Over years of training with students both in a classroom and online, I’ve noticed a common pattern. Now, it doesn’t apply to every person or every activity, but it’s very common in training, including NIST Cybersecurity Framework training. People want to get to the point and get out. It’s a very “give me what I need and let me get on with my life” type of perspective. You know what? I’m with ya!

Can I go slightly off topic here? I read books all the time. Do you know what most non-fiction books have? Too many pages! Seriously, over and over while reading a book I’m thinking, “You could have said this in half the number of pages. You’re wasting my time. Just get to the point.”

I don’t like extra fluff in books or training, and I’m guessing maybe you don’t either. So, when we were looking at creating our new NIST Cybersecurity Framework (NCSF) Ransomware Risk Management course (yes, I get the irony of the long title), we decided to make it Just One Day.

We know that you know ransomware is bad. I don’t have to convince you. You’ve seen the stats and possibly the warning from The White House. The point of our ransomware training isn’t to scare you. We just want to help you NOT be tomorrow’s headline!

How did we manage to squeeze a NIST cybersecurity framework training course about a topic as deep as ransomware into one day AND still provide significant value? We followed the “give me what I want and let me get on with my life” principle. The class only has four modules:

1. Course Introduction: A short module to get to know each other a bit and give some overall class guidance.
2. The Ransomware Challenge: Information on the challenges related to ransomware…for those folks who are new to the idea. BUT this module also jumps right into common ransomware preventative activities and recovery preparations. Some good, rapid-fire value right there!
3. Overview of the NIST Cybersecurity Framework: A quick look at the history and components of the NIST CSF to get everyone on the same page. This is critical to understand the content of the final module.
4. The Ransomware Profile: This is the focus of the ransomware training A deep dive into applying the NIST identified functions, categories, and subcategories of the Framework that can directly improve your security state in relation to ransomware. We show you how they can be applied to help against ransomware and point out associated Informative References.

In the interest of keeping this blog post short(ish), I’ll wrap up.

Here’s the link to our NIST Cybersecurity Framework (NCSF) Ransomware training course one more time. Check it out to see the upcoming class schedule and learn how to keep your organization out of the news as a victim of a ransomware attack.

-Troy Stoneking, Certified NIST Cybersecurity Framework Professional Trainer and Cybersecurity Assessor