SEC504: Hacker Tools, Techniques, and Incident Handling
SEC504Offensive Operations
LDR519: Cybersecurity Risk Management and Compliance
LDR519Cybersecurity Leadership
- 5 Days (Instructor-Led)
- 30 Hours (Self-Paced)
Course created by:
James Tarala
Course created by:James Tarala
- 30 CPEs
Apply your credits to renew your certifications
- In-Person, Virtual or Self-Paced
Attend a live, instructor-led class at a location near you or remotely, or train on your time over 4 months
- Advanced Skill Level
Course material is geared for cyber security professionals with hands-on experience
- 16 Hands-On Lab(s)
Apply what you learn with hands-on exercises and labs
Master strategic cybersecurity risk management through practical frameworks, comprehensive threat modeling, and regulatory compliance implementation for enterprise-wide security posture enhancement.
Featured Quote
Every day was a great experience and there is just no one else that provides this level of teaching in the industry. Thank you for doing this!
Course Overview
Navigate the critical intersection of risk management and regulatory compliance in today's complex threat landscape. This cyber risk management course provides essential skills for effective cybersecurity governance in threat modeling, safeguard frameworks, and risk analytics. It serves as a foundation for professionals pursuing a GRC certification or aiming to formalize their expertise with a cyber security risk management certification.
Through intensive case studies and a SANS Cyber42 leadership simulation game, students prioritize threats, select safeguards, and align security measures with organizational objectives. You will gain practical experience creating detailed risk assessments, evaluating safeguard effectiveness, and persuasively communicating security risks to executive and technical stakeholders.
The cyber risk management training builds capabilities that enable organizations to maintain resilient defenses against evolving threats while meeting compliance requirements.
What You'll Learn
- Develop comprehensive threat models for risk assessment
- Implement effective cybersecurity governance frameworks
- Prioritize safeguards based on organizational context
- Validate security safeguards through practical assessment
- Communicate risk effectively to executive stakeholders
Business Takeaways
- Enhance compliance posture across multiple regulations
- Align security investments with business objectives
- Improve risk visibility for informed decision-making
- Reduce likelihood of costly security incidents
- Structure an approach to continuous security improvement
- Gain effective stakeholder communication strategies
- Implement a framework for defensible security governance
Meet Your Author
James Tarala
Senior InstructorJames Tarala, managing partner at Cyverity, co-created the CIS Controls and Cybersecurity Standards Scorecard, transforming cybersecurity governance and empowering global organizations to operationalize risk into actionable defense strategies.
Read more about James TaralaCourse Syllabus
Explore the course syllabus below to view the full range of topics covered in LDR519: Cybersecurity Risk Management and Compliance.
Section 1Strategies for Cybersecurity Risk Management
This section establishes the essential context for effective cybersecurity risk management. Students learn to define cybersecurity governance frameworks, align security with business objectives, and understand the foundational elements of risk-based security programs.
Topics covered
- Enterprise risk management fundamentals
- Governance structure development
- Security program maturity models
- Stakeholder responsibility frameworks
- Business-aligned security objectives
Labs
- Cyber42 Case Study: Governance Assessment
- Risk Management Policy Development
- Stakeholder Communications Planning
- Security Program Maturity Evaluation
- Security Investment Justification
Section 2Cybersecurity Threat Modeling
Students develop practical skills for systematic identification and categorization of cybersecurity threats. This section teaches methodologies for building comprehensive threat inventories and prioritizing threats based on organizational context.
Topics covered
- Threat taxonomy implementation
- Asset-based threat modeling
- Attack vector analysis
- Threat intelligence integration
- Threat prioritization methodologies
Labs
- Threat Inventory Development
- Attack Vector Mapping
- Cyber42 Case Study: Threat Analysis
- Organizational Threat Landscape Analysis
- Threat Intelligence Program Design
Section 3Cybersecurity Safeguard Frameworks
This section teaches students to select implement, and validate appropriate cybersecurity safeguards. Students learn methodical approaches for evaluating security safeguard effectiveness and aligning safeguards with identified threats.
