Blog Archives - ALC Training

Cyber security isn’t optional, it’s a must-have.

Ensuring that your team has Cyber Security Training is vital to stay ahead of potential attacks. Don’t wait until it’s too late. By proactively investing in training, you empower your security team to recognise threats early, respond appropriately, and maintain a secure digital environment.

What is Cyber Security?

Cyber security refers to the practice of protecting systems, networks, and data from digital attacks. The goal of cyber security is to prevent unauthorised access, data breaches, identity theft, and disruptions to services. Put simply, it is a preventive measure taken to keep your data safe.

Cyber threats can vary in appearance, but some of the most common attacks include phishing attacks, malware, ransomware, and data breaches. However, with the right training, individuals and organisations can learn how to identify, prevent, and respond to these risks effectively.

Investing in further cyber security training for your team is one of the most valuable steps you can take to protect your business. It equips your team with the knowledge and skills they need to identify, respond to, and prevent cyber threats effectively.

The Damage of Out-of-Date Training

In the fast-paced world of cybersecurity, outdated training can be just as dangerous as not having any training at all. Cyber threats evolve constantly, and so should your team’s knowledge and skills.

The longer a threat is left undetected, the more costly it becomes to address. Outdated training can lead to slow detection and delayed response, which results in larger financial losses due to data recovery costs, lost revenue, and reputational damage. The longer your team is unaware of the latest threats, the more time attackers have to exploit vulnerabilities, making it more difficult to contain the damage.

Keeping your team’s training current and relevant is crucial for staying ahead of evolving threats and maintaining a strong security posture.

ALC Training - pexels cottonbro 5483064 scaled

Minimise Your Risk with Cyber Security Training

A strong, well-trained cyber security team doesn’t just protect your organisation from threats. It allows you to operate with confidence, scale securely, and earn the trust of clients and stakeholders.

Security awareness is the foundation of any strong cyber defence. Even the best technology can’t protect an organisation if its people don’t understand the risks.

Ongoing training ensures your team stays informed about the latest risks, scams, and defence tactics. A well-trained team knows how to handle sensitive data, avoid risky behaviour, and report suspicious activity early. This drastically reduces the likelihood of data breaches, which can lead to financial loss, legal trouble, and brand damage.

With the right training, you can ensure that your team can:

Identify and respond to threats faster
Prevent breaches before they happen
Build a culture of security awareness across your organisation
Adapt to emerging technologies and new regulations
Reduce reliance on external consultants

From AI Security Practitioner (AISEC-P), SABSA Foundation, or CCSP Certified Cloud Security Professional, there are many paths you can take to expand and invest in cyber security knowledge.

Compliance, Governance, and Staying Ahead of the Threats

Compliance and governance are steps that you can’t afford to miss as a business. Non-compliance with data protection laws can result in significant financial and legal consequences. Yet, beyond fines and penalties, the reputational damage can be even more costly.

Governance ensures that cyber security is woven into the fabric of your organisation, not treated as a one-off project. It means having the right leadership support, setting clear expectations, and making cyber security part of your culture. By investing in compliance and governance, you’re doing more than avoiding trouble.

Compliance frameworks encourage consistent security practices throughout your organisation. From secure login protocols to handling customer data. This reduces confusion, strengthens defence, and ensures every employee is on the same page.

If your organisation experiences a breach, having documented procedures in place can demonstrate that you took reasonable steps to protect data. This can mitigate reputational damage and support your legal defence in investigations or lawsuits.

Cyber attackers frequently discover new vulnerabilities in networks, systems, and even human behaviour to exploit. These new attack vectors can include:

IoT device exploitation (unsecured smart devices)
Ransomware-as-a-service (where attackers rent out ransomware kits to amateurs)
Cloud misconfigurations (security gaps in cloud environments)
Supply chain attacks (attacks targeting third-party services or software providers)

Training your team on these emerging risks helps them stay vigilant and responsive.

Industry-Leading Training

Whether you’re looking to future-proof your organisation or advance your career in IT, ALC is your trusted partner. With over 25 years of experience and a national presence, ALC is committed to empowering professionals and protecting businesses through world-class training.

Cyber security is not static. It evolves as quickly as technology itself. That’s why ongoing education is crucial.

Find out more about certifications and their benefits. Read The Value of a CISSP® Certification or Online Security Courses for Beginners: Where to Start Your Journey.

If you are in project management, there are many ways you can accelerate your career without a degree. Both PRINCE 2 and PRINCE 2 Agile are widely recognised certificates that teach you project management methodology.

Let’s break down the details of each of these courses to find the one to best suit you.

What is the PRINCE 2 Course?

