Transcript

Welcome to Simply Cyber Academy, where it's all about launching and lifting your career in cybersecurity, governance, social compliance, in an awesome community. There's also value here for red and blue teams and people that are totally outside cybersecurity trying to break in. That was me five years ago, and the founders of AKYLADE and Simply Cyber, whose fingerprints you're going to see all over this course, helped me to find an unseen path, bridging my world with theirs and helping me to advance my career. I want that for you. They want that for you, too. That's why we're here in this course. And one of those founders even makes live cameo appearances that you are not going to want to miss!

We are here for AKYLADE's Certified Cyber Resilience Practitioner, A/CCRP, which is the sequel to my previous course, CCRF, Certified Cyber Resilience Fundamentals. Both of those are on the GRC certification roadmap and GRC career development plan template, you can find those on my YouTube channel and my blog, CPA to Cybersecurity. The Fundamentals course is about understanding the NIST cybersecurity framework way deeper and broader than other certifications out there, so you can know enough to be part of the team and differentiate yourself to hiring managers in a sea of Sec+ holders. Now, in Cyber Resilience Practitioner, we stand at the foundation of that knowledge, getting beyond knowing what to do, what outcomes do we need, as defined by NIST, the National Institute of Standards and Technology, and how specifically to do it. How do we get those outcomes and take an honest current state baseline of an organization's capabilities and chart out a path to a reasonable level of cyber resilience and a plan to get there, communicating about cyber risk in a way and in a language that is appropriate and works well with executives, managers, and practitioners. That helps organizations become cyber resilient and get peace of mind they can get reliably where they need to go. AKYLADE gives us a playbook for how to do that well with their field-tested method they call the Cyber Risk Management Action Plan, the CRMAP. Businesses want to know where to go, and AKYLADE is literally giving us a map for that.

The steps for creating a CRMAP are in the lectures and the lecture notes you can download. They're also in AKYLADE's textbook, Mastering Cyber Resilience. This online course is designed to be a full textbook replacement, but if you want a copy of that book, you can get it at AKYLADE.com or on Amazon, or if you buy this course at academy.simplycyber.io, you get a licensed copy of the e-book as part of your course purchase. The concepts you learn in this course will help you go into an organization as an independent consultant or leader of a team, to help them answer the questions, "What are our top five cyber risks?" "Are we getting the biggest return possible for our investments in cyber resilience?" "How cyber threat aware are our executives and employees? Do they understand their role as part of the human firewall?" "Is our cyber strategy aligned to the business strategy?" And finally, "What do we tell our biggest customers and stakeholders when they ask, 'What are y'all doing about cybersecurity?'"

If you're finding me for the first time, I'm Steve McMichael, an authorized training provider for AKYLADE Certifications, and this is my second course in the Simply Cyber Academy. By day, I'm a director of GRC, the software company, and outside of that, I've taken my passion for helping people cross over into cyber like I did, and for elevating GRC, into my blog, a YouTube channel, and this course. I'm very aligned to and energized by the Simply Cyber values of inclusion, support, value delivery, collaboration, passion, and integrity. And if you are too, let's talk shop in this course about mastering cyber resilience and advancing your career. Team SC, let's go!

So what do you get in this course? And how is it different from other GRC training or other exam prep courses for AKYLADE Certifications? Well, my opinions on this matter are biased, so I'd like to direct you to what students have to say in testimonials, having taken my previous course. Here's Eric earlier in the week. He says, "This course goes a long way toward unpacking cyber resilience, making it accessible, meaningful, measurable, and practical. I devoured the AKYLADE Certified Cyber Resilience Fundamentals coursework and slayed today's exam. It just makes so much sense." I really love his emphasis there on the course being meaningful and practical, and what a great feeling to clear the exam. Kudos, Eric.

