Secure by Design Training Course

Description:

This class is intended as intense and hard core exam preparation for ISACA’s Certified Information Systems Auditor (CRISC) Examination. The latest four (4) domains of ISACA’s CRISC syllabus will be covered with a big focus on the Examination. The Official ISACA CRISC Review Manual and Question, Answer and Explanation, (Q,A&E), supplements will ALSO be provided when attending. The Q,A&E is exceptional in helping delegates understand the ISACA style of questions, the type of answers ISACA are looking for and it helps rapid memory assimilation of the material.

The technical skills and practices that ISACA promotes and evaluates within the CRISC certification are the building blocks of success in the field. Possessing the CRISC certification demonstrates your skill within the profession. With a growing demand for professionals holding risk and control expertise, ISACA’s CRISC has positioned itself to be the preferred certification program by individuals and enterprises around the world. The CRISC certification signifies commitment to serving an enterprise and the chosen profession with distinction.

Objectives:

• To help you pass the CRISC examination first time.
• Possessing this certification will signify your commitment to serving an enterprise with distinction.
• The growing demand for professionals with risk and control skills will allow holders of this certification to command better positions and salary.

You will learn:

• To help enterprises accomplish business objectives by designing, implementing, monitoring and maintaining risk-based, efficient and effective IS controls.
• The technical skills and practices that CRISC promotes, which are the building blocks of success in the field.

This instructor-led, live training in Egypt (online or onsite) is aimed at security engineers who wish to use IBM Qradar SIEM to address pressing security use cases.

By the end of this training, participants will be able to:

• Gain visibility into enterprise data across on-premise and cloud environments.
• Automate security intelligence to hunt threats and to contain risks.
• Detect, identify, and prioritize threats.

The CEH program covers a variety of topics that center around the Tactics and Procedures required to be a tactical cybersecurity professional. Focusing on the entire kill-chain process, CEH covers a variety of topics from foot printing and reconnaissance, to scanning, gaining access, maintaining access, and covering your tracks. This 5-phase ethical hacking process applies to a variety of scenarios including traditional on-premises networks, cloud, hybrid, IoT systems, and stretches across a variety of topologies and application environments. Students will learn a variety of tools and techniques across this evaluation process as well as how hackers will utilize the same TTPs to hack into organizations.

EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.

The Certified CISO (CCISO) program is the first of its kind training and certification program aimed at producing top-level information security executives. The CCISO does not focus solely on technical knowledge but on the application of information security management principles from an executive management point of view. The program was developed by sitting CISOs for current and aspiring CISOs.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

Format of the Course

• Interactive lecture and discussion.
• Lots of exercises and practice.
• Hands-on implementation in a live-lab environment.

Course Customization Options

• To request a customized training for this course, please contact us to arrange.

It is a comprehensive specialist level program, that imparts knowledge and skills on how organisations can effectively handle post breach consequences by reducing the impact of the incident, both financially and reputationally. The learning objectives are emphasised through practical learning with 40% of this course covering hands-on experience of the latest incident handling and response tools, techniques, methodologies, frameworks, etc.

The Certified Penetration Testing Professional (CPENT) certification is a globally-recognized validation of an individual's knowledge and skills in the field of penetration testing or ethical hacking. CPENT-certified professionals demonstrate their ability to identify, assess and manage security vulnerabilities within a network infrastructure. The certification entails mastery of penetration testing methodologies, understanding of legal and regulatory concerns, and technical knowledge of attack vectors and countermeasures. Industries often require CPENT-certified professionals to safeguard their systems against malicious intruders. Thus, the CPENT certification serves as an assurance of a candidate's expert skill in securing networks and systems, crucial in a continually evolving cybersecurity landscape.

This Introduction to Open Source Intelligence (OSINT) course will provide delegates with skills to become more efficient and effective at finding those key pieces of intelligence on the Internet and World Wide Web. The course is highly practical allowing delegates the time to explore and understand some of the hundreds of tools and websites available.
The next level with in-depth use of advanced tools that are vital for covert internet investigations and intelligence gathering. The course is highly practical allowing delegates the time to explore and understand the tools and resources covered."    
 

