Skip to main content
Code Set in Security Management

Code Set in Security Management

$249.00
Who trusts this:
Trusted by professionals in 160+ countries
When you get access:
Course access is prepared after purchase and delivered via email
Toolkit Included:
Includes a practical, ready-to-use toolkit containing implementation templates, worksheets, checklists, and decision-support materials used to accelerate real-world application and reduce setup time.
Your guarantee:
30-day money-back guarantee — no questions asked
How you learn:
Self-paced • Lifetime updates
Adding to cart… The item has been added

This curriculum spans the technical, procedural, and coordination challenges seen in multi-workshop security programs across global enterprises, reflecting the sustained effort required to align governance, development, cloud operations, and third-party risk management with real-world organisational constraints and cross-functional workflows.

Module 1: Security Governance and Risk Assessment Frameworks

  • Establishing board-level risk appetite statements that align with regulatory obligations in multi-jurisdictional operations.
  • Selecting and tailoring ISO 27001 or NIST CSF controls based on organizational maturity and audit readiness requirements.
  • Conducting third-party risk assessments for cloud service providers with shared responsibility model implications.
  • Defining escalation paths for high-severity vulnerabilities that intersect legal, compliance, and technical teams.
  • Integrating threat modeling outputs into annual risk assessment cycles for infrastructure and application portfolios.
  • Managing scope conflicts between internal audit mandates and operational security team priorities during control validation.

Module 2: Identity and Access Management at Scale

  • Implementing just-in-time (JIT) privilege elevation in hybrid environments with legacy system dependencies.
  • Negotiating access review cycles with business unit owners who resist frequent recertification demands.
  • Designing role-based access control (RBAC) hierarchies that minimize role explosion while preserving segregation of duties.
  • Integrating identity providers across M&A-acquired entities with conflicting directory schemas and authentication protocols.
  • Enforcing conditional access policies for remote contractors without disrupting productivity toolchains.
  • Handling orphaned service accounts during application decommissioning in regulated environments with audit trail requirements.

Module 3: Secure Software Development Lifecycle Integration

  • Embedding SAST/DAST tooling into CI/CD pipelines without introducing unacceptable build latency.
  • Defining severity thresholds for static analysis findings that trigger pipeline breaks versus warnings.
  • Managing false positive triage workflows with development teams under release pressure.
  • Requiring threat modeling documentation for new features without creating bottlenecks in agile sprints.
  • Enforcing third-party library vetting processes for open-source components with known CVE exposure.
  • Coordinating security gate approvals across application owners, architects, and release managers during critical deployments.

Module 4: Cloud Security Architecture and Configuration

  • Designing network segmentation in AWS VPCs or Azure VNets that balance micro-segmentation benefits with operational overhead.
  • Enforcing encryption of data at rest across managed services where customer-managed keys introduce availability risks.
  • Monitoring configuration drift in Infrastructure-as-Code templates using drift detection tools and policy-as-code engines.
  • Responding to public storage bucket exposure incidents caused by developer misconfigurations in pre-production environments.
  • Implementing centralized logging and monitoring for multi-cloud workloads with inconsistent native logging formats.
  • Negotiating security control ownership between cloud platform teams and application teams in shared service models.

Module 5: Incident Response and Threat Intelligence Operations

  • Activating incident response playbooks for ransomware events while preserving forensic integrity across virtualized environments.
  • Coordinating communication between legal, PR, and technical teams during breach disclosure timelines governed by GDPR or CCPA.
  • Validating threat intelligence feeds against internal telemetry to reduce alert fatigue from false correlations.
  • Conducting tabletop exercises that reflect actual adversary tactics observed in the organization’s sector.
  • Managing containment actions that may disrupt critical business operations during active compromise investigations.
  • Documenting incident root causes in a format usable for both technical remediation and executive reporting.

Module 6: Data Protection and Privacy Engineering

  • Implementing data classification schemas that are enforceable through automated tagging and policy enforcement.
  • Designing tokenization or masking strategies for production data used in non-production environments.
  • Mapping personal data flows across systems to support data subject access request (DSAR) fulfillment under tight SLAs.
  • Enforcing data retention policies in distributed databases where deletion must comply with legal hold requirements.
  • Integrating data loss prevention (DLP) tools with collaboration platforms without blocking legitimate business communication.
  • Assessing privacy risks in AI/ML models trained on datasets containing personally identifiable information.

Module 7: Security Automation and Orchestration

  • Developing SOAR runbooks for phishing containment that account for email platform API rate limits and mailbox access permissions.
  • Validating automated remediation actions (e.g., host isolation) against potential impact on high-availability systems.
  • Integrating vulnerability scanner outputs with ticketing systems using bi-directional status synchronization to prevent stale tickets.
  • Managing credential storage and rotation for automation scripts that access security and IT management APIs.
  • Designing escalation paths for automated alerts that fail to resolve within defined time thresholds.
  • Measuring automation efficacy through mean time to detect (MTTD) and mean time to respond (MTTR) metrics across incident types.

Module 8: Third-Party and Supply Chain Risk Management

  • Conducting technical security assessments of software vendors during procurement without access to source code or architecture diagrams.
  • Enforcing contractual security requirements for subcontractors used by primary vendors in managed service arrangements.
  • Monitoring software bill of materials (SBOM) disclosures for critical applications following Log4j-style vulnerabilities.
  • Responding to third-party breaches that impact shared customer data while maintaining business continuity.
  • Validating security control implementation in offshore development centers through remote assessment techniques.
  • Managing patch deployment timelines for vulnerabilities in commercial off-the-shelf (COTS) software with vendor support dependencies.
!