
Develop a cybersecurity program by integrating security into operations and executing key security functions. Learn through practical examples and an overview of how to build a robust security program.
Navigate security operations by starting at the top, progressing through topics, using adjustable playback, engaging demos and activities, and seeking feedback to maximize retention and five-star reviews.
This comprehensive course provides an in-depth of different functions performed for security operations. Students will learn how security operations add value to an organization and the role of documented policies, frameworks, and controls in reducing risk. The course covers critical cybersecurity functions, including risk management, compliance management, asset and vulnerability management, identity and access management, data protection, vendor and supply chain security, security awareness, and monitoring.
Additionally, students will examine key risk assessment strategies, incident response planning, digital forensics, contingency planning, and auditing. By the end of the course, learners will have the knowledge and skills to implement and manage a robust cybersecurity program, ensuring organizational security, regulatory compliance, and effective risk mitigation.
Key components of the course include:
Define what a cybersecurity program is and how security operations can add value to an organization
Explain how documented policies, standards, procedures, guidelines, and controls play a role in reducing risk to an organization
Explain how frameworks can help form and implement security controls for an organization
Explain common cybersecurity program functions and their role in protecting an organization
Explain the function of compliance management and various considerations for compliance management in an organization
Explain key concepts to compliance management such as privacy, data roles, legal actions, and potential consequences of non-compliance
Describe common laws, regulations, and industry standards as it relates to compliance
Explain what a gap analysis is and how it can identify areas that need improvement
Explain the function of risk management and various considerations for risk management in an organization
Define key risk management actions and terms such as risk identification, risk analysis, risk register, and risk reporting
Define key risk measurement strategies and calculations such as AV, TCO, SLE, EF, ALE, and ARO
Describe risk management strategies
Explain methods of prioritizing projects using risk factors and Return on Investment (ROI)
Explain the function of asset acquisition and management and various considerations while managing assets of an organization
Explain the function of vulnerability management and various considerations while managing vulnerabilities
Explain key terms and resources for vulnerability management, such as CVE, CVSS, CPE, CCE, CVE, SCAP, Pentesting, red teams, and blue teams
Explain possible actions to take to deal with vulnerabilities within the organization
Explain the importance of patch management and processes associated with patch management
Explain the function of data management and various considerations while managing data
Define key terms for data management, such as compliance, privacy, data roles, data types, and PII
Explain types of data and the data type could determine the level of security controls needed to protect the data
Explain common methods for protecting data, such as data classification, data labeling, ACLs, encrypting data, steganography, data masking, data obfuscation, and DLP
Explain how data retention and retirement plays a role in keeping data safe
Explain the function of vendor and supply chain management
Explain key relationships to an organization and common agreement types
Explain considerations when choosing and evaluating vendors
Explain the function of personnel management
Explain key policies in relation to personnel management such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations
Explain the function of Identity and Access Management (IAM) and it’s critical role in keeping an organization safe
Explain key concepts to IAM such as AAA, PAM, key storage, MFA, OTP, HOTP, TOTP, SSO, Federation, and identity proofing
Explain what makes a good password and the importance of a password manager and using MFA
Explain key IAM policies and considerations for those policies
Explain the importance of access control, access control models and their use cases for common access control models
Explain methods for physical access control
Explain the function of security awareness and training and its role in keeping an organization safe
Explain the function of configuration and change management and it’s critical role in keeping an organization safe
Explain the function of monitoring and its role in maintaining security for an organization
Explain types and methods of monitoring and how monitoring protocols and software play a role in maintaining an infrastructure
Define key monitoring terms, such as logging, NetFlow, SNMP, Syslog, benchmarking, SIEM, FIM, and threat hunting
Explain Indicators of Compromise (IoC)
Explain the function of alerting and it’s role of keeping an organization secure
Explain the function of Incident Management and its role in keeping an organization safe
Explain key concepts relating to incident management, such as uptime, five 9s, MTTR, MTBF, root cause analysis, and SOAR
List what goes into a incident response plan and explain the importance of it
Explain what digital forensics is, some key terms relating to digital forensics, and the process for collecting evidence
Explain the function of contingency planning and its role in keeping an organization safe
Explain key terms in relation to contingency planning, such as BIA, RPO, RTO, and DRP
Explain the function of auditing and assessments and its role in keeping an organization safe
Explain key terms, such as auditing, attestation, and gap analysis
Explain the function of program management and its role in keeping an organization safe
Describe key metrics for evaluating the performance of systems and programs related to security
List various regulatory compliance and describe key concepts
Determine who may have to comply with various compliance frameworks
Describe various agreement types and where they might apply
Learn it Right, Learn it Well, and Reap the Rewards
Spending the time now to fully understand what security operations looks like and how an organization can implement processes and procedures to reduce risk and improve their services.
Who Should Take this Course:
Anyone wanting to get into a career in IT
Welcome and Getting Started: Prepare yourself for efficiently and successfully completing the course. You’ll get an overview of what the course is all about and what you should expect out of it.