PRINCE2 (PRojects IN Controlled Environments) is a structured project management method widely used across industries. It focuses on process-driven project management and is based on best practices and governance frameworks.

The PRINCE2 Foundation course is ideal for beginners and covers core project management principles, themes, and processes. It doesn’t require prior experience, making it suitable if you’re just starting out in the field. The PRINCE2 Practitioner level builds on this, enabling you to tailor the method to specific projects. It’s perfect for professionals managing or directing projects and wanting a consistent, scalable approach.

What is the PRINCE 2 Agile Course?

PRINCE2 Agile combines the flexibility and responsiveness of agile with the clearly defined framework of PRINCE2. It’s perfect for professionals working in agile environments but wanting to maintain strong governance and structure.

This course requires existing PRINCE2 knowledge or a qualification, and is recommended for those already working in project or delivery roles. You’ll learn how to adapt PRINCE2 principles to agile frameworks like Scrum, Kanban, and Lean Startup.

Comparison of PRINCE 2 vs PRINCE 2 Agile

To further break down PRINCE 2 vs PRINCE 2 Agile, here is a side-by-side comparison of the two:

Main Focus

PRINCE 2: Provides a structured framework for project management using a best practice approach.
PRINCE 2 Agile: Combines PRINCE2® with Agile principles to deliver flexible, iterative project management.

Target Audience

PRINCE 2: Project managers looking for a solid, traditional methodology for project management.
PRINCE 2 Agile: Project managers working in dynamic environments who require a flexible, agile approach to project management.

Prerequisites

PRINCE 2: No formal prerequisites for Foundation. For Practitioner, you must have completed the Foundation level.
PRINCE 2 Agile: No formal prerequisites for Foundation. Practitioner requires Foundation certification.

Application

PRINCE 2: Useful in industries with standardised project structures such as construction, engineering, and government.
PRINCE 2 Agile: Ideal for industries that require adaptive and iterative project delivery such as IT, software development, and innovation-driven sectors.

Benefits

PRINCE 2: Ideal for both public and private sector projects.
PRINCE 2 Agile: Enhance ability to balance project flexibility with control.

Both PRINCE 2 and PRINCE 2 Agile certifications are highly regarded in the project management field. These credentials provide a proven, systematic blueprint to managing projects, but they also adapt to different project environments.

What Role Do You Want?

Choosing between PRINCE2 and PRINCE2 Agile largely depends on your career aspirations and the type of organisation or projects you work with.

Are you new to project management? Start with PRINCE2 Foundation to build a strong understanding of the fundamentals.
Want to work in a traditional project setting or a government organisation? PRINCE2 offers a structured path that’s valued in many corporate environments.
Already working in agile or digital teams? PRINCE2 Agile helps bridge the gap between agile delivery and business governance.
Looking to manage both structure and agility in large-scale projects? PRINCE2 Agile Practitioner is designed for just that.

Whichever route you choose, both PRINCE2 and PRINCE2 Agile offer a solid foundation to advance your career in project management.

ALC Training - pexels tima miroshnichenko 5198239 scaled

Start Your Next Course Today

The best choice ultimately comes down to your current role, your goals, and the type of project environment you work in.

If you are looking to expand your Project Management skills with training, ALC can help you find the right course to propel you forward. At ALC Training, we’ve been empowering project professionals since 1994.

Whether you’re looking to master PRINCE2, Agile, Scrum, or other industry-leading certifications, our expert trainers and comprehensive courses are designed to set you up for success.

If you’re an enterprise architect looking to upskill or someone looking for a career change, a TOGAF certification can help you stand out and open new career pathways.

Before you dive into your next certification, here is all you need to know about TOGAF and your options. From the various courses available to your next potential career move, let’s get you on the right track.

What is TOGAF?

TOGAF stands for The Open Group Architecture Framework, and it is a globally recognised framework for developing and managing enterprise architecture. It provides a structured approach for designing, planning, implementing, and governing an enterprise information architecture.

When you work towards a TOGAF certification, there are many benefits you can unlock for both current and future career prospects.

Certified professionals often command higher salaries compared to non-certified peers in IT architecture.
It equips you with the tools to align IT strategies with overall business goals, making you a trusted advisor to leadership.
TOGAF skills are in demand in banking, government, healthcare, telecommunications, retail, and more.
It shows you’re committed to industry best practices and continuous professional development.
TOGAF gives you a common framework and language, making collaboration easier across teams, departments, and organisations.

There are many levels of TOGAF and these can be applied to various skill levels.

What are the Different Types of TOGAF Certifications?

If you’re looking to get certified in TOGAF, here is a deep dive into the available options and job opportunities.

