Register by tomorrow to save $300 on cutting-edge cyber security training at SANS Miami 2020!

MGT521 Beta One 2019

Crystal City, VA | Tue, Nov 12 - Wed, Nov 13, 2019
This event is over,
but there are more training opportunities.

Because this course is offered as a beta including discounted pricing, seating is limited to a maximum of two seats per organization. No additional discounts apply.

MGT521: Driving Cybersecurity Change - Establishing a Culture of Protect, Detect and Respond Waitlist

Tue, November 12 - Wed, November 13, 2019

  • 12 CPEs
  • Laptop Not Needed

Cybersecurity is no longer just about technology it is ultimately about organizational change. Change in not only how people think about security but what they prioritize and how they act, from the Board of Directors on down. Organizational change is a field of management study that enables organizations to analyze, plan, and then improve their operations and structures by focusing on people and culture.

SANS course MGT521 will teach leaders how to leverage the principles of organizational change, enabling them to develop, maintain and measure a security driven culture. Through hands-on, real-world instruction and a series of interactive labs and exercises in which you will apply the concepts of organizational change to a variety of different security initiatives, you will quickly learn how to embed cybersecurity into your organizational culture.

After completing this course you will be able to:

  • Explain what culture is, how it applies to cybersecurity, and how to understand and measure your security culture.
  • Explain what organizational change is, identify different models for creating change and learn how to apply those models.
  • Align this change to your organization's strategy, including how to leverage different security frameworks and maturity models.
  • More effectively communicate to your Board Directors and executives, collaborate with your peers, and engage your workforce.
  • Enable and secure your workforce by integrating security into all aspects of your organizational culture.
  • Dramatically improve both the time and impact of large-scale security initiatives.
  • Leverage numerous templates and resources from the course Digital Download Package and Community Forum that you can then build on.

Course Syllabus


Lance Spitzner
Tue Nov 12th, 2019
9:00 AM - 5:00 PM

Overview

Day 1 begins by demonstrating how security is ultimately about organizational change, technology alone will no longer solve the problem. We explain what culture is and how it applies to cybersecurity, how to change culture by leveraging different change management frameworks, and how to motivate the desire for change.

Exercises
  • Exercise 01 - Understanding Your Security Culture
  • Exercise 02 - Marketing Password Managers
  • Exercise 03 - Developing Personas of Developers
  • Exercise 04 - Marketing DevSecOps

CPE/CMU Credits: 6

Topics
  • Human Side of Security
  • Case Study - Equifax Congressional Report
  • Defining Culture
  • Defining and Leveraging Change Management Frameworks
    • ADKAR
    • Kotter 8 Steps
  • Motivating Change
    • Leveraging WHY
    • Personas
    • AIDA Marketing Model

Lance Spitzner
Wed Nov 13th, 2019
9:00 AM - 5:00 PM

Overview

Day 2 focuses on enabling change. Communicating with people and engaging and motivating them is half the battle. We also have to enable people to change. This begins by making security as easy as possible. Far too often the policies, processes and procedures we create are complex, intimidating or difficult to follow. We have to prioritize and simplify, then engage and effectively train the workforce on its own terms to enable this change. In this course section, we will structure a plan that facilitates organizational change, leading to a more secure culture. We'll also track, measure, and communicate the impact of that change.

Exercises
  • Exercise 05 - Learning Objectives
  • Exercise 06 - Incident Response
  • Exercise 07 - Vulnerability Management Charter

CPE/CMU Credits: 6

Topics
  • Enabling Change
    • Building Knowledge
    • ADDIE/ARCS Models
    • Simplifying Security
    • Policies
  • Implementing Change
    • Project Charter
    • Ambassadors
    • Deployment
  • Measuring Change
    • Capturing Metrics
    • Communicating Metrics

Additional Information

  • Chief Information Security Officers
  • Chief Risk Officers/Risk Management Leaders
  • Security Awareness/Communications Managers
  • Senior Security Managers Who Lead Large-scale Security Initiatives
  • Information Security Managers, Officers, and Directors
  • Information Security Architects and Consultants
  • Aspiring Information Security Leaders
  • Business Continuity/Disaster Recover Leaders
  • Privacy/Ethics Officers
  • Three to five years of experiences in cybersecurity
  • Having taken the SANS MGT433, MGT512, or MGT514 courses, while not required, will be helpful
  • Digital Download Package: A collection of templates, checklists, matrices, reports and other resources that will help you in your cybersecurity career. This package is continually updated.
  • Community Forum: Opportunity to join the private, by-invitation-only community forum dedicated to the human element, which currently has 1,000 active members.

  • Better engage and communicate with your leadership, board of directors and key roles and departments of your workforce.
  • Effectively market and sell the need for cybersecurity and help promote your security initiatives
  • Understand, build and measure a strong security culture.

Author Statement

"For far too long cybersecurity has been perceived as purely a technical challenge. Organizations and leaders are now realizing that we also have to address the human side of security. From securing your workforce's behavior, to engaging and training developers, IT staff and other departments, security today depends on your ability to engage and partner with others. In other words, your security culture is becoming just as important as your technology. MGT521 will provide the frameworks, roadmaps and skills you need to successfully secure your organization, from deploying specific security initiatives to embedding a comprehensive, organization-wide security culture. In addition, the course will provide you the resources to measure and communicate the impact to your leadership, ensuring long-term support."

- Lance Spitzner