Then we have Sean, just yesterday, "I completed Certified Cyber Resilience Fundamentals with Steve. What an eye-opening experience it's been. As an emerging GRC analyst, this course gave me a practical" -- there's that word again, I like that -- "a practical, in-depth understanding of the NIST cybersecurity framework and equipped me with tools to plan, manage, and optimize it with my organization." With any organization. That's right. NIST CSF is not one size fits all. It's very scalable and can be tailored to non-profit, commercial, government, non-government, all sorts of organizations benefit from this approach to cyber resilience. And finally, one more from Jason Dion, who's trained two million people. He says, "Outstanding course with an outstanding instructor. Steve is personable and easy to learn from. Loving the coverage of the NIST cybersecurity framework and the AKYLADE CCRF exam." So that one's printed out of my fridge. You can see more online, updated in real-time.

And next, I want to tell you about how this course, CCRP, goes beyond just helping you clear the exam and getting you certified, but in Simply Cyber Academy style and in collaboration with Dr. Gerald Ogier, I've packed in lots more content with practical, real-world examples of how to do good GRC work. So this course helps you clear the exam, but it also does a lot more in giving you hands-on skills that you can apply to add value as a GRC practitioner or as a cybersecurity consultant. A couple of quick examples, and this is not comprehensive, but it gives you an idea. The course talks about vulnerabilities in your supply chain risk management capabilities and that you should work on those. Well, I take it a step further and I give you an example third-party risk assessment template, like I would fill out at work, and I fill it out for a SAS vendor walking through the third-party supply chain risk management process. I also write a policy, like an example policy you could use for supply chain risk management in that module. I give you an executive scorecard template to present your top five cyber risks.

I've got a three-part lab on spreadsheet skills for data analysis, which is a really important and valuable skill. Excel, like GRC, is awesome and underrated, but it is a very important skill for data analysis that you can apply to, quote, "invert the power dynamic between you and executives." That is a very powerful capability, and it's at your fingertips to get after. That quote is from a famous Canadian founder who punched above his weight. My Excel lab is applied in the context of a cybersecurity framework assessment, but these skills are valuable anywhere you have data. We've got systems spitting out tables and data we need to stitch it together, slice it, dice it, and extract the insights. Roll it up and drill it down, put it in charts, and win hearts and minds for budget approval, as one example.

I've also brought in some business strategy and management science-type concepts that are not in the textbook, but they come from my CPA/MBA background, and they help you, if you understand them, answer the case study questions correctly on the exam as well as being practical in your day-to-day work. Things like stakeholder analysis, force field analysis, four steps in change management, hot and cold communication types, how to read an income statement, and basically brushing up on your business acumen, which actually I love as a key theme in the Certified Cyber Resilience Practitioner course. We're getting into developing your soft skills, your enabling competencies, we widen the scope of your problem statement from just what are the best technical controls for cyber risk reduction, which is critical and vitally important, but there's a bigger problem and a broader one. How do we move the needle on cyber resilience culture? Being a change agent to improve culture is hard. You can't just buy culture off the shelf and plug it in. It can go terribly wrong, but we are well-equipped to make positive changes like that as change agents, guided by the NIST Cybersecurity Framework and the Cyber Risk Management Action Plan. Also, you add Simply Cyber values to that and you are going to be a powerful GRC practitioner.

Let's take a look at the exam outline and the lesson objectives to give you an idea of what to expect in the course. This cert is designed to test your practical knowledge of the NIST Cybersecurity Framework, version 2.0, and how to plan, influence, manage, and optimize the material aspects of it using the Cyber Risk Management Action Plan (CRMAP) process. That's about coordinating with management to get buy-in and win hearts and minds, establishing risk profiles for organizations, and discovering the top five cybersecurity risks using rigorous prioritization methods.

