Leadership Essentials -Security Leadership Essentials for Managers

What is Security Management?

• Make sense of different cybersecurity frameworks
• Understand and analyze risk
• Understand the pros and cons of different reporting relationships
• Manage and lead technical teams and projects
• Build a vulnerability management program
• Inject security into modern DevOps workflows
• Strategically leverage a SIEM
• Lead a Security Operations Center (SOC)
• Change behavior and build a security-aware culture
• Effectively manage security projects
• Enable modern security architectures and the cloud
• Build security engineering capabilities using automation and Infrastructure as Code (IaC)
• Get up to speed quickly on information security issues and terminology
• Establish a minimum standard of security knowledge, skills, and abilities
• Speak the same language as technical security professionals

Overview

The course starts with a tour of the information that effective security managers and leaders must know to function in the modern security environment. This includes an understanding of the different types of cybersecurity frameworks available to structure your security team and program. Risk is central to effective information security management, so we’ll discuss key risk concepts in order to lay the foundation for effective risk assessment and management. Security policy is a key tool that security managers use to manage risk. We’ll cover approaches to policy to help you plan and manage your policy process. Finally, we’ll discuss security functions, reporting relationships, and roles and responsibilities to give the advancing manager a view into effective security team and program structure.

Exercises

• Cyber42 Watt’s Warehouse Company Overview
• Calibration Lab
• Cyber42 Round 1 Initiative Selection
• Cyber42 Round 1 Event #1: Whither Watt’s Warehouse
• Cyber42 Round 1 Event #2: Institutionalizing Security
• Cyber42 Round 1 Event #3: Board Briefing

Topics

Security Frameworks

• Control, Program, and Risk Frameworks

Understanding Risk

• Risk Concepts
• Calibration
• Risk Assessment and Management

Security Policy

• Purpose of Policy
• Risk Appetite Statement
• Policy Planning
• Managing Policy

Program Structure

• Reporting Relationships
• Three Lines of Defense
• Roles and Responsibilities
• Security Functions

Overview

Section Two provides coverage of traditional and modern security architectures focused on technical topics. This includes a thorough discussion of network security that is modeled around the various layers of the network stack. As modern attacks are also focused on the computing devices we cover malware and attack examples along with corresponding host security controls for the endpoint and server. The cloud is a major initiative that many organizations is changing the way organizations operate and design their controls. To get ready for these initiatives, we provide an overview of Amazon Web Services (AWS) to serve as a reference point and discuss key cloud security issues. The cloud, the rise of mobile devices, and other factors are highlighting weaknesses in traditional, perimeter-oriented security architecture which leads into a discussion of the Zero Trust Model.

Exercises

• Cyber42 Round 1 Event #4: Network Security Implementation
• Cyber42 Round 1 Event #5: End User Security
• Cyber42 Round 1 Event #6: To Serve and Protect

Topics

1- Security Architecture Overview

• Models and Trends
• Security Architecture Frameworks
• Cyber Defense Matrix

2-Network Security

• Layer 1 and 2

  • Overview and Attacks

• Layer 3

  • VPNs and IPSec

• Layer 4

  • TCP and UDP

• Application Layer

  • Proxies, NGFW, IDS/IPS, NSM

3- Host Security

• Malware and Attack Examples

• Host Security Controls

  • EPP, EDR, HIDS/HIPS, FIM, Allowlisting, Sandboxing

4- Cloud Security

• Cloud Security Fundamentals
• AWS Security Reference Architecture
• AWS Overview
• Cloud Security Attack Example and Controls

• Cloud Security Tools

  • CSPM, CWPP, CASB

• Cloud Security Models

  • Cloud Security Alliance (CSA) Guidance, Well-Architected Frameworks, Cloud Apoption Frameworks

5- Zero Trust

• Principles and Best Practices
• Zero Trust Network Access (ZTNA)
• Variable Trust

Overview

Section Three focuses on security engineering best practices. This includes building an understanding of cryptography concepts, encryption algorithms, and applications of cryptography which are foundational elements of building any secure system. Since encrypting data alone is not sufficient, we discuss the distinction between privacy and security to give managers a primer on key privacy concepts. Managers must also be knowledgeable about software development processes, issues, and application vulnerabilities. We cover application security and leadin development processes built on DevSecOps. Current engineering approaches also include modern Infrastructure as Code (IaC) approaches and tools to automate consistent deployment of standard configurations.

