iPad Pro w/ Magic KB, Surface Go 2, or $350 Off with OnDemand Training - Register Now

Summer of Cyber | Jul 27 - Live Online

Virtual, US Eastern | Mon, Jul 27, 2020 - Sat, Aug 1, 2020

In response to the escalation of the COVID-19 pandemic, we've made the decision to convert this training event into a Live Online event.

The courses below will take place online, using virtual software to stream live instructors to all registered students during the scheduled classroom hours. (Eastern Time) This alternate training format will allow us to deliver the cybersecurity training you expect while keeping you, our staff, and our instructors as safe as possible.

MGT514: Security Strategic Planning, Policy, and Leadership

Mon, July 27 - Fri, July 31, 2020

Associated Certification: GIAC Strategic Planning, Policy, and Leadership (GSTRT)

 Watch a free preview of this course

Course Syllabus  ·  30 CPEs  ·  Laptop Not Needed
Instructor: Russell Eubanks  ·  Price: 6,600 USD

As security professionals we have seen the landscape change. Cybersecurity is now more vital and relevant to the growth of your organization than ever before. As a result, information security teams have more visibility, more budget, and more opportunity. However, with this increased responsibility comes more scrutiny.

This course gives you tools to become a security business leader who can build and execute strategic plans that resonate with other business executives, create effective information security policy, and develop management and leadership skills to better lead, inspire, and motivate your teams. The course will help you to:

Develop Strategic Plans

Strategic planning is hard for IT and IT security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. MGT514 will teach you how to develop strategic plans that resonate with other IT and business leaders.

Create Effective Information Security Policy

Policy is a manager's opportunity to express expectations for the workforce, set the boundaries of acceptable behavior, and empower people to do what they ought to be doing. It is easy to get wrong. Have you ever seen a policy and responded by saying "No way, I am not going to do that"? Most of us have. Policy must be aligned with an organization's culture. In MGT514, we break down the steps to policy development so that you have the ability to design and assess policies that can successfully guide your organization.

Develop Management and Leadership Skills

Leadership is a skill that must be learned, exercised, and developed to better ensure organizational success. Strong leadership is brought about primarily through selfless devotion to the organization and staff, tireless effort in setting the example, and having the vision to see and effectively use available resources toward the end goal.

Effective leadership entails persuading team members to accomplish their objectives, removing the obstacles preventing them from doing it, and maintaining the well-being of the team in support of the organization's mission. MGT514 will teach you to use management tools and frameworks to better lead, inspire, and motivate your teams.

How the Course Works

MGT514 uses case studies from Harvard Business School, case scenarios, team-based exercises, and discussions that put students in real-world situations. You will be able to use these same activities with your own team members at work.

The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. After taking this course you will have the fundamental skills to create strategic plans that protect your company, enable key innovations, and facilitate working effectively with your business partners.

Course Syllabus


Russell Eubanks
Mon Jul 27th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

Overview

Creating security strategic plans requires a fundamental understanding of the business and a deep understanding of the threat landscape. Deciphering the history of the business ensures that the work of the security team is placed in the appropriate context. Stakeholders must be identified and appropriately engaged within this framework. This includes understanding their motivations and goals, which is often informed by the values and culture your organization espouses. Successful security leaders also need a deep understanding of business goals and strategy. This business understanding needs to be coupled with knowledge of the threat landscape - including threat actors, business threats, and attacker tactics, techniques, and procedures - that informs the strategic plan.

CPE/CMU Credits: 6

Topics
  • Decipher the Business
    • Historical Analysis

      • Analyze the past in order to understand the probable future
    • Stakeholder Management

      • Learn to identify, understand, and manage stakeholders in order to make the security team more successful
    • Values and Culture

      • Understand the values and culture of your organization in order to align security with the corporate culture and define acceptable working norms
    • Business Strategy

      • Use Porter's Five Forces to understand how business leaders develop strategy
    • Asset Analysis

      • Understand assets that are most valuable to the business and are of interest to attackers
  • Decipher the Threats
    • Threat Actors
      • Understand attacker motivations and techniques
      • Review real-word attack scenarios
    • Political, Economic, Social and Technological (PEST) Analysis

      • Identify business threats
    • Threat Analysis

      • Learn how the intrusion kill chain and MITRE ATT&CK inform strategic planning

Russell Eubanks
Tue Jul 28th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

Overview

With a firm understanding of the drivers of business and the threats facing the organization, you will develop a plan to analyze the current situation, identify the target state, perform gap analysis, and develop a prioritized roadmap. In other words, you will be able to determine (1) what you do today (2) what you should be doing in the future (3) what you don't want to do, and (4) what you should do first. Once this plan is in place, you will learn how to build and execute it by developing a business case, defining metrics for success, and effectively marketing your security program.

CPE/CMU Credits: 6

Topics
  • Define the Current State
    • Vision and Mission

      • What they tell you about the organization
    • Develop a Security Team Mission Statement that Aligns with Organizational Goals
      • Analysis of strengths, weaknesses, opportunities, and threats (SWOT)
      • Understanding of current SWOT
  • Develop the Plan
    • Vision and Innovation
      • Sustaining versus disruptive innovation
      • Jobs to be done theory
      • Learning to innovate with the business
      • How to provide value to stakeholders
    • Security Framework
      • NIST Cybersecurity Framework
      • Measuring maturity
    • Roadmap Development
      • Gap analysis
      • Security roadmap
    • Business Case Development

      • Approaches to obtaining funding
  • Deliver the Program
    • Security Metrics Program

      • Developing effective metrics
    • Marketing and Executive Communications

      • Promoting the work of the security team

Russell Eubanks
Wed Jul 29th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

Overview

Policy is one of the key tools that security leaders have to influence and guide the organization. Security managers must understand how to review, write, assess, and support security policy and procedures. This includes knowing the role of policy in protecting the organization along with its data, systems, and people. In developing policy, you also need to know how to choose the appropriate language and structure so that it fits with your organization's culture. As policy is developed you must manage the entire lifecycle from approval and socialization to measurement in order to make necessary modifications as time goes on. This is why assessing policy and procedure is so important. Policy must keep up to date with the changing business and threat landscape.