TOGAF Foundation

The TOGAF Foundation curriculum includes terminology, structure, basic concepts, and the core principles of Enterprise Architecture. Participants will also explore real-world examples of architecture deliverables and artefacts.

Jobs and Opportunities:

Enterprise Architect (Junior Level)

Solution Architect (Entry Level)
Business Architect Assistant
IT Strategy Analyst
Enterprise Architecture Consultant (Entry/Associate)
IT Business Analyst (with EA focus)

TOGAF Practitioner Course

The TOGAF Practitioner Course course focuses on the practical application of the TOGAF 10 framework. Building on the Foundation level, it uses 18 practical scenarios to reinforce key concepts, with a focus on application and analysis alongside knowledge and comprehension.

Jobs and Opportunities:

Senior Enterprise Architect
Digital Transformation Architect
Chief Technology Officer (CTO) Pathway
Strategic IT Planner
Senior Business Architect

TOGAF EA Foundation and Practitioner

If you’re looking to build a serious career in enterprise architecture, TOGAF Foundation and Practitioner is a strong starting point. It’s based on the latest TOGAF® Standard, EA, 10th Edition, and is designed to support Agile Architecture for the Digital Age.

Course Overview:

This 4-day intensive course teaches both the fundamentals and the practical application of the TOGAF framework. It’s split into two main modules:

Foundation (2 days): Covers the basic terminology, structure, and core concepts of TOGAF, preparing participants for the Foundation exam. You’ll explore essential deliverables and key architectural artefacts with real-world examples.
Practitioner (2 days): Focuses on the hands-on application of TOGAF using real scenarios. The Practitioner level is about critical thinking and practical analysis, moving beyond theory into applied enterprise architecture.

Jobs and Opportunities:

Enterprise Architect (Mid-Level)
Lead Solution Architect
Business Transformation Consultant
Technology Strategist
Digital Solutions Designer
IT Governance Lead

TOGAF Business Architecture Foundation

TOGAF Business Architecture Foundation provides a bridge between an enterprise’s business model and strategy on one side, and the business functionality of the enterprise on the other. It delivers holistic, multidimensional business views of capabilities, value delivery, information, organisational structure, and the relationships among these elements.

Jobs and Opportunities:

Business Architect
Business Process Manager
Strategy Analyst
Enterprise Strategy Consultant
Innovation and Change Manager
Transformation Programme Manager

Is TOGAF Worth it?

Whether you’re aiming to move into senior IT roles, strengthen your strategic thinking, or simply stand out in a competitive market, TOGAF is a smart investment in your future.

As organisations navigate complex digital transformations and work to align their business strategies with technology, having a structured approach to Enterprise Architecture (EA) is essential. With organisations increasingly looking for experts who can align technology and business goals, having TOGAF gives you an advantage and opens new doors for you.

This broader skill set can elevate your ability to manage and lead change, making you an indispensable asset to any organisation.

ALC Training - pexels thirdman 5582590 scaled

How to Get TOGAF Certification in Australia

If you’re looking to become TOGAF certified in Australia, ALC can help you. ALC is a trusted and accredited provider offering TOGAF courses across Australia, including Foundation, Practitioner, and Business Architecture levels.

You can easily enroll with ALC and explore a wide range of enterprise courses. Simply browse the ALC schedule for your chosen course and you can get started towards your next qualification.

If you’re thinking about levelling up your cybersecurity skills, odds are you will come across these two qualifications, CISSP and CISM.

Many IT and security professionals hit a ceiling in their careers without industry-recognised certifications, making CISM and CISSP certificates a popular choice. Both of these stand out as leading qualifications in the cybersecurity world and offer many benefits, but which one should you choose?

Before you sign up to complete your next cybersecurity qualification, here is all you need to know.

What is CISSP?

A CISSP or Certified Information Systems Security Professional certificate is a globally recognised certification for information security professionals. It is considered the “gold standard” in cybersecurity qualifications, ensuring that security leaders have in-depth knowledge of evolving threats, technologies, regulations, and industry standards.

The Value of a CISSP Certification is shown as it’s a globally recognised cybersecurity qualification that requires years of proven industry experience.

ALC Training - cyber safety concept with chain padlock keyboard wooden cubes white background flat lay scaled

What is CISM?

CISM or Certified Information Security Manager is another globally recognised certification designed for information security managers and professionals responsible for managing, designing, and overseeing an enterprise’s security program. Just like the CISSP certification, this requires you to have proven industry experience.

What’s the Difference Between CISSP and CISM?

The CISSP (Certified Information Systems Security Professional) and CISM (Certified Information Security Manager) certifications are both well recognised credentials and each offers key benefits. However, they also have some important differences in who they cater to.