Topics covered
- Safeguard framework implementation
- Safeguard selection criteria
- Safeguard validation techniques
- Security architecture assessment
- Defense-in-depth strategies
Labs
- Safeguard Assessment Tool Application
- Safeguard Gap Analysis
- Security Architecture Evaluation
- Cyber42 Case Study: Safeguard Selection
- Defense Effectiveness Measurement
Section 4Validating Safeguards and Third-Party Risk Management (TPRM)
Students learn to quantify, analyze, and respond to cybersecurity risks through structured methodologies. This section teaches approaches for measuring risk impact, likelihood, and developing appropriate response strategies.
Topics covered
- Risk quantification methods
- Impact assessment techniques
- Likelihood determination
- Risk response strategy development
- Risk register management
Labs
- Risk Quantification Exercise
- Impact Analysis Implementation
- Risk Response Planning
- Cyber42 Case Study: Risk Analysis
- Risk Register Development
Section 5Cybersecurity Risk Analytics and Response
This section establishes frameworks for ongoing risk management and compliance. Students develop skills for continuous monitoring, periodic reassessment, and adapting security programs to evolving threats and business needs.
Topics covered
- Continuous monitoring frameworks
- Compliance program integration
- Security metrics development
- Program effectiveness measures
- Security improvement roadmaps
Labs
- Continuous Monitoring Program Design
- Compliance Integration Exercise
- Security Metrics Development
- Cyber42 Case Study: Program Assessment
- Risk Communication to Executives
Things You Need To Know
Relevant Job Roles
Senior Security Leader
Cybersecurity LeadershipDaily focus is on the leadership of technical teams. Includes titles such as Technical Director, Manager, and Team Lead.
Explore learning pathEnterprise Architecture (OPM 651)
NICE: Design and DevelopmentResponsible for developing and maintaining business, systems, and information processes to support enterprise mission needs. Develops technology rules and requirements that describe baseline and target architectures.
Explore learning pathExecutive Cybersecurity Leadership (OPM 901)
NICE: Oversight and GovernanceResponsible for establishing vision and direction for an organization's cybersecurity operations and resources and their impact on digital and physical spaces. Possesses authority to make and execute decisions that impact an organization broadly, including policy approval and stakeholder engagement.
Explore learning pathCybersecurity Policy and Planning (OPM 752)
NICE: Oversight and GovernanceResponsible for developing and maintaining cybersecurity plans, strategy, and policy to support and align with organizational cybersecurity initiatives and regulatory compliance.
Explore learning pathCourse Schedule & Pricing
Looking for Group Purchasing Options?Contact Us
OnDemand Bundle
When purchasing a live, instructor-led course, add 4 months of online access. View price in the info icons below.
SANS Skills Quest by NetWars Core Edition
Add 6 months of hands-on skills practice. Add to your cart when purchasing your course.
Filter by:
Location & instructorDate & TimeCourse priceEnrollment options
- Location & instructor
Virtual (OnDemand)
Instructed by James TaralaDate & TimeOnDemand (Anytime)Self-Paced, 4 months accessCourse price$8,260 USD*Prices exclude applicable local taxesEnrollment options - Location & instructor
Riyadh, SA & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price$8,375 USD*Prices exclude applicable local taxes - Location & instructor
Boston, MA, US & Virtual (live)
Instructed by Russell EubanksDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Las Vegas, NV, US & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Orlando, FL, US & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Washington, DC, US & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price$8,260 USD*Prices exclude applicable local taxes - Location & instructor
Riyadh, SA & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price$8,375 USD*Prices exclude applicable local taxes - Location & instructor
London, GB & Virtual (live)
Instructed by James TaralaDate & TimeFetching schedule..View event detailsCourse price£6,715 GBP*Prices exclude applicable taxes | EUR price available during checkout
Showing 8 of 8
Learn Alongside Leading Cybersecurity Professionals From Around The World
James has a wealth of risk management experience and doesn't just give us theory but real world/practical guidance to becoming better risk management professionals!
Benefits of Learning with SANS
Get feedback from the world’s best cybersecurity experts and instructors
Choose how you want to learn - online, on demand, or at our live in-person training events
Get access to our range of industry-leading courses and resources