SANS MGT512 Day 4

Day 4 is called “Leading Modern Security Initiatives” and covers a lot of the subjects that we now need to be considering as part of a complete, and up-to-date, security program. Not only do we need to worry about some of the new technologies and platforms (i.e. cloud), we also need to look at security with a more holistic approach. This includes security awareness and proper management of the initiatives we now undertake in a more mature security group.

The day starts with security awareness and the section is based on material from the excellent MGT433 – How to Build, Maintain, and Measure a Mature Awareness Program. The title says it all; this is about building a comprehensive and mature program for security awareness. Of course, this material is only a sample, so you’ll need to register for this two-day class to get the full training. This section covers a really good representative sample though and helps you to understand what makes a good, comprehensive, program. Topics include:

  • Breaking down the myths of awareness training
  • Using an awareness program to reduce enterprise security risk
  • How to affect behavioural change
  • How to build an effective plan for an awareness program
  • How to prioritize human risks

We all understand that these days, if we don’t focus on the human side of security, we’re leaving a very large gap in our security program.

Next, we cover portfolio, program, and project management. As security initiatives become more integrated into the business, we need to introduce the same rigour of project management within our security team as we have elsewhere in the organization. How you go about this is up to you, you may use existing PMO resources or build your own, but the need is there. This section is based on material from MGT525 – IT Project Management, Effective Communication, and PMP® Exam Prep and covers the PMI model of project management. This covers all the basics including:

  • Why projects fail
  • Portfolios, Programs, and Projects and sample team structures
  • The PMBOK 5 project groups
  • Key aspects to each of the groups

The bulk of the rest of day 4 is focused on the modern technology part of the day; Cloud and Zero Trust. These two sections really focus on what’s coming for most organizations, and what managers will need to know to help navigate their company into the new paradigms of cloud and Zero Trust. Zero Trust, in particular, is really an aspirational idea for most organizations, but is made more achievable by many of the new technologies that are being introduced. Cloud is here and now, but most companies are still at the experimental phase, especially with the aspects of cloud that are discussed in this section. What’s included?

  • Benefits and basic terminology of the cloud
  • An overview of the Cloud Security Alliance and the resources they have to offer.
  • An introduction to Amazon AWS and an explanation of why it’s the focus of this section
  • Technical aspects of cloud infrastructure including availability zones, regions, and networking within each
  • Internet gateways, NAT gateways, EC2 infrastructure, security groups, and how it all fits together
  • Lastly, microservices architecture, API gateways and functions as a service (FaaS).

Then the Zero Trust section covers:

  • Today’s model of trust vs. zero trust
  • Fundamentals of Zero Trust
  • Technologies that help to enable Zero Trust architecture
  • Challenges with Zero Trust

How good are your negotiating skills? We finish the day off by discussing negotiating tactics, different types of negotiators, and then play a little game where you get to test your negotiating mettle. Our final section is about vendors, salespeople and what drives them. Finally, a look at the Analytical Hierarchy method of vendor and tool evaluation to help reduce the subjectivity often found when selecting new tools and vendors.

Ready for Day 5?

SANS MGT512 Day 1

If you’re not familiar with it, this class is very true to it’s full name: Security Leadership Essentials. It’s designed primarily for two types of audience; 1) Non-technical managers who have to manage technical security people and, 2) technical people who are now managers but haven’t had much formal management training. It works for a lot of other types of security professional too, but those are for whom it is really perfect.

This duality of audience means that the class has a bit of a duality itself. You’ll learn about the essential security concepts that security managers need, and you’ll get an introduction to management with a focus on managing a security program. For the management “half” the focus is, now more than in previous iterations, on managing a security program and interfacing with the business. We all know that security managers today need to understand and communicate in terms the business understands and this class helps with that. The technical “half” is designed to help you understand the key concepts that the teams you’ll manage deal with on a day-to-day basis. This helps to ensure that you and your team are communicating effectively, just as you must with management.

So what does day 1 bring? Day 1 is all about building a program; We understand that today, security isn’t just about buying fancy toys, but it also includes communicating risk to the business and measuring how well you are identifying and mitigating those risks. This day is, like day 1 in most SANS classes, all about building the foundation for what is to come the rest of the week. The security program is the fundamental piece for the week. Topics include:

  • Security Frameworks. Specifically control, risk, and program frameworks including introductions to the CIS 20 Critical Security Controls, NIST Cybersecurity Framework, and the FAIR model for quantitative risk measurement.
  • Understanding Risk. How do we define, communicate, and measure it?
  • Security Policy. While not everyone’s favorite, nor most thrilling topic, it is one that is crucial to the foundation of an effective security program. This section includes material from SANS MGT514 – Strategic Planning, Policy, and Leadership, also written by Frank Kim.
  • The day ends with material focused on the Who, What, Why, and How or, the Program Structure. It delves into what all of the pieces of the program are and how you put people and process together into a workable format. This helps to ensure you have all of the necessary duties covered and an organizational structure that fits your company.

Along with those topics, there are some group discussions to alleviate what can seem like an endless number of slides. These discussions help you to better understand the frameworks you use, how you can quantify risk, and where you might have gaps in your policies. Day 2 gets technical pretty fast, so get ready.

SANS Security Leadership Essentials – MGT512

I’ve taught this class for a number of years now and it has always been one of my favourites. It was usurped for a time by “Implementing and Auditing the CIS 20 Critical Controls” (SEC566) as 512 became a bit dated and I found 566 to be a bit more relevant. However, that all changed this year when a significant re-write was completed and the new version of the course went live. Frank Kim and other contributors have done a great job of bringing this back to be a true essentials course.

I’ve taught a couple of classes already and have a bunch more lined up this year so I thought I’d take some time to give a run-down of the new material and let you know what to expect. This class has quickly risen in the popularity ranks once again and it’s a great opportunity for people in a variety of roles to get a thorough introduction to security and management principles. Stay tuned for the next 5 posts to learn more about this great class.

Day 1
Day 2
Day 3
Day 4
Day 5

Join me for this class, next in New Orleans, Louisiana

SANS 566 Coming to Toronto

After a great time in Nashville (minus all the problems caused by snow the week prior) I’m heading to Toronto to teach another round of 566. If you are looking to implement or audit the 20 Critical Controls, you need to register for this class. The SANS material is excellent and gives you plenty of tools to start the process on your own. The Toronto course runs April 13-17, details here.