The Practical Realities of Geopolitical Cyber Risk - Next Peak Interview

CCT Vendor 04: The Practical Realities of Geopolitical Cyber Risk CISSP Cyber Training Podcast — Published May 13, 2026 | ~28 minutes

Guest: Helen Lee, Director of Intelligence Cyber Research at NextPeak

What the episode covers:

Defining Geocyber Risk Helen describes geopolitical cyber risk as the intersection of risk created from geopolitical factors and cyber/technology factors. NextPeak co-founder Greg Ratrey identified this intersection as critical about a decade ago, but it didn't gain traction until recent flashpoints like Russia/Ukraine brought it to the forefront.ds 

The Market Gap The World Economic Forum's global cybersecurity outlook report found that 64% of organizations expect geopolitical tensions to increase their cyber risk, yet 90% of large organizations are still adjusting their cyber response postures — meaning even big companies aren't ready. Awareness frequently doesn't translate into action. 

Concrete Examples of the Risk

• The FCC banned imports of certain consumer-grade routers over national security concerns, illustrating that even small businesses using common networking hardware could be exposed if a foreign adversary targets that router ecosystem broadly. 
• A more subtle supply chain example: South Korea's chip manufacturers (SK Hynix) rely heavily on helium for semiconductor production, and 60% of that helium comes from Qatar — a country affected by Middle East tensions. A prolonged conflict could reduce chip supply and push companies toward less-trusted suppliers, introducing new vulnerabilities into tech stacks. 

Where It Fits in a Security Team Geocyber risk should be baked into governance, risk, and compliance layers, ensuring that third-party risk assessments account for geographical footprints and supply chains. Threat intelligence teams are also key — they should monitor geocyber indicators and hand off actionable guidance to the SOC, red teams, and leadership. 

NextPeak's Offerings Products include a geopolitical cyber risk index (translating qualitative risk into a quantitative score/map), geo-layered risk assessments, advisory and board communication support, customized reporting, and forward-looking tabletop exercises that simulate conflicts and contingencies three to five years into the future. 

CISSP Relevance This episode maps most directly to the Security and Risk Management domain, touching on third-party risk, supply chain risk, and communicating cyber risk to executives and boards.

You can reach Helen Lee at [email protected], and NextPeak's ICR services are at nextpeak.net/services/icr.

TRANSCRIPT

Welcome And What You Will Learn

SPEAKER_00 0:00 

Welcome to the CISSP Cybertraining Podcast. We provide you training and tools you need to pass the CISP exam the first time. Hi, my name is Shon Gerber. I'm your host of this Active Active Formative Podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cybersecurity knowledge. All right, let's get started.

Defining Geopolitical Cyber Risk

SPEAKER_01 0:26 

Good morning, everybody. This is Shon Gerber with CISSP Cyber Training, and today is your lucky day. We have a vendor that we're going to be talking to today as we managet a lot of input from folks that have really enjoyed the fact that we provide vendors and different kinds of concepts related to the CISSP exam. And today is the day. So we got Helen Lee is going to be joining us, and she is going to be talking about some different things and different capabilities that she's come up with over the past few years. Now, Helen is with NextPeak. Now, this is all truth in lending. I'm also a consultant with NextPeak, and that's how I was introduced to Helen a few years ago. And in this conversation, one of the things that Helen has come up with, I'm going to have her get into into depth about, it's related to geocyber risk. And as we all know, within the CISSP, risk is an important part of all everything we do. And that's probably one of the most important parts of the exam is understanding risk. So, Helen, if you could just kind of explain, uh, introduce yourself a little bit and your background, and then we can kind of dig into some questions.

SPEAKER_02 1:32 

So thanks, Sean. Hi, everyone. My name is Singman Helen Lee. I go by Helen, and I'm the director of intelligence cyber research at Nextpeak. Uh, my background is actually in international affairs and security policy, and I've always been interested in that realm. From there, I got interested specifically in cybersecurity. And now I, as a director of intelligent cyber research, I lead all of our offerings and efforts in geopolitical cyber risk. So, what is geopolitical cyber risk? At Next Peak, we're generally talking about the intersection of the risk that is created from geopolitical factors and cyber and technology factors that we're used to. About a decade ago, one of our co-founders, Greg Ratrey, who has been involved in this phase, was a CISO previously, always thought that managing and mitigating this intersection of risk will be very critical. But nobody really seemed to care because all the people at the cyber office and cyber teams obviously are very busy putting out the fire of today. Okay, you can't really think about what if a war were to break out in the future, how would that impact me in the cyber realm? But we thought maybe about two years ago, with everything going on from Russia and Ukraine and now to Iran, we thought maybe now is the time and chance for everyone else to start caring about it. And we um quickly put together our branch of intelligence cyber research to offer these products and services.