Security Program: This module provides an introduction to cybersecurity programs and their role in protecting an organization. Students will learn how security operations add value by mitigating risks and enhancing business resilience. The module covers the importance of documented policies, standards, procedures, guidelines, and controls in reducing security threats. Additionally, students will explore how cybersecurity frameworks, such as NIST, ISO, and CIS, help organizations implement effective security controls. By the end of this module, learners will understand the fundamental components of a cybersecurity program and how to establish a structured approach to security management.
Security Operations: This module explores the main functions within security operations. Students will examine key areas such as risk management, incident response, compliance, vulnerability management, identity and access management, and security awareness training. The module highlights how these functions work together to create a comprehensive security strategy. By the end of this module, learners will have a solid understanding of the critical cybersecurity operations that help safeguard an organization’s assets, data, and infrastructure. This will serve as an overview of the rest of the course.
Compliance Management: This module covers the role of compliance management in cybersecurity and its importance in meeting legal, regulatory, and industry standards. Students will explore key compliance concepts, including privacy, data roles, legal obligations, and the potential consequences of non-compliance. The module provides an overview of common laws and regulations such as GDPR, HIPAA, PCI-DSS, and SOX, as well as industry best practices for maintaining compliance. Additionally, students will learn about gap analysis as a method for identifying areas that need improvement within an organization’s compliance program. By the end of this module, learners will understand how to implement and manage compliance strategies to reduce risk and ensure regulatory adherence.
Risk Management: This module delves into the fundamentals of risk management and its critical role in safeguarding an organization’s assets and operations. Students will learn key risk management actions and terminology, including risk identification, risk analysis, risk registers, and risk reporting. The module also introduces various risk measurement strategies and calculations, such as AV, TCO, SLE, EF, ALE, and ARO, helping learners quantify and assess risks. Students will explore risk management strategies for mitigating identified risks and prioritizing projects using risk factors and Return on Investment (ROI). By the end of this module, learners will have a comprehensive understanding of how to assess, prioritize, and manage risks effectively within an organization.
Asset Acquisition and Management: This module focuses on the function of asset acquisition and management within an organization’s cybersecurity program. Students will learn how to effectively manage both physical and digital assets, including hardware, software, and data. The module covers key considerations in the acquisition process, such as evaluating asset needs, procurement strategies, and lifecycle management. Students will also explore how to track, monitor, and secure assets to reduce risk and ensure compliance with organizational policies. By the end of this module, learners will have a solid understanding of best practices for managing organizational assets to protect against security vulnerabilities.
Vulnerability and Patch Management: This module covers the critical function of vulnerability management and its role in protecting an organization from cyber threats. Students will explore key terms and resources related to vulnerability management, such as CVE, CVSS, CPE, CCE, SCAP, and the roles of pentesting, red teams, and blue teams in identifying and addressing vulnerabilities. The module will also discuss various actions organizations can take to mitigate vulnerabilities, including the implementation of patch management processes. By the end of this module, learners will understand how to identify, prioritize, and remediate vulnerabilities within an organization, ensuring a proactive approach to cybersecurity risk management.
Data Management: This module explores the function of data management and the essential considerations for effectively securing and managing organizational data. Students will learn key terms and concepts in data management, such as compliance, privacy, data roles, data types, and personally identifiable information (PII). The module will cover how different types of data require varying levels of security controls and methods to protect it. Topics include data classification, labeling, access control lists (ACLs), encryption, steganography, data masking, data obfuscation, and data loss prevention (DLP). Additionally, students will learn the importance of data retention and retirement in maintaining data security over time. By the end of this module, learners will have a clear understanding of how to manage and protect data in compliance with security and privacy requirements.
Vendor and Supply Chain Management: This module focuses on the critical function of vendor and supply chain management in cybersecurity. Students will learn how vendors and suppliers play a key role in an organization’s security posture and operational success. The module covers important relationships between organizations and their vendors, as well as common agreement types, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs). Additionally, students will explore key considerations for evaluating and selecting vendors, including risk assessments, compliance requirements, and security capabilities. By the end of this module, learners will understand how to manage vendor relationships and ensure the security of the supply chain to mitigate external risks.
Personnel Management: This module explores the function of personnel management in maintaining a secure organizational environment. Students will learn about key policies related to personnel security, such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations. The module highlights how these policies help mitigate internal security risks and ensure the proper handling of sensitive information.
Identity and Access Management (IAM): This module provides an in-depth look at the function of Identity and Access Management (IAM) and its vital role in safeguarding an organization’s resources. Students will explore key IAM concepts such as Authentication, Authorization, and Accounting (AAA), Privileged Access Management (PAM), multi-factor authentication (MFA), One-Time Passwords (OTP), HOTP, TOTP, Single Sign-On (SSO), Federation, and identity proofing. The module will also cover best practices for password management, including the importance of strong passwords, password managers, and the implementation of MFA. Students will learn about IAM policies and how access control models such as RBAC, ABAC, and DAC are used to enforce security. Additionally, the module includes methods for physical access control to ensure both logical and physical security. By the end of this module, learners will have a comprehensive understanding of IAM principles and how to implement them to protect organizational assets.
