data sets for PII and data leakage, all of those pieces are an important part of the overall plan and what you can do as a security professional. And again, as you can see in the CISSP, these are interwoven. They're blending together. There's so much overlap between the two. So it's imperative that you have a really good plan and understand these things. Not to a level that you need to be, I have to be a ninja level before I can do anything. No, but you need to understand what you're going to do with it to ensure that you can best protect your company. Advanced IIM, right? Identity and access management. That's an important part. I see it. I'm dealing with it right now as well. So identity is the perimeter. With remote workforces, the network is gone. Identity is the only thing protecting the data in so many ways. So therefore, it's imperative that you have a good understanding of identity. How does it work? What is the identity provider you're going to use? How does that identity provider work with the other applications you have in your organization? All of these things are super imperatively important for you to have a good grasp and understanding of. APIs are amazing, but they're also the bane of society. They are going to cause more problems for security people. So managing secret sprawl, that's an important part. All these non-human identities, it is it's overwhelming, right? That in of itself is a specialized high-earning skill. How do you manage APIs? I I it's just I struggle with it. I really do because I'm dealing with APIs all the time, and it is overwhelming. The zero trust core, you cannot achieve zero trust, at least as it's called out in the 2026 standard, without expert level identity and access management strategies. You have to have an IAM strategy and it has to blend in well with your zero trust plan. And zero trust is an imperative part of all this. I struggle with the fact of everybody being able to be 100% zero trust. There's going to be hybrid versions of that more than anything else. That's what we that's the situation I see. So what's the day in the life of a security professional? Eliminating overprivileged machine accounts, transitioning the enterprise to password or FIDO2 authentication. All of those pieces are an important part if you just focused on IAM. So again, tons of things you can do. And each of these are specialized to the point where they can provide a high income to you and your family. Software supply chain security. This is a big one. This really truly is coming up new more and more as time goes on because supply chain is such an integral part of all business activities. So when you're dealing with strategic context around this, is it's an upstream attack. Happers, hackers, happers, hackers have moved from attacking companies to attacking the software libraries the company uses specifically. So that's an important part. They're actually wanting to get all of their code into these libraries, which then in turn are getting injected into their overall development code. So they're wanting to do that from an upstream standpoint. S-bomb mandates your software bill of materials. There are now requirements from governments that will then who will manage this inventory because they don't understand it. And the software requirements are becoming larger and larger and larger. And you're going to have an incredible part of this as a security professional. Someone needs to understand what that is as well. You're also your dev sec ops. This is the skill that makes you bridge between the security office and the developer tribe. All that really means is as you're working with the devs folks, which I deal with all the time, that is undertaking that security into the dev environment, ensuring that what they're putting in place meets the requirements of my security teams, but at the same time is also understanding their dev environment and the limitations that they have as well. Now, what does the day in life look like? Again, you're managing the software build of materials for all the core companies and their products. And then you're also automating security gates directly into the developer's CI CD pipelines. I can't stress this enough. You will deal with this on a developer standpoint. Even if you are in a traditional manufacturing, like I did, environment, you still will deal with the developers and their CI CD pipelines. It's a matter of time. It truly is. So this is why domain eight of the CISP is so important because it's just what your life is going to be. It's like Elon Musk said that the Tesla, it's not around having a car company, it's a software company. That's what they're focused on is the software behind it. You look at the rockets going to out to the out into space that come back, the SpaceX ones that land, same thing. It's all software. Obviously, they ought to have the rocket to get there, but it's the software that brings it back home. Key important part. So, what does the financial look like again for what you're dealing with? So, an architect, a GRC architect, can make anywhere from$175 to$200 ish thousand dollars a year. Now, again, this is not, these are just generalities, right? You can find places that'll be less than this, you can find places possibly be more than this. Now, it also doesn't include your bonuses and any of the sort of profit sharing that may be involved. But again, these are just kind of rough numbers after I was out there Googling it and looking online. Your Google Secure