Cyber Intelligence 4U
Program and Course Offerings 2019-2020

This course was created based upon three years of research with the Fortune 1000 and cyber insurance companies. This course is about thought leadership and critical thinking. Build on concepts from the cyber insurance industry and standard risk management methodologies – primarily ROLF (reputational, operational, legal and financial) analysis.

This is a course about business impacts. The best cyber risk managers have a good technical understanding, and need to have a well-rounded solid skill set of core business acumen in terms of analytic, critical thinking focused on cyber risk and are excellent communicators and writers. This course operates on an assumption of breach model and not on statistics from taxonomies or other non-dynamic methods. It is based on the inside-inside digital asset relationships, values and the interplay of cyber security controls that make cyber risk such a fascinating topic. It is delivered in a practical manner and uses solid business impact analysis and cyber tool information to derive data.

Most of today’s cyber risk models like Factor Analysis of Information Risk (FAIR) use only control maturities, which provide very limited and superficial metrics. Cyber loss is multi-faceted, digitally based and is amplified by multiple factors including reputation, operational and legal impacts. Like all methodologies it must be tweaked and fine-tuned to each organization, their goals, and limitations.

Many of the methodologies today are too high level and overly complex. There is too much governance, risk and compliance (GRC) thinking and not enough digital asset thinking. Most are qualitative, and few are quantitative. These produce less meaningful metrics that don’t allow for pivoting and a deep dive into cyber resilience.

Quantitative and qualitative cyber risk analytics must be balanced to allow critical thinking to emerge. Cyber can act one way from a compliance perspective, one way from a risk perspective and another from a governance perspective. The three must be balanced in context to organizational goals. Are you going to IPO, grow organically or through acquisition? Each goal (perspective) would have to look at cyber in a different light. This course focuses on cyber risk management at the digital asset level which allows organizations to answer the top 10 questions that the board should be asking about their cybersecurity resiliency.


Our risk modeling can provide companies with the following thought leadership including:
  • What are our most valuable digital assets?
  • Where do these digital assets reside, who owns them, how are they categorized and compare to each other in terms of cyber risk?
  • What relationships do we have with vendors associated to these assets?
  • How well are we protected against a cyberattack?
  • What is our cyber resiliency and how do we increase it?
  • Do we have enough cyber budget?
  • Do we have enough resources and how do we prioritize them?
  • How effective are our cyber controls?
  • Do we have enough cyber insurance?
  • We are planning to sell the company, how does our cyber resiliency impact our acquisition price?
* This course requires the book ‘Managing Cyber Risk’ by Ariel Evans, CEO of Cyber Innovative Technologies – a premiere cyber risk software company.

Enterprise Cybersecurity Course Modules

Course Time Delivery Level Roles Pg.
ENT501: The Evolution of Cyber Security 4h In-person/Online F BM, CEO, CISO, CM, DPO, R, V, A 8
ENT502: Why Cyber Risk 4h In-person/Online F BM, CEO, CISO, CRO, CM, DPO, R, V, A 9
ENT503: Cybersecurity Basics 4h In-person/Online F BM, CEO, CISO, CRO, CM, DPO, R, V, A 10
ENT504: Cybersecurity Roles 4h In-person/Online F BM, CEO, CISO, CRO, CM, DPO, R, V, A 11
ENT505: Cybersecurity Regulation 4h In-person/Online F BM, CEO, CISO, CRO, CM, DPO, R, V, A 12
ENT506: Cybersecurity Risk Management 8h In-person/Online F BM, CEO, CISO, CRO, CM, DPO, R, V, A 13
ENT507: Cyber Risk Management Use Cases 8h In-person/Online A BM, CEO, CISO, CRO, CM, DPO, R, V, A 14
ENT508: Cybersecurity Frameworks 8h In-person/Online A CEO, CISO, CM, DPO, R, V, A 15
EXEC509: Cybersecurity Strategy 8h In-person/Online A BM, CEO, CISO, CRO, CM, DPO, R, V, A 16
ENT510: Cyber Vendor Risk Management 8h In-person/Online A CISO, Vendor, Executives responsible 17
ENT511: Cyber Insurance 4h In-person/Online A BM, CEO, CISO, CM, DPO, R, V, A 18
ENT512: Breach Response and Table Top 8h In-person/Online F BM, CEO, CISO, CM, DPO, R, V, A 19
ENT513: Cyber Forensics 4h In-person/Online F BM, CEO, CISO, CM, DPO, R, V, A 20
ENT514: Innovative Cyber Risk 4h In-person/Online A CIO, CISO, BADM 21
ENT515: Cloud Security 1d In-person/Online F CDM 22
ENT516: Mobile Security 1d In-person/Online F MDM 23
ENT517: Cyber M&A 4h In-person/Online A BM, CEO, CISO, CFO, A, Legal Team 24
ENT518: Cyber Audit 4h In-person/Online F BM, CEO, CISO, CM, DPO, R, V, A 25
ENT519: GDPR 8h In-person/Online A GDPR Related 26
ENT520: NYSDFS Part 500 4h In-person/Online A BM, CEO, CISO, CRO, CM, DPO, R, V, A 27
ENT521: Privacy Regulations (Coming Q4 19) 4h In-person/Online A BM, CEO, CISO, CRO, CM, DPO, R, V, A 28