So with the top five risks, you have a problem statement, but then the next question is, so what? What's next? Here we create a personalized cyber risk management strategy tailored to an organization's unique requirements. And finally, lather, interpret, and conduct maintenance and updates to our risk posture. There are four domains of knowledge, all about the CRMAP process, which starts in chapter 11 of your textbook, Mastering Cyber Resilience, and goes to chapter 15. But the content from chapters 1 to 10 also applies, right? We need that CSF understanding to help evaluate an organization and help determine what implementation examples and outcomes and activities should be pursued, in a comprehensive way that gets them resilient.

You're going to have a case study exam that draws on both—like the whole textbook—emphasizing the CRMAP process and applying it to a business to solve business case study problems. You can see breakdowns of the exam domains into specific exam objectives and how many questions to expect from each objective. Just like in my prior course, I list these exam objectives at the beginning of each chapter and at the end of the course. If this one is nine hours of video content, I've double-checked, and we have not missed any exam objectives.

Let's talk about the exam, and I discuss it in more detail in the next lesson, but just at a high level, it's two hours, a score of 700 points out of 900, which works out to be about a 73 to 75 percent pass range. It's case study questions, as I mentioned, with multiple choice answers, and they're about a page long. As I've talked about in YouTube videos and blog posts with AKYLADE, and you can see them discussing it on their AKYLADE website, they follow, with Certiverse and training partners like me, a very robust process for quality, accredited, independent exams that follow an ISO process to get them on the big industry-recognized list. This then ripples out to getting AKYLADE certs on job requirements and job postings. It's early innings in that process, but it is happening in very concrete, tangible ways, and it helps differentiate you by using AKYLADE certs and standing out to hiring managers.

Most importantly, in addition to getting on the list, I definitely see high quality in AKYLADE's content, which is going to give you skills to do a good job and add value on day one, which is what it's all about and what hiring managers are looking for. The exams are proctored by Certiverse. You take them in the comfort of your home or office. You don't have to go to or pay for a testing center facility. Use your webcam and share your screen in the Certiverse testing platform. There is an exam fee to cover that cost of testing and proctoring. You can purchase exam vouchers directly from AKYLADE.com or at a 10% discount at academy.simplycyber.io because we are authorized training partners buying in bulk and passing savings on to you.

I also mentioned the textbook that's there and some other things you can explore. In the next lesson, I'll tell you everything you need to know to crush the exam on the first attempt. But before we get into that, I've just got a couple of quick tips to maximize the value you get from this course. Firstly, all students consume content differently and have different learning styles. And so, this online learning platform has features to speed me up if you find I'm speaking too slow, slow me down if I'm going too fast, rewind, rewatch, show captions, search transcripts, look at lecture notes, listen, and read on the road with mobile access. So, as you immerse yourself in the content, a good tip is to test out these capabilities and adjust the levers and switches and turn the dials to suit your style and needs.

Second, make a schedule and a commitment to yourself to complete this course. As with any cybersecurity certification, it's not easy, and it can feel daunting, but you can do it. Just keep showing up. Remember that it's a marathon, not a sprint, and there's an outstanding community in Simply Cyber that is eager to help you. Their first value is inclusivity. You come with what you have, and they meet you where you are, from the most junior to the most senior level. That community is growing fast, and there's a good reason why.

Next, you can engage with that community on the Simply Cyber Discord. There's a channel set up specifically for this course and CCRF, it's called AKYLADE Cyber Resilience, and you can find that Discord server at simplycyber.io/discord. Another way to engage with this community and to network and get CPEs is on YouTube and the Simply Cyber Daily Threat Briefings at simplycyber.io/streams.

My last tip is to point out that making notes on the study guide that's attached as you go through the course is a good way to prep and remember key concepts for the exam. I talk more about that in the next lesson, so I'll wrap up the tips here. I am so excited for you to jump into this course to get practical knowledge of the NIST cybersecurity framework and how to apply it to help plan, implement, manage, and optimize cyber resilience in organizations of all shapes and sizes. When you're ready to dive headfirst into the pool of the cybersecurity framework, check out the next lesson in the Simply Cyber Academy.