Dear Future Trainers,

Welcome to the Purple Hackademy's Acting CISO training ONBOARDING program.
You are about to lead an impactful journey, transforming IT and tech leaders within SMEs into proficient cybersecurity focal points for their organizations.

Your company is considering to become one of our partners, and consequently, we will support you to become one of our Certified Trainers.

Your expertise will be the catalyst for your trainees, guiding them through a series of "Quick Wins" – pragmatic, cost-effective strategies designed to fortify their organizations’ cybersecurity defenses from the get-go.
Over the course of 2 to 3 months, you will conduct weekly sessions, approximately 3 hours each, consisting of two hours of theory and one hour of hands-on practice.

Here’s a snapshot of what you’ll deliver. This content will change depending on the clients expectations but the main chapters would remain.

• Network Security & Spoofing: Equip trainees with the ability to discern and tackle potential network vulnerabilities and spoofing tactics.

• Ransomware & Communication: Dive into handling ransomware and fortifying internal communications against cyber threats.

• Data Integrity & Incident Response: Teach the essentials of maintaining data integrity and responding adeptly to cybersecurity incidents.

• Application Security: Explore application security in depth, emphasizing practical defenses against common threats like SQL injection.

• Secure Coding & Compliance: Instruct on best practices in secure coding and navigating the complex landscape of cybersecurity regulations (for SaaS clients).

Audit or Training ? Build your training program

Both!

The SMEs we are working with, are typically tech-oriented and they would like to build their first line of defense quickly, with a limited budget.

And they don't really know where to start, so they will need you to guide them. Let's discuss about their needs, their infrastructure, processes and resources.

STEP I

During your client interview, before the training is validated, your first goal to clarify what the CEO or the Decision maker is expecting from the training for his company and the future trainee(s).

You can use our Training Assistant during the interview to help building the training program:
http://purplehackademy.com/acting-ciso-registration-success/

Explain him/her each of the risks as below, by giving concrete examples, or asking about his company previous bad experience.
Describing the impacts of such attacks on their Business activity is extremely important to make them prioritize the correct risks.

STEP II

Time to define the scope of the training with the Tech Leader, IT manager or Software Developer.

What are the Quick Wins he would expect to learn and implement in this company ?

We have created 5 categories : Security Deployments, Compliance and Governance, Cyber Vendor Management, Risk Management, Awareness and Training.
For each of those categories, we have prepared some training material and labs to cover it.

STEP III

Generate the training program and propose them to fine-tune it by answering this Self-audit survey

Choose your content

Even if the program can be totally changed from one customer to another, here is a classic generated training program.
Each course contains 1 Quick Win and the last course is a coaching session to describe the quick wins and prioritize them.

Examples of Quick Wins:

▪Prepare a malware or ransomware incident playbook

▪Prepare and conduct an Incident response plan

▪Deploy a free internal phishing campaign solution

▪Identify threats in security logs

▪Implement automated misconfiguration scanning on your Cloud applications to identify and remediate common security issues.

▪Catch a leaked credential with a Secrets Detection Tool...

Our full list Quick Wins will be available after your application will be granted.

Here is a a typical full training program for a final client (english & french)

What does a training session look like ?

During the 1H45 (+15 min break) you will teach them the courses of the previous list, during a face to face meeting, online or offline.

You will get access to a powerpoint version including teacher's notes.

The last 1h, you will guide the trainee to follow the Quick Wins instructions and implement them.
If he can't finish complete it, he can continue on his free time.
Quick wins can be directly provided in the trainer material or be in a separated document.

Here is a typical course below, with Quick Wins included:

Our exam

Your trainees will have to pass an exam based on the previous courses, to get their certification.

A minimum of 70% on theory and practice is required to pass.

How to become a trainer ?

As a trainer and coach, your mission transcends beyond teaching; you are here to inspire actions that your trainees will implement to secure its company as soon as the training is completed.

To join our Instructor path:

• Being eligible (min 5 years of experience as a cybersecurity professional )

• Your company must sign a reseller agreement with us.

• Get access for free to our training resources and start learning

• Pass the Instructor Exam and get the Certification (>70% of success)

Starting the instructor journey

After passing your certification, embark on this journey with your clients:

• Confirm key risks with CEOs and tailor the training content accordingly.

• Suggest Quick Wins that bolster cybersecurity with immediate effect.

• Customize the curriculum using a simplified self-audit survey tailored to each organization's needs.

• Validate the training program and schedule the weekly sessions with the trainees

Your guidance is crucial. As you clarify, inspire, and challenge your trainees, remember that your dedication to nurturing Part-Time Tech CISOs is creating a safer digital environment for SMEs globally.

We're thrilled to have you on board. Together, let’s empower the next wave of cybersecurity leaders.