MGT512: Security Leadership Essentials for Managers

GIAC Security Leadership (GSLC)
GIAC Security Leadership (GSLC)
  • In Person (5 days)
  • Online
30 CPEs

Security leaders need both technical knowledge and leadership skills to gain the respect of technical team members, understand what technical staff are actually doing, and appropriately plan and manage security projects and initiatives. This is a big and important job that requires an understanding of a wide array of security topics. This course empowers you to become an effective security leader and get up to speed quickly on information security issues and terminology. You won't just learn about security, you will learn how to lead security teams and manage programs by playing through twenty-three Cyber42 activities throughout the class, approximately 60-80 minutes daily.

Course Authors:

What You Will Learn

Leading Security Initiatives to Manage Information Risk

Take this course to learn the key elements of any modern security program. MGT512 covers a wide range of security topics across the entire security stack. Learn to quickly grasp critical information security issues and terminology, with a focus on security frameworks, security architecture, security engineering, computer/network security, vulnerability management, cryptography, data protection, security awareness, application security, DevSecOps, cloud security, and security operations.

The course uses the Cyber42 leadership simulation game to put you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work. Throughout the class you will participate in twenty-three Cyber42 activities.

"I would recommend this course as it is a great intro to both the business and technical aspects of aspiring CISO work." - Ian D., US Military

BUSINESS TAKEAWAYS:

This course will help your organization:

  • Develop leaders that know how to build a modern security program
  • Anticipate what security capabilities need to built to enable the business and mitigate threats
  • Create higher performing security teams

SKILLS LEARNED:

  • Make sense of different cybersecurity frameworks
  • Understand and analyze risk
  • Understand the pros and cons of different reporting relationships
  • Manage and lead technical teams and projects
  • Build a vulnerability management program
  • Inject security into modern DevOps workflows
  • Strategically leverage a SIEM
  • Lead a Security Operations Center (SOC)
  • Change behavior and build a security-aware culture
  • Effectively manage security projects
  • Enable modern security architectures and the cloud
  • Build security engineering capabilities using automation and Infrastructure as Code (IaC)
  • Get up to speed quickly on information security issues and terminology
  • Establish a minimum standard of security knowledge, skills, and abilities
  • Speak the same language as technical security professionals

HANDS-ON TRAINING:

MGT512 uses case scenarios, group discussions, team-based exercises, in-class games, and a security leadership simulation to help students absorb both technical and management topics. About 60-80 minutes per day is dedicated to these learning experiences using the Cyber42 leadership simulation game. This web application based game is a continuous tabletop exercise where students play to improve security culture, manage budget and schedule, and improve security capabilities at a fictional organization. This puts you in real-world scenarios that spur discussion and critical thinking of situations that you will encounter at work.

  • Section 1: Cyber42 Watts Warehouse Company Overview, Calibration Lab, Round 1 Initiative Selection, Events 1-3: Whither Watts Warehouse, Institutionalizing Security, Board Briefing
  • Section 2: Cyber42 Round 1 Events 4-6: Network Security Implementation, End User Security, To Serve and Protect
  • Section 3: Cyber42 Round 2 Initiative Selection, Round 2 Events 7-10: Industry Breach, Shadow IT, Security Misconfiguration, Miracle on DevOps Way
  • Section 4: Cyber42 Round 3 Initiative Selection, Round 3 Events 11-14: Patching Problems, Let It Be Known!, Tough Negotiations, Managing Resistance
  • Section 5: Cyber42 Round 4 Initiative Selection, Round 4 Events 15-18: New Guy in Town, Cost Cutting, Ransomware Response, Opportunity Knocks, Lab: Do You Need Your Own SOC?

"The [Cyber42] 'game' we are playing makes you think about real world problems and the different teams show how different groups will come up with their own solutions for the same problem. One of the few 'games' that actually forces some decisions based on previous decisions." - Max H., US Military

"I'm really enjoying the flow between the content delivery and the Cyber42 game." - Jamil A., US Government

"Loved the Cyber 42 game. Lots to think about when playing." - Doris Landreville, CSE

"[Cyber42] labs were excellent in terms of applying concepts presented in class." - Robert Stark

SYLLABUS SUMMARY:

  • Section 1 - Governance to plan your security program
  • Section 2 - Architecture to design your security capabilities
  • Section 3 - Engineering to build your security capabilities
  • Section 4 - Build and lead the team, process, and culture
  • Section 5 - Run operations to manage and mitigate attacks

ADDITIONAL FREE RESOURCES:

WHAT YOU WILL RECEIVE:

  • Electronic courseware containing the entire course content
  • Printed course books
  • Access to the Cyber42 security leadership simulation web app
  • MP3 audio files of the complete course lecture

WHAT COMES NEXT:

NOTE: Some course material for SEC401 and MGT512 may overlap. SANS recommends SEC401 for those interested in a more technical course of study, and MGT512 for those primarily interested in a leadership-oriented but less technical learning experience.

