SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
New
LDR519: Cybersecurity Risk Management and Compliance
LDR519Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course authored by:
James Tarala
Course authored by:James Tarala
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 16 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Master strategic cybersecurity risk management through practical frameworks, comprehensive threat modeling, and regulatory compliance-driven governance to strengthen enterprise resilience.
Featured Quote
I really particularly enjoyed this class because not only is it relevant to my career, it is broken down into understandable content by an instructor who actually does this for a living and can recall a lot of his personal experience as he is teaching the course.
Course Overview
This course prepares students to manage cybersecurity risk across the full governance, risk, and compliance (GRC) lifecycle using proven practices. Students learn to establish governance structures, build threats and safeguard inventories, implement and validate controls, and communicate outcomes to both technical and executive stakeholders. Through case studies and the SANS Cyber42 simulation, they gain hands-on experience aligning security measures with business goals. Designed for assessors, auditors, and second-line professionals, the course builds the technical and organizational skills needed to lead resilient, compliant GRC programs.
What You'll Learn
- Apply the GRC lifecycle to build and mature cybersecurity programs
- Develop comprehensive threat models for risk assessment
- Implement effective governance frameworks and safeguard strategies
- Prioritize safeguards and controls based on organizational context and business objectives
- Validate cybersecurity safeguards through structured assessments
- Communicate risks and results persuasively to executive and technical stakeholders
Business Takeaways
- Enhance compliance posture across multiple regulations
- Align security investments with business objectives
- Improve risk visibility for informed decision-making
- Reduce likelihood of costly security incidents
- Structure an approach to continuous security improvement
- Gain effective stakeholder communication strategies
- Implement a framework for defensible security governance
Meet Your Author
James Tarala
Senior InstructorJames is a managing partner at Cyverity, specializing in cybersecurity risk and governance. A SANS instructor for 20+ years, he holds 14 GIAC certs including the GSE, and has helped author the CIS Controls, CRF resources, and courses like LDR419 and LDR519.
Read more about James TaralaCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in LDR519: Cybersecurity Risk Management and Compliance.
Section 1Strategies for Cybersecurity Risk Management
This section establishes the essential context for effective cybersecurity risk management. Students learn to define cybersecurity governance frameworks, align security with business objectives, and understand the foundational elements of risk-based security programs.
Topics covered
- Enterprise risk management fundamentals
- Governance structure development
- Security program maturity models
- Stakeholder responsibility frameworks
- Business-aligned security objectives
Labs
- Cyber42 Case Study: Governance Assessment
- Risk Management Policy Development
- Stakeholder Communications Planning
- Security Program Maturity Evaluation
- Security Investment Justification
Section 2Cybersecurity Threat Modeling
In this section, students learn to identify, categorize, and prioritize threats as a foundation for the GRC lifecycle. Using taxonomies, asset models, and intelligence, they build inventories to inform governance, safeguards, and compliance.
Topics covered
- Threat taxonomy implementation
- Asset-based threat modeling
- Attack vector analysis
- Threat intelligence integration
- Threat prioritization methodologies
Labs
- Threat Inventory Development
- Attack Vector Mapping
- Cyber42 Case Study: Threat Analysis
- Organizational Threat Landscape Analysis
- Threat Intelligence Program Design
Section 3Cybersecurity Safeguard Frameworks
This is section teaches students to select, implement, and validate cybersecurity safeguards as part of the broader GRC lifecycle. Students learn structured approaches for evaluating safeguard effectiveness, aligning controls with identified threats, and ensuring safeguards support both risk reduction and compliance objectives.
Topics covered
- Safeguard framework implementation
- Safeguard selection criteria
- Safeguard validation techniques
- Security architecture assessment
- Defense-in-depth strategies
Labs
- Safeguard Assessment Tool Application
- Safeguard Gap Analysis
- Security Architecture Evaluation
- Cyber42 Case Study: Safeguard Selection
- Defense Effectiveness Measurement
Section 4Validating Safeguards and Third-Party Risk Management (TPRM)
In this section, students learn how to validate the effectiveness of safeguards and extend governance practices to third-party risk. The section emphasizes both internal validation and external oversight, ensuring safeguards and third-party relationships strengthen the overall GRC lifecycle.
Topics covered
- Risk quantification methods
- Impact assessment techniques
- Likelihood determination
- Risk response strategy development
- Risk register management
Labs
- Risk Quantification Exercise
- Impact Analysis Implementation
- Risk Response Planning
- Cyber42 Case Study: Risk Analysis
- Risk Register Development
Section 5Cybersecurity Risk Analytics and Response
Finally, students learn how to sustain the GRC lifecycle through continuous monitoring, risk analytics, and executive communication. They validate safeguards, align compliance programs, and use metrics to show effectiveness. By developing defensible reporting and improvement roadmaps, participants are prepared to guide ongoing governance and resilience.
Topics covered
- Continuous monitoring frameworks
- Compliance program integration
- Security metrics development
- Program effectiveness measures
- Security improvement roadmaps
Labs
- Continuous Monitoring Program Design
- Compliance Integration Exercise
- Security Metrics Development
- Cyber42 Case Study: Program Assessment
- Risk Communication to Executives
Things You Need To Know
Relevant Job Roles
Senior Security Leader
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathCybersecurity Risk Manager
European Cybersecurity Skills FrameworkManage the organisation's cybersecurity-related risks aligned to the organisation’s strategy. Develop, maintain and communicate the risk management processes and reports.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathGovernance, Risk, and Compliance
SCyWF: Governance, Risk, Compliance And LawsThis role governs cybersecurity structures and processes. Find the SANS courses that map to the Governance, Risk, and Compliance SCyWF Work Role.
Explore learning pathChief Information Security Officer (CISO)
European Cybersecurity Skills FrameworkManages an organisation’s cybersecurity strategy and its implementation to ensure that digital systems, services and assets are adequately secure and protected.
Explore learning pathExecutive Cybersecurity Leadership (OPM 901)
NICE: Oversight and GovernanceResponsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.
Explore learning pathCybersecurity Policy and Planning (OPM 752)
NICE: Oversight and GovernanceResponsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
OnDemand Bundle
When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
SANS Skills Quest by NetWars Core Edition
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Location & instructorDate & TimeCourse priceRegistration Options
- Date & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,260 USD*Prices exclude applicable local taxesRegistration Options
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,375 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price£6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
- Date & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes
Showing 10 of 18
Learn Alongside Leading Cybersecurity Professionals From Around The World
James has a wealth of risk management experience and doesn't just give us theory but real world/practical guidance to becoming better risk management professionals!
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources