Description

This curriculum spans the design and operationalization of enterprise security programs comparable to multi-workshop advisory engagements, covering governance, technical controls, and cross-functional processes found in mature corporate security functions.

Module 1: Security Governance and Risk Management Frameworks

Establishing a risk appetite statement aligned with corporate strategy and regulatory obligations, including thresholds for acceptable exposure to cyber threats.
Designing a security governance committee structure with defined roles for CISO, legal, compliance, and business unit leaders.
Selecting and tailoring a regulatory framework (e.g., NIST CSF, ISO 27001, or SOC 2) based on industry, geography, and customer requirements.
Implementing a risk register with standardized scoring methodology for likelihood and impact, updated quarterly or after major incidents.
Conducting third-party risk assessments for vendors with access to critical systems or sensitive data.
Documenting and maintaining board-level reporting templates that translate technical risks into business impact metrics.

Module 2: Identity and Access Management (IAM) Architecture

Designing role-based access control (RBAC) models that reflect organizational hierarchy and segregation of duties requirements.
Integrating multi-factor authentication (MFA) across cloud and on-premises systems with fallback mechanisms for break-glass scenarios.
Implementing privileged access management (PAM) for administrative accounts with session monitoring and just-in-time provisioning.
Automating user provisioning and deprovisioning workflows using HR system integrations and lifecycle management tools.
Enforcing password policies or transitioning to passwordless authentication while managing user adoption and helpdesk impact.
Conducting regular access reviews for high-privilege roles and sensitive data repositories with documented attestation processes.

Module 4: Network and Endpoint Security Controls

Segmenting corporate networks using VLANs and micro-segmentation to limit lateral movement during breaches.
Deploying next-generation firewalls (NGFW) with deep packet inspection and application-aware rules across data centers and cloud environments.
Configuring endpoint detection and response (EDR) agents to balance telemetry collection with system performance and privacy concerns.
Enforcing device compliance policies (e.g., encryption, patch level) before granting network access via NAC or conditional access.
Managing firewall rule lifecycle including periodic reviews to remove stale or overly permissive rules.
Implementing DNS filtering and secure web gateways to block access to known malicious domains and phishing sites.

Module 5: Security Monitoring and Incident Response

Designing SIEM correlation rules to reduce false positives while detecting suspicious patterns like brute force attacks or data exfiltration.
Establishing 24/7 SOC operations with shift handover protocols, escalation paths, and integration with IT and legal teams.
Developing and testing incident response playbooks for common scenarios such as ransomware, insider threats, and DDoS attacks.
Implementing centralized logging with retention policies that meet regulatory requirements and forensic needs.
Conducting tabletop exercises with cross-functional teams to validate communication and decision-making during crises.
Integrating threat intelligence feeds into monitoring systems while filtering for relevance to the organization’s threat landscape.

Module 6: Data Protection and Encryption Strategies

Classifying data based on sensitivity (e.g., public, internal, confidential, regulated) and mapping controls accordingly.
Deploying data loss prevention (DLP) tools to monitor and block unauthorized transfers via email, cloud storage, or USB devices.
Implementing encryption for data at rest (e.g., full disk encryption, database TDE) and in transit (TLS 1.2+).
Managing encryption key lifecycle using hardware security modules (HSMs) or cloud key management services with strict access controls.
Enforcing data retention and secure disposal policies for physical and digital media in compliance with legal hold requirements.
Configuring access logging and alerts for sensitive data repositories to detect anomalous access patterns.

Module 7: Cloud Security and Hybrid Environment Controls

Configuring cloud provider security settings (e.g., AWS IAM, Azure Security Center) to enforce least privilege and default deny.
Implementing cloud workload protection platforms (CWPP) for visibility and control across virtual machines and containers.
Establishing secure connectivity between on-premises and cloud environments using IPsec VPNs or dedicated interconnects.
Enforcing configuration compliance in cloud environments using tools like AWS Config or Azure Policy to prevent misconfigurations.
Managing shared responsibility model expectations with cloud providers through documented control ownership and audit rights.
Conducting regular cloud security posture assessments to identify exposed storage buckets, open ports, or unpatched services.

Module 8: Security Awareness and Third-Party Risk Operations

Developing role-specific security training content for executives, developers, finance, and HR with measurable completion requirements.
Running simulated phishing campaigns with progressive difficulty and targeted follow-up training for repeat clickers.
Standardizing third-party security assessment questionnaires (e.g., SIG, CAIQ) and integrating findings into vendor risk scoring.
Requiring contractual security clauses for data protection, breach notification timelines, and audit rights in vendor agreements.
Monitoring third-party systems with ongoing access through continuous monitoring or periodic reassessment cycles.
Managing insider threat risks through user behavior analytics (UBA) and HR collaboration on offboarding and access revocation.