Syllabus (30 CPEs)

Download PDF
  • Overview

    The course starts with a tour of the information that effective security managers and leaders must know to function in the modern security environment. This includes an understanding of the different types of cybersecurity frameworks available to structure your security team and program. Risk is central to effective information security management, so we'll discuss key risk concepts in order to lay the foundation for effective risk assessment and management. Security policy is a key tool that security managers use to manage risk. We'll cover approaches to policy to help you plan and manage your policy process. Finally, we'll discuss security functions, reporting relationships, and roles and responsibilities to give the advancing manager a view into effective security team and program structure.

    Exercises
    • Cyber42 Watt's Warehouse Company Overview
    • Calibration Lab
    • Cyber42 Round 1 Initiative Selection
    • Cyber42 Round 1 Event #1: Whither Watts Warehouse
    • Cyber42 Round 1 Event #2: Institutionalizing Security
    • Cyber42 Round 1 Event #3: Board Briefing
    Topics

    Security Frameworks

    • Control, Program, and Risk Frameworks

    Understanding Risk

    • Risk Concepts
    • Calibration
    • Risk Assessment and Management

    Security Policy

    • Purpose of Policy
    • Risk Appetite Statement
    • Policy Planning
    • Managing Policy

    Program Structure

    • Reporting Relationships
    • Three Lines of Defense
    • Roles and Responsibilities
    • Security Functions
  • Overview

    Section Two provides coverage of traditional and modern security architectures focused on technical topics. This includes a thorough discussion of network security that is modeled around the various layers of the network stack. As modern attacks are also focused on the computing devices we cover malware and attack examples along with corresponding host security controls for the endpoint and server. The cloud is a major initiative that many organizations is changing the way organizations operate and design their controls. To get ready for these initiatives, we provide an overview of Amazon Web Services (AWS) to serve as a reference point and discuss key cloud security issues. The cloud, the rise of mobile devices, and other factors are highlighting weaknesses in traditional, perimeter-oriented security architecture which leads into a discussion of the Zero Trust Model.

    Exercises
    • Cyber42 Round 1 Event #4: Network Security Implementation
    • Cyber42 Round 1 Event #5: End User Security
    • Cyber42 Round 1 Event #6: To Serve and Protect
    Topics

    Security Architecture Overview

    • Models and Trends
    • Security Architecture Frameworks
    • Cyber Defense Matrix

    Network Security

    • Layer 1 and 2

      • Overview and Attacks
    • Layer 3

      • VPNs and IPSec
    • Layer 4

      • TCP and UDP
    • Application Layer

      • Proxies, NGFW, IDS/IPS, NSM

    Host Security

    • Malware and Attack Examples
    • Host Security Controls

      • EPP, EDR, HIDS/HIPS, FIM, Allowlisting, Sandboxing

    Cloud Security

    • Cloud Security Fundamentals
    • AWS Security Reference Architecture
    • AWS Overview
    • Cloud Security Attack Example and Controls
    • Cloud Security Tools

      • CSPM, CWPP, CASB
    • Cloud Security Models

      • Cloud Security Alliance (CSA) Guidance, Well-Architected Frameworks, Cloud Apoption Frameworks

    Zero Trust

    • Principles and Best Practices
    • Zero Trust Network Access (ZTNA)
    • Variable Trust
  • Overview

    Section Three focuses on security engineering best practices. This includes building an understanding of cryptography concepts, encryption algorithms, and applications of cryptography which are foundational elements of building any secure system. Since encrypting data alone is not sufficient, we discuss the distinction between privacy and security to give managers a primer on key privacy concepts. Managers must also be knowledgeable about software development processes, issues, and application vulnerabilities. We cover application security and leadin development processes built on DevSecOps. Current engineering approaches also include modern Infrastructure as Code (IaC) approaches and tools to automate consistent deployment of standard configurations.

    Exercises
    • Cyber42 Round 2 Initiative Selection
    • Cyber42 Round 2 Event #7: Industry Breach
    • Cyber42 Round 2 Event #8: Shadow IT
    • Cyber42 Round 2 Event #9: Security Misconfiguration
    • Cyber42 Round 2 Event #10: Miracle on DevOps Way
    Topics

    Security Engineering

    • Overview

    Data Protection

    • Cryptography Concepts

      • Confidentiality, Integrity, Authentication, Non-Repudiation
    • Encryption Algorithms

      • Symmetric, Asymmetric, Key Exchange, Hashing, Digital Signature
    • Encryption Applications

      • TLS, PKI, Blockchain, Quantum

    Privacy Primer

    • Privacy and Security
    • Requirements and Regulations

    Privacy Engineering

  • Overview

    Section Four covers what managers need to know about leading security initiatives. Every security leader should know how to build a vulnerability management program and the associated process to successfully find and fix vulnerabilities. Additionally, security awareness is a huge component of any security program that helps drive activities to change human behavior and create a more risk-aware and security-aware culture. To implement new initiatives, security leaders must also develop negotiation skills and conduct thorough analysist of vendors. Finally, for any project or initiative, security leaders must also be able to drive effective project execution. Having a well-grounded understanding of the management and leadership practices makes it easier to move your projects forward.