Why The Market Is Not Ready

SPEAKER_01 2:52 

Okay, very, very good. Yeah. I I think that what you have here, honestly, when you first came up with this idea and I heard it, I thought you were, it was, well, why isn't that everybody doing this? But as we've seen throughout the years, that many people they didn't really see it until more of these flashpoints started occurring in the world. And now, because of that, it's it's come to the light that, yeah, if you're a company, you really need to consider the overall geopolitical risk to your organization. So no, I think it's great. I think it's extremely valuable. So, well, um, can you tell me what problem that you saw in the market that led you to build what you're building right now? I mean, basically why the existing solutions, because we've seen them, there's different companies out there that provide solutions. Uh, they're very different than what you have. But can you explain why how you all came to this point?

SPEAKER_02 3:40 

Yeah, as I mentioned um just now, real quickly, like with all those flashpoins that we started seeing, we thought now would be a good time. But I guess to kind of back up our sense and our thoughts on why now is a good time and why, uh, we did start seeing a little bit more of an increasing concern around geopolitic politics and cyber risk as an intersection. Next Peak has clients not just in the US, but globally. And some of our global clients started coming to us and asking us first like, hey, what if a crisis were to happen in Asia? How is that going to impact us? Do you think we're ready for this? And the answer usually is no. Um, and not that's not just from our clients and our what we think, but the World Economic Forum um published a report this year, uh, their global cybersecurity outlook report, which found that 64% of organizations expect that geopolitical tensions are going to increase their cyber risk, but 90% of large organizations are still adjusting their cyber response postures to it. So even the big, big ones out there aren't really ready for it. And um a lot of the awareness doesn't really translate into action. So we really want to provide something that highlights what you should do with this awareness and knowledge of geopolitical cyber risk to increase your security controls, to increase your cyber posture. So that's kind of where we all started from. How we're different from existing solutions, we really try to bridge that gap. I think there's a lot of companies out there that do geopolitical monitoring, for example, or a lot of intelligence. And a lot of companies that are helping you increase their your cybersecurity posture and controls, but not many that really bridge the gap. Okay, you have this awareness of this tension and in the geopolitical sphere happening. So exactly what controls does that translate to? We're trying to bridge that.

SPEAKER_01 5:27 

I see. Because a lot of companies will say, and I've used this as in the previous life of having intelligence background. Okay, you have a problem, have a nice day. Here's your problem. You guys are bridging that gap to go, well, there's a problem, but here are some of the controls that can be tied to that. Is that correct?

SPEAKER_02 5:42 

Yeah, something like that. That sounds right.

Supply Chains And Hardware Exposure

SPEAKER_01 5:44 

Okay. Yeah, I mean, and I think giving actionable intelligence, because that's what you're doing, um, actionable intelligence that these folks can make changes is important. The um the one thing I think it's you bring up a really good point about large companies are struggling with this. If we have a lot of folks that listen to this podcast that are uh senior leaders with medium-sized businesses, um some a little bit smaller, but definitely medium-sized businesses that have global reach. And because of that, uh, they probably aren't even thinking about this, but they should be thinking about it, if I understand that correctly.

SPEAKER_02 6:18 

Yeah, of course. We think um our take is that any at this point and in our world where everything is so globalized and we're really relying on our tech infrastructure and our digital services, all organizations from small to large really have to start taking, um, they have to be taking into account the geopolitical cyber risk. And I brought two examples for us today. Um if you believe you are only operating in one jurisdiction, whether that's the United States or England, for example, um at this point, all of our supply chains, everything we use is globally connected, right? So, for example, in March, the FCC, the federal uh FCC, uh banned that import and sales of new form-made consumer grape routers. Right. They believe that even the consumer grape routers, and even if they're designed by an American company, can pose national security risks. So, now how does that impact a small and medium-sized business? I am pretty sure all of them also have net gear, TP Link, or other um commonly known routers. Now, a lot of them are going to be excluded from this list, but the fact that there is this national security risk means that maybe one of these days a foreign adversary is going to target a router to get access to many businesses in the US at once. Are you ready to defend that?

