ISS TRAINING CLASSES (Monday & Tuesday, October 21-22)

The CCSK gives a broad overview of cloud security and allows learners to gain critical insights into issues such as data security, key management, and identity and access management.

1. Cloud Computing Concepts
2. Governance & Enterprise Risk Management
3. Legal Issues: Contracts and Electronic Discovery
4. Compliance & Audit Management
5. Information Governance
6. Management Plane & Business Continuity
7. Infrastructure Security
8. Virtualization & Containers
9. Incident Response
10. Application Security
11. Data Security & Encryption
12. Identity Entitlement and Access Management
13. Security as a Service
14. Related Technologies
15. CCM
16. ENISA

(Includes CCSK examination Token for 2 attempts)

Topics covered include:
-Overview of ESA as a practice and discipline.
-Security Architecture in the Cloud
-Guiding Principles to Design with Security
– Examine Zero-Trust Architecture& Modern Use Cases
-Q&A

Target Audience: IT & Cybersecurity Strategists, Enterprise and Enterprise Security Architects (current or aspiring), and Cloud practitioners.

Learning Objectives:
-Provide a foundational understanding of Enterprise Security Architecture as a discipline.
-Draw the correlations between Security Architecture and Cloud Implementations (challenges and opportunities).
-Provide the audience with real-world examples of how to secure Cloud integrations.
-Learn the Top 5 considerations for ESA concepts in the Cloud.
-Examine a Zero-Trust roadmap and architecture(s)

Audience: Intermediate, to Advanced

ISS has updated and resurrected their CERP certification training.  This 2-day course is designed to provide participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs based on the principles of BS 65000 and ISO 22301 as well as other supporting industry standards. The course covers the essential aspects of resiliency planning and management, including risk assessment, measuring business impact, building a response, and recovery strategy.

The program is delivered in an interactive and engaging format that combines instructor-led training, case studies, group discussions, and practical exercises. The course also includes a comprehensive workbook study that tests participants’ knowledge and skills, and successful completion of the workbook leads to certification as a CERP.

Who is this course for?
The CERP course is suitable for professionals involved in developing and implementing resiliency programs in organizations of all sizes and types.

Learning Objectives:
Upon completing the course, participants will be able to:

1. Understand the fundamental principles and concepts of enterprise resiliency management.
2. Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities to an organization’s operations.
3. Develop and implement a business impact analysis to identify critical business functions and their dependencies.
4. Develop and implement a response strategy to manage and respond to disruptive events.
5. Discussions of best practices on the planning to restoring of critical business functions and operations.
6. Establish a resiliency program framework and governance structure to ensure continuous improvement and effectiveness.
7. Understand the importance of effective communication, training, and awareness in resiliency management.
8. Understand the role of standards such as BS 65000 and ISO 22301 in resiliency management and certification.  All attendees will be provided access to BS 65000, ISO22301 and ISO27002 standards for 1 year after the class. 

The CERP course equips participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs, ensuring organizations can effectively respond to disruptive events and quickly recover critical business functions.

Note for people who want to be a CERP Trainer:  Attending a CERP training class and completing the class workbook is one of the prerequisites to becoming an approved trainer.  If you want to be a CERP Trainer, attending this class will meet your training class requirement.  If you have any questions, contact cso@informationsecuritysummit.org.

AI is revolutionizing SOCs by utilizing AI on EDR data stitched together with cloud and network data, to provide analysts with a less noise, more efficient automation, and an optimized workflow.

This course is designed to provide the students with hands-on experience in behavioral threat hunting. This includes covering common models and how they relate to threat hunting, how to operationalize an intel report focusing on tactics, techniques, and procedures (TTPs), how to leverage intelligence to initiate and conduct a hunt, data pivoting from initial query to results, proper documentation techniques to compile and organize findings in a repeatable manner. The culmination of this process will be a series of simulated attack chains using real world adversary TTPs, that we like to call the crawl phase. The crawl phase will provide students with the opportunity to go hands-on with the data in a step-by-step hunting tutorial. This practical session will allow students to experience threat hunting in a structured and controlled manner, and allow them to practice the topics that were covered.

Students will be required to bring a laptop that meets these requirements: OS: Windows/OSX/Linux Memory: 8 GB RAM CPU: 4 cores Free Space: 50 GB Recommended Browser(s): Google Chrome / Microsoft Edge Virtual Box already installed on their machine. Other recommended applications: A way to view a pdf. A way to view and edit an Excel type document. As an optional requirement, if the student would want to leverage the Hunter platform before, during, or after the training, they would have to register for a community account well before the training.

Consulting Strategies for Cybersecurity is a ½ day course that tackles the engagement aspects of technical consultants within the Cyber Risk landscape. The student/consultant will learn adaptable strategies to relate to their consumers while intently managing the customer’s expectations, perceptions, and outlook on the Cybersecurity professional. Successful consultants will be well-armed with knowledge of political insights, as well as the technical expertise to provide world-class solutions and outcomes.

Topics covered include:
a. Philosophy of a Consultant
b. Consultant Skills
c. Political IQ – PQ
d. Mastering Work product
e. Q&A

Target Audience: Cybersecurity Strategists and Practitioners, Consultants (IT/Cybersecurity – current & aspiring, and Cybersecurity Managers/leadership.

Learning Objectives:
-Provide a foundational understanding of the role/challenges of a Consultant (IT/CS).
-Add communication strategies to your Consultant tool belt.
-Enhance the student’s Political IQ & awareness, while learning coping strategies.
-Provide examples of world-class Cybersecurity work products, while educating on the importance of perception, brand, and reputation.

Audience:
Intermediate, to Advanced

Abstract:
According to a 2022 ISC2 study, worldwide “organizations are trying to fill the worldwide gap of 3.4 million cybersecurity workers” (ISC2, 2022).  Cybersecurity leaders and recruiters are working diligently to fill the gaps, and in some cases, continually fighting to maintain pace with malicious actors.  This presentation discusses methods to deal with filling cybersecurity sourcing voids while continuing to develop their internal resources to enhance their output and careers.  Without dedicated intervention, modern organizations will continue to struggle with attrition and empty employment slots.  The content will seek to address these considerations, along with the following topics:

-The role of the Hiring Manager
-Tools for interviewers and candidates.
-Cybersecurity Career Development principles.
-Professional groups and Mentoring. 

Topics covered include:
– Overview of Cybersecurity Staffing & Talent Challenges.
– Strategic Workforce Planning
– Strategic Talent – Practitioner’s View
– Mastering NIST NICE Framework

Target Audience: CISO/CxxO, IT Directors, Infosec Directors, Recruiters, and aspiring Cybersecurity candidates.

Learning Objectives:
-Provide context, and pragmatic tools for addressing Cybersecurity employment gaps.
– Start a journey of self-discovery, and skills development for performing as a Cybersecurity Expert
-A foundational understanding of career development for internal resources.
-Your role in giving back to the Cybersecurity Community through coaching and mentoring
-Understand the principles in Strategic Workforce Planning within Cybersecurity.
– Implementation level knowledge of implementing NIST NICE

Audience:
Intermediate, to Advanced