CISSP is designed for security professionals who work on the technical and operational aspects of cybersecurity, including security engineering, risk management, and cryptography. CISM on the other hand, is targeted at security managers and executives who develop and oversee security programs, ensuring they align with business objectives.

Why Choose CISSP?

While CISSP requires a strong foundation of industry experience, it is not a beginner-level certification. Instead, it is ideal for professionals responsible for securing complex IT environments. While CISSP is regarded as a broad security technical certification, it is by no means basic. This is a technical course that delves into advanced security concepts.

Pros of CISSP

Globally recognised qualification
Includes both technical and security management skills
Opens the door to high-level security roles
Covers a deep understanding of security domains

If you are looking to build a well-rounded expertise in cybersecurity that spans both technical and managerial aspects, CISSP is the perfect choice.

Why Choose CISM?

CISM is ideal for those looking to lead and oversee enterprise security programs. This certification bridges the gap between technical security and business leadership, making it well-suited for individuals in security management roles.

Globally recognised qualification
Ideal for professionals who want to lead and oversee security strategies at an organisational level
Provides access to valuable industry insights
Ideal for those who want to lead and oversee security strategies at an organisational level

If your goal is to take on leadership roles in cybersecurity and develop security strategies that align with business objectives, CISM is the ideal certification to advance your career.

ALC Training - woman working computer network graphic overlay scaled

Obtaining a Certificate: CISSP vs CISM

Both of these cybersecurity qualifications offer important pros for those wanting to upskill, but they are not without their challenges. Both the CISSP and CISM exams are considered challenging, and as they both require years of proven experience, they are targeted at those with professional industry training.

Taking the Exam CISSP vs. CISM

The average study time for the CISSP exam is between 3 to 6 months while CISM is around 2 to 4 months of study time. To prepare you for the exam for each of these qualifications, you will study the main domains.

To prepare effectively for the CISSP exam, you will focus on eight key domains of information security:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communication and Network Security
Identity and Access Management (IAM)
Security Assessment and Testing
Security Operations
Software Development Security

CISM is more focused on the management aspects of information security, making it a shorter preparation period compared to the CISSP exam. The main CISM domains covered are:

Information Security Governance
Information Security Risk Management and Compliance
Information Security Program Development and Management
Information Security Incident Management

The exam length for both of these also differs:

The CISSP exam lasts 3 hours and is a computer-based test (CBT), consisting of 100 to 150 multiple-choice questions. You will need to get a 700 out of 1000 to pass the CISSP exam.
The CISM exam is 4 hours long and is also a computer-based test (CBT) with 150 multiple-choice questions. You will need to get 450 out of 800 to pass the CISM exam.

CISSP and CISM serve different purposes within the cybersecurity field. CISSP is designed for professionals who need a broad understanding of security technologies and best practices across multiple domains, making it well-suited for those working hands-on with security systems.

On the other hand, CISM is tailored for professionals who focus on governance, risk management, and aligning security strategies with business objectives. Rather than deep technical implementation, CISM emphasises security leadership, making it ideal for those in managerial or strategic roles.

However, the cybersecurity qualification you choose will need to be based on where you want your career to go next.

Finding the Right Cybersecurity Qualification for You

Now that we have broken down each qualification, which one should you choose?

Choose CISSP if you are a technical security professional looking to deepen your expertise in security architecture, network security, cryptography, and risk management.
Choose CISM if you are an IT security manager or leader aiming to oversee, govern, and align security strategies with business objectives.

Are you looking to up-skill your cybersecurity knowledge? Get CISSP or CISM certified with ALC. You can contact us today to find out more about your next qualification or to obtain a quote.

Browse all our courses and get accredited training from ALC today!

With the increase in cyber threats, it’s more important than ever to stay informed about evolving risks, and invest in professional certifications like CISSP.

CISSP or Certified Information Systems Security Professional is a globally recognised cybersecurity certification and is regarded as the gold standard for security professionals.

If you are looking to become CISSP certified, here are some important things you need to know before you begin.

CISSP Prerequisites

While anyone can attend a CISSP course, the accreditation will only be available to those who meet ISC2 requirements.

In order to get your CISSP certification, you will need:

A minimum of 5 years direct full-time security professional experience in two or more of CISSP CBK domains.
One year of work experience may be waived if you have a four-year or higher college/university degree or credentials.

Anyone who doesn’t meet these requirements will be given Associate status until these are fulfilled.

Who should be CISSP Certified?

A CISSP certificate can be hugely beneficial to those who are looking for more job opportunities, want to advance their skills, need to meet compliance requirements, or want a globally recognised security certificate.