Intensive Executive Course Modules

Our 3-hour Intensive Executive Course is intended for C-Level executives to gain deeper knowledge on a variety of cyber topics in a short amount of time. Clients will choose to focus the 3-hour course on 2-3 specific areas that most applies to their current cybersecurity concerns. We find that many of our clients choose to focus on Cyber Insurance in order to learn more about how much to buy, exceptions, and the different types of policies available. Other organizations are more interested in Mergers and Acquisitions and the financial exposures, from the cyber perspective, related to acquisitions. Additionally, we offer programs on Tool ROI, Vendor Risk, Cyber Budgeting, and Resource Prioritization from a cyber perspective. We deliver the course in-person in order to respond to specific focused questions from participants regarding the way their organization currently is operating vs. best practices.

Course Time Delivery Level Roles Pg.
EXEC400: Cyber Insurance Quantification 1h In-person A C-Level Executives 30
EXEC401: Vendor Insurance Quantification 1h In-person A C-Level Executives 31
EXEC402: Mergers & Acquisition 1h In-person A C-Level Executives 32
EXEC403: Tool ROI 1h In-person A C-Level Executives 33
EXEC404: Cyber Budgeting 1h In-person A C-Level Executives 34
EXEC405: Resource Management 1h In-person A C-Level Executives 35

Role Based 2 Day Specialty Intensive Modules

We offer the most up to date role-based training in cloud, mobile, and vendor. Offered at both foundational and advanced level classes.


Cloud Security Best Practices

In 2021, 60% of an organization’s infrastructure will be in the Cloud. Cloud Computing provides on-demand work access to a shared pool of computing capabilities or resources that can be provisioned rapidly with minimal management effort. Benefits to cloud are well documented.

This course provides focused learnings on cloud infrastructure, best practices for security architects, security issues encountered, cloud security controls to mitigate risk, and frameworks used with a focus on the Cloud Security Alliance matrix.

The course is designed for SecDevOps, Security Architects, and Developers to guide them in exploring best practices in secure software development and design principles, pitfalls of design, industry standards, regulatory compliance Prerequisites for the cloud that must be baked into the design process, implementation, delivery, and risk management of secure cloud services.

This course reviews security characteristics of the leading cloud service providers, and the deep technology aspects of secure cloud architecture, development and support.



Course Time Delivery Level Roles Pg.
CLD401: Cloud Security 1d In-person/Online F CISO and security personnel 37
CLD402: Cloud Security-02 1d In-person/Online A CISO and security personnel 38



Mobile Security Best Practices

Cybersecurity is the #1 business issue, eclipsing M&A and environment issues in 2018. There were many high-profile data breaches affecting retailers, banking and credit rating companies. Largely absent from the headlines were compromises directly attributed to the vulnerability of a mobile device—such as a smartphone, tablet, laptop or connected device. According to the Verizon Mobile Security Report, they found that the number of companies admitting that they'd suffered a compromise in which a mobile device played a role went up—from 27% in the 2018 report to 33% in 2019.

Attackers are adapting to the millennial mobile-centric world and expanding their arsenals. Couple that with the fact that most mobile devices have access to the same crown jewel data as those using fixed connections. This means that the compromise of a mobile device can now be just as great a risk to your customer data, intellectual property and core systems.

This course provides focused learnings on mobile infrastructure, best practices for security architects, security issues encountered, mobile security controls to mitigate risk and frameworks.

The course is designed for SecDevOps, Security Architects and Developers to guide them in exploring best practices in secure software development and design principles, pitfalls of design, industry standards, regulatory compliance prerequisites for the mobile that must be baked into the design process, implementation, delivery, and risk management of secure mobile services. This course reviews security characteristics of the leading mobile service providers, and the deep technology aspects of secure mobile architecture, development and support.

Course Time Delivery Level Roles Pg.
MBL401: Mobile Security 1d In-person/Online F CISO and security personnel 40
MBL402: Mobile Security-02 1d In-person/Online A CISO and security personnel 41


Vendor Risk Best Practices

Cybersecurity is the #1 business issue, eclipsing M&A and environment issues in 2018. Cybersecurity starts with the concept of baking security in. This course provides focused learnings on best practices for security architects, security issues encountered, security controls to mitigate risk and frameworks. The course is designed for Security Architects to guide them in exploring best practices in secure software development and design principles, pitfalls of design, industry standards, regulatory compliance prerequisites for the mobile that must be baked into the design process, implementation, delivery, and risk management.

Course Time Delivery Level Roles Pg.
VCR401: Vendor Cyber Risk 1d In-person/Online F CISO, CRO, RA, VRM 43
VCR402: Vendor Cyber Risk-02 1d In-person/Online A CISO, CRO, RA, VRM 44

Gamified Offensive and Defensive Cybersecurity Challenges on Escalate Platform


Escalate®’s cyber skills training platform is designed specifically for cybersecurity workforce-enhancing training. Escalate® provides metric based reporting to monitor cybersecurity training programs. Designed by former NSA cyber-threat specialists, Escalate® provides gamified training that cultivates cybersecurity talent in a series of applied and increasingly complex challenges.


