Threat Modeling Training at Blackhat 2020

Adam Shostack

At Blackhat this summer, I’ll be offering threat modeling training at Blackhat. This is capped off with an end to end exercise that brings the skills together. Last year, these sold out quickly, so don’t wait!

Make data protection training fun with our GDPR Challenge game

IT Governance

Thanks to our GDPR Challenge E-learning Game , you can now reap the benefits of gamification when training your staff on their data protection obligations. These are the same chemicals that we receive when we laugh, exercise and relieve stress.


This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why your DPO needs specialised training

IT Governance

Instead, they should be given specialist training to help them excel. Here are three reasons why you should invest in specialised DPO training. DPOs are naturally expected to have expert understanding of data protection law, and they should have received GDPR training.

5 best online cyber security training courses and certifications in 2020

IT Governance

With the coronavirus pandemic keeping us stuck inside and struggling to find ways to remain productive, now might be the perfect time to take an online cyber security training course. Certified Cyber Security Foundation Training Course. 3 reasons cyber security training is essential.

Organisations ignore cyber security staff training in favour of unnecessary technological solutions

IT Governance

UK organisations are overlooking the importance of cyber security staff awareness training, instead investing in expensive and unnecessary technologies, a VMware and Forbes Insight study has found. IT Governance offers several training courses to help you understand and implement ISO 27001.

Sales 71

GDPR Training in Belfast – save 10%

IT Governance

One way to fill this gap is to build on the knowledge of existing staff through training. IT Governance runs two levels of GDPR training courses across the UK to train staff on the Regulation, giving them the knowledge required to manage a GDPR compliance project.


Ready for In-Depth eDiscovery Training? Head to Georgetown: eDiscovery Best Practices

eDiscovery Daily

There are training courses and there are training courses, but there is no more in-depth eDiscovery training course than the Georgetown Law Center eDiscovery Training Academy. With plenty of exercises to test your knowledge and Mock 26(f) Conferences on the last day.

New course dates for GDPR training in Edinburgh and Glasgow

IT Governance

One way this awareness can be achieved is through staff training, and IT Governance can support you every step of the way. Certified EU GDPR Foundation Training Course. Next training dates: Edinburgh: 21 May, 18 June, 23 July, 22 August, 24 September.


Five tips for maintaining your mental health when working from home


Make time for exercise. It’s important to make time each day for some form of exercise. Research shows that even modest amounts of exercise have a positive impact on depression, anxiety, ADHD and more. Training & Awareness covid19 mental health work from home

Paper 75

Intelligent Information Management - Learning from CHOCOLATE?!


One of the exercises I developed was called "The Taxonomy of Salad". on them, I'd switch that exercise out for a much sweeter one focused on developing a taxonomy of chocolate. But we mixed in discussions, exercises, and activities to help liven up the subject matter.

Revisit an Employee Personal Data Protection Policy After CCPA


As part of their compliance efforts, organizations subject to the CCPA have likely conducted a data-mapping exercise to determine where personal data is collected, stored, used and eventually disposed.

How to Prepare for the Brazil Data Protection Law


Undertaking a data-mapping exercise can help filter out the data that is not subject to the law’s requirements, such as B2B data. An organization’s internal training may need to be updated to reflect the law’s additional requirements.

B2B 56

Ethical Use of Data for Training Machine Learning Technology - Part 3


This is the third part of a 3-part series on the Ethical Use of Data for Training Machine Learning Technology by guest authors Andrew Pery and Michael Simon.

How to start your career in cyber security

IT Governance

We have many resources to help you learn about ISO 27001, but for a thorough introduction, you should attend our ISO27001 Certified ISMS Foundation Training Course. Cyber Security ISO 27001 ISO 27001 trainingA version of this blog was originally published on 8 December 2017.

How to start your career in cyber security

IT Governance

We have many resources to help you learn about ISO 27001, but for a thorough introduction, you should attend our ISO 27001 Certified ISMS Foundation Training Course. There has never been a better time to get into cyber security.

How to become an ISO 27001 lead implementer

IT Governance

It is much more cost-effective to enrol on an ISO 27001 lead implementer training course that includes the exam in its programme rather than pay for the two separately.

Risk 64

Free Emergency Planning Workshop Series

The Texas Record

The first day will focus on emergency preparedness, and the second day will focus on response, including a wet salvage exercise. Disaster Resources News Archives Emergency Preparedness Local Governments State Agencies Training

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

Then you need to constantly train your team members using various techniques, such as breach response assessments or cyber range exercises. If you look at the military model, the military is constantly training.

BCS Data Protection Courses Available for 2019!

Managing Your Information

Tkm is now an accredited training partner for the BCS and has added their data protection professional certifications to our training portfolio. Other Training. Customised data protection training is available for sessions delivered in house. What courses are available?

Practice Makes Perfect: How the Apollo 11 Crew Prepared for Launch

Unwritten Record

But the years leading up to the launch were full of rigorous training exercises and mock run-throughs performed by the Apollo 11 prime and back-up crews. Astronauts Aldrin, Armstrong, and Collins participate in water egress training in the Gulf of Mexico.