ALC Training - pexels bertellifotografia 18999469 scaled

A CISSP course is aimed at those who are in the following roles:

Security Consultant
Security Manager
IT Director/Manager
Security Auditor
Security Architect
Security Analyst
Security Systems Engineer
Chief Information Security Officer
Director of Security
Network Architect

What are the Benefits of a CISSP certification?

A CISSP certificate comes with a range of benefits. CISSP validates your expertise in security principles, risk management, and cybersecurity best practices, making you a valuable asset to organisations worldwide.

One of the key benefits of CISSP is its global recognition. Many organisations, especially in sectors like finance, healthcare, and government, require or strongly prefer CISSP-certified professionals for senior security roles.

With so many certifications available, some employers may be unsure of which credentials truly indicate deep expertise. CISSP eliminates this concern by requiring not only a rigorous exam but also a minimum of five years of relevant work experience. The CISSP course is designed to prepare you for the examination at the end and provides comprehensive knowledge from leading security leaders.

CISSP Course Timeframe

There are both virtual and in-person options for your CISSP course that can help you get the most out of your training experience.

There are three options for your CISSP training with ALC:

Full-time 5-day CISSP Certification Prep course
Part-time 1-day per week over 5 weeks
Evening classes 6-9 pm one night a week for 12 weeks

The full-time, 5-day CISSP prep course is an intensive, immersive training program designed for professionals who want to accelerate their learning and prepare for the CISSP exam in a concentrated time frame.

For those who need a more flexible training schedule, the part-time 1-day per week over 5 weeks or evening classes one night a week for 12 weeks are great options. This is perfect for those who have other professional commitments but still want to prepare thoroughly for the CISSP exam.

The CISSP course will help you draw from an understanding of new technologies, regulations and practices that are based on the 8 Common Body of Knowledge (CBK) areas:

Security and Risk Management
Asset Security
Security Architecture and Engineering
Communications and Network Security
Identity and Access Management
Security Assessment and Testing
Security Operations
Software Development Security

After you have completed your CISSP course and your five years of work experience, it can take between three to eight months to get your certificate. This timeframe will vary based on your personal experience and how much study you require.

The CISSP exam lasts approximately three hours and can be scheduled months in advance so you can commit time to study.

Once you are prepared and believe you are ready, you will be able to sit the exam. The CISSP exam can be attempted a maximum of three times a year, and after your first failed attempt, you will need to wait a month before you can resit.

Do You Need to Renew Your CISSP?

Yes, you will need to renew your CISSP every three years to remain valid. You will need to earn 120 Continuing Professional Education (CPE) Credits. These credits can be gained through seminars, webinars, courses, self-study, or by joining organisations that expand your network.

Get CISSP Certified Today

ALC Training - pexels pixabay 60504 scaled

Cybersecurity certifications will help ensure you are up to date with security trends and best practices and can elevate your position in the field. With CISSP being respected as the golden standard in cybersecurity, it’s easy to see the value of a CISSP certification.

With our expert instructors and comprehensive course content, you’ll be fully prepared for the CISSP exam. Get started today and take the first step toward becoming a certified security professional.

ALC is a leading, Australia-based provider of quality training, specialising in best-practice methods and frameworks. Choose ALC for your CISSP training and take the next step in advancing your career in cybersecurity.

If you need more guidance, you can get in touch today.

This is an example post

The Australian Signals Directorate (ASD) announced this week that the Cloud Security Certification Programme (CSCP) is being scrapped, and references to both the CSCP and Certified Cloud Provider List (CCPL) are being removed from the Information Security Manual (ISM) and other publications. So, what does this mean for government agencies, businesses and individuals who rely upon these artefacts?

When considering moving to the cloud, the onus has always been on the Cloud Customer (“Customer”) to ask the right questions and have their security and privacy requirements met in the contract with the Cloud Service Provider (“Provider”). The Cloud Security Alliance (CSA) referred to this in their previous artefact, The Treacherous Twelve, as Lack of Due Diligence. The corollary is that, if Customers do not ask, then they are consuming the default security and privacy offerings from the Provider. Unfortunately, many Customers race to consume cloud solutions and forget the contention between cheap, fast, secure – pick any two. Cloud is often chosen as a cheap and fast “quick fix”, with security often neglected.

So what now? Organisations will need to ensure that their information security professionals are trained up in understanding the most important points to consider when engaging a Provider. This will include jurisdictional issues, contracts, roles and responsibilities and ensuring service level agreements meet the needs of the Customer, not the Provider. According to a recent online Forbes article, Certified Cloud Security Professional (CCSP), a body of knowledge and certification offered through (ISC)2, is the fifth most sought-after certification. Cloud is also a topic in the four certifications ahead of it – CISSP, CISA, CISM and CRISC. The CCSP is a well thought-out body of knowledge that is relevant and meets the needs of today’s cloud customers and providers.