CPE/CMU Credits: 6

Topics
  • Purpose of Policy
    • Role of Policy
    • Establishing Acceptable Bounds for Behavior
    • Empowering Employees to Do the Right Thing
    • How Policy Protects People, Organizations, and Information
  • Develop Policy
    • Language of Policy
    • Policy Structure
    • Policy and Culture
    • Define Requirements
  • Managing Policy

    • Approve, Socialize, and Measure Policy
  • Assess Policy and Procedure
    • Using the SMART Approach
    • Policy Review and Assessment Process

Russell Eubanks
Thu Jul 30th, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

Overview

This course section will teach the critical skills you need to lead, motivate, and inspire your teams to achieve your organization's goals. By establishing a minimum standard for the knowledge, skills, and abilities required to develop leadership, you will understand how to motivate employees and develop from a manager into a leader.

CPE/CMU Credits: 6

Topics
  • Why Choose Leadership
    • Understanding Leadership
    • Leadership Building Blocks
  • Essential Leadership

    • Understanding People
  • Build Effective Teams
    • Creating and Leading Teams
    • Team Dynamics
  • Engage Teams
    • Learning and Engagement
    • Performance Management
    • Coaching and Mentoring
  • Effective Communication

    • Communication Process
  • Leading Change
    • Psychology of Change
    • Organizational Change

Russell Eubanks
Fri Jul 31st, 2020
9:00 AM - 12:15 PM ET
1:30 PM - 5:00 PM ET

Overview

Using case studies, students will work through real-world scenarios by applying the skills and knowledge learned throughout the course. The case studies are taken directly from Harvard Business School, which pioneered the case study method. The case studies focus specifically on information security management and leadership competencies. The Strategic Planning Workshop serves as a capstone exercise for the course, enabling students to synthesize and apply concepts, management tools, and methodologies learned in class.

CPE/CMU Credits: 6

Topics

Case study topics include:

  • Creating a Presentation for the CEO
  • Understanding Business Priorities
  • Enabling Business Innovation
  • Effective Communication
  • Stakeholder Management

Additional Information

A laptop is not required for this course. Pen and paper are sufficient for the in-class exercises, case studies, and discussions.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org.

  • CISOs
  • Information security officers
  • Security directors
  • Security managers
  • Aspiring security leaders
  • Security personnel who have team lead or management responsibilities
  • Anyone who wants to go beyond technical skills
  • Technical professionals who want to learn to communicate with senior leaders in business terms
  • A strong desire to grow as a leader
  • A strong desire to develop strategic plans that resonate with IT and other business leaders
  • Willingness to participate in group exercises and team discussions
  • Electronic Courseware containing the entire course content
  • MP3 audio files of the complete course lecture
  • Develop security strategic plans that incorporate business and organizational drivers
  • Develop and assess information security policy
  • Use management and leadership techniques to motivate and inspire your teams

"I wish I had taken this course 10 years ago when I first started in my role as a CISO. The work group discussions, tools, and theory are practical and applicable to my day-to-day work." - Mark Potter, NewWave

"This course addresses the business and people drivers for cybersecurity. It forces technical minds to consider a broader perspective and various intangibles." - C. S. Erikson

"I use the information from this class ALL THE TIME. In my career, it's one of the best courses I've taken." - Holly Anderson, College Board

"Excellent format, content, and delivery. Transcends security and can be applied to any management discipline." - Frank Chambers, ManTech

"As I progress in my career within cybersecurity I find that courses such as MGT514 will allow me to plan and lead organizations forward." - Eric Burgan, Idaho National Labs

"This course is the Rosetta Stone between an MBA and a career in cyber." - Steve Livingston, Deloitte

"This course is a cyber leadership MBA in five days. As a security manager of many years, the class delivered material of great value that I can immediately apply to make a difference at my company." - Dave Ferguson, CareFirst

"I have been in IT 25 years. This is what I should have began with!" - Brian Bounds, Tx Biomedical

"I moved into management a few years ago and am currently working on a new security strategy/roadmap and this class just condensed the past two months of my life into a one week course and I still learned a lot!" - Travis Evans, SiriusXM

"Unquestionably, one of the best tech courses I have taken in my professional career. This course stimulates serious introspection regarding security strategy and forward thinking." - G.S. McFather, Anthem

"The case study/class participation exercises were a fantastic vehicle to help understand the material. Great course! You should definitely attend if you are or plan to be in IT management." - Kevin Sciarra, CIGNA

Author Statement

"This is the course I wish I had taken when I first started my career. You don't have to wait until you are in a management position to focus on your strategic planning, management, and leadership skills. Have you ever found yourself in a situation where you thought, 'Something I'm doing isn't working'? This course will set you on the path to address that concern. It's commonly stated that to succeed as a modern security leader you need to understand and align with the business to support the organization's mission. But what does that actually mean in practice? Instead of trying to get there on your own, join us to learn practical tools and lessons that have worked for countless other leaders, security officers, and CISOs."

- Frank Kim