SPEAKER_01 7:42 

Right. Yeah. No, that's spot on. I the the other interesting part of what you just brought up, you know, a lot of the folks that listen to this are going through, at least in the United States, CMMC certifications, and they're related to the uh cyber maturity model that they have to for any Department of War type of activities that you're you're engaged in from a contractoral standpoint. Um, that's another area that you're gonna have to keep in pr in mind as well. So, no, I think that's really good. And having that intelligence is an important part for any company, especially, and like you said, even if you are just in the United States, it's that supply chain risk is where it really comes into. Okay, cool.

SPEAKER_02 8:16 

I have another um quick hardware example. I mean, that was also a hardware, but kind of spun it with like a cyber risk, right? With like an adversary attack. Another one that I've been thinking about a lot is it's a hormone straight and everything going on there. I know all of us have heard that this means that energy prices are going up. Right, right. Um, we've probably all felt that the gas line pumps are fortunate. Unfortunately, yes, it is unfortunately. Um, but something that I don't think people are actually thinking about is memory chips or any semiconductor, those sort of hardware that we are typically, we know that they're pretty critical to our technology sec now, right? And we all probably know at this point that TSMC and Taiwan or SK Heinrich and Korea are the top two companies that are building these chips. Right. Now a problem is that these chips require helium in the production process. Where does South Korea get their helium? 60% of South Korea's helium comes from Qatar. Qatar is a country that's been affected on the sidelines of the conflict in the Middle East, right? So now if we start thinking about the third and fourth part, uh fourth order effects and thinking about domino effects, okay, what if this war gets prolonged? Korea doesn't have enough helium, their chest production decreases. Where are we going to all get our chips? We're going to have to get them from somewhere. Does that mean we turn to other companies that we may or may not trust? How does that create new vulnerabilities in your tech stack? I know that this may sound a little bit far-fetched right now, but being able to think through these issues, like where does these geopolitical and cyber risks um intersect will help all companies kind of be able to look out for these vulnerabilities because whether or not it is the helium at the end of the day or some other issue, you might face the vulnerabilities in your hardware.

Second Order Effects In Chips

SPEAKER_01 10:01 

Yeah, no, that is really good, Helen. I did not even think about that. And that I think that's really important. One of the things we talked about, and when I was a former CISO with the company, when I would meet with, and we talk about this a lot at CII CSP Cyber Training, that you as a professional, uh, you need to be ready for talking to your business leaders on how do they do business. And that comes back to your point around third-party risk and understanding that entire supply chain from beginning to end. And I would say, even I'm pointing fingers at myself, I would say I did not have a good grasp of that. And sometimes even the senior leaders may not have had a real good grasp of that. So, to your point, I think it's very important to incorporate this within uh your guys' knowledge into many different companies. So I think it's really cool. I did great, great analogy. I did not even think about that use case. Very cool. Here's a question for you. Where do you fit in the security team's existing stack? So, like integration-wise goes, how do you how do you fit in that? And can you give me some maybe some examples or use cases around that?

SPEAKER_02 11:06 

Yeah, I think this one's kind of difficult because right now I do think geopolitical risk and cyber risk are kind of dealt with in different teams. And because it permeates the organization so deeply, um, I was thinking about how to best make this applicable. And I think one consideration is that the geopolitical cyber risk needs to be baked in at the governance risk and compliance levels. So are your processes and documentation, thinking about the third parties, do you have a good mapping of your geographical footprint? Everything from the supply chain to where you're, if you're a large company, um, where your offices are located. That's we tend to find that that's typically not the case. So that's one place I would be able to point to specifically where it can be baked in. The other piece is you mentioned Intel teams. And I think threat Intel teams are going to be pretty critical in this going forward. They monitor, they should be monitoring for your geocyber risk indicators. Um, they should be able to know which geopolitical incidents are going to create the risks, um, the cyber risk, and how and which what kind of outputs and what kind of intel should they be passing off to other teams, whether that's the SOC or the red team or the CISO? Um, I think those two are the ones that I can point to now as where it could exist in the tech stack or the site security team stack.

SPEAKER_01 12:28 

Yeah, no, that makes sense. Do you guys feel that if if there's a company like other intelligence companies out there, do you partner with any at this moment? Do you see value in doing that? Just kind of questioning.

SPEAKER_02 12:40 

Yeah, so that's actually something that we've been pursuing significantly. So Nextpeak as a company, we don't produce any threat intel feeds, for example, right? Like I can tell you that 60% of South Korea's helium comes from Qatar, but I know that based on my research and my insights and analysis, and that's kind of how Nextpeak is constructed. Um, we do know that we need to have a lot of threat intel feeds to be able to analyze off of. So there are a few Intel companies that we're pursuing discussions with that I can't name at the moment. But um, definitely we are trying to partner with them. And from the Intel team's perspective, they have a lot of companies who already have their threat intel fees, whether that's like broken up into different um like third-party risk and um vulnerability management or vulnerability intel. Um they have an issue where they see that a lot of their customers only buy certain types of threat intel feeds or modules because they don't know how to use the rest of it.

SPEAKER_01 13:39 

Right.

SPEAKER_02 13:40 

And how we think we can help is we can help your Intel teams be able to build the maturity to be able to ingest and take action on all sorts of intelligence.

SPEAKER_01 13:49 

Yeah, no, that makes total sense. And I would go and reach out to the the folks that are listening to this. If if you have, um, and I this is one thing I've stressed at CISSP Cyber Training, many of the folks that are listening to this podcast are in situations where they might be a CISO, but they're most likely probably that next year below the CISO that's maybe a director or an architect. Bring this forward to your leadership in ways, especially if you're working in an intelligence uh company, to bring this forward as an option. Because I think the more that we can bake into this, because one thing I struggled with as when I was in my role was having all these intelligence feeds coming in, but not having that real world understanding from an intelligence standpoint, what they actually did for me, I think is extremely valuable. So I kind of challenge the audience out there, if you do reach out to Helen at Nextpeak because I think that's gonna be an important part of at least building the relationships. And as we've all learned, and my my father taught me this, it's it's not necessarily what you know, it's who you know. And so knowing building your network is an extremely important thing. So I would highly recommend anybody listening to reach out to Helen on this piece. So, as we know, folks that are listening to CISSP Cyber Training are the ones that are getting their CISSP and they're looking, they're in the process of doing that. So if you could, Helen, explain to me a little bit or explain to the audience what are the domains in which you feel that your product can help them because as they're looking to study, they're looking for ways to, as a manager, how I would respond to certain questions and then how I would act as a manager in the security space. How does your product relate to that? And if they're holding that CISSP right now, or if they're in the process of getting it, which of the eight domains does your solution most directly address?

Where It Fits In Security Teams

SPEAKER_02 15:29 

Yeah, I think this ties well with my previous answer on where to bake this in into the security team. I think right now or heavily, um, geocyber risk fits under the security and risk management domains. Governance at a company needs to be considering their third-party risk and geographical footprint and supply chains, which I just mentioned, all that is exposed to geopolitical and cyber risk and operating in different environments, excluding the geopolitical cyber risk portion as well, you already have other compliance requirements that you have to deal with. So I think really it's a security and risk management domain that this fits in well with.

SPEAKER_01 16:04 

Right. Okay. Yeah. Is there any recommendations on if someone that, like, say, for example, I've one of the video I'm putting out right now is that for cybersecurity boards, if you are a CISO and you're having a hard time with communicating with your board, I've got a product that's coming out. And the whole purpose is communication and understanding it. So if you have senior leaders that are within your companies uh that are trying to communicate with you, what are some things that you would recommend that they would have a knowledge or a background in to maybe help communicate better your capabilities? I say it's a one big issue we run into so often and is that, and this is maybe an analogy that's good or not, is that you have dolphins and you have sharks, and they both swim in the ocean, but they don't talk to each other, at least as far as we know. And and so therefore, how do how what are some things that people should understand when you're visiting with them to really understand the great capability that you have?