Security Awareness and Training: This module focuses on the critical function of security awareness and training in maintaining organizational security. Students will learn how effective security awareness programs can empower employees to recognize and respond to potential threats, such as phishing attacks, social engineering, and malware. By the end of this module, learners will understand how to design and implement security awareness initiatives that help foster a security-conscious culture, ultimately reducing the risk of security breaches caused by human error.
Configuration and Change Management: This module explores the function of configuration and change management in ensuring an organization’s cybersecurity posture remains strong. Students will learn how effective configuration management helps maintain secure, compliant, and stable systems while preventing unauthorized changes that could introduce vulnerabilities. The module covers the processes and tools used in managing configurations and changes, including version control, baseline management, and approval workflows. Students will also explore the role of change management in mitigating risk, ensuring proper documentation, and maintaining system integrity. By the end of this module, learners will understand how to establish and manage configuration and change processes to safeguard organizational assets and minimize the potential for security threats.
Monitoring and Alerting: This module covers the function of monitoring and its critical role in maintaining the security of an organization’s infrastructure. Students will explore various types and methods of monitoring, including network monitoring, system performance monitoring, and security event logging. The module discusses key monitoring protocols and software, such as NetFlow, SNMP, Syslog, and SIEM, and how these tools help maintain infrastructure security. Students will also learn essential monitoring terms, including Indicators of Compromise (IoC), FIM, and benchmarking, and how to leverage threat hunting to detect vulnerabilities. The importance of alerting and its role in promptly addressing security incidents will also be highlighted. By the end of this module, learners will understand how to implement and manage effective monitoring strategies to proactively detect and respond to security threats.
Incident Management: This module explores the function of incident management and its crucial role in maintaining an organization's security and operational integrity. Students will learn about key concepts related to incident management, such as uptime, five 9s, Mean Time to Recovery (MTTR), Mean Time Between Failures (MTBF), root cause analysis, and Security Orchestration, Automation, and Response (SOAR). The module also covers the components of an effective incident response plan and the importance of preparation in minimizing downtime and damage during a security incident. Additionally, students will learn about digital forensics, including key terms and the process for collecting evidence in a way that supports investigations and legal proceedings. By the end of this module, learners will understand how to develop and implement incident management processes to respond swiftly and effectively to cybersecurity threats.
Contingency Planning: This module covers the function of contingency planning and its critical role in ensuring an organization’s resilience in the face of disruptions. Students will learn how contingency planning helps organizations prepare for and respond to emergencies, minimizing downtime and loss of services. The module delves into key terms related to contingency planning, including Business Impact Analysis (BIA), Recovery Point Objective (RPO), Recovery Time Objective (RTO), and Disaster Recovery Plans (DRP). Students will explore how these concepts guide decision-making and resource allocation to ensure business continuity. By the end of this module, learners will have a comprehensive understanding of how to create and implement effective contingency plans to safeguard an organization’s operations during unforeseen events.
Auditing, Assessments, and Program Management: This module focuses on the function of auditing and assessments and their role in ensuring an organization’s security posture remains strong. Students will learn how auditing and assessments help identify vulnerabilities, validate security controls, and ensure compliance with standards. The module covers key terms such as auditing, attestation, and gap analysis, and explains how they contribute to risk management and continuous improvement. Additionally, students will explore the role of program management in maintaining security programs, including how to evaluate the effectiveness of systems and security initiatives. By the end of this module, learners will understand how to use auditing, assessments, and program management techniques to enhance security, monitor performance, and ensure that security measures are operating as intended.
Appendix A - Regulatory Compliance: Students will learn about different compliance frameworks, such as GDPR, HIPAA, PCI-DSS, and SOX. The module also covers who may be required to comply with these frameworks, including organizations across different industries and sectors. By the end of this module, learners will have a clear understanding of the regulatory landscape and the requirements organizations must meet to ensure compliance.
Appendix B - Agreement Types: This module provides an overview of various agreement types used in cybersecurity and their relevance in protecting organizational assets. Students will explore the different types of agreements, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs), and understand where and when they apply. The module explains how these agreements help define the responsibilities, expectations, and security measures between parties involved in business relationships. By the end of this module, learners will be able to identify which agreement type is appropriate for various organizational needs and how these agreements contribute to maintaining compliance, safeguarding data, and reducing risks.
Wrap Up: Time to wrap up the course and provide any final thoughts.
Prerequisites
NO prerequisites
Equipment
No specific equipment needed, I’ll explain options to practice the commands in the course
Explore what a security program is and how security operations keep an organization safe. Review the components, including documentation, policies, standards, procedures, guidelines, controls, frameworks, monitoring, revisions, and governance.
