Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert
New

LDR519: Cybersecurity Risk Management and Compliance

LDR519Cybersecurity Leadership
  • 5 Days (Instructor-Led)
  • 30 Hours (Self-Paced)
Course authored by:
James Tarala
James Tarala
Register NowCourse Preview
LDR519: Cybersecurity Risk Management and Compliance
Course authored by:
James Tarala
James Tarala
Register NowCourse Preview
  • 30 CPEs

    Apply your credits to renew your certifications

  • In-Person, Virtual or Self-Paced

    Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months

  • 16 Hands-On Lab(s)

    Apply what you learn with hands-on exercises and labs

Jump to:

Master strategic cybersecurity risk management through practical frameworks, comprehensive threat modeling, and regulatory compliance-driven governance to strengthen enterprise resilience.

Featured Quote

I really particularly enjoyed this class because not only is it relevant to my career, it is broken down into understandable content by an instructor who actually does this for a living and can recall a lot of his personal experience as he is teaching the course.
Madeline K.REH

Course Overview

This course prepares students to manage cybersecurity risk across the full governance, risk, and compliance (GRC) lifecycle using proven practices. Students learn to establish governance structures, build threats and safeguard inventories, implement and validate controls, and communicate outcomes to both technical and executive stakeholders. Through case studies and the SANS Cyber42 simulation, they gain hands-on experience aligning security measures with business goals. Designed for assessors, auditors, and second-line professionals, the course builds the technical and organizational skills needed to lead resilient, compliant GRC programs.

What You'll Learn

  • Apply the GRC lifecycle to build and mature cybersecurity programs
  • Develop comprehensive threat models for risk assessment
  • Implement effective governance frameworks and safeguard strategies
  • Prioritize safeguards and controls based on organizational context and business objectives
  • Validate cybersecurity safeguards through structured assessments
  • Communicate risks and results persuasively to executive and technical stakeholders

Business Takeaways

  • Enhance compliance posture across multiple regulations
  • Align security investments with business objectives
  • Improve risk visibility for informed decision-making
  • Reduce likelihood of costly security incidents
  • Structure an approach to continuous security improvement
  • Gain effective stakeholder communication strategies
  • Implement a framework for defensible security governance

Meet Your Author

James Tarala
James Tarala

James Tarala

Senior Instructor

James is a managing partner at Cyverity, specializing in cybersecurity risk and governance. A SANS instructor for 20+ years, he holds 14 GIAC certs including the GSE, and has helped author the CIS Controls, CRF resources, and courses like LDR419 and LDR519.

Read more about James Tarala

Course Syllabus

Explore the course syllabus below to view the full range of topics covered in LDR519: Cybersecurity Risk Management and Compliance.

Section 1Strategies for Cybersecurity Risk Management

This section establishes the essential context for effective cybersecurity risk management. Students learn to define cybersecurity governance frameworks, align security with business objectives, and understand the foundational elements of risk-based security programs.

Topics covered

  • Enterprise risk management fundamentals
  • Governance structure development
  • Security program maturity models
  • Stakeholder responsibility frameworks
  • Business-aligned security objectives

Labs

  • Cyber42 Case Study: Governance Assessment
  • Risk Management Policy Development
  • Stakeholder Communications Planning
  • Security Program Maturity Evaluation
  • Security Investment Justification

Section 2Cybersecurity Threat Modeling

In this section, students learn to identify, categorize, and prioritize threats as a foundation for the GRC lifecycle. Using taxonomies, asset models, and intelligence, they build inventories to inform governance, safeguards, and compliance.

Topics covered

  • Threat taxonomy implementation
  • Asset-based threat modeling
  • Attack vector analysis
  • Threat intelligence integration
  • Threat prioritization methodologies

Labs

  • Threat Inventory Development
  • Attack Vector Mapping
  • Cyber42 Case Study: Threat Analysis
  • Organizational Threat Landscape Analysis
  • Threat Intelligence Program Design

Section 3Cybersecurity Safeguard Frameworks

This is section teaches students to select, implement, and validate cybersecurity safeguards as part of the broader GRC lifecycle. Students learn structured approaches for evaluating safeguard effectiveness, aligning controls with identified threats, and ensuring safeguards support both risk reduction and compliance objectives.

