Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
All content for CyberCode Academy is the property of CyberCode Academy and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 2: Malware, Social Engineering, GRC, and Secure Development Practices
CyberCode Academy
11 minutes
1 week ago
Course 7 - Secure SDLC (Software Development Life Cycle) | Episode 2: Malware, Social Engineering, GRC, and Secure Development Practices
In this lesson, you’ll learn about: Security Awareness Training — Secure SDLC Phase 1 1. Security Awareness Training (SAT) Fundamentals
SAT is the education process that teaches employees and users about cybersecurity, IT best practices, and regulatory compliance.
Human error is the biggest factor in breaches: 95% of breaches are caused by human error.
SAT reduces human mistakes, protects sensitive PII, prevents data breaches, and engages developers, network teams, and business users.
Topics covered in SAT:
Password policy and secure authentication
PII management
Phishing and phone scams
Physical security
BYOD (Bring Your Own Device) threats
Public Wi-Fi protection
Training delivery methods:
New employee onboarding
Online self-paced modules
Club-based training portals
Interactive video training
Training with certification exams
2. Malware & Social Engineering Threats Malware Classifications
Virus: Infects other files by modifying legitimate hosts (the only malware that infects files).
Adware: Exposes users to unwanted or malicious advertising.
Rootkit: Grants stealthy, unauthorized access and hides its presence; may require OS reinstallation to remove.
Spyware: Logs keystrokes to steal passwords or intellectual property.
Ransomware: Encrypts data and demands cryptocurrency payments, usually spread via Trojans.
Trojans: Malicious programs disguised as legitimate files or software.
RAT (Remote Access Trojan): Allows long-term remote control of systems without the user’s knowledge.
Worms: Self-replicating malware that spreads without user action.
Keyloggers: Capture keystrokes to steal credentials or financial information.
Social Engineering Attacks
Social engineering = manipulating people to obtain confidential information. Attackers target trust because it is easier to exploit than software.
5 Common Types:
Phishing: Most common attack; uses fraudulent links, urgency, and fake messages.
93% of successful breaches start with phishing.
Baiting: Offers something attractive (free downloads/USBs) to trick users into installing malware or revealing credentials.
Pretexting: Creates a false scenario to build trust and steal information.
Distrust Attacks: Creates conflict or threatens exposure to extort money or access.
Tailgating/Piggybacking: Attacker physically follows an authorized employee into a restricted area.
Defense strategies include:
Understanding the difference between phishing and spear phishing.
Recognizing that 53% of all attacks are phishing-based.
Using 10 email verification steps, including:
Check sender display name
Look for spelling errors
Be skeptical of urgency/threats
Inspect URLs before clicking
3. Governance, Risk, and Compliance (GRC) GRC Components:
Governance: Board-level processes to lead the organization and achieve business goals.
Risk Management: Predicting, assessing, and managing uncertainty and security risks.
Compliance: Ensuring adherence to laws, regulations, and internal policies.
Key compliance frameworks:
HIPAA — Healthcare data protection
SOX — Corporate financial reporting integrity
FISMA — Federal information system standards
PCI-DSS — Secure cardholder data; employees must acknowledge...
CyberCode Academy
Welcome to CyberCode Academy — your audio classroom for Programming and Cybersecurity. 🎧 Each course is divided into a series of short, focused episodes that take you from beginner to advanced level — one lesson at a time. From Python and web development to ethical hacking and digital defense, our content transforms complex concepts into simple, engaging audio learning. Study anywhere, anytime — and level up your skills with CyberCode Academy. 🚀 Learn. Code. Secure.
