Beginner to advanced risk analysis course

Want to learn and gain a deep understanding of cybersecurity and transform yourself into a cybersecurity expert?

Contact Us

Business coaching for leaders

Course Overview

The course aims to bring hands-on, practical experience on approaching technologies from a risk perspective. To build and design systems using new technologies while evaluating these technologies for risks and possible avenues where these risks may give rise to vulnerabilities.

Through a 4-week course where attendees will gain knowledge and insight on building cloud infrastructure, monitoring workloads, understanding the impact of Software-as-a-Service (SaaS) tools such as collaboration and online suites on data sovereignty and to conduct readiness exercises for the organization, the training will be accompanied with industry best practices and hands-on exercises at every week.

week 1

Key Learnings

  • Module 1 – Cloud computing concepts
  • Module 2 – Infrastructure security in the cloud
  • Module 3 – Managing security and risk in the cloud
  • Module 4 – Data security in the cloud
  • Module 5 – Cloud workloads, IAM
  • Module 6 – Secure operations in the cloud

Hands-on exercises

  • Creation of AWS accounts, securing accounts, IAM, policies, logging, alerting
  • Securing cloud networks, subnets, security groups
  • Creation of EC2 (Elastic Computing) instances, volumes, VPC (Virtual Private Cloud), Load balancing, NAT
  • Routing tables, starting instances, connections, key management, image & snapshot security, vulnerability assessments
  • Encryption of storage, KMS (Key Management Systems), key delegation
  • Creation of a WordPress site, identity federation between attendee systems
  • Risk assessment exercise using Cloud-Native frameworks (CAIQ, CCM) to evaluate a cloud provider and technologies.

week 2

Key Learnings

  • Module 1 – Introduction to logs, SIEM systems (deep-dive into data structures and storage) and capabilities, system components, architectural review for introduction of risks through SIEM
  • Module 2 – Log structures, log collection from workloads, securing the system, understanding Hot/Warm/Cold event storage and impact on response
  • Module 3 – Dashboards, reports and alerts
  • Module 4 – Categorization, Identifying technical and business risk through SIEM
  • Module 5 – Investigation
  • Module 6 – Compliance requirements around the world
  • Module 7 – Overview of Azure Sentinel, Azure risk profiling

Hands-on exercises

  • Accessing a pre-configured SIEM system, hardening and securing while planning for access management
  • Installing collection agents, configuring aggregation, exploring various workload log configuration (Windows, Linux, Security devices, Cloud management console)
  • Creating dashboards, reports and alerts
  • Asset profiling, creation of a scenario on assets, play through step-by-step
  • Investigation of suspicious events
  • Defining retention needs for compliance
  • Walk through of Azure Sentinel

week 3

Key Learnings

  • Module 1 – Current market taxonomy of services, Shadow IT (identification), Google Workspaces, Microsoft Office365, Windows365 (If released by then), Zoom, Webex, Teams, Lark Suite
  • Module 2 – Risk analysis of SaaS, DevSecOps
  • Module 3 – Discovery, Process integrity, CASB (Cloud Access Security Broker)
  • Module 4 – Containers (Docker, Kubernetes)
  • Module 5 – Applied security in SaaS
  • Module 6 – API security

Hands-on exercises

  • Evaluating a SaaS application and integration into on-site applications
  • Deployment of immutable images using automation tools such as Chef/Puppet/Jenkins (Creation, testing, deployment)
  • Dynamic code testing
  • Risk analysis workgroup on a SaaS provider from control perspective with integration to on-prem environment
  • Deployment of applications through docker and docker-compose

week 4

Key Learnings

  • Module 1 – Today’s threat landscape and adversaries
  • Module 2 – Dealing with Malware with a focus on Ransomware
  • Module 3 – Introduction to TTX, structure, flow, roles, and purposes
  • Module 4 – Incident Response procedures, planning, communication plans
  • Module 5 – War games / Simulation exercises deep-dive

Hands-on exercises

  • Planning a TTX as a group and defining KPIs, building scenarios
  • Conducting thorough role plays the TTX, inviting outside participants for a few hours
  • Interviewing participants in the TTX about the intended outcomes, creating a report and an improvement plan

Check out our trainers' profiles, accreditations & testimonials.

AS SEEN ON

Contact Us Today

Feel free to contact us through phone or email. We are just a contact away to meet all your training needs and will provide you with a proposal within a day.

Reach us now

Phone: +65 9362 6498

Email: jeffreywi@exceledgeintl.com

Open chat
Hello 👋
How we can help you?