Discover why a formal cybersecurity program is essential, how it assesses risk, enforces regulatory compliance, and builds policies, controls, training, and accountability across the organization.
Policies set the standards, while procedures provide step-by-step methods to achieve them, from disaster recovery plan to asset and personnel management, change management, risk assessment, playbooks, and checks and balances.
Guidelines provide guidance for decision making in procedures, offering what-if scenarios, tips to improve processes, and supported judgment calls, while the final choice rests with the individual.
Define and categorize controls as measures to mitigate risk, standards, or measurable outcomes, spanning physical, technical, operational, and managerial domains, with types like preventative, detective, and corrective.
Explore how security controls fail open or fail closed, balancing confidentiality, integrity, and availability across firewall, web filtering, and access controls.
Manage compliance within security operations by identifying laws, researching impacts, developing and implementing policies, and using software for a yearly cyclical framework across federal, state, and sector-specific regulations.
Explore risk management in a cybersecurity program through measurement and risk assessment, using a probability and impact model to identify, prioritize, and mitigate vendor and company risks.
Develop a secure workforce by embedding the cybersecurity program in hiring and personnel management, including background checks, onboarding and offboarding, and auditing the hiring process to curb insider threats.
Explore identity and access management as a core cybersecurity practice, highlighting provisioning, deprovisioning, and change management, and the need to document and evaluate IAM processes to improve security.
Set up proper monitoring and alerting to protect reputation. Refine what to monitor, tune alerts to reduce false positives, and review weekly to improve responsiveness and system performance.
Align the cybersecurity program management with cross-functional operations, breaking silos and coordinating subroutines to ensure a complete program through budget, roles, employees, and resources.
Explore how compliance management shapes cybersecurity programs, with a focus on privacy, data roles, geographical considerations, and regulatory standards, monitoring, reporting, and the consequences of non-compliance.
Explore privacy concepts, including data sovereignty and ownership, rights to access and be forgotten, data portability, opt-out and consent, and breach notification under diverse laws.
Define common data roles and their responsibilities, including data controller, data subject, data steward, data custodian, and data processor, and clarify GDPR and data protection officer context, plus PII variations.
Identify the laws, regulations, and standards that govern your business and why you must comply. Explore geographic, industry, data, and risk considerations that shape internal and external compliance decisions.
Explore the definitions of regulation, accreditation, and standards, and compare compliance and frameworks with examples like PCI, DSS, GDPR, COPPA, CSA, ISO, and NIST to guide security program maturity.
Explore how discovery and e-discovery uncover communications across servers and devices to resolve contractual disputes, while applying due care, due diligence, and legal holds to protect data.
Monitor compliance standards continuously and convert ongoing actions into clear reports. Leverage internal and external monitoring, attestation, and automated tools to streamline proof and reporting.
Use a gap analysis to measure compliance against standards and identify gaps. Engage a third-party SOC 2 attestation provider early to verify controls and guide corrective actions before full audit.
Explore the consequences of non-compliance, including fines, sanctions, reputational damage, and loss of license, and how contractual breaches with standards like pci-dss can trigger penalties until corrective action.
Master risk management by assessing risks, applying frameworks, and tracking risks, then use cost-benefit analysis and ROI to prioritize actions and report findings.
Explore risk management foundations, including definitions, scope, the CIA triad, threats, vulnerabilities, controls, and how risk assessment guides mitigation in security operations.
Apply enterprise risk management with frameworks like NIST, COSO, and ISO 31000. Assess risks across people, processes, technology, and data, and implement a lifecycle of controls and monitoring.
Identify and analyze risks in the risk management process, prioritize them, and produce a risk report, while exploring assessment triggers from one-time to continuous monitoring and vulnerability management.
Identify all company risks by cataloging assets, threats, and vulnerabilities to confidentiality, integrity, and availability, and use audits, assessments, and interviews to build a risk register for ongoing risk management.
Explore asset inventory and data inventory assessments, track owners and risk factors, and identify the riskiest data while evaluating recovery point objectives, backups, encryption, and availability.
Identify risks, assess their likelihood and impact, assign a risk owner, implement mitigation, and monitor outcomes using a risk register to prioritize actions.
Quantify risk with asset value and total cost of ownership, using probability times impact to estimate monetary losses. Examine depreciation, deployment, operating, and maintenance costs over a three-year horizon.
Apply quantitative risk analysis to convert risk into a dollar amount by probability times impact. Assess broader impact, including deployment costs, revenue loss, fines, reputation, and annualized loss expectancy.
Learn how to communicate risks through reporting, produce risk assessments, and use dashboards, KPIs, and KRIs to monitor, prioritize, and mitigate security risks with stakeholders.
Apply risk management strategies to keep risks below policy thresholds by avoiding, reducing, transferring, or accepting risk, with credit card processing as a practical example of exception and exemption.