    Exercises
    • Cyber42 Round 3 Initiative Selection
    • Cyber42 Round 3 Event #11: Patching Problems
    • Cyber42 Round 3 Event #12: Let It Be Known!
    • Cyber42 Round 3 Event #13: Tough Negotiations
    • Cyber42 Round 3 Event #14: Managing Resistance
    Topics

    Vulnerability Management

    • PIACT Process
    • Prioritizing Vulnerabilities

      • Common Vulnerability Scoring System (CVSS)
    • Finding and Fixing Vulnerabilities
    • Communicating and Managing Vulnerabilities

    Security Awareness

    • Maturity Model
    • Human Risks

    Negotiations Primer

    • Negotiations Strategies

    Vendor Analysis

    • Product Analysis and Selection
    • Analytical Hierachy Process (AHP)

    Managing and Leading Teams

    • Managing Projects
    • Leading Teams
    • Going From Good to Great
  • Overview

    Section Five focuses on detection and response capabilities. This includes gaining appropriate visibility via logging, monitoring, and strategic thinking about a security information and event management (SIEM) system. Once implemented, the logs in a SIEM are a core component of any Security Operations Center (SOC). We'll discuss the key functions of a SOC along with how to manage and organize your organization's security operations. The incident response process is discussed in relation to identifying, containing, eradicating, and recovering from security incidents. This leads into a discussion of longer-term business continuity planning and disaster recovery. Managers must also understand physical security controls that, when not implemented appropriately, can cause technical security controls to fail or be bypassed.

    Exercises
    • Cyber42 Round 4 Initiative Selection
    • Cyber42 Round 4 Event #15: New Guy in Town
    • Lab: Do You Need Your Own SOC?
    • Cyber42 Round 4 Event #16: Cost Cutting
    • Cyber42 Round 4 Event #17: Ransomware Response
    • Cyber42 Round 4 Event #18: Opportunity Knocks
    Topics

    Logging and Monitoring

    • SIEM Deployment Best Practices

    Security Operations Center (SOC)

    • SOC Functional Components
    • Models and Structure
    • Tiered vs. Tierless SOCs
    • Managing and Organizing a SOC

    Incident Handling

    • PICERL Process
    • Incident Handling Lifecycle

    Contingency Planning

    • Business Continuity Planning (BCP)
    • Disaster Recovery (DR)

    Physical Security

    • Issues and Controls

GIAC Security Leadership

The GIAC Security Leadership (GSLC) certification validates a practitioner's understanding of governance and technical controls focused on protecting, detecting, and responding to security issues. GSLC certification holders have demonstrated knowledge of data, network, host, application, and user controls along with key management topics that address the overall security lifecycle.

  • Cryptography concepts & applications for managers, networking concepts & monitoring for managers
  • Managing a security operations center, application security, negotiations and vendors, and program structure
  • Managing security architecture, security awareness, security policy, and system security
  • Risk management and security frameworks, vulnerability management, incident response and business continuity
More Certification Details

Prerequisites

This course covers the core areas of security leadership and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, the recommended starting point is the SEC301: Introduction to Information Security course. While SEC301 is not a prerequisite, it will provide the introductory knowledge to maximize the experience with MGT512.

Laptop Requirements

A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.

The Cyber42 game used in this course is hosted on Amazon Web Services (AWS). Students must have a computer that does not restrict access to AWS services. Corporate machines may have a VPN, intercepting proxy, or egress firewall filter that causes connection issues communicating with AWS. Students must be able to configure or disable these services to be able to access the Cyber42 game.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

Author Statement

"Technical professionals who are thrust into management roles need to learn how to convey security concepts in ways that non-technical people can understand. At the same time, managers who are new to security need to learn more about the different domains of cybersecurity. In both cases, there is a need to learn about the work of managing security. That is why this course focuses on the big picture of securing the enterprise, from governance all the way to the technical security topics that serve as the foundation for any security manager. Ultimately, the goal of the course is to ensure that you, the advancing manager, can make informed choices to improve security at your organization."

- Frank Kim

"Frank was outstanding. Easy to follow. It shows that he has done this for a long time and was a very good instructor." - Ed Moore, Moore Consulting

Reviews

The game is the fun part. It relays into the material very well and breaks up the course. I feel the game makes the class.
Matt Williams
EY
The Cyber42 exercise continues to provide real-world scenarios that mirro the decision points I face in my business and career.
Chip Stockton
Global Payments, Inc.
This course is highly useful for giving me a sound baseline of technical and general skills to help me manage an effective team.
Richard Ward
REA Group
MGT512 has been instrumental in bridging the gaps in my knowledge & has prepared me to take on bigger responsibilities.
Mir Shajee
Accenture
The activities are excellent! The discussion and student involvement are both motivating and enlightening. This course is, by far, is the most useful course I've ever taken.
Bill Brown
Intuit

    Register for MGT512

    Loading...