or Cloud Security principle is$190 to$230. I've seen that upwards of$250, depending upon what the role is for. Uh, and so you just gonna have to weigh that out. AI governance lead, kind of like a CISO in some respects, uh, that are dealing specifically with AI, 260 plus. Again, AI is a big deal. Big, big, big, big deal. So, and you also understand AI, there's many, there are many folks that have more than probably three to four years experience in that AI platforms. You have your identity and access management directors, 185 to 200, and then you had your head of uh application security, which is 195 to 245. Again, they they can vary, right? You may see a top-end number of 245 here and go, well, I'm only seeing online of 200. Well, yeah, because they have a$50,000 bonus that they're putting that into that. So again, these are just broad generality numbers, but let's be realistic. If you're making a hundred, two hundred thousand dollars, just drop it right through the center. You're making 200 grand for any of these skills of having the CISSP, that is life-changing for everybody. I don't care who you are, 200 grand, even if you well, I shouldn't say that. If you're living in San Francisco, 200 grand probably won't buy you much. But you know, outside of the the Bay Area and areas that have really, really high cost of living, the that will do a lot to change people's lives. So big money for getting the CISSP and having this knowledge. Okay, so the bridge certifications, fast track to mastery, right? The CISM is certified information security manager. This is one that you can work on before you get your CISSP, which helps build as a building block for your overall CISSP exam. Now I focus on creating information security strategy, it's big into program management, and is around risk and response, understanding financial and operational impact rather than just technical pieces to it. So again, this one covers the soft skills. This is your security manager, so it's a good stepping stone to the CISSP itself. It's the CISM. Now there's the AI governance piece. This is the AI, the IAP AI GP, and it's based solely around governance related to AI. So it talks about the AI lifecycle risk, right? Covers unique risks according to related to data collection, model training, and so forth. It also understands the global AI regulation and helps you understand the legal aspects related to AI, which is changing all the time, and it helps map these laws to any specific existing frameworks. And then it also rolls into ethics and transparency, focus on detecting and mitigating algorithmic biases, hallucinations, all of those aspects that run into with the various LLMs that are out there. So again, you got CISM, you have IAP AIGP, that is a mouthful, uh focused again on security management and AI governance. And then finally, your your CISA, it's your audit, right? It's the checkmate move for CISBs moving into the executive GRC aspects, is understanding audit and assessments. So it goes focuses on audit standards and processes, covers formal and systematic methodology, control validations, understanding the various controls that you put in place to minimize or mitigate the risks that are there, and then also system like cycle audits provides a framework for auditing and how software is acquired and developed to ensure that you have it all baked in from the beginning. I will tell you that I use all of those pieces: CISM, the AIGP, and also the CISA. I don't have the certs, but I used aspects of that with the CISSP. So I can tell you that if you have those certs, great fundamental building block for the CISSP. If you don't, that's okay. Just know that if you get these before you get your CISSP, it will go a long way to help you in better being better prepared for the overall exam. So, what does this mean? What are you going to do in 2026? Use your CISSP as a foundation. You can be able to pick when you pass the test, you get it done, you go to CISSP cyber training and you get in the training that we have, and you pass the CISSP exam. Now you can pick a niche. Pick one cloud, AR, or GRC. Pick it. Be the in-house expert. You don't have to be the expert before you're hired. You can learn that information. I went to school as an airline pilot. That's what I went from a background. I'm a pilot by trade, but I'm now in cybersecurity and been doing it for 20 plus years. Find an area, build on it, grow with it. Pivot your professional brand from cyber manager to business enabler. That is a key part, right? You are a business enabler. You are also an influencer related to your business. Important aspects that you really truly need to grasp and help become better with that. Final thought is in 2026, the highest paid CISSPs aren't those who say no, but those who say, hear how we can do it safely. And you don't want to be security being the no police. You want to be ones of how do I help you with your business and enable it so that you are successful. Okay, that is all I have for you today. I hope you enjoyed this video. I hope you enjoyed this podcast. If you hear it on audio, I hope you're enjoying that as well. Because the ultimate goal is to help you pass your CISSP and help you with the cybersecurity world that we all live in. Have a great day. Have a blessed day, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a letter of or iconacopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 363 CISSP questions to help you in your CISSP journey. Thanks again for listening.