Explore risk mitigation through managerial, operational, technical, and physical controls, and learn preventative, deterrent, detective, corrective, recovery, compensating, and directive strategies with examples like firewalls, onboarding checklists, and surveillance.
Compare inherent and residual risk, showing how mitigation lowers risk by reducing probability or impact through a planning approach.
Use a risk roi worksheet to evaluate mitigation options by comparing inherent and residual risk, probability, impact, and cost, then prioritize solutions by return on investment.
Explore asset management by assessing asset value and data sensitivity through lifecycle stages—from acquiring and accounting to maintenance, change management, and deprovisioning—within security operations.
Implement a secure acquisition and procurement process to prevent shadow IT, ensure ownership, and align purchases with needs assessment, vendor evaluation, and policy-driven approvals.
Track and monitor assets across the network using inventory, asset tags, and GPS. Apply anti-malware, updates, RFID, barcodes, and network scanning to identify rogue devices and enumerate assets.
Explore the common vulnerabilities and exposures (CVE) list, its lifecycle from discovery to patching, and how attackers and defenders use it to assess and mitigate risks in real networks.
Learn how the cvss scoring system prioritizes vulnerabilities by evaluating attack vector, complexity, privileges, user interaction, and impact on confidentiality, integrity, and availability to guide remediation.
Discover vulnerability scanning tools like Nessus, Qualys, Rapid7, and Openvas, including local, cloud, and hybrid setups, with active or passive scans and credential use.
Explore how scap-enabled vulnerability scanners exchange XML data about assets, configurations, and vulnerabilities using ARF, OVAL, OCIL, and ECDF formats.
Explore how vulnerability scanners use common enumerations such as CPE, CCE, and CVE to identify hardware, operating systems, and software, assess configurations, and score vulnerabilities with CVSS and CCS.
See how red teams (offense) and blue teams (defense) test networks, exploit vulnerabilities, and guard against breaches, with exercises and purple team coordination for learning and security.
Prioritize vulnerabilities by critical, high, medium, and low classifications, escalate patches when needed, including zero-day considerations, after discovering, validating, and assessing risks in security operations.
Develop an action plan to mitigate discovered vulnerabilities, detailing patches, compensating controls, isolation, configuration improvements, and training as part of an organized, prioritized remediation strategy.
Validate remediation by rerunning vulnerability scans or retesting pentests to confirm the vulnerability is fixed and no longer present.
Plan, test, deploy, and validate patches with a structured patch management process. Emphasize communication, maintenance windows, machine audits, rollback planning, and staged testing to minimize downtime.
Data acts as both an asset and liability, providing value through profiles and analytics while risking confidentiality and compliance. Manage its lifecycle—creation, storage, sharing, backup, retirement—balancing costs and security.
Explore how privacy laws protect data subjects and govern data roles. Learn about ownership, access, deletion, portability, opt-out and consent, and breach notification across controllers, processors, custodians, and stewards.
Learn how data classification protects the company by categorizing information into public, internal, confidential, and restricted, guiding handling and distribution to safeguard assets like PII, financial, and trade secrets.
Learn to implement data inventory and labeling by mapping sources, identifying PII in relational databases, and applying a public-to-restricted classification to track metadata.
Protect data across states: at rest, in transit, and in process. Apply confidentiality, integrity, and availability at every state to safeguard data from storage to use.
Learn how encryption turns plaintext into ciphertext with a key, protecting data at rest, in transit, and in use, and choose where to apply it—from disks to database components.
Understand how to retire data at end of life through archiving or destruction properly. Identify locations across databases, backups, archives, and failover sites, and apply sanitization and retention rules.
Explore vendor and supply chain management within security operations, assessing vendors, agreements, and monitoring to minimize risk. Learn about cloud shared responsibility, vendor selection, and ongoing relationship governance.
Gather requirements, search for suitable vendors, and assess options with tables, ratings, and independent security audits to select the best fit while avoiding conflicts of interest and vendor lock-in.
Apply the shared responsibility model to cloud hosting, balancing provider security with your own. Evaluate IaaS, PaaS, and SaaS with vendor assessments and SOC reports to protect sensitive data.
Explore supply chain management from a security perspective by analyzing how vendor and component dependencies—from chips to batteries—affect product reliability, visibility, and risk for business laptops.
Assess vendors and their supply chains to select the top vendor, begin negotiations, and finalize the contract with clear terms, allowing an option to back out if needed.
Explore common agreement types such as SLA, NDA, MSA, SOW, ISA, MOU, MOA, BPA, privacy policy, and terms of service, plus practices like right to audit and source code escrow.
Learn how security professionals manage personnel risk from onboarding to termination, applying least privilege, need to know, separation of duties, mandatory vacations, and job rotation.
Manage the employee life cycle from candidate through onboarding, development, performance, and separation, aligning account provisioning and deprovisioning with security policies and audits.
Apply separation of duties to prevent embezzlement by splitting vendor selection, purchase approvals, and checks, while audits and thresholds such as ten thousand dollars enforce accountability and traceability.