This instructor-led, live training in Egypt (online or onsite) is aimed at persons who wish to carry out research on third parties while protecting themselves from the like.

By the end of this training, participants will be able to:

• Install and configure advanced tools for carrying out OSINT.
• Use advanced techniques to collect publicly available data relevant to an investigation.
• Analyze large amounts of data efficiently.
• Generate intelligence reports on findings.
• Leverage AI tools for facial recognition and sentiment analysis.
• Map out a strategy for defining the objective and directing efforts to the most relevant and actionable data.

This instructor-led, live training in Egypt (online or onsite) covers the different aspects of enterprise security, from AI to database security. It also includes coverage of the latest tools, processes and mindset needed to protect from attacks. 

Description:

This 2-day CCSK Plus course includes all content from the CCSK Foundation course, and expands on it with extensive hands-on labs in a second day of training. Students will learn to apply their knowledge by performing a series of exercises involving a scenario that brings a fictional organization securely into the cloud. After completing this training, students will be well prepared for the CCSK certification exam, sponsored by Cloud Security Alliance. This second day of training includes additional lecture, although students will spend most of their time assessing, building, and securing a cloud infrastructure during the exercises.

Objectives:

This is a two day class that begins with the CCSK- Basic training, followed by a second day of additional content and hands-on activities

Target Audience:

This class is geared towards security professionals, but is also useful for anyone looking to expand their knowledge of cloud security.

The Combined SDL core training gives an insight into secure software design, development and testing through Microsoft Secure Development Lifecycle (SDL). It provides a level 100 overview of the fundamental building blocks of SDL, followed by design techniques to apply to detect and fix flaws in early stages of the development process.

Dealing with the development phase, the course gives an overview of the typical security relevant programming bugs of both managed and native code. Attack methods are presented for the discussed vulnerabilities along with the associated mitigation techniques, all explained through a number of hands-on exercises providing live hacking fun for the participants. Introduction of different security testing methods is followed by demonstrating the effectiveness of various testing tools. Participants can understand the operation of these tools through a number of practical exercises by applying the tools to the already discussed vulnerable code.

Participants attending this course will 

• Understand basic concepts of security, IT security and secure coding

• Get known to the essential steps of Microsoft Secure Development Lifecycle

• Learn secure design and development practices

• Learn about secure implementation principles

• Understand security testing methodology

• Get sources and further readings on secure coding practices

Audience

Developers, Managers

This three day course covers the basics of securing the C/C++ code against the malicious users who may exploit many vulnerabilities in the code with memory management and input handling, the course cover the principals of writing secure code.

Description

The Java language and the Runtime Environment (JRE) was designed to be free from the most problematic common security vulnerabilities experienced in other languages, like C/C++. Yet, software developers and architects should not only know how to use the various security features of the Java environment (positive security), but should also be aware of the numerous vulnerabilities that are still relevant for Java development (negative security).

The introduction of security services is preceded with a brief overview of the foundations of cryptography, providing a common baseline for understanding the purpose and the operation of the applicable components. The use of these components is presented through several practical exercises, where participants can try out the discussed APIs for themselves.

The course also goes through and explains the most frequent and severe programming flaws of the Java language and platform, covering both the typical bugs committed by Java programmers and the language- and environment-specific issues. All vulnerabilities and the relevant attacks are demonstrated through easy-to-understand exercises, followed by the recommended coding guidelines and the possible mitigation techniques.

Participants attending this course will

• Understand basic concepts of security, IT security and secure coding
• Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
• Learn to use various security features of the Java development environment
• Have a practical understanding of cryptography
• Learn about typical coding mistakes and how to avoid them
• Get information about some recent vulnerabilities in the Java framework
• Get sources and further readings on secure coding practices

Audience

Developers