Information Security Training Icon

Practical CyberSecurity Boot Camp

3 Days Classroom Session   |  
3 Days Live Online
Classroom Registration
Group Rate:
(per registrant, 2 or more)
GSA Individual:
Live Online Registration
Live Online:
Private Onsite Package

This course can be tailored to your needs for private, onsite delivery at your location.

Request a Private Onsite Price Quote

Professional Credits


ASPE is an IIBA Endorsed Education Provider of business analysis training. Select Project Delivery courses offer IIBA continuing development units (CDU) in accordance with IIBA standards.


Select courses offer Leadership (PDU-L), Strategic (PDU-S) and Technical PMI professional development units that vary according to certification. Technical PDUs are available in the following types: ACP, PBA, PfMP, PMP/PgMP, RMP, and SP.

This course offers:
    21.00 PMP/PgMP Technical PDUs


This three-day cybersecurity training course teaches security professionals how to identify business requirements and turn those requirements into a highly functional, cost-effective cybersecurity management system. Led by an expert instructor, you will dive into the intricacies of managed security solutions. Examination of actual security incidents and real-world scenarios are used to understand how to apply those solutions and how to discover shortcomings within existing solutions.

One of the greatest weaknesses many organizations have is their inability to identify and respond to security incidents. While learning how to avoid incidents, we will teach you how effective monitoring tools are used in concert with pre-planned security response solutions. Learn to trigger actions that minimize both immediate and long-term impacts of any security incident. Designed to teach security experts the business processes required to effectively govern a corporate security program, this course also teaches managers how to use information gathered through security technology tools such as an IPS, Firewall, or SIEM, to develop appropriate and timely responses to a security breach.

Customer Testimonials:

"Good overall view of the cybersecurity field and the different specialties contained within that field. The instructor provided links to useful references." - K. Laude

In this Practical Cybersecurity Training Course, You Will: 

  • Learn how to Identify and create Business Security Objectives
  • Integrate effective Security Governance in your organization
  • Examine and plan for regulatory compliance in 2019 and beyond and relate compliance requirements to your own business security objectives
  • Pinpoint and compare security performance metrics and tie them to security deficiencies and solutions
  • Learn to spot a CWE/SANS "Top 25" software security vulnerability in your company
  • Perform real-world Quantitative and Qualitative Risk Analysis and understand levels of acceptable risk within a corporation
  • Leverage and integrate different security control categories and types
  • Learn to define and manage Change and Configuration Management
  • Create an agile, effective incident response process for your own organization
  • Integrate practical Security Planning in your own organization
Upcoming Dates and Locations
All Live Online times are listed in Eastern Time Guaranteed To Run
Request a quote for private onsite training Request
Oct 26, 2020 – Oct 28, 2020    11:30am – 7:30pm Live Online Register
Nov 16, 2020 – Nov 18, 2020    10:30am – 6:30pm Live Online Register
Dec 16, 2020 – Dec 18, 2020    10:30am – 6:30pm Live Online Register
Jan 11, 2021 – Jan 13, 2021    8:30am – 4:30pm Live Online Register
Jan 26, 2021 – Jan 28, 2021    8:30am – 4:30pm Reston, Virginia

Please call ASPE for location details
at 1-877-800-5221
Reston, VA 20190
United States

Feb 10, 2021 – Feb 12, 2021    8:30am – 4:30pm Chicago, Illinois

Please call ASPE for location details
at 1-877-800-5221
Chicago, IL 60601
United States

Feb 17, 2021 – Feb 19, 2021    8:30am – 4:30pm Live Online Register
Mar 17, 2021 – Mar 19, 2021    8:30am – 4:30pm Cary, North Carolina

ASPE, a Cprime Company
2000 Regency Parkway
Suite 335
Cary, NC 27518
United States

Mar 29, 2021 – Mar 31, 2021    8:30am – 4:30pm Live Online Register
Apr 12, 2021 – Apr 14, 2021    8:30am – 4:30pm Live Online Register
Apr 20, 2021 – Apr 22, 2021    8:30am – 4:30pm Boston, Massachusetts

Please call ASPE for location details
at 1-877-800-5221
Boston, MA 02101
United States