Topics covered

  • Safeguard framework implementation
  • Safeguard selection criteria
  • Safeguard validation techniques
  • Security architecture assessment
  • Defense-in-depth strategies

Labs

  • Safeguard Assessment Tool Application
  • Safeguard Gap Analysis
  • Security Architecture Evaluation
  • Cyber42 Case Study: Safeguard Selection
  • Defense Effectiveness Measurement

Section 4Validating Safeguards and Third-Party Risk Management (TPRM)

In this section, students learn how to validate the effectiveness of safeguards and extend governance practices to third-party risk. The section emphasizes both internal validation and external oversight, ensuring safeguards and third-party relationships strengthen the overall GRC lifecycle.

Topics covered

  • Risk quantification methods
  • Impact assessment techniques
  • Likelihood determination
  • Risk response strategy development
  • Risk register management

Labs

  • Risk Quantification Exercise
  • Impact Analysis Implementation
  • Risk Response Planning
  • Cyber42 Case Study: Risk Analysis
  • Risk Register Development

Section 5Cybersecurity Risk Analytics and Response

Finally, students learn how to sustain the GRC lifecycle through continuous monitoring, risk analytics, and executive communication. They validate safeguards, align compliance programs, and use metrics to show effectiveness. By developing defensible reporting and improvement roadmaps, participants are prepared to guide ongoing governance and resilience.

Topics covered

  • Continuous monitoring frameworks
  • Compliance program integration
  • Security metrics development
  • Program effectiveness measures
  • Security improvement roadmaps

Labs

  • Continuous Monitoring Program Design
  • Compliance Integration Exercise
  • Security Metrics Development
  • Cyber42 Case Study: Program Assessment
  • Risk Communication to Executives

Things You Need To Know

Relevant Job Roles

Senior Security Leader

Cybersecurity Leadership

Daily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.

Explore learning path

Cybersecurity Risk Manager

European Cybersecurity Skills Framework

Manage the organisation's cybersecurity-related risks aligned to the organisation’s strategy. Develop, maintain and communicate the risk management processes and reports.

Explore learning path

Enterprise Architecture (OPM 651)

NICE: Design and Development

Responsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.

Explore learning path

Governance, Risk, and Compliance

SCyWF: Governance, Risk, Compliance And Laws

This role governs cybersecurity structures and processes. Find the SANS courses that map to the Governance, Risk, and Compliance SCyWF Work Role.

Explore learning path

Chief Information Security Officer (CISO)

European Cybersecurity Skills Framework

Manages an organisation’s cybersecurity strategy and its implementation to ensure that digital systems, services and assets are adequately secure and protected.

Explore learning path

Executive Cybersecurity Leadership (OPM 901)

NICE: Oversight and Governance

Responsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.

Explore learning path

Cybersecurity Policy and Planning (OPM 752)

NICE: Oversight and Governance

Responsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.

Explore learning path

Course Schedule & Pricing

Looking for Group Purchasing Options?Contact Us

OnDemand Bundle

When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.

SANS Skills Quest by NetWars Core Edition

Add 6 months of hands-on skills practice.  Add to your cart when purchasing your course.

  • Location & instructor

    Virtual (OnDemand)

    Instructed by
    James Tarala
    Date & Time
    OnDemand (Anytime)Self-Paced, 4 months access
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    Self-Paced
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Washington, DC, US & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Nashville, TN, US & Virtual (live)

    Instructed by
    Russell Eubanks
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Riyadh, SA & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,375 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    London, GB & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    £6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Orlando, FL, US & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    New Orleans, LA, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    San Diego, CA, US & Virtual (live)

    Instructed by
    James Tarala
    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
  • Location & instructor

    Chicago, IL, US & Virtual (live)

    Date & Time
    Fetching schedule..View event details
    Course price
    $8,260 USD*Prices exclude applicable local taxes
    Registration Options
    In-PersonVirtual
Showing 10 of 17

Learn Alongside Leading Cybersecurity Professionals From Around The World

James has a wealth of risk management experience and doesn't just give us theory but real world/practical guidance to becoming better risk management professionals!
Yuri S.Kemper Development Company

Benefits of Learning with SANS

Instructor teaching to a class

Get feedback from the world’s best cybersecurity experts and instructors

OnDemand Mobile App

Choose how you want to learn - online, on demand, or at our live in-person training events

Resources

Get access to our range of industry-leading courses and resources