SPEAKER_02 17:00 

Um, communicating with uh leadership and boards is something that Next Peak helps a lot with, actually. A lot of our partners, as along with Sean previously, and uh, consultants all have a lot of experience being a CISO, being in the C-suite, being in the position where they have to report to the boards and the execs above. So a lot of our consulting ends up helping the cyber teams explain to the board in laid-down terms like this is why you should care about cyber risk, or this is why you should care about geopolitical cyber risk, or how do you tie cyber risk to the business-wide risk or enterprise risk? Um, that's all something that we do a lot of. So I totally understand the difficulties there. Um, what I would say is something that we've been trying to about next peak bring to the forefront to our potential customers, our partners, um, our network is that we are offering um, I think we were really trying to push the translate the geopolitical cyber risk into actionable outputs and recommendations piece. So some of the um products that we do offer is we have a geopolitical cyber risk index, for example. And that can help you translate your qualitative cyber risk that has the geopolitical implications into a quantitative score or scale. We don't like to put numbers on things because it can be very binary, but um being able to see that can help you show your board or your execs, like, hey, look at this risk map here. Here is here are the countries that are right for us specifically, because we are a company based in X country working in Y sector. And then from there, we also offer geopolitical cyber risk assessments, which can sound like a typical cyber risk assessment that we're all used to based on this or CRI, but we layer in that geopolitical layer asking very specific geographical footprint questions, supply chain questions, third party questions. So I think those two are the things that I would remind you of. And then I guess the last one is going back to circling back to the communication piece. We do offer advisory um just in general. We're a consulting company. So we could help you, like if you already have all your information, if you think you already have the intelligence necessary and you know what you're trying to ask from your execs and board, we can help you build the materials that will um that will resonate well, basically, with your execs.

SPEAKER_01 19:25 

So, Helen, yeah, that that's really helpful. Um, and I would also say that what are some of the other products that you guys offer at Nextpeaks? I think having folks understand who do they go to? Because one of the aspects that people struggle with in these roles is okay, great. I get just totally lambasted with lots of different products out there, but I don't know who to talk to. So with Nextpeak, what are some other options that you have available that maybe people can reach out to you if they have any questions about?

Partnering With Threat Intel Providers

SPEAKER_02 19:52 

Yeah, sure. I guess I'll start with the ICR, the intelligence cyber risk-specific ones first. I already mentioned the index and the assessment, which are really our two um crown jewel offerings of ICR and then mentioned the advisory. The other two we have is we do customized reporting. So if we do have clients who come and ask us very specific questions about how are AI risk governance measures changing global, that was something that was earlier. Now I'm pretty sure people are going to come ask me about Eugenic AI and meet those. But definitely we do we do that. Um, we also do strategic table exercises. So if a tablehoop exercise looks at your cyber posture now and your readiness now. So if you were to get hit by ransom or attack now, what would you do? Um the ICR version of that looks forward into the future a little bit, three, four, five years on the road. If this particular conflict were to break out and these four other like contingencies happen, what kind of cyber risk does that create for you? And are you ready for that in four years? Are you on the right trajectory? So we do that. Next week overall, we are also a cybersecurity consulting boutique company. So we do offer the traditional um cyber program uplift, tabletop exercises, red team, pen testing. We have a lot under her belt that we can really cover because our um founders and partners have a deep expertise in the field.

SPEAKER_01 21:13 

No, that's very good. Yeah, I think that as everybody listens to this, it's really important to build your network, get to know these folks, get to know the folks at Nextpeak. And again, I'm biased a little bit. I've worked with them, but the part is that's really neat about Nextpeak is that it's not just okay, hey, Sean can do X, Helen can do Y. They have a very large stable of folks that are from that are tailored specifically for red teaming to folks that are specifically for compliance. And I and we mention a lot on CISSP cyber training related to AI GRC. And I think focused around the AI piece of this, the more knowledge you can reach out to people to help you, uh, the better. And and I will also say this with when it comes to uh learning this as a security professional is. If I would go to the board and say, hey, we have a problem, they would listen to it. But if I brought in a third party and said, hey, we have a problem, guess what? They listen to it a lot more. Okay, the last question I have for you, Helen, is can you walk us through a real-world scenario where geocyber risk assessment and the mitigation made a difference?