Explore how job rotation deters embezzlement by rotating duties like approval, check writing, and auditing to strengthen checks and balances.
Mandatory vacations expose fraud in purchasing and reporting processes by preventing report manipulation, revealing embezzlement, and refreshing employees to boost performance.
Who Should Take this Course:
Anyone wanting to get into a career in IT
Why take the course from me?
Experience: I’ve been in the IT world since 2000, have a masters in computers, and over 20 industry standard certifications
Know how to Teach: I was trained as an instructor by the USAF, have a bachelors in education, teaching since 1997, and well over 6,000 hours of classroom instruction time.
I’ve been a hiring manager since 2010, I know what skill sets employers are looking for.
TechKnowSurge’s Unique Approach
Your instructor has training and years of experience as an educator, as a technician, and as a leader. The course implements the following features:
Microstep lectures and segmented videos that meters learning into bite size chunks. It also makes it easy to go back and review concepts when needed.
Staged-Based Educational Model where information is covered multiple times in increasing amounts of complexity. The approach helps reinforce learning and creates a knowledge and skill set less likely to fade with time.
Extensive coverage of topics to make sure topics are explained fully
Well-organized content. A tremendous amount of effort has been placed on what order content should be delivered to maximize learning and minimizing confusion.
A focus on pedagogy. A funny name, but your instructor has a deep understanding of educational theory and what drives learning.
Module overviews explaining what to expect for each module and sets a mindset for why the information is important to learn.
Video intros, overviews, and summaries to explain the intention of each video, reinforce learning, and prepare you for success.
High quality and engaging videos that use graphics, great explanations, and analogies to explain complex topics in an easy to understand way.
Real world application. Step beyond just the theory. Your instructor has real world experience and will share that with you throughout the course.
Employer insight, know what employers are looking for. Your instructor runs IT Departments and hires individuals just like you.
This well organized course will has the following modules:
Welcome and Getting Started: Prepare yourself for efficiently and successfully completing the course. You’ll get an overview of what the course is all about and what you should expect out of it.
Security Program: This module provides an introduction to cybersecurity programs and their role in protecting an organization. Students will learn how security operations add value by mitigating risks and enhancing business resilience. The module covers the importance of documented policies, standards, procedures, guidelines, and controls in reducing security threats. Additionally, students will explore how cybersecurity frameworks, such as NIST, ISO, and CIS, help organizations implement effective security controls. By the end of this module, learners will understand the fundamental components of a cybersecurity program and how to establish a structured approach to security management.
Security Operations: This module explores the main functions within security operations. Students will examine key areas such as risk management, incident response, compliance, vulnerability management, identity and access management, and security awareness training. The module highlights how these functions work together to create a comprehensive security strategy. By the end of this module, learners will have a solid understanding of the critical cybersecurity operations that help safeguard an organization’s assets, data, and infrastructure. This will serve as an overview of the rest of the course.
Compliance Management: This module covers the role of compliance management in cybersecurity and its importance in meeting legal, regulatory, and industry standards. Students will explore key compliance concepts, including privacy, data roles, legal obligations, and the potential consequences of non-compliance. The module provides an overview of common laws and regulations such as GDPR, HIPAA, PCI-DSS, and SOX, as well as industry best practices for maintaining compliance. Additionally, students will learn about gap analysis as a method for identifying areas that need improvement within an organization’s compliance program. By the end of this module, learners will understand how to implement and manage compliance strategies to reduce risk and ensure regulatory adherence.
Risk Management: This module delves into the fundamentals of risk management and its critical role in safeguarding an organization’s assets and operations. Students will learn key risk management actions and terminology, including risk identification, risk analysis, risk registers, and risk reporting. The module also introduces various risk measurement strategies and calculations, such as AV, TCO, SLE, EF, ALE, and ARO, helping learners quantify and assess risks. Students will explore risk management strategies for mitigating identified risks and prioritizing projects using risk factors and Return on Investment (ROI). By the end of this module, learners will have a comprehensive understanding of how to assess, prioritize, and manage risks effectively within an organization.
Asset Acquisition and Management: This module focuses on the function of asset acquisition and management within an organization’s cybersecurity program. Students will learn how to effectively manage both physical and digital assets, including hardware, software, and data. The module covers key considerations in the acquisition process, such as evaluating asset needs, procurement strategies, and lifecycle management. Students will also explore how to track, monitor, and secure assets to reduce risk and ensure compliance with organizational policies. By the end of this module, learners will have a solid understanding of best practices for managing organizational assets to protect against security vulnerabilities.
Vulnerability and Patch Management: This module covers the critical function of vulnerability management and its role in protecting an organization from cyber threats. Students will explore key terms and resources related to vulnerability management, such as CVE, CVSS, CPE, CCE, SCAP, and the roles of pentesting, red teams, and blue teams in identifying and addressing vulnerabilities. The module will also discuss various actions organizations can take to mitigate vulnerabilities, including the implementation of patch management processes. By the end of this module, learners will understand how to identify, prioritize, and remediate vulnerabilities within an organization, ensuring a proactive approach to cybersecurity risk management.
