Open in Case of Emergency If you are worried about leading or supporting a major cyber incident, then this is the course for you. LDR553: Cyber Incident Management™ focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine case studies for hands-on learning. Business Takeaways ▐ Develop expert cyber incident management capabilities ▐ Accelerate incident resolution with streamlined processes ▐ Foster better vendor and legal coordination during third-party breach escalation ▐ Improve team performance during critical incidents ▐ Reduce workload without increasing risk with the integration of GenAI ▐ Build a stronger bridge between technical and non-technical functions during cyber events ▐ Integrate threat intelligence to anticipate threats Syllabus Summary SECTION 1: Understanding the Incident, Building the Team with GenAI, Scoping and Tracking the Impact SECTION 2: Communications, Planning, and Executing Remediations SECTION 3: Training, Leveraging Cyber Threat Intelligence, and Bug Bounties SECTION 4: Cloud Incidents, Business Email Compromise, Credential Theft Attacks, and Incident Metrics SECTION 5: AI for Incidents, Attacker Extortion, Ransomware, and Capstone Exercise CURRICULUM: Cybersecurity Leadership LDR553: Cyber Incident Management™ You Will Be Able To ▐ Run briefings under pressure with minimal prep and deliver real impact ▐ Lead meetings when the team is stressed, the facts are incomplete, and execs are impatient ▐ Build and test your own GenAI tools to draft briefs, simulate reactions, and organize chaos ▐ Survive a supply chain breach with minimal third- party support ▐ Distinguish between technical facts, assumptions, and noise during incident response ▐ Use the CIMTK framework to prioritize tasks and drive progress ▐ Track attacker behavior, infrastructure risk, and team readiness in real time Who Should Attend ▐ Security managers ▐ Security professionals ▐ Managers ▐ Legal/HR/PR staff NICE Framework Work Roles ▐ Knowledge Manager (OM-KMG-001) ▐ Cyber Legal Advisor (OV-LGA-001) ▐ Privacy Officer/Privacy Compliance Manager (OV-LGA-002) ▐ Information Systems Security Manager (OV-MGT-001) ▐ Communications Security (COMSEC) Manager (OV-MGT-002) ▐ Cyber Policy and Strategy Planner (OV-SPP-002) ▐ Executive Cyber Leadership (OV-EXL-001) “ It’s a perfect course for those leading cyber incidents. I’ve found nothing else that comes close.” —Lee Taylor, Leicestershire Police For detailed course description, visit SANS.ORG/LDR553 Steve Armstrong-Godwin Course Author WAYS TO TAKE LDR553 Live Online In-Person OnDemand 5 Day Program 30 CPEs 28 Labs GCIL Cyber Incident Leader giac.org/gcil
