Skip to content
English
More support Sign in
Contact us
  • There are no suggestions because the search field is empty.

Defensive Design Collection

Defensive Design

Audience: Software Engineers, IT
Difficulty Level: Foundational
Time: 8 modules, 3-5 minutes each + 5 Questions per module
Availability: Available on Training as individual modules. Do not need to be assigned or watched together, designed to stand independently.
Modules:

  • Defensive Design: Application Portfolio Management
  • Defensive Design: GRC (Governance, Risk, and Compliance) for Technical Employees
  • Defensive Design: Open Source Code
  • Defensive Design: OWASP
  • Defensive Design: Phishing for Technical Employees
  • Defensive Design: Social Engineering for Technical Employees
  • Defensive Design: Threat Modeling
  • Defensive Design: User Permissions & Access Management

Trailer: 

Marketing Materials: Defensive Design Marketing Kit

Major Learning Concepts:

  • Defensive Design: Application Portfolio Management
    • Importance of Application Portfolio Management in Cybersecurity
    • Benefits of an Inventoried Application Portfolio
    • Content of application portfolios, both business and technical
    • Role in disaster recovery planning
    • Continuous support for organizational health
  • Defensive Design: GRC (Governance, Risk, and Compliance) for Technical Employees
    • Definition of GRC
    • Importance of compliance
    • Role of clear policies
    • Proactive risk management
    • Regular risk assessments and analysis
    • Understanding and adherence to GRC program 
  • Defensive Design: Open Source Code
    •  Prevalance and benefits of open source code
    • Security risks associated with open source code
    • Criteria for selecting secure open source code
    • Threats from insufficient security practices
    • Importance of regularly updating open source componets
    • Maintaining a Software Bill of Materials (SBOM)
    • Responsible use of open source code
  • Defensive Design: OWASP
    • Overview of OWASP and it's importance
    • Overview of OWASP tools
  • Defensive Design: Phishing for Technical Employees
    •  Targeted nature of phishing attacks
    • Business Email Compromise (BEC)
    • Recruitment ploys - phishing through employment opportunities
    • Community-based attacks - forums, groups, etc.
    • The importance of vigilence
    • Verification and caution with communication
    • Red flags: sense of urgency, etc.
  • Defensive Design: Social Engineering for Technical Employees
    •  Targeted social engineering attacks
    • Password security
    • Open Source Intelligence (OSINT) risks
    • Physical security threats at industry events
    • Adherence to organizational policies
    • Vigilant and proactive security practices
  • Defensive Design: Threat Modeling
    • Importance of threat modeling in risk mitigation
    • Key componets of threat modeling
      • Documenting applications
      • Identifying and ranking potential threats
      • Determining and implementing countermeasures
    • Integration into the development lifecycle
    • Continuous improvement and education
  • Defensive Design: User Permissions & Access Management
    • Importance of managing user permissions
    • Organizational methods for user permissions
    • Preventing escalation of privileges
    • Least privileged and privileged access
    • Maintain visibility and control
    • Compliance, regulations and regular auditing
    • Impact of effective access management