The fastest way to get CISSP Certified. Join our bootcamp
Your vendor uses Salesforce. You don't manage it. You don't monitor it. You probably don't even know which employees at your vendor have access to your customer data.
And that's the problem.
June 2025. Hackers called a call center in Manila that managed Qantas's Salesforce platform. They pretended to be IT staff. They asked for system access. The call center employees, trained to be helpful, gave it to them.
5.7 million customer records stolen. When Qantas refused to pay the ransom, everything appeared on the dark web in October. Names, emails, phone numbers, frequent flyer details. Everything needed for targeted phishing campaigns against millions of customers.
The breach didn't happen at Qantas. It happened at a vendor Qantas trusted with their customer data.
Qantas had security controls. They had vendor assessments. They knew they used Salesforce for customer service.
What they didn't have: visibility into who at that Manila call center could grant system-level access. Monitoring of unusual access patterns in systems they don't own. Controls over how third-party employees verify identity before granting privileges.
The attack succeeded because your security controls stop at your perimeter. They don't extend into SaaS platforms your vendors manage. You can't monitor what you don't control. You can't detect threats in systems someone else operates.
This requires both cloud security knowledge and vendor risk management.
CCSP teaches cloud security for platforms you don't directly manage. How do you assess cloud service providers? How do you implement shared responsibility models? How do you configure access controls across SaaS environments your vendors operate?
Our CCSP bootcamp runs March 9-13, 2026.
CRISC teaches vendor risk management for relationships you can't fully control. How do you identify risks when vendors operate critical systems? How do you assess security posture you can't directly audit? How do you monitor continuously when annual questionnaires don't catch social engineering attacks at offshore call centers?
Our CRISC bootcamp runs February 23-26, 2026. This is our first public CRISC bootcamp, and we're offering $200 off as a launch discount.
The Qantas breach happened because attackers exploited both cloud infrastructure and vendor management gaps. You need both skill sets.
Stay secure,
The DestCert Team
The Fastest Path to Risk Management Certification (CRISC)
Master Enterprise Risk Management and Lead Risk Initiatives in Your Organization. We’ve designed this bootcamp for cybersecurity professionals ready to move into risk management leadership.
The Easiest Way to Pass Your Advanced in AI Security Management (AAISM) Exam
Master AI Security Leadership. We’ve designed this bootcamp for cybersecurity professionals ready to take their expertise into the AI era. You’ll master practical frameworks for securing real-world AI systems and earn the certification that proves you’re ahead of the curve.
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Data Center Design Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into data center design.
It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with data centers.