This episode focuses on containers and serverless workloads because modern payment environments often run on ephemeral infrastructure, and the ISA exam expects you to reason about control effectiveness even when there is no traditional server to “log into and check.” You’ll define containers and serverless in operational terms, then connect them to security responsibilities such as image hardening, dependency control, secrets management, runtime permissions, and logging visibility. We’ll cover common control points including container registries, image scanning, signed images, least-privilege execution, network policies, and identity-based access for serverless functions, with an emphasis on how these controls are proven through evidence. You’ll learn how failures occur, such as unscanned images pushed during emergencies, secrets embedded in environment variables, overly broad runtime roles, and missing audit logs for function invocations, then practice troubleshooting paths that restore control without blocking delivery. The goal is to make container and serverless security assessable, measurable, and aligned to PCI intent even in fast-moving production pipelines. Produced by BareMetalCyber.com, where you’ll find more cyber audio courses, books, and information to strengthen your educational path. Also, if you want to stay up to date with the latest news, visit DailyCyber.News for a newsletter you can use, and a daily podcast you can commute with.