SPEAKER_02 22:18 

Yeah, of course. So while ICR is great at geocyber risk assessments and mitigation and our offerings, we didn't invent it per se. There have been companies who have done this well previously. So here's an example of a success story. A global firm decides to expand markets into Brazil and they successfully conduct a geocyber risk assessment prior to their expansion. And one takeaway from the assessment is that the Brazilian government can pose a financial threat to foreign companies. The assessment then can produce a recommendation that you should partner with a Brazilian in-country firm that is ethical, yet maintains a strong relationship with the Brazilian government so that it reduces your risk to operate in there. That's a success story, a true one that we've um gathered from our partners. A failure is a US agricultural manufacturing company produces its outputs, machines, machinery, basically, um, in China since the 1990s. I'm pretty sure they were there because all the manufacturing happens in that part of the world lately. But by 2016, critical intelligent um critical intellectual property is stolen. And now China is attributed to conducting espionage against these US firms. But you also see that the Chinese companies are producing very similar machinery and supporting the government.

unknown 23:38 

Yeah.

SPEAKER_02 23:38 

That the second company obviously didn't really think about the IP death and the espionage risk before going uh expanding their manufacturing um production lines into China. So those are the two contrasting stories.

Mapping To CISSP Domains

SPEAKER_01 23:51 

No, that's that's actually really good. I uh I'll use a little real world in my case. I had a very similar situation happen with a we were looking to put uh a manufacturing facility in China, and we did, and with the company I used to work with. And in the process before we did that, we we found a company that had a manufacturing facility in China, a different type of capability, but um their IP was stolen, right? And they did not do the due diligence related to it before they went in. Knowing that, I mean, I honestly I think having your report would have been helpful for our my senior leaders to give them a better understanding of the geopolitical risk because there's also a lot of well, I'll just use an example of when we put it in. A lot of people were going, yeah, that's a risk. I understand it, that's a risk. But we knew about this much. Having somebody like you all come in can tell us this much, tell us a whole bunch more information that then may or may not sway us in deciding to put that facility in place. Uh but I will say that learning from the other company that had their IP stolen allowed us to learn, okay, if we're gonna understand that risk and we go in, let's make sure that we put enough controls in place to mitigate as much of it as we possibly can, which in turn we did. And somebody did try to steal our stuff. I can't say who it was, because we assume who it might have been, but we say tried, but they weren't able to gain access to it because we had put enough controls in place for that. I think having you guys coming in and I'm saying to you, Helen, and saying, okay, hey, I'm a CISO, this is what we're gonna put in place. Helen, what do you recommend? What do you think? Is this a good choice or not? Is that something you would see that as an interaction between you and a CISO on that situation?

SPEAKER_02 25:36 

Yeah, definitely. That's something I think that's a question that we would love to help with. Like, hey, I'm trying to expand into this market or expand my supply chain or expand my production line in this part of the world. What do you think? Should I do it? I I want to do it. I think we're gonna do it, but how do I make it as list risky as possible are questions that we would definitely be willing to help with. And I think um, kind of circling back to your communication point earlier, it's unfortunate, but near misses of our own company or failures and misses of a peer company really resonate well with the board and leaders, right? And I think that's exactly why now is kind of what we're seeing as a time to bring geopolitical cyber risk offerings to a wider audience because a lot of people are seeing, oh, all these other companies are having their misses and we might have them here soon.

SPEAKER_01 26:27 

No, I I think it's great. Communication is everything. It truly is. And and unfortunately, so often we get people that are they they're even they talk in the same language. Let's just use English as an example. But yet I try to bring the thing home where most of the people on the board, in most cases, not all, have a very strong financial understanding of the business and how it runs. They don't understand cyber. Well, most of the folks that are cyber don't understand finances, and so there's a there's that miss right there. And now you add in intelligence, there's a definite potential risk for miss. Uh so I think bringing you all in as a consultant and as someone to help with the CISO make the case is an important part. So, no, I think it's awesome, really, really good. So, thank you so much for joining us today, Helen. It was amazing. And I learned a lot out of this conversation. It is absolutely stunning. I love it. If any of you are interested in geocyber risk, please reach out to Helen at Helen H E L E N dot L E E at Nextpeak.net. And you can reach out to her at any point in time. And if there's any other services you have with Next Peak, please feel free to reach out to Helen or even myself, and I can point you in the right direction. Again, thank you so much for listening, and we'll catch you all on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes. I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.