Transcript

Transcript

Hey, it's Steve here from Simply Cyber Academy. Come join tens of thousands of students in an awesome community that's all about inclusion, support, value delivery, passion, empowerment, collaboration, and integrity. Team SC, let's go!

If you're looking to break into cybersecurity at the entry level or you're mid-career and looking to bring your transferable skills to a GRC team like I did, you need to study, as they say right now, the NIST Cybersecurity Framework, CSF. This 32-page PDF was first released in 2014 in response to a presidential executive order. Since then, it has been rapidly adopted and become hugely influential on the world stage.

It's not hard to see why. In the complex and challenging field of cyber risk management, CSF provides a clear roadmap between a comprehensive baseline of your organization's current state and an appropriate, tailored, desired state that will work best for it to become cyber resilient. It's a guidebook written by the experts for all shapes and sizes of organizations: big, small, public, private, government, commercial—it doesn't matter. It works for all of them to become cyber resilient, which then helps protect our economy and national security.

CSF is not a one-size-fits-all solution. It's not prescriptive. It's not checkbox compliance. It's risk-based. It's a method for becoming cyber resilient. It starts by identifying and prioritizing digital assets that need protection from cyber threats and then fortifying preventative controls against those threats. But it doesn't stop there. It acknowledges the reality that security incidents will inevitably happen and so prepares you to be able to quickly detect them, respond, and recover.

Hiring managers in the AKYLADE Advisory Council that I'm a part of identified CSF as the number one skills area gap when they consider candidates that they're trying to recruit. While the well-established 22 to 46-year-old certs provide relevant skills like Security+, CISSP, and CISA, they lead the pack in the job postings and they're helpful for learning cybersecurity terminology and certainly they have a great place in your development. I include them centrally in my GRT certification roadmap.

But the reason we have this course and new cert is that those other ones don't dive deep enough into CSF to prepare you to actually implement it. They'll give you a few paragraphs on why it's important, but that's not enough for hiring managers who want candidates that can add value on day one. That is the void that Certified Cyber Resilience Fundamentals (CCRF), the exam, and this course to help you pass it, seek to fill.

The exam, Textbook Mastering Cyber Resilience, was created by the legendary co-founders of AKYLADE, Jason Dion, who's trained two million students, including me, and also Kit Boyle, whose How to Get Your Dream Cybersecurity Job course lived up to its ambitious promise when I took it as an accountant. Here is their outline for CCRF's 50 questions total. 40 are contributing to your score. 10 are for their testing purposes. 50 questions and 60 minutes in an online exam through Certiverse.

My next lesson gives you more details on what to expect and how to pass. The key point here for this intro is that the caliber of the exam development process AKYLADE puts into their certs is very high. Not only does it incorporate hiring manager input on the skills the AKYLADE Advisory Council and others want to see in candidates, it follows an eight-phase ISO process with Certiverse to make quality certs.

Let's take a look at the exam objectives from the handout on AKYLADE.com. At the bottom, we see five domains with the percentage of exam questions for each. On the left, there's a lot of cybersecurity framework concepts making up 25% of the exam. And even bigger, at 30%, something called the framework core.

So the framework core is that wheel you might have seen that does an amazing job of abstracting all of the complexity of cybersecurity into just six functions that we can understand and talk to top executives like the CFO about. Cyber resilience is about doing these functions—identify, protect, detect, respond, recover—with governance throughout. That's it. But once the executives approve a project because they understand what you're trying to achieve and how it helps them, you need more detail talking to managers and more detail still talking to practitioners.

So in CSF, those six functions expand into 22 categories for managers and 106 subcategories for practitioners providing outcomes to be cyber resilient. And this framework rolls up, drills down, and is connected so we can effectively communicate about risk throughout the organization.

The other exam domains are tiers, 10%. This is where, depending on your mission, risk tolerance, and resources, you figure out, are you looking to build Fort Knox with really high security or just cover the basics, cheap and cheerful? And you can also be doing anything in between. Pick a tier that works for you to be able to reliably achieve your organization's objectives.

Profiles come in at 15%. I love these things because it is very much strategic planning. In a profile, you consider what's our mission, what are our key priorities, and where do we need to go? And how does every decision we make about allocating our scarce resources to cyber resilience or to anything else align to our mission? What parts of the CSF core do we need or not need to manage cyber risk to get us where we want to go? And where we're not where we need to be now, how do we get there? What are the specific measures we'll put in place to reduce risk?

Something extra cool about the profiles chapter in this course is going through about a dozen example profiles from different sectors and organizations. It really helps you broaden your horizons of understanding how different types of company or organization need to be protected differently and what that looks like applying a holistic, scalable, flexible framework like CSF.

Risk management is domain five. That's one of my favorite topics and what mastering cyber resilience is all about. It's not a checkbox compliance exercise. It's about risk management. In the next pages, we get a detailed breakdown of exam objectives per domain.

The course has 10 chapters that align with and go sequentially through the first 10 chapters of your textbook, Mastering Cyber Resilience, written by AKYLADE. In the first lesson for each chapter, I'll cover the exam objectives from this handout that we'll be going through. And after we get through chapter 10, we will have covered all of the exam objectives to get you ready to crush the exam.

As part of this course, you get a licensed e-book copy of Mastering Cyber Resilience valued at $20 on Amazon.com. If you were to purchase it separately, you also get an exam voucher. If you purchase that separately, it would be $125 at AKYLADE.com or discounted 10% on my blog, CPAtoCybersecurity.com. But since you've bought this course, it's bundled in.

Other features built into this course are seven practice exams, access to support on the awesome Simply Cyber Discord server, which now has an AKYLADE Cyber Resilience channel. You get my all-killer, no-filler delivery style as a director of GRC at the software company, with real-world experience applying CSF concepts. And you and I both get the benefit of Dr. Gerald Auger's experience from the feedback he's provided on this course. Dr. Auger is the founder of the Simply Cyber Academy of 26,000 students, and he's also the founder of the Simply Cyber Community, which is up to now five million YouTube views.

You, of course, get the videos here in the Teachable platform. You get the blog post-style content I walk through in the lectures. There's a text transcript for every video that you can search for key terms. And there's a quiz per chapter to help you get comfortable with the course concepts. This course comprehensively covers everything you need to know to pass the exam. You don't even really need to read the textbook if you watch all the videos and read my notes because I comprehensively go through all of the content from the textbook in the lectures.

I'm committed to value delivery and your success with AKYLADE certs, and I stand behind that commitment with a 100% pass guarantee policy attached to this lesson. So that's CCRF. That's why we're here. I am super excited for you to jump into the course to learn enough about NIST CSF to be a part of the cybersecurity team. When you're ready to dive headfirst into the pool of the cybersecurity framework, check out the next lesson in the Simply Cyber Academy.