Data Management: This module explores the function of data management and the essential considerations for effectively securing and managing organizational data. Students will learn key terms and concepts in data management, such as compliance, privacy, data roles, data types, and personally identifiable information (PII). The module will cover how different types of data require varying levels of security controls and methods to protect it. Topics include data classification, labeling, access control lists (ACLs), encryption, steganography, data masking, data obfuscation, and data loss prevention (DLP). Additionally, students will learn the importance of data retention and retirement in maintaining data security over time. By the end of this module, learners will have a clear understanding of how to manage and protect data in compliance with security and privacy requirements.
Vendor and Supply Chain Management: This module focuses on the critical function of vendor and supply chain management in cybersecurity. Students will learn how vendors and suppliers play a key role in an organization’s security posture and operational success. The module covers important relationships between organizations and their vendors, as well as common agreement types, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs). Additionally, students will explore key considerations for evaluating and selecting vendors, including risk assessments, compliance requirements, and security capabilities. By the end of this module, learners will understand how to manage vendor relationships and ensure the security of the supply chain to mitigate external risks.
Personnel Management: This module explores the function of personnel management in maintaining a secure organizational environment. Students will learn about key policies related to personnel security, such as least privilege, need to know, separation of duties, job rotation, and mandatory vacations. The module highlights how these policies help mitigate internal security risks and ensure the proper handling of sensitive information.
Identity and Access Management (IAM): This module provides an in-depth look at the function of Identity and Access Management (IAM) and its vital role in safeguarding an organization’s resources. Students will explore key IAM concepts such as Authentication, Authorization, and Accounting (AAA), Privileged Access Management (PAM), multi-factor authentication (MFA), One-Time Passwords (OTP), HOTP, TOTP, Single Sign-On (SSO), Federation, and identity proofing. The module will also cover best practices for password management, including the importance of strong passwords, password managers, and the implementation of MFA. Students will learn about IAM policies and how access control models such as RBAC, ABAC, and DAC are used to enforce security. Additionally, the module includes methods for physical access control to ensure both logical and physical security. By the end of this module, learners will have a comprehensive understanding of IAM principles and how to implement them to protect organizational assets.
Security Awareness and Training: This module focuses on the critical function of security awareness and training in maintaining organizational security. Students will learn how effective security awareness programs can empower employees to recognize and respond to potential threats, such as phishing attacks, social engineering, and malware. By the end of this module, learners will understand how to design and implement security awareness initiatives that help foster a security-conscious culture, ultimately reducing the risk of security breaches caused by human error.
Configuration and Change Management: This module explores the function of configuration and change management in ensuring an organization’s cybersecurity posture remains strong. Students will learn how effective configuration management helps maintain secure, compliant, and stable systems while preventing unauthorized changes that could introduce vulnerabilities. The module covers the processes and tools used in managing configurations and changes, including version control, baseline management, and approval workflows. Students will also explore the role of change management in mitigating risk, ensuring proper documentation, and maintaining system integrity. By the end of this module, learners will understand how to establish and manage configuration and change processes to safeguard organizational assets and minimize the potential for security threats.
Monitoring and Alerting: This module covers the function of monitoring and its critical role in maintaining the security of an organization’s infrastructure. Students will explore various types and methods of monitoring, including network monitoring, system performance monitoring, and security event logging. The module discusses key monitoring protocols and software, such as NetFlow, SNMP, Syslog, and SIEM, and how these tools help maintain infrastructure security. Students will also learn essential monitoring terms, including Indicators of Compromise (IoC), FIM, and benchmarking, and how to leverage threat hunting to detect vulnerabilities. The importance of alerting and its role in promptly addressing security incidents will also be highlighted. By the end of this module, learners will understand how to implement and manage effective monitoring strategies to proactively detect and respond to security threats.
Incident Management: This module explores the function of incident management and its crucial role in maintaining an organization's security and operational integrity. Students will learn about key concepts related to incident management, such as uptime, five 9s, Mean Time to Recovery (MTTR), Mean Time Between Failures (MTBF), root cause analysis, and Security Orchestration, Automation, and Response (SOAR). The module also covers the components of an effective incident response plan and the importance of preparation in minimizing downtime and damage during a security incident. Additionally, students will learn about digital forensics, including key terms and the process for collecting evidence in a way that supports investigations and legal proceedings. By the end of this module, learners will understand how to develop and implement incident management processes to respond swiftly and effectively to cybersecurity threats.
