ＨｉｄｅＺｅｒｏＯｎｅ

The next generation of security leadership must bridge the gap between security staff and senior leadership by strategically planning how to build and run effective security programs. Yet, creating a security strategy, executing a plan that includes sound policy coupled with top-notch leadership is hard for IT and security professionals because we spend so much time responding and reacting. We almost never do strategic planning until we get promoted to a senior position, and then we are not equipped with the skills we need to run with the pack. This information security course will provide you with the tools to build a cybersecurity strategic plan, an entire IT security policy, and lead your teams in the execution of your plan and policy. By the end of class you will have prepared an executive presentation, read 3 business case studies, responded to issues faced by 4 fictional companies, analyzed 15 case scenarios, and responded to 15 Cyber42 events.

Syllabus

MGT514.1: Strategic Planning Foundations
MGT514.2: Strategic Roadmap Development
MGT514.3: Security Policy Development and Assessment
MGT514.4: Leadership and Management Competencies
MGT514.5: Strategic Planning Workshop

MGT514: Security Strategic Planning, Policy, and Leadership

Syllabus

DevSecOps: The Big Picture

Approaching Automated Security Testing in DevSecOps

Performing DevSecOps Automated Security Testing

Integrating Automated Security Testing Tools

Integrating Incident Response into DevSecOps

Enabling Security Governance and Compliance in DevSecOps

Pluralsight: Fundamentals of DevSecOps

In this course, you will learn to reverse engineer. That will allow you to protect intellectual property, find vulnerabilities, and pull apart malware. Join me in making the world a little safer. In the prior courses we learned there are 4 main techniques to secure code: design review, static analysis, manual audit, and dynamic (fuzz) testing. But, once the code is fielded, hackers will begin researching exploits against it. In this course, learn how and why compiled binaries are examined and scoured for weaknesses, and why reversing is also a required malware analysis skill and is sometimes needed for low-level developers working with undocumented APIs. After watching this course you’ll be familiar all of the above and with the popular IDA pro tool and how to use it. Download the IDA pro demo to complete the labs.

Syllabus

Using IDA Pro to Reverse Code

Learning x86 and Calling Conventions

Understanding C-to-Assembly and Compiled Structures

Patching a Compiled Binary

Reversing C++

Extending IDA with Scripts

Pluralsight: Security for Hackers and Developers

A Splunk Enterprise Security (ES) Admin manages a Splunk Enterprise Security environment, including ES event processing and normalization, deployment requirements, technology add-ons, settings, risk analysis settings, threat intelligence and protocol intelligence configuration, and customization’s. This skill demonstrates an individual’s ability to install, configure, and manage a Splunk Enterprise Security deployment.

Syllabus

Splunk Enterprise Security: Big Picture

Planning, Deploying, and Configuring Splunk Enterprise Security

Managing Splunk Enterprise Security Data and Dashboards

Designing and Creating Add-ons for Splunk Enterprise Security

Tuning and Creating Correlation Searches in Splunk Enterprise Security

Configuring Threat Intelligence in Splunk Enterprise Security

Pluralsight: Splunk Enterprise Security Administration

Syllabus

Threat Modeling Fundamentals

Performing Threat Modeling with the Microsoft Threat Modeling Methodology

Performing Threat Modeling with the OCTAVE Methodology

Performing Threat Modeling with the PASTA Methodology

Threat Modeling with the Microsoft Threat Modeling Tool

Building and Leading an Effective Threat Modeling Program

Pluralsight: Threat Modeling