The fastest way to get CISSP Certified. Join our bootcamp
For nearly two years, someone was quietly reading the emails of the agency responsible for supervising US national banks.
Not a single person inside noticed.
Attackers accessed over 100 email accounts and roughly 150,000 emails from May 2023 until they were detected and removed in early 2025. The Office of the Comptroller of the Currency — the regulator that tells banks how to stay secure — had been breached, and had no idea.
It wasn't an internal audit that caught it. Not a routine security review. It was Microsoft's security team that flagged the unusual network behavior and notified the OCC.
When the OCC investigated, what they found wasn't just a technical failure. The compromised emails contained highly sensitive information about the financial condition of federally regulated institutions — the kind of data used in examinations and supervisory oversight. The Acting Comptroller's statement didn't try to dress it up: "long-held organizational and structural deficiencies" had contributed to the incident.
Banks including JP Morgan and Bank of New York Mellon began scaling back electronic information sharing with the OCC. The regulator that had spent years auditing industry security practices now had to answer for its own.
Here's what makes this story worth paying attention to: the attackers didn't break through a firewall. They used an admin-level service account and sat there, undetected, for nearly two years. Every technical control in place was bypassed because nobody had designed the program to catch what the perimeter missed.
That's the gap CISSP trains you to close. Not just how to configure controls, but how to design the monitoring frameworks, access governance policies, and incident detection strategies that catch what the firewall doesn't. The organizations that recover from breaches are the ones with security leaders who think at that level. The ones that don't are the ones that find out from a vendor two years later.
If that's the kind of security leader you're working toward becoming, now's a good time to move. We're updating our prices on May 10—we've launched significant improvements to the program this year, including Summit, V2 of our learning system, and a dedicated web app, and the new pricing reflects that. Enroll before May 10 and save $200 on the Bootcamp, Essential, or Preferred— or $300 on Premier. The next Bootcamp runs May 25 to 30.
Enroll before May 10 and save $200
Best,
The DestCert Team
Free CISM MindMap: Strategy Development
We put together a free MindMap video covering the key concepts in Domain 1.3, a quick, clear way to get the big picture before you dive into studying. Free to watch, no strings attached. Plus you'll get downloadable audio files and printable PDFs.
The Easiest Way to Pass Your Advanced in AI Security Management (AAISM) Exam
Master AI Security Leadership. We’ve designed this bootcamp for cybersecurity professionals ready to take their expertise into the AI era. You’ll master practical frameworks for securing real-world AI systems and earn the certification that proves you’re ahead of the curve.
Prepare to Pass CCSP: Get the Right CCSP
APP
Studying for the CCSP? Big news! We’ve just added 1,000 brand-new questions to our CCSP Exam Prep App—giving you even more ways to test your knowledge and boost your confidence. Whether you're brushing up on cloud security concepts or getting serious about exam day, the updated app is packed with fresh content that reflects the latest exam trends. Study anytime, anywhere, and get one step closer to becoming CCSP certified.
Free CCSP Cloud Data Security and Encryption Mini MasterClass
If you’re interested in cloud security, check out our new FREE Mini MasterClass. It digs into cloud data security and encryption. It’s based on the CCSP certification requirements, but even if you’re not thinking of getting certified, what you learn is very useful in practice if you ever need to deal with cloud data security.