​The Certificate of Cloud Security Knowledge (CCSK V5 ) includes:

Domain 1: Cloud Computing Concepts & Architectures Describes and defines cloud computing, sets baseline terminology, and details the overall controls, deployment, and architectural models.
Domain 2: Cloud Governance Focuses on cloud governance with an emphasis on the role of security and how enterprise governance helps align the strategic, tactical, and operational capabilities of information and technology with the business objectives.
Domain 3: Risk, Audit, & Compliance Focuses on cloud security, risk, audit, and compliance, including evaluating cloud service providers and establishing cloud risk registries.
Domain 4: Organization Management Focuses on managing your entire cloud footprint, including securing and validating service provider deployments.
Domain 5: Identity & Access Management Focuses primarily on IAM between an organization and cloud providers or between cloud providers and services.
Domain 6: Security Monitoring Presents unique security monitoring challenges and solutions for cloud environments, emphasizing the distinct aspects of cloud telemetry, management plane logs, service and resource logs, and the integration of advanced monitoring tools.
Domain 7: Infrastructure & Networking Focuses on managing the overall infrastructure footprint and network security, including the CSP’s infrastructure security responsibilities.
Domain 8: Cloud Workload Security Focuses on the related set of software and data units that are deployable on some type of infrastructure or platform.
Domain 9: Data Security Addresses the complexities of data security in the cloud, covering essential strategies, tools, and practices for protecting data in transit and at rest.
Domain 10: Application Security Focuses on the unique challenges and opportunities presented by application security in the cloud environment from the initial design phase to ongoing maintenance.
Domain 11: Incident Response & Resilience Focuses on identifying and explaining best practices for cloud incident response and resilience that security professionals may reference when developing their own incident plans and processes.
Domain 12: Related Technologies & Strategies Introduces the foundational concepts and focuses on developing a strategic cybersecurity approach to Zero Trust and Artificial Intelligence.

What is Included:
• ILT Course
• Exam Token (includes up to 2 attempts at the exam)
• Chatbot

The CCSK Exam is:
• Open-book, online exam
• 60 multiple choice questions
• 80% minimum passing score
• 120 minutes

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

This course offers an introduction to digital forensics, investigation, and response. Areas of study include procedures for investigating computer and cybercrime, and concepts for collecting, analyzing, recovering, and preserving forensic evidence. There will be 4 labs to provide students with intimate, hands-on experience learning Forensics.

Major Instructional Areas
1. Digital forensic investigations
2. Forensic environments and tools
3. Evidence collection and handling
4. Forensic reporting
5. Solving business challenges with forensic investigations

Course Objectives
1. Summarize the basic principles of computer forensics.
2. Summarize important laws regarding computer forensics.
3. Describe various computer crimes and how they are investigated.
4. Describe digital forensic methodologies and evidence handling techniques.
5. Outline the proper approach to collecting, seizing, and protecting evidence.
6. Explain techniques for hiding and scrambling information as well as how data is recovered.
7. Summarize various types of digital forensics.
8. Describe contingency planning and incident response.
9. Explain how to perform network packet analysis.
10. Identify technical and legal trends in digital forensics.

*** Please note: This course comes with a 90-day license to both the Digital Forensics eBook and their Cloud Access Labs.

<><><><><><><><><><><><><><><><><><>

This 2-day course is designed to provide participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs based on the principles of BS 65000 and ISO 22301 as well as other supporting industry standards. The course covers the essential aspects of resiliency planning and management, including risk assessment, measuring business impact, building a response, and recovery strategy.

The program is delivered in an interactive and engaging format that combines instructor-led training, case studies, group discussions, and practical exercises. The course also includes a comprehensive workbook study that tests participants’ knowledge and skills, and successful completion of the workbook leads to certification as a CERP.

Who is this course for?
The CERP course is suitable for professionals involved in developing and implementing resiliency programs in organizations of all sizes and types.

Learning Objectives:
Upon completing the course, participants will be able to:

1. Understand the fundamental principles and concepts of enterprise resiliency management.
2. Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities to an organization’s operations.
3. Develop and implement a business impact analysis to identify critical business functions and their dependencies.
4. Develop and implement a response strategy to manage and respond to disruptive events.
5. Discussions of best practices on the planning to restoring of critical business functions and operations.
6. Establish a resiliency program framework and governance structure to ensure continuous improvement and effectiveness.
7. Understand the importance of effective communication, training, and awareness in resiliency management.
8. Understand the role of standards such as BS 65000 and ISO 22301 in resiliency management and certification.  All attendees will be provided access to BS 65000, ISO22301 and ISO27002 standards for 1 year after the class.