May 4, 2021 – May 6, 2021    8:30am – 4:30pm Atlanta, Georgia

Please call ASPE for location details
at 1-877-800-5221
Atlanta, GA 30301
United States

May 18, 2021 – May 20, 2021    8:30am – 4:30pm Live Online Register
Jun 9, 2021 – Jun 11, 2021    8:30am – 4:30pm Live Online Register
Jun 22, 2021 – Jun 24, 2021    8:30am – 4:30pm San Mateo, California

cPrime, Inc.
107 S B Street
Suite 300
San Mateo, CA 94401
United States

Jul 7, 2021 – Jul 9, 2021    8:30am – 4:30pm Houston, Texas

Please call ASPE for location details
at 1-877-800-5221
Houston, TX 77001
United States

Jul 19, 2021 – Jul 21, 2021    8:30am – 4:30pm Live Online Register
Aug 10, 2021 – Aug 12, 2021    8:30am – 4:30pm Live Online Register
Aug 23, 2021 – Aug 25, 2021    8:30am – 4:30pm Columbus, Ohio

Please call ASPE for location details
at 1-877-800-5221
Columbus, OH 43201
United States

Sep 13, 2021 – Sep 15, 2021    8:30am – 4:30pm Live Online Register
Course Outline

Part 1: Introduction to Security Management

What is security? How do you achieve it? Is security defined by compliance with PCI, SOX, HIPAA, etc.? Is it possible to be "compliant" yet still vulnerable to attack? This introduction covers what it means to create a truly secure environment. Security is more than just compliance. We constantly hear about compliant companies getting hacked. You will learn to approach security through the lens of "Availability, Integrity, and Confidentiality." Companies are often confused by how to manage diverse mandatory regulations and the plethora of security frameworks available. We'll examine popular security frameworks and how they relate to both real-world business requirements and regulatory compliance. You will learn how to discover business requirements and turn those into usable security objectives.

  1. Compliance vs. Security – Why do compliant companies get hacked?
  2. What is security – Availability, Integrity, Confidentiality
  3. PCI DSS
  4. HIPAA
  5. SANS Critical Security Controls (CSC)
  6. Security architectures
    • PDCA
    • Identify - protect - detect - respond - recover
    • PPDIOO: Plan - Prepare - Design - Implement - Operate - Optimize
    • Identify - Assess - Protect - Monitor
  7. Security Frameworks
    • ISO 27001/2
    • ITIL
    • SABSA
    • TOGAF
    • Cybersecurity Framework

In-class discussion: As a group, we will discuss frameworks and how they relate to each other. You will also learn how compliance regulations like HIPAA and PCI etc. relate to the frameworks and SANS CSC. Finally, we will discuss how passing audits and "checking the box" does not translate to real security.

Part 2: Case Studies – Real-World Expert Analysis

Throughout the course, you will examine real-world case studies of companies who were compliant but not secure. You will learn from the mistakes made in the past in order to improve their security.

  1. Target - What happened?
  2. Neiman Marcus - What happened?
  3. P.F. Chang's - What happened?
  4. Experian - What happened?
  5. Diginotar - What happened?

Part 3: Business Needs Assessment & Implementing Security into Business Processes

You must tune security practices to meet the needs of the business. There are many things organizations have in common, such as Firewall protection or protecting yourself from malicious software. However, there are many more considerations when designing protection. Assessing the business and its needs allows a security analyst/architect to uncover these needs and address them properly.

  1. What are the critical functional requirements for the business?
  2. What are the critical security requirements for those functions
    • What are the possible solutions?
    • What are the security implications of those solutions?
    • What problems do these solutions fix?
      • What problems do they create?
  3. Risk Assessment – What is it worth? Should I fix it?
    • Risk is uncovered through Impact and Likelihood
    • How would I discover my weaknesses?
    • Quantitative
    • Qualitative
    • What are the solutions?
      • Technical, Physical, Administrative
      • Accept, Transfer, Mitigate (Reduce), Avoid
  4. Capital Planning
    • Spend money wisely

Part 4: Policy and Supporting Documents

After the specific needs of a business are uncovered it is necessary to begin crafting the businesses security posture beginning with the security policy. Your policy will drive all other aspects of security. From here, you will work your way through supporting documents and best practices.