Outcomes
Students will be in a continuous learning mode. Managers will be able to assess staff weaknesses, identify hiring needs, and find hidden cybersecurity talent in their organization.

Features
Escalate® provides best of breed training for cybersecurity teams. Escalate® is proven immersive ecosystem that delivers gamified cyber skills modules with an online community of mentors.

Product features include:

  • 98 challenges (and growing) broken into 6 main topics (foundations, networks, reverse engineering, exploitation, malware development and malware) and 17 associated sub-modules. IOT & Scada Modules In Development.
  • Live mentor coaching
  • Community chat rooms
  • Detailed reporting
  • 24-7 access
  • Secure cloud based
  • Customized competitions
  • No experience necessary


Use cases:

  • Provides a continuous cybersecurity learnings environment
  • Identification of skills gaps and hiring needs
  • Assess and remediate cybersecurity staff weaknesses
  • Uncover hidden cybersecurity talent in their organization
  • Run inter and intra-company cybersecurity competitions
  • Provides pre-hire screening assessments


Course Time Delivery Level Roles Pg.
SecDevOpsE01: Capture The Flag 3d Online A Devs, QAT, SecDevOps, Security Architects 46
SecDevOpsE02: All Against All 3d In-Person A Devs, QAT, SecDevOps, Security Architects 47
SecDevOpsE03: IDS Tuning 8h In-person/Online A Devs, QAT, SecDevOps, Security Architects 49
SecDevOpsE04: Remote Files & Vulnerabilities 8h In-person/Online A Devs, QAT, SecDevOps, Security Architects 50
SecDevOpsE05: NIST-NICE Role Cyber Challenges 30d Online/Mentor A Devs, QAT, SecDevOps, Security Architects 52
SecDevOpsE06: Challenge Based Learning-98 gamified offerings 6m Online/Mentor A Devs, QAT, SecDevOps, Security Architects 53

6 Month Offensive Cybersecurity Professional Program Modules


Our technical program provides cyber security training and workforce enhancement training for individuals to be certified as an Offensive Security Certified Professional (OCSP) or to significantly augment their current cyber security skill level.

We teach a gamified program that has been designed by premier security experts formerly with the National Security Agency (NSA). We provide hands-on learning with live machines in a safe lab environment. The offering cultivates an unparalleled level of student readiness and allows you to be associated with the gold standard in cyber talent. Our shift program allows you to identify internal resources that have aptitude in cyber and analytics and allows them to shift into cybersecurity seamlessly.

Course Time Delivery Level Roles Pg.
OCSPE01: Introduction to Reverse Engineering 30d In-person/Online F 55
OCSPE02: Linux Exploitation 30d In-person/Online F 56
OCSPE03: Implant Development 30d In-person/Online F 57
OCSPE04: Disk Forensics 30d In-person/Online A 58
OCSPE05: Defensive Hunting 30d In-person/Online A 59
OCSPE06: OSCP Study & Exam 30d In-person/Online A 60

Cybersecurity Selling Program Modules

We offer a 4-Day intensive in-person OR a 4-month online Cybersecurity Selling program to ensure employees can confidently assess customer needs, present their cybersecurity solutions in context to customer needs, and sell products to potential clients. Cybersecurity is complex topic. Organizations vary in terms of their cybersecurity maturity. Selling to each organization requires a clear understanding of this maturity. You cannot teach a new algebra student calculus. We have done three years of research to map cybersecurity needs to organizational maturities. This course is based on that research.

Our approach is to gain trusted advisor status with your clients. The ability to elevate the conversation is critical to establishing trust with the client. We start with building the foundational knowledge to have a cyber conversation and cover terminology, breaches, trends and other valuable client-based information. Your cybersecurity sales teams are most effective when they can position a solution that meets the clients most urgent need. Our cybersecurity selling offering allows them the ability to “meet your client where they are” and not push a solution that has no real relevance at this point in time.

Through our customized product role play, students can practice and prepare a practical approach when dealing with clients that ensures sales opportunities. The four modules in the program are designed to equip students with the ability to successfully and confidently advise clients on the best fitting cybersecurity offerings available, according to their maturity and needs. Our five modules put your salespeople in a new position in terms of cybersecurity conversations with customers.

The Modules include:

  • Evolution of cyber
  • Cyber security basics
  • Cybersecurity tools
  • Security selling = Maturity selling
  • Cybersecurity selling role play


Course Time Delivery Level Roles Pg.
CSP01: Evolution of Cyber 1d In-person/Online F Sales Specialists, Open to all 62
CSP02: Cybersecurity Basics 1d In-person/Online F Sales Specialists, Open to all 63
CSP03: Cybersecurity Tools 1d In-person/Online A Sales Specialists, Open to all 64
CSP04: Security Selling 1d In-person/Online A Sales Specialists, Open to all 65
CSP05: Role Playing 1d In-person/Online A Sales Specialists, Open to all 66