2025 ISS TRAINING CLASSES

(Sunday, Monday & Tuesday, October 26-28)

In this course, you will:

• Understand Cloud Security Fundamentals.
• Apply Security Best Practices in AWS.
• Mitigate Cloud Security Risks.
• Navigate Cloud Compliance Requirements.
• Secure Advanced AWS Architectures.
• Conduct Risk Assessments and Incident Response in AWS.
• Prepare for the CCSK Certification Exam.
• Integrate CSA CCSK Knowledge with AWS Capabilities.

CCSK is designed for IT professionals working in cloud computing. Security staff and other technical professionals, including developers, IT operations, audit/compliance professionals, sales and solution engineers, and product marketers, benefit from its well-rounded view of cloud security.

Major Instructional Areas
1. Digital forensic investigations
2. Forensic environments and tools
3. Evidence collection and handling
4. Forensic reporting
5. Solving business challenges with forensic investigations

Course Objectives
1. Summarize the basic principles of computer forensics.
2. Summarize important laws regarding computer forensics.
3. Describe various computer crimes and how they are investigated.
4. Describe digital forensic methodologies and evidence handling techniques.
5. Outline the proper approach to collecting, seizing, and protecting evidence.
6. Explain techniques for hiding and scrambling information as well as how data is recovered.
7. Summarize various types of digital forensics.
8. Describe contingency planning and incident response.
9. Explain how to perform network packet analysis.
10. Identify technical and legal trends in digital forensics.

*** Please note: This course comes with a 90-day license to both the Digital Forensics eBook and their Cloud Access Labs.

<><><><><><><><><><><><><><><><><><>

This 2-day course is designed to provide participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs based on the principles of BS 65000 and ISO 22301 as well as other supporting industry standards. The course covers the essential aspects of resiliency planning and management, including risk assessment, measuring business impact, building a response, and recovery strategy.

The program is delivered in an interactive and engaging format that combines instructor-led training, case studies, group discussions, and practical exercises. The course also includes a comprehensive workbook study that tests participants’ knowledge and skills, and successful completion of the workbook leads to certification as a CERP.

Who is this course for?
The CERP course is suitable for professionals involved in developing and implementing resiliency programs in organizations of all sizes and types.

Learning Objectives:
Upon completing the course, participants will be able to:

1. Understand the fundamental principles and concepts of enterprise resiliency management.
2. Conduct a comprehensive risk assessment to identify potential threats and vulnerabilities to an organization’s operations.
3. Develop and implement a business impact analysis to identify critical business functions and their dependencies.
4. Develop and implement a response strategy to manage and respond to disruptive events.
5. Discussions of best practices on the planning to restoring of critical business functions and operations.
6. Establish a resiliency program framework and governance structure to ensure continuous improvement and effectiveness.
7. Understand the importance of effective communication, training, and awareness in resiliency management.
8. Understand the role of standards such as BS 65000 and ISO 22301 in resiliency management and certification.  All attendees will be provided access to BS 65000, ISO22301 and ISO27002 standards for 1 year after the class.

The CERP course equips participants with the knowledge and skills required to develop and implement enterprise-wide resiliency programs, ensuring organizations can effectively respond to disruptive events and quickly recover critical business functions.

Note for people who want to be a CERP Trainer:  Attending a CERP training class and completing the class workbook is one of the prerequisites to becoming an approved trainer.  If you want to be a CERP Trainer, attending this class will meet your training class requirement.  If you have any questions, contact cso@informationsecuritysummit.org.

Training the Trainers is a comprehensive two-day workshop designed to transform technical experts into effective security education leaders. This hands-on course addresses the unique challenges of teaching technical security concepts, a field where traditional academic approaches often fall short. Participants learn how to develop compelling curriculum using the “Teach-Show-Do” methodology, balancing theory with practical exercises that simulate real-world scenarios.

The course covers critical aspects of modern security training, including effective use of open-source, intentionally vulnerable platforms as well as real world, off-the-shelf technologies like Active Directory for hands-on learning. Participants explore the strategic integration of GenAI tools for content development, while maintaining educational integrity. Special attention is given to creating scalable exercises that work across different delivery methods – from intimate 5-person sessions to large 50+ person seminars.

Beyond content creation, the course delves into crucial aspects of delivery and engagement, including remote vs. in-person instruction techniques, classroom management strategies, and methods for measuring learning outcomes. Participants engage in practical exercises like building network security labs, crafting effective slides, and developing instructor guides. The curriculum emphasizes the importance of continuous feedback and iteration, teaching participants how to evaluate and improve their training programs over time.

Designed for senior engineers, technical educators, and internal training teams, participants leave with a complete framework for developing their own security training programs, including course templates, exercise examples, and practical tools for immediate implementation in addition to a fully formed framework for an 8-hour class in introductory penetration testing. With a focus on creating engaging, hands-on content that adapts to evolving security landscapes, this course provides the foundation needed to build and deliver impactful security training programs.

This course covers vital topics, including governance, risk management, compliance (GRC), and cloud security controls. Through a mix of interactive discussions and real-world scenarios, participants gain practical insights into securing cloud applications and infrastructure. This course empowers you to confidently apply cloud security strategies, enhancing your ability to protect your organization’s cloud environments.

Enterprise Security Architecture (ESA) is an architectural discipline related to aligning Information Security (Infosec) efforts to the highest priority risk and business objectives.  Some of the most significant challenges facing securing an organization, as well as designing for the future, is the ability to design Cloud solutions with Cybersecurity as a ‘front-of-mind’ concept.  Thematically, Cloud Security Principles have emerged to aid organizations to align their focus on security controls and posture, while enabling the business for speed and success.  This presentation outlines the architect’s view of optimizing and organizing ESA strategy for Cloud implementations while outlining the most important concepts to monitor along the way.

Topics covered include:
-Overview of ESA as a practice and discipline.
-Security Architecture in the Cloud
-Guiding Principles to Design with Security
– Examine Zero-Trust Architecture& Modern Use Cases
-Q&A

Target Audience: IT & Cybersecurity Strategists, Enterprise and Enterprise Security Architects (current or aspiring), and Cloud practitioners.

Learning Objectives:
-Provide a foundational understanding of Enterprise Security Architecture as a discipline.
-Draw the correlations between Security Architecture and Cloud Implementations (challenges and opportunities).
-Provide the audience with real-world examples of how to secure Cloud integrations.
-Learn the Top 5 considerations for ESA concepts in the Cloud.
-Examine a Zero-Trust roadmap and architecture(s)

Audience: Intermediate, to Advanced

Consulting Strategies for Cybersecurity is a ½ day course that tackles the engagement aspects of technical consultants within the Cyber Risk landscape. The student/consultant will learn adaptable strategies to relate to their consumers while intently managing the customer’s expectations, perceptions, and outlook on the Cybersecurity professional. Successful consultants will be well-armed with knowledge of political insights, as well as the technical expertise to provide world-class solutions and outcomes.

Topics covered include:
a. Philosophy of a Consultant
b. Consultant Skills
c. Political IQ – PQ
d. Mastering Work product
e. Q&A

Target Audience: Cybersecurity Strategists and Practitioners, Consultants (IT/Cybersecurity – current & aspiring, and Cybersecurity Managers/leadership.

Learning Objectives:
-Provide a foundational understanding of the role/challenges of a Consultant (IT/CS).
-Add communication strategies to your Consultant tool belt.
-Enhance the student’s Political IQ & awareness, while learning coping strategies.
-Provide examples of world-class Cybersecurity work products, while educating on the importance of perception, brand, and reputation.

Audience:
Intermediate, to Advanced