Learning Malware Analysis and Cybersecurity Writing Online

Lenny Zeltser

You can now take my malware analysis and cybersecurity writing courses online in two formats at SANS Institute, depending on how you prefer to learn: OnDemand: Self-paced, recorded training with four months of access to course materials and labs.

The Secret Sauce for Complying with Privacy Regulations


And don’t forget about administrative controls, like policies and training for your workforce. Before you can disclose what you do with personal data, though, you have to know where it is and how your company uses it – which you can achieve through a data mapping exercise.

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

Tyler Barriss , a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

My reporting trip included meetings with Michigan-based cybersecurity vendors pursuing leading-edge innovations, as well as a tour of a number of thriving public-private cybersecurity incubator and training programs. He pulled together the Michigan Cyber Range , an unclassified, private cloud network initially set up to teach, test and train IT staff to defend their organizations’ networks.

SEC Publishes Cybersecurity and Resiliency Observations Report

Data Matters

The summary of examination observations covers practices and strategies in governance and risk management, access rights and controls, data loss prevention, mobile security, incident response and resiliency, vendor management, and training and awareness. The OCIE report also emphasized the testing and re-evaluation of incident response plans using a variety of methods, such as table top cybersecurity exercises to simultaneously assist in training the organization. The U.S.

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

Related: How ‘gamification’ makes training stick. military carry out training exercises for real life cyber warfare. That led to a transition into what it is today: a leading supplier of immersive “gamification” training modules designed to keep cyber protection teams in government, military, and corporate entities on their toes. Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive.

MY TAKE: Michigan’s Cyber Range hubs provide career paths to high-schoolers, underutilized adults

The Last Watchdog

Michigan is cultivating a collection of amazing cybersecurity training facilities, called Cyber Range hubs, that are shining models for what’s possible when inspired program leaders are given access to leading-edge resources, wisely supplied by public agencies and private foundations. These two facilities lacked nothing in terms of state-of-the-art telepresence equipment and training and testing curriculums.

Police are warning crooks are using cleaners to compromise businesses

Security Affairs

“Regular red teaming and p urple teaming; capture the flag exercises [all help]”, biometrics too, although there’s no p oint having cutting edge systems running on an old Windows server.”.

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

Related: Using ‘gamification’ for security training. So we’ve boiled the NIST framework down into a very focused workshop exercise. We bring together 150 or so people into a room for morning and just work through exercises. The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives.

Using No Code ML in Oracle Analytics Cloud to Predict Housing Prices

Perficient Data & Analytics

At a high level and simplifying a bit, there are basically two types of ML: Supervised learning – a labeled data set is used to train an ML model to make predictions. Use the labeled training data set to train a numeric prediction ML model that is provided with OAC.

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

RIM implications of teleworking

The Schedule

As early as 2015, the Alabama Department of Archives and History listed pandemic influenza training and exercises in its COOP template — I wonder if anyone had undertaken exercises before this current crisis that prepared your institution and employees? If so, it’d be interesting to find out how effectively your training translated to actual deployment and what, if anything, you wish you’d done differently.

Paper 43

Bounce and Range

Adam Shostack

Bounce is focused on the relationship between talent and training. It’s about training and practice. The exercises need to be constructed to develop new skills. I took a lot from this book to revising the training I deliver in threat modeling.

Paper 52

Maintaining independence of the DPO role in healthcare organisations

IT Governance

Training internal staff. Where organisations identify a suitable internal staff member to become the DPO, certain training requirements should be met. The increased scope of the Regulation means DPOs should undertake training in its legal basis and practical implications.

NHS Digital release GDPR guidance for health and social care

IT Governance

GDPR training courses. Certified EU GDPR Foundation Training Course. Book your place now>> Certified EU GDPR Practitioner Training Course.


Communicating About Cybersecurity in Plain English

Lenny Zeltser

I’m not suggesting that the resulting statement should replace the original text; instead, I suspect this exercise will train you to write more plainly and succinctly.

Practical steps to GDPR compliance in health and social care

IT Governance

View the full checklist >> GDPR training courses. Certified EU GDPR Foundation Training Course. Book your place now>> Certified EU GDPR Practitioner Training Course.

How to Ensure Your Digital Security During the Rugby World Cup

Thales eSecurity

Just a couple of months after that, World Rugby itself announced that one of its training websites had suffered a security breach that exposed subscribers’ account information. Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup.

IoT 108

Cybersecurity Rules for Insurance Companies to Take Effect in South Carolina

Hunton Privacy

Among other details, the program must be based on a company’s own risk assessments and must include encryption of information in transit, regular testing of systems, and cybersecurity awareness training for employees. The law will also require insurance companies to “exercise due diligence” in choosing third-party service providers and to ensure that service providers have appropriate information safeguards in place no later than July 1, 2020.