  1. Standards
    • How does something become a standard?
    • How do you create a standard?
  2. Baselines
    • What is a baseline and why is it important
    • How does something become a baseline?
  3. Procedures
    • What should be detailed? How?
  4. Guidelines
    • What is the purpose of guidelines?
    • Why have them if they are optional?
    • When would I use a baseline?
    • Best Practices
      • Employees
      • Job Descriptions
      • Skills assessment
      • Awareness training
        • Getting Security Buy-In from your teams
          • The anatomy of buy-in: a critical success factor
          • Practical engagement strategies
      • Least Privilege
      • Separation of Duties, Job Rotation, and Mandatory Vacations

Part 5: Controls and Configuration

You will take a deep look at common security tools, such as an IDS, IPS, Firewalls, and ACLs. More importantly, you will learn the critical security functions provided by these devices, why they are required, data produced by the devices, and how to use the information to protect, identify and respond to constantly changing security threats. Discover how information gathered from these devices can meet the business security objectives uncovered previously in the course..

  1. "Now that I have a security architecture, how do I implement it?"
  2. Technical
    • IDS - what it can do, what it cannot do, and common mistakes
    • IPS - what it can do, what it cannot do, and common mistakes
      • Using IDS / IPS in a complementary fashion
    • Firewall
    • Cryptography - criticality to regulations/laws/compliance
    • Access Control
      • Regulations/laws/compliance
      • What should I control access to?
      • Role-Based
      • ACL
  3. Administrative
    • Configuration management
    • Change management
    • Certification and Accreditation policy
    • Patch Management
    • Access Control Policy
      • Connection Management
  4. Physical factors
    • Locks
    • CCTV

Part 6: Security Monitoring

"Ninety-seven percent of Fortune 500 companies have been hacked, and likely the other 3% have too, they just don't know it," says, " says Peter W. Singer of the Brookings Institution. Threats are real, but often go unrecognized. This section teaches you how to reveal threats through monitoring, alerts, and correlation. We will also show you what to continuously monitor vs. what should be recorded for the inevitable post-incident assessment.

  1. The importance of continuous monitoring
  2. Vulnerability Assessment
  3. Penetration Testing
  4. SOC
  5. Log Review
  6. Event Correlation (SEIM)
  7. Performance Measurements
    • Specific and Measurable
    • What to measure, and what do measurements mean?

Part 7: Incident Response and Recovery

Effective incident response procedures are a requirement for any company who wants to avoid the reputation damage and public humiliation of being latest news story data breach. The difference between heavy damage and millions of dollars in post-incident cleanup versus a sustainable, controlled data breach is proper planning and immediate, methodical eradication of incidents.

  1. Developing an IR program
    • Policy / plans / procedures
    • Teams
      • Models
      • Personnel & skills
  2. Incident handling
    • Hacking incidents
    • DOS Incidents
    • Malware incidents
    • Users being users incidents
    • Complex incidents
    • Forensics and evidence gathering/handling
    • Incident documentation
  3. Analysis and feedback
    • Lessons learned
    • Root cause analysis - detecting weakness in mgmt controls
  4. Backups and Restore

Part 8: BCP

It is very important to protect ourselves from threats yet probably just as important, if not more so, is how do we survive outages, continuity problems or worse. Sony's PlayStation network or RIM's most recent outage are good examples of what we need to protect ourselves from. According to the Federal Emergency Management Agency, 40% of businesses do not survive a disaster which could be as small as a faulty sprinkler system. It is important to be prepared for interruptions so that a business can survive. In this section, we will explore the importance of planning for these outages.

  1. Importance of BCP/DRP/Contingency Plans
  2. Policy
Who should attend

This cybersecurity training course is a must a for anyone who wants to move beyond individual technologies into effective real-world security, and for anyone who manages corporate security operations such as:

  • IT Manager, Directors & Staff
  • Development Leads
  • Security Managers
  • System Administrators
  • Network Designers
  • Help Desk Professionals
  • Security Administrators
  • Any Security Staff
  • Business Analysts
  • Business Systems Analyst
  • Project Managers
  • Systems Architects/Designers
  • Systems or Application Developers
  • Systems Analysts or Testers
  • Managers & Team Leaders