ALC has been at the forefront of cloud training across the Asia Pacific region, and our internal statistics show we have trained over 60% of information security professionals who hold the (ISC)2 Certified Cloud Security Professional (CCSP) in Australia and New Zealand. As the focus will increasingly shift to information security professionals within organisations to ask the right questions and demonstrate good governance, it is prudent to consider a solid basis and foundational level within many of ALC’s cloud, security and privacy training portfolio. Our CCSP trainers include the first person to be certified as a CCSP in Australia and the former lead cloud architect for a major service provider.

<a href=”https://www.freepik.com/free-photos-vectors/business”>Business photo created by kues1 – www.freepik.com</a>

An increasing number of businesses are embracing the ‘bring your own device’ policy, allowing employees to use their smartphones and tablets to access the company’s information and work on the go.

This policy can add a new dimension to IT project management training, with products now able to be developed remotely and flexibly using mobile devices. However, it also means that a greater emphasis now needs to be placed on mobile cyber security to ensure that businesses are keeping their information secure.

Threats being detected in the Android app store

Although all kind of devices has risks associated with them, those operating on the Android platform are shown to be particularly vulnerable to malware from apps. It’s therefore essential that companies with employees using Android devices are extra vigilant and aware of the possible threats.

The most prominent threat to Android users is apps, with the Google Play Store being invaded by numerous applications containing malware. Google Play Protect detected and removed 1,700 Android apps infected with the malware Bread (also known as Joker) before ever being downloaded by users.

Likewise, an analysis by G DATA showed that the number of malicious apps reached a record level in 2019. This problem is growing, and businesses have to look out for ransomware and Trojans that might compromise their data for money.

ALC Training - internet 3592056 640

How can businesses protect themselves?

Due to the magnitude of this risk, it’s important for businesses to know the security measures they should take to defend employees mobile devices from malware. Lukas Stefanko, expert at security solutions company ESET, emphasises that the best approach to security is preventative.

“Don’t delay taking security measures until something unusual happens – in most cases it’s too late as the device may already be compromised and the data lost,” he said in an interview with We Live Security.

Businesses should require that all employees using their personal devices to access company information to have the latest operating system and antivirus software installed to defend against cyber threats. They should also encourage people to be careful of the apps they download, and always check the reviews before installing anything.

It is apparent how mobile security has become an integral aspect of information security training, and companies need to ensure they protect all channels of data access. ALC Training can help by educating employees in all aspects of cyber security, resulting in better protection for businesses in the long run.

Source:

Google Security Blog – Read the full details here .

G Data IT Security Trends 2020

Digital Transformation is the ability of an organisation to remain competitive. By using new technologies more effectively than their competitors, this leads to greater market share, lower price points, improved product and/or service quality and constant innovation for clients. But where do you start?

This article is designed for medium to large organisations that want to know how to do this. I’ll draw on my 20 years of experience as an enterprise and solution architect with DXC technology. I was fortunate enough to help a range of clients which I can now couple with my knowledge as a trainer, across the 12+ courses that I now run.

Click to open the infographic below to see a snapshot of the steps to take to perform a digital transformation successfully.

Here is my list of key steps in order:

Use an Agile framework to help structure the entire transformation. My recommendation is to use the Scaled Agile Framework or SAFe, coupled with The Open Group Architecture framework or TOGAF. This will involve sending all the senior leaders on a Leading SAFe 2-day course, your architects, engineering and development functions on TOGAF Part 1 and Part 2 4 day course.
Understand what business objectives you’d like to achieve in the next 3-5 years.
Work with all the key stakeholders to develop a common mission and vision.
Send your security experts to become certified on the Certified Cloud Security Professional certification.
Identify key execution leaders, usually the program manager, a senior project manager and the lead architect, to go onto the 4-day Implementing SAFe course to become SAFe program consultants. I wouldn’t recommend relying on outside consultants unless you want to hire someone.
Run a value stream workshop with the key stakeholders to determine the best value stream to take forward that will deliver your first epic and the associated top 5-10 features.
Start running internal Leading SAFe workshops to ensure everyone know how SAFe works and outline the value stream that we’re going to take forward. Use the workshop to seek feedback and help improve the decision-making process.
Think about training for your technical resources. So unless you’ve been living under a rock, you’re probably looking at Office 365 Security & Compliance (2 Days) and either AWS Quickstart (1 Day) or Azure Fundamentals (1 Day). My personal pick is to stay with Azure. It’s the most popular with my students in Australia. You could also consider Google and Oracle. I’ve had a handful of people use Google and only 2 use Oracle. I think they were from Oracle.
Identify the first Agile Release Train, be clear on what success looks like and ask your people to self-organise across the train, using the SAFe principles. Blend in the principles from the enterprise / solution architecture function and seek feedback from the teams.
Perform a training needs analysis workshop, by involving all those people that are required to build and deliver the solution. This is where you’ll need to identify the technical and soft skills that will be missing. This will include specific vendor product training, probably through eLearning methods and vendor training.
For soft skills, start thinking about cultural change programs for everyone on the trains. I’d recommend DevOps Foundation for everyone, DevSecOps Engineering for security and lead developers and DevOps Leader for the key leaders managing the train.
Don’t forget to bring the business on the journey too, so I can recommend the Cloud Computing Foundation (2 Days), designed for non-technical professionals and leads to an accredited APMG certification.
Almost certainly your transformation will contain a significant data component, so I can recommend training for all your technical resources on the newly released Enterprise Big Data Professional certification.
At this stage, you’ll be very close to deploying your first Agile Release Train, so you’ll need to ensure the relevant people have attended the SAFe Product Manager, Scrum Master and SAFe for Teams courses.
Finally, launch your train through a face-to-face Program Increment (PI) Planning workshop and allow your SAFe Program Consultants and Scrum Masters to coach the teams to success. Don’t forget to measure at every step to show progress. This is all explained in the SAFe implementation roadmap. If followed correctly, you’ll be delivering multiple features in the first 50 days.
Over time you’ll launch more trains, that are aligned to value streams to deliver more epics and features. As you grow, the trains will become much faster and with a team of 125 people or more, you’ll delivering features much faster than ever before.
Importantly, constantly track where you are in your business objectives, your mission and vision, to ensure you keep the trains on the tracks. There is where the Lean Portfolio Management components in SAFe that helps with the governance piece of this.

Do you have questions with these steps? Contact our awesome ALC Training team!

I have been in the infosec sector for over three decades and have seen the rise and fall of demand for IT and security professionals on a number of occasions. Y2K, the dot com bust and the GFC did not help our industry. Currently, we are on an upward trend, delivering training across Australia, NZ, Malaysia, Singapore and Dubai. I have seen year-on-year growth as people take up the call to either upskill, try to get a foot in the door or just learn about on-trend topics, such as cyber security, architecture, cloud, big data, artificial intelligence, digital forensics or incident response.

ALC recently added privacy to our portfolio by partnering with the International Association of Privacy Professionals (IAPP) and we’re making great inroads due to the pent-up demand in Australia and New Zealand. At the recent IAPP conference, the key message emerging from presenters, is one of accountability – having a key individual within an organisation drive the privacy agenda forward; it is all about privacy by design. And no wonder, every week, there is an article on a new privacy breach, quite often coupled with staff dismissals and a hefty fine.

ALC Training - InfoSec 2019

Our cloud portfolio is also strengthening. ALC made a strategic decision to add Certified Cloud Security Professional (CCSP) to the portfolio in 2017, along with other cloud courses, and Australia now has more certified CCSPs compared to Germany! Running the numbers, we can proudly say we have trained two thirds of those certified in Australia alone. For those who hold a CISSP or have anything to do with cloud, I highly recommend the (ISC)²CCSP® certification.

So is it all hype, or is there a genuine need for training? In reality, it’s a little hype, but also a genuine need to fill a gap. Increasingly, we have delegates cite several reasons for becoming certified: personal challenge, company requirement, or simply to learn. Many delegates are from organisations that are typically under-resourced when it comes to security and privacy, expecting miracles with existing staff numbers.

Remember, security and privacy are solved by people, process and technology. Therefore, it is everyone’s responsibility. We need effective awareness training and to skill those people on technologies, to look after security in their own domains – rather than expecting a security professional to become a master of all trades. There is a plethora of courses out there to do precisely that.

ALC’s focus is to deliver industry recognised training and certifications that are needed now and into the future. ALC has always been at the forefront of Information Security education since our very first course on Information and System Security in 1995. Our flagship set of courses on SABSA® security architecture and industry standard certifications such as CISSP® and CISM® are designed to meet the needs of the security professional. (FACT: Did you know ALC is an ISACA Training Partner!) Also, in the past three years we’ve placed a very strong focus on addressing the needs of newcomers to Cyber Security to help enable the industry to broaden its skills base with our Cyber Security Foundation+Practitioner Certification.

Cyber Security is a prominent, highly-regarded profession offering many varied career paths. The ALC Cyber Security Portfolio offers a formal route to becoming a recognised and respected cyber security professional through a modular program of certificate and non-certificate courses. Whatever stage you are at in your career, or if you are an Executive in need of improving capabilities within your organisation, we are here to help you, your team or your company, locally and worldwide.