The CERP course equips participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs, ensuring organizations can effectively respond to disruptive events and quickly recover critical business functions.

Note for people who want to be a CERP Trainer:  Attending a CERP training class and completing the class workbook is one of the prerequisites to becoming an approved trainer.  If you want to be a CERP Trainer, attending this class will meet your training class requirement.  If you have any questions, contact cso@informationsecuritysummit.org.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Training the Trainers is a comprehensive two-day workshop designed to transform technical experts into effective security education leaders. This hands-on course addresses the unique challenges of teaching technical security concepts, a field where traditional academic approaches often fall short. Participants learn how to develop compelling curriculum using the “Teach-Show-Do” methodology, balancing theory with practical exercises that simulate real-world scenarios.

The course covers critical aspects of modern security training, including effective use of open-source, intentionally vulnerable platforms as well as real world, off-the-shelf technologies like Active Directory for hands-on learning. Participants explore the strategic integration of GenAI tools for content development, while maintaining educational integrity. Special attention is given to creating scalable exercises that work across different delivery methods – from intimate 5-person sessions to large 50+ person seminars.

Beyond content creation, the course delves into crucial aspects of delivery and engagement, including remote vs. in-person instruction techniques, classroom management strategies, and methods for measuring learning outcomes. Participants engage in practical exercises like building network security labs, crafting effective slides, and developing instructor guides. The curriculum emphasizes the importance of continuous feedback and iteration, teaching participants how to evaluate and improve their training programs over time.

Designed for senior engineers, technical educators, and internal training teams, participants leave with a complete framework for developing their own security training programs, including course templates, exercise examples, and practical tools for immediate implementation in addition to a fully formed framework for an 8-hour class in introductory penetration testing. With a focus on creating engaging, hands-on content that adapts to evolving security landscapes, this course provides the foundation needed to build and deliver impactful security training programs.

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Enterprise Security Architecture (ESA) is an architectural discipline related to aligning Information Security (Infosec) efforts to the highest priority risk and business objectives.  Some of the most significant challenges facing securing an organization, as well as designing for the future, is the ability to design Cloud solutions with Cybersecurity as a ‘front-of-mind’ concept.  Thematically, Cloud Security Principles have emerged to aid organizations to align their focus on security controls and posture, while enabling the business for speed and success.  This presentation outlines the architect’s view of optimizing and organizing ESA strategy for Cloud implementations while outlining the most important concepts to monitor along the way.

Topics covered include:
-Overview of ESA as a practice and discipline.
-Security Architecture in the Cloud
-Guiding Principles to Design with Security
– Examine Zero-Trust Architecture& Modern Use Cases
-Q&A

Target Audience: IT & Cybersecurity Strategists, Enterprise and Enterprise Security Architects (current or aspiring), and Cloud practitioners.

Learning Objectives:
-Provide a foundational understanding of Enterprise Security Architecture as a discipline.
-Draw the correlations between Security Architecture and Cloud Implementations (challenges and opportunities).
-Provide the audience with real-world examples of how to secure Cloud integrations.
-Learn the Top 5 considerations for ESA concepts in the Cloud.
-Examine a Zero-Trust roadmap and architecture(s)

Audience: Intermediate, to Advanced

<><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>

Consulting Strategies for Cybersecurity is a ½ day course that tackles the engagement aspects of technical consultants within the Cyber Risk landscape. The student/consultant will learn adaptable strategies to relate to their consumers while intently managing the customer’s expectations, perceptions, and outlook on the Cybersecurity professional. Successful consultants will be well-armed with knowledge of political insights, as well as the technical expertise to provide world-class solutions and outcomes.

Topics covered include:
a. Philosophy of a Consultant
b. Consultant Skills
c. Political IQ – PQ
d. Mastering Work product
e. Q&A

Target Audience: Cybersecurity Strategists and Practitioners, Consultants (IT/Cybersecurity – current & aspiring, and Cybersecurity Managers/leadership.

Learning Objectives:
-Provide a foundational understanding of the role/challenges of a Consultant (IT/CS).
-Add communication strategies to your Consultant tool belt.
-Enhance the student’s Political IQ & awareness, while learning coping strategies.
-Provide examples of world-class Cybersecurity work products, while educating on the importance of perception, brand, and reputation.

Audience:
Intermediate, to Advanced