How To Write Powerful Executive Reports in Infosec
What you'll learn
- You'll learn the elements of a professional executive report
- You'll learn what executives love to see in a report
- You'll learn what disgusts and irritates executives in a report
- You'll learn how to follow a structured approach using DIKW in crafting content for executive reports
- You'll learn how to fit your report in one page
- You'll learn how to professionally construct the appendix section of your executive report
- You'll learn how to extract the key findings from your assessment and present it to executives
- You'll learn what makes your report powerful
- You'll learn how to separate the executive report from the detailed technical report
- You'll learn how to use concise, but detailed sentences in crafting content for executive reports
- You'll learn how to make neat, professional annotations on screenshot POCs
- You'll learn how to call executives to action with your reports
- You'll learn how to cut out all the noise and remove irrelevant details in the content of your report
- You'll learn how to perform data analysis using the DIKW model on vulnerability scans and other forms of raw data
Requirements
- Computer with a minimum of 2GB memory
- Operating System: Windows / OS X / Linux
- No prior knowledge of any field in cyber security required
- Microsoft word and excel or their alternatives
Description
Welcome to this course. Here, you'll learn how to craft professional, powerful executive reports in any Infosec field.
One of the biggest challenge in the Infosec space isn't bordered on deficiency of technical skills, but a deficiency in proper communication - especially reporting to C level executives. Many pros in this field always make the mistake of submitting technical reports to non-technical executives. As a result, there's always a huge communication gap between the security pro and the executive team.
Your report is powerful if:
Executives understand every bit of what you're saying
Executives go ahead to act based on the actionable advice drawn from your report.
If your reports can't make executives call stakeholders to action, then the purpose of the security assessment exercise in any field is defeated.
In this course, you'll learn:
How to convert technical statements to business related statements
How to use visualization to communicate statistical findings
How to ensure that your report fits one page
How to include only relevant details in your report
How to polish your report and make it appealing
How to make executives take action based on what you've communicated
How to use your findings from the assessment exercise to find gaps in compliance standards (PCIDSS, NIST 800-53)
Who this course is for:
- Any person in any cyber security related field who's required to write and submit reports to executives
- Any person who wishes to join any cyber related field in the corporate world
Instructor
Charles started his Infosec career at Nigeria's premier MSSP - Esentry Systems as a penetration tester and SOC analyst. His time there played a vital role in his developing his current skill set as he was allowed to dabble into different fields in Infosec (Forensics, Security Engineering, etc.)
Formerly a consultant, he's now in the Nigerian financial services sector as a Penetration Tester and Information Security Analyst.
He has always had to report to executives throughout his career and this prompted the need for this course.
In his free time, he's either reading books voraciously or playing hack the box.