Contingency Planning: This module covers the function of contingency planning and its critical role in ensuring an organization’s resilience in the face of disruptions. Students will learn how contingency planning helps organizations prepare for and respond to emergencies, minimizing downtime and loss of services. The module delves into key terms related to contingency planning, including Business Impact Analysis (BIA), Recovery Point Objective (RPO), Recovery Time Objective (RTO), and Disaster Recovery Plans (DRP). Students will explore how these concepts guide decision-making and resource allocation to ensure business continuity. By the end of this module, learners will have a comprehensive understanding of how to create and implement effective contingency plans to safeguard an organization’s operations during unforeseen events.
Auditing, Assessments, and Program Management: This module focuses on the function of auditing and assessments and their role in ensuring an organization’s security posture remains strong. Students will learn how auditing and assessments help identify vulnerabilities, validate security controls, and ensure compliance with standards. The module covers key terms such as auditing, attestation, and gap analysis, and explains how they contribute to risk management and continuous improvement. Additionally, students will explore the role of program management in maintaining security programs, including how to evaluate the effectiveness of systems and security initiatives. By the end of this module, learners will understand how to use auditing, assessments, and program management techniques to enhance security, monitor performance, and ensure that security measures are operating as intended.
Appendix A - Regulatory Compliance: Students will learn about different compliance frameworks, such as GDPR, HIPAA, PCI-DSS, and SOX. The module also covers who may be required to comply with these frameworks, including organizations across different industries and sectors. By the end of this module, learners will have a clear understanding of the regulatory landscape and the requirements organizations must meet to ensure compliance.
Appendix B - Agreement Types: This module provides an overview of various agreement types used in cybersecurity and their relevance in protecting organizational assets. Students will explore the different types of agreements, such as Service Level Agreements (SLAs) and Non-Disclosure Agreements (NDAs), and understand where and when they apply. The module explains how these agreements help define the responsibilities, expectations, and security measures between parties involved in business relationships. By the end of this module, learners will be able to identify which agreement type is appropriate for various organizational needs and how these agreements contribute to maintaining compliance, safeguarding data, and reducing risks.
Wrap Up: Time to wrap up the course and provide any final thoughts.
Instructor Bio
TechKnowSurge (Andrew Grimes) has been in the tech industry since 2000 and even longer as an Instructor. He started out as a Survival Instructor for the United States Air Force (USAF) in 1997. When he got out of the military, he started teaching computer classes. Wanting to advance his technical skills, he became a contractor working on a wide range of technologies while teaching technology college courses in the evening. Overtime, he became a hiring manager, director, and leader
His background includes:
Building a security program within 2 years to include becoming SOC 2 Type 2 compliant
Leading and maximizing efficiency of IT, Security, and DevOps teams
Managing SaaS company infrastructure with millions of active users
Managing small, medium, and large IT Infrastructures
Migrating technologies to the cloud
Managing multi-million dollar budgets and reducing overall budget spend year over year
Utilizing various project management techniques such as waterfall, scrum and Kanban to maximize efficiency and success
Bachelors in Workforce Education
Masters in Computer Resource and Information Management
Over 6,000 hours of teaching experience
Over 20 industry standard certifications.
Past student reviews:
“Andrew is absolutely the best instructor I've had throughout the course of my education. He is extremely knowledgeable when it comes to all things network and IT-related. Because of the education he provided, I am now working in the network engineering field, and I could not have done it without his expert guidance.” ~Michael B.
“Andrew was hands down my favorite instructor since enrolling” “He has great skills as an instructor, and I've learned a lot from his classes.” ~Jeff S.
“As an instructor, he is thorough, articulate, patient and positive. He genuinely cares that his students fully comprehend the curriculum. I have a great deal of respect for Andrew. I can't recommend him highly enough.” ~Dan H.
“I found Andrew to be one of the best Instructors” “He presents the information with real world applications, which helped to reinforce the concepts presented in the Cisco Certification track.” “I am truely thankful to have had him as my teacher.” ~Dan M.
“Andrew is very knowledgeable and brings his practical business experience with him. He expresses himself very well and treats everyone with respect. He explains very complicated concepts in a manner that is easy to understand.” “It is without reservation that I would recommend Andrew as a business professional and/or teacher.” ~Adam C.
“Andrew is an excellent instructor and more.” “Andrew is the kind of teacher that you never forget.” ~ William C.
“Andrew Grimes is a first rate instructor who genuinely cares about the success of his students. I was fortunate to have Andrew as my instructor.” “I highly recommend Andrew as an instructor and IT professional.” ~Paul C.
“Andrew is a great instructor who really cares whether his students grasp the concepts he teaches. He has a passion for teaching that many couldn't muster.” ~Patrick R.
“He was a great teacher and I would gladly take a class under him again.” ~Joshua R.
“...his style of teaching is accommodating for any level, that a student is starting off at, either beginning or advance in IT world.” ~Paul W.
“He fosters a multidimensional environment of learning in which students of diverse abilities excel.” ~Mark B
“Andrew Grimes was a great Data Networks and Telecommunications Instructor.” “I would highly recommend him to any who desires to further their education.” ~ Tommy S.