About
Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. This course empowers you to become an effective security leader and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to lead security teams and manage programs.
Leading Security Initiatives to Manage Information Risk
Take this course to learn the key elements of any modern security program. it covers a wide range of security topics across the entire security stack. Learn to quickly grasp critical information security issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations.
This course will help your organization:
- Develop leaders that know how to build a modern security program.
- Anticipate what security capabilities need to build to enable the business and mitigate threats
- Create higher performing security teams.
- Make sense of different cybersecurity frameworks
- Understand and analyze risk.
- Understand the pros and cons of different reporting relationships.
- Manage and lead technical teams and projects.
- Build a vulnerability management program.
- Inject security into modern DevOps workflows.
- Strategically leverage a SIEM
- Lead a Security Operations Center (SOC)
- Change behavior and build a security-aware culture.
- Effectively manage security projects
- Enable modern security architectures and the cloud.
- Build security engineering capabilities using automation and Infrastructure as Code (IaC)
- Get up to speed quickly on information security issues and terminology.
- Establish a minimum standard of security knowledge, skills, and abilities.
- Speak the same language as technical security professionals.
- Section 1 - Governance to plan your security program.
- Section 2 - Architecture to design your security capabilities.
- Section 3 - Engineering to build your security capabilities.
- Section 4 - Build and lead the team, process, and culture.
- Section 5 - Run operations to manage and mitigate attacks.
- Security Frameworks
- Control, Program, and Risk Frameworks
- Understanding Risk
- Risk Concepts
- Calibration
- Risk Assessment and Management
- Security Policy
- Purpose of Policy
- Risk Appetite Statement
- Policy Planning
- Managing Policy
- Program Structure
- Reporting Relationships
- Three Lines of Defense
- Roles and Responsibilities
- Security Functions
- Security Architecture Overview
- Models and Trends
- Security Architecture Frameworks
- Cyber Defense Matrix
- Network Security
- Layer 1 and 2
- Overview and Attacks
- Layer 3
- VPNs and IPSec
- Layer 4
- TCP and UDP
- Application Layer
- Proxies, NGFW, IDS/IPS, NSM
- Host Security
- Malware and Attack Examples
- Host Security Controls
- EPP, EDR, HIDS/HIPS, FIM, Allowlisting, Sandboxing
- Cloud Security
- Cloud Security Fundamentals
- AWS Security Reference Architecture
- AWS Overview
- Cloud Security Attack Example and Controls
- Cloud Security Tools
- CSPM, CWPP, CASB
- Cloud Security Models
- Cloud Security Alliance (CSA) Guidance, Well-Architected Frameworks, Cloud Apoption Frameworks
- Zero Trust
- Principles and Best Practices
- Zero Trust Network Access (ZTNA)
- Variable Trust
- Security Engineering
- Overview
- Data Protection
- Cryptography Concepts
- Confidentiality, Integrity, Authentication, Non-Repudiation
- Encryption Algorithms
- Symmetric, Asymmetric, Key Exchange, Hashing, Digital Signature
- Encryption Applications
- TLS, PKI, Blockchain, Quantum
- Privacy Primer
- Privacy and Security
- Requirements and Regulations
- Privacy Engineering
- Vulnerability Management
- PIACT Process
- Prioritizing Vulnerabilities
- Common Vulnerability Scoring System (CVSS)
- Finding and Fixing Vulnerabilities
- Communicating and Managing Vulnerabilities
- Security Awareness
- Maturity Model
- Human Risks
- Negotiations Primer
- Negotiations Strategies
- Vendor Analysis
- Product Analysis and Selection
- Analytical Hierachy Process (AHP)
- Managing and Leading Teams
- Managing Projects
- Leading Teams
- Going From Good to Great
- Logging and Monitoring
- SIEM Deployment Best Practices
- Security Operations Center (SOC)
- SOC Functional Components
- Models and Structure
- Tiered vs. Tierless SOCs
- Managing and Organizing a SOC
- Incident Handling
- PICERL Process
- Incident Handling Lifecycle
- Contingency Planning
- Business Continuity Planning (BCP)
- Disaster Recovery (DR)
- Physical Security
- Issues and Controls
Training Methodology
Pathways Training and consulting adopts the newest techniques of human resources Training and consulting and, with the following:
- Theoretical lectures are delivered via PowerPoint and visual displays (videos and short films)
- Making scientific evaluation to the trainee (before and after)
- Brainstorming and role-playing
- Using case studies related to the scientific material being delivered and the trainees' work.
- The participants get the scientific and practical material printed and on CDs and Flash memories.
- Preparing records and reports of the participants' attendance and results, with a general evaluation of the training program.
- A group of the best trainers and experts in all fields and specialties professionally prepares the scientific material.
- After finishing the course, the participants get certificates of attendance signed, certified, and issued by pathways Training and consulting.
- Our training programs start at 9:00 o'clock in the morning and end at 2:00 in the afternoon, with snack buffet during the lectures.
- Providing a lunch buffet during the training program period, with organizing a lunch party on the training program final day for taking some photos and certificate awarding.