Get in touch with our team to see how we can assist to deliver optimal training suited to your needs.

Peter Nikitser, Director of Cyber Security – ALC

Believe it or not, Office 365 now contains 27 separate apps that are provided by Microsoft. Many of these apps are provided with advanced security features. Clearly managing these security features within each admin tool is a complex and onerous task. So Microsoft have moved as much security as possible into the Office 365 Security & Compliance Centre. This is now the central place to manage the majority of security functions in Office 365.

Click on the diagram below to link to the Microsoft TechNet article describing all the key Office 365 services:

You can augment this list by adding third-party apps that are available in the Microsoft AppSource app store. You can also incorporate various Azure services that integrate with Office. One service that is already included, is Azure Active Directory.

Azure Active Directory or AAD, is a mandatory service that manages all the authentication and authorisations in Office 365. It integrates with your existing corporate Active Directory, which probably lives in your data centre (on-premise), using a service called AAD Connect. For companies that have very complex requirements around transferring data between your on-premise Active Directory and AAD, you can use the Microsoft Identity Manager product and the Active Directory Federation Service.

Here is a great link to a video that outlines some of the basics of Active Directory:

It becomes quite technical towards the end of the video, so just close it down, once you have the knowledge you need.

Understanding Active Directory is key to understanding the fundamentals of how the Office 365 Security & Compliance Centre works, so check out my 2 day course where we cover all the basics, in non-technical language, so that anyone can start security their Office 365 tenancy:

Not only do we cover AAD, but we also run through:

Overview of the 27 apps that Microsoft provides.
Various short overview demo’s of the Security & Compliance centre, covering key security concepts such as threat management, data governance, search & investigation, service assurance and reporting.
Azure Information Protection and how it fits with Office 365.
A short introduction to Powershell.
A primer on Cloud Computing and DevSecOps engineering.

Let’s pick out a couple of my favourite Office 365 services…Flow.

Flow is a product that allows you to integrate various cloud services, providing a platform for automating many of your tasks. It’s a competitor to IFTTT.com, which stands for If This Then That, which provides a similar set of services. For example, if an email comes into your inbox from a customer, there may be a series of manual tasks that need to be undertaken to start servicing that customer. This can be automated and free up your time to focus on talking with customers, rather than having to do repetitive manual tasks.

Click on the graphic to be taken to a video outlining potential uses of the tool:

Now, let’s look at some of the key features of Data Loss Prevention

If want to know more about Office 365 services, please reach out to me on Linkedin. Click on the image below to see my profile and start reaching out….

It may not be obvious, by the concept of a value stream is one of the most important concepts in a digital transformation. Why? Because once you understand a value stream, you start to truly understand your business and you’re on a clear path to improving customer experience. Exceptional customer experience is your key business differentiator in the world of digital disruption and needs to be the core focus of any digital transformation.

Let’s define a value stream. I’ll use what I consider, to be the best sources of knowledge reference.

First from Scaled Agile.

If you click on the image it will take you to the Leading SAFe 2 Day course I run at ALC Training.

Second from the TOGAF certification, written by the Open Group:

Value Stream Mapping: the breakdown of activities that an organization performs to create the value being exchanged with stakeholders. It illustrates how an organization delivers value and are in the context of a specific set of stakeholders, and leverage business capabilities in order to create stakeholder value and align to other aspects of the Target Business Architecture.

And here is a picture of a sample value stream map for an online purchase:

ALC Training - Online Purchase Value Stream

And here is another, outlining an emergency hospital admission:

ALC Training - Hospital Emergency Admission Value Stream

As you can see it’s a simple overview, usually shown in 5-9 stages, of how a product or service starts life and is delivered to the consumer.

As you can see, the business processes beneath can vary in complexity. With an online purchase, the process is relatively simple. With say intensive care, the process can be extremely complex and there are probably 1000’s or paths, depending on the type of care required.

It can also be known as:

Value Chain Diagram
Functional Reference Model

Clearly, there are many values streams and they are quite different between industries.

Once we understand our value stream, we can then consider decomposing each component into systems and people. An example of this is from Scaled Agile, where they define two types of value streams:

ALC Training - SAFe Value Stream Decompose

You’ll notice that the operational value stream is the one that is focused on the customer. Whereas the development value stream is aligned to delivering systems in an agile manner. In fact, these are development value streams are also known as a CI/CD pipeline:

CI = Continuous Integration – committing code at least once a day.
CD = Continuous Delivery – making sure code is always in a releasable state.

So what we’ve now done, is to understand our business in the context of delivering value through software. We cover this in our DevOps Foundation course:

Any questions on Scaled Agile or DevOps concepts, as always please reach out via twitter – @MusicComposer1 or find me on LinkedIn: