NIST Cybersecurity Framework (NCSF) Boot Camp Training in San Rafael
| 
                	 We offer private customized training for groups of 3 or more attendees.
                 | ||
| Course Description | ||
| The three-day NIST Cybersecurity Bootcamp course is a combination of the NIST Cybersecurity Framework (NCSF) Foundation and Practitioner Training courses. The bootcamp provides a deep dive into the components of the NIST CSF and NIST Risk Management Framework (RMF) and how they align to risk management. The course will follow the principles of the NIST Cybersecurity Framework to design and implement (or improve) a cybersecurity program to protect critical assets. The bootcamp details defense in depth, creation of a Written Information Security Program, and implementing ongoing assessments for a continuous improvement plan. This course is suited for individuals working with and overseeing the cybersecurity of an organization, including CIOs, CISOs, IT Security workforce, and IT Directors/Managers/Personnel. 
                        Course Length: 3 Days Course Tuition: $1290 (US) | ||
| Prerequisites | |
| Basic computing skills and security knowledge will be helpful. | |
| Course Outline | 
| 
	MODULE 1: COURSE INTRODUCTION 
	Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials. 
	MODULE 2: THE BASICS OF CYBERSECURITY 
	What is cybersecurity? 
	Types of attackers 
	Vulnerabilities 
	Exploits 
	Threats 
	Controls 
	Frameworks 
	Risk-Based Cybersecurity 
	MODULE 3: A HOLISTIC STUDY OF THE NIST CYBERSECURITY FRAMEWORK 
	History 
	EO 13636 
	Cybersecurity Enhancement Act of 2014 
	EO 13800 
	Uses and Benefits of the Framework 
	Attributes of the Framework 
	Framework Component Introduction 
	Framework Core 
	Framework Profiles 
	Framework Implementation Tiers 
	MODULE 4: CYBERSECURITY ACTIVITIES: THE FRAMEWORK CORE 
	Purpose of the Core 
	Core Functions, Categories, and Subcategories 
	Informative References 
	MODULE 5: RISK MANAGEMENT CONSIDERATIONS: FRAMEWORK IMPLEMENTATION TIERS 
	Purpose of the Tiers 
	The Four Tiers 
	Components of the Tiers 
	Compare and contrast the NIST Cybersecurity Framework with the NIST Risk Management Framework 
	MODULE 6: CURRENT AND DESIRED OUTCOMES: FRAMEWORK PROFILES 
	Purpose of the Profiles 
	The Two Profiles 
	Interrelationships between the Framework Components 
	MODULE 7: A PRIMER ON THE SEVEN STEP FRAMEWORK IMPLEMENTATION PROCESS 
	Prioritize and Scope 
	Orient 
	Create a Current Profile 
	Conduct a Risk Assessment 
	Create a Target Profile 
	Determine, Analyze, and Prioritize Gaps 
	Implement the Action Plan 
	THE PRACTITIONER COURSE IS ORGANIZED AS FOLLOWS: 
	MODULE 1: COURSE INTRODUCTION 
	Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials. 
	MODULE 2: APPLYING NIST CSF TIERS AND PROFILES 
	Review of the NIST CSF Major Components 
	Tiers and Tier selection 
	Current and Target Profiles and the Framework Core 
	MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES 
	Defining the major Informative References 
	CIS Controls v8 
	ISO/IEC 27001:2013 
	NIST SP 800-53 Rev. 5 
	MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF 
	Risk Management in the NIST Cybersecurity Framework 
	Analyzing the NIST Risk Management Framework 
	Introduction and History 
	Purpose, Design, and Characteristics 
	Seven Steps 
	Prepare 
	Categorize 
	Select 
	Implement 
	Assess 
	Authorize 
	Monitor 
	Integrating the Frameworks 
	MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS 
	Major Cybersecurity Attacks and Breaches 
	MITRE ATT&CK Matrices 
	Defense in Depth and the NIST CSF 
	Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF 
	MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES 
	Creating an Assessment Plan 
	Assigning Roles and Responsibilities 
	Tiers, Threats, Risks, Likelihoods, and Impact 
	MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP) 
	The Intersection of Business and Technical Controls 
	What is a Written Information Security Program (WISP)? 
	Creating a WISP Template 
	Aligning Current Profile with a WISP 
	MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM 
	Step 1: Prioritize and Scope 
	Identifying organizational priorities 
	Aiding and influencing strategic cybersecurity implementation decisions 
	Determining scope of the implementation 
	Planning for internal adaptation based on business line/process need 
	Understanding risk tolerance 
	Step 2: Orient 
	Identifying systems and applications which support organizational priorities 
	Working with compliance to determine regulatory and other obligations 
	Planning for risk responsibility 
	Step 3: Create a Current Profile 
	Cybersecurity Assessment options 
	How to measure real world in relation to the Framework 
	Qualitative and quantitative metrics 
	Current Profile and Implementation Tiers 
	Step 4: Conduct a Risk Assessment 
	Risk assessment options (3rd party vs internal) 
	Organizational vs. system level risk assessment 
	Risk assessment and external stakeholders 
	Step 5: Create a Target Profile 
	Target Profile and Steps 1-4 
	External stakeholder considerations 
	Adding Target Profiles outside the Subcategories 
	Step 6: Determine, Analyze, and Prioritize Gaps 
	Defining and determining Gaps 
	Gap analysis and required resources 
	Organizational factors in creating a prioritized action plan 
	Step 7: Implement the Action Plan 
	Implementation team design from Executives to Technical Practitioners 
	Assigning tasks when priorities conflict 
	Considering compliance and privacy obligations 
	Taking action 
	Reporting and reviewing 
	MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT 
	Creating a continuous improvement plan 
	Implementing ongoing assessments | 
Course Directory [training on all levels]
- .NET Classes
- Agile/Scrum Classes
- AI Classes
- Ajax Classes
- Android and iPhone Programming Classes
- Azure Classes
- Blaze Advisor Classes
- C Programming Classes
- C# Programming Classes
- C++ Programming Classes
- Cisco Classes
- Cloud Classes
- CompTIA Classes
- Crystal Reports Classes
- Data Classes
- Design Patterns Classes
- DevOps Classes
- Foundations of Web Design & Web Authoring Classes
- Git, Jira, Wicket, Gradle, Tableau Classes
- IBM Classes
- Java Programming Classes
- JBoss Administration Classes
- JUnit, TDD, CPTC, Web Penetration Classes
- Linux Unix Classes
- Machine Learning Classes
- Microsoft Classes
- Microsoft Development Classes
- Microsoft SQL Server Classes
- Microsoft Team Foundation Server Classes
- Microsoft Windows Server Classes
- Oracle, MySQL, Cassandra, Hadoop Database Classes
- Perl Programming Classes
- Python Programming Classes
- Ruby Programming Classes
- SAS Classes
- Security Classes
- SharePoint Classes
- SOA Classes
- Tcl, Awk, Bash, Shell Classes
- UML Classes
- VMWare Classes
- Web Development Classes
- Web Services Classes
- Weblogic Administration Classes
- XML Classes
- RHCSA EXAM PREP 
 17 November, 2025 - 21 November, 2025
- RED HAT ENTERPRISE LINUX SYSTEMS ADMIN II 
 8 December, 2025 - 11 December, 2025
- ASP.NET Core MVC (VS2022) 
 24 November, 2025 - 25 November, 2025
- Introduction to Spring 6, Spring Boot 3, and Spring REST 
 15 December, 2025 - 19 December, 2025
- Object-Oriented Programming in C# Rev. 6.1 
 17 November, 2025 - 21 November, 2025
- See our complete public course listing 