Exercises

• Cyber42 Round 2 Initiative Selection
• Cyber42 Round 2 Event #7: Industry Breach
• Cyber42 Round 2 Event #8: Shadow IT
• Cyber42 Round 2 Event #9: Security Misconfiguration
• Cyber42 Round 2 Event #10: Miracle on DevOps Way

Topics

1-Security Engineering

• Overview

2-Data Protection

• Cryptography Concepts

  • Confidentiality, Integrity, Authentication, Non-Repudiation

• Encryption Algorithms

  • Symmetric, Asymmetric, Key Exchange, Hashing, Digital Signature

• Encryption Applications

  • TLS, PKI, Blockchain, Quantum

3-Privacy Primer

• Privacy and Security
• Requirements and Regulations

Privacy Engineering

Module4: Security Management & Leadership

Overview

Section Four covers what managers need to know about leading security initiatives. Every security leader should know how to build a vulnerability management program and the associated process to successfully find and fix vulnerabilities. Additionally, security awareness is a huge component of any security program that helps drive activities to change human behavior and create a more risk-aware and security-aware culture. To implement new initiatives, security leaders must also develop negotiation skills and conduct thorough analysist of vendors. Finally, for any project or initiative, security leaders must also be able to drive effective project execution. Having a well-grounded understanding of the management and leadership practices makes it easier to move your projects forward.

Exercises

• Cyber42 Round 3 Initiative Selection
• Cyber42 Round 3 Event #11: Patching Problems
• Cyber42 Round 3 Event #12: Let It Be Known!
• Cyber42 Round 3 Event #13: Tough Negotiations
• Cyber42 Round 3 Event #14: Managing Resistance

Topics

1-Vulnerability Management

• PIACT Process

• Prioritizing Vulnerabilities

  • Common Vulnerability Scoring System (CVSS)
• Finding and Fixing Vulnerabilities
• Communicating and Managing Vulnerabilities

2-Security Awareness

• Maturity Model
• Human Risks

3-Negotiations Primer

• Negotiations Strategies

4-Vendor Analysis

• Product Analysis and Selection
• Analytical Hierachy Process (AHP)

5-Managing and Leading Teams

• Managing Projects
• Leading Teams
• Going From Good to Great

Overview

Section Five focuses on detection and response capabilities. This includes gaining appropriate visibility via logging, monitoring, and strategic thinking about a security information and event management (SIEM) system. Once implemented, the logs in a SIEM are a core component of any Security Operations Center (SOC). We’ll discuss the key functions of a SOC along with how to manage and organize your organization’s security operations. The incident response process is discussed in relation to identifying, containing, eradicating, and recovering from security incidents. This leads into a discussion of longer-term business continuity planning and disaster recovery. Managers must also understand physical security controls that, when not implemented appropriately, can cause technical security controls to fail or be bypassed.

Exercises

• Cyber42 Round 4 Initiative Selection
• Cyber42 Round 4 Event #15: New Guy in Town
• Cyber42 Round 4 Event #16: Cost Cutting
• Cyber42 Round 4 Event #17: Ransomware Response
• Cyber42 Round 4 Event #18: Opportunity Knocks

Topics

1-Logging and Monitoring

• SIEM Deployment Best Practices

2- Security Operations Center (SOC)

• SOC Functional Components
• Models and Structure
• Tiered vs. Tierless SOCs
• Managing and Organizing a SOC

3-Incident Handling

• PICERL Process
• Incident Handling Lifecycle

4-Contingency Planning

• Business Continuity Planning (BCP)
• Disaster Recovery (DR)

5-Physical Security

• Issues and Controls

Prerequisites