Professional Documents
Culture Documents
Manage information risk by implementing security capabilities Build a vulnerability management program
V U L N E R A B I L I T Y M A N AG E M E N T
• Security Program Structure • Program Frameworks (NIST CSF, ISO 27001) • Asset Management • Vulnerability Management • Vulnerability scanning
• Control Frameworks • Risk Frameworks (NIST 800-39, 800-37, 800-30) Governance Model architecture and design
(NIST 800-53, CIS Controls, CMMC) • Threat Frameworks (Kill Chain, MITRE ATT&CK)
Analyze and prioritize vulnerabilities
Lead modern security initiatives and technologies • CVSS severity scores • Leverage asset context • STIX, TAXII, STAXX
TECHNOLOGY
and ratings • Root cause analysis
• Security Architecture • Vulnerability Management Maturity Model
CISO Scorecard
• Zero Trust Model • Security Awareness Maturity Model
• Cloud Security Maturity Model • Negotiation Strategies Report and communicate vulnerability data
• Metrics Hierarchy • Define reporting frequency
Version 1.1 Structure your security program and team
AND • Roles and Responsibilities • Security Reporting Relationships Treat and remediate vulnerabilities to manage risk
• Guiding Principles • Three Lines of Defense Model • PIACT Process • Automated patch • Hardening and configuration
Cloud Security Maturity Model • How to Prioritize Work • RACI Matrix management guidance and templates
Build business enabling security capabilities Build relationships and processes to make vulnerability management fun
Coming Soon! • Product Security • Mobile Security
MGT
• Relationship Map • Define incentives, set goals,
hold challenges, reward effort
MGT
516
• Cloud Security • Emerging Technologies 5 DAYS
Get buy-in from all levels of the organization Measure effectiveness of security controls
• Mission and Vision • Stakeholder Management • Power/Interest Grid • Measures and metrics for the CIS • Root cause analysis
S E C U R I T Y CO N T RO L S
Statements Controls • Vulnerability scanning
• CIS-CAT to audit configurations • Red Team exercises & penetration testing
Craft effective presentations for senior leadership
ST R AT E G Y
• WIIFM approach • Maturity Models Manage projects, programs, and initiatives to successful completion
512 516 • Conduct critical legal analysis • Case studies on policy, privacy, MGT
• Configuring Graphite and
loading data
• Building tactical reports directly from acquired
data using pivot tables and graphs
S E C U R I T Y O P E R AT I O N S
• ADKAR Model • Kotter’s 8 Steps • Satir Model
Improve effectiveness and impact of security initiatives Lead incident response planning and execution
MGT Security Strategic Planning, SEC Implementing and Auditing
C U LT U R E
514 Policy, and Leadership | GSTRT 566 CIS Critical Controls | GCCC • Curse of Knowledge • Kirkpatrick Evaluation • System 1 vs. System 2 • RE&CT Framework • Hardening, Telemetry, • Plan activities
5 DAYS Aligning security initiatives with strategy 5 DAYS Building and auditing Critical Security Controls Model Process, and Practice
• ADDIE Model • Choice Overload