UMass Lowell NCSF-CFM Certification Training

UMass Lowell NCSF-CFM Certification Training

UMass Lowell NCSF-CFM Certification Training

NISTCSF.COM inaugural program NCSF-CFM, was built in partnership with UMass Lowell (UML) a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R). This innovative NIST cybersecurity training program was built around an NCSF Controls Factory™ (NCSF-CFM) model created by Larry Wilson, CISO in the university president’s office. The program was used to train the engineering, operations and business teams responsible for operationalizing the NIST Cybersecurity Framework Program controls (CIS 20 Critical Controls, ISO27002 etc.) across the university five campuses. The program has since been used by other universities and colleges throughout New England to do the same. An article written about the UMass program can be found here

The NCSF Control Factory™ model helps enterprises organize the Engineering, Operations and Business Risk of an NCSF program. The model is completely adaptable, which means that each of the modules can easily be updated, replaced or modified with minimal impact on the overall solution. Organizations are free to choose the minimum set of controls its need to improve its cybersecurity risk profile and then over time adopt additional controls that will take it to a higher cybersecurity state. The factory approach allows for changes in the cybersecurity threat landscape, new vulnerabilities and the addition of improvements while still keeping a focus on the critical assets and identities.

NCSF Control Factory™ OverviewRequest More Info

The UML NCSF-CFM certification training programs help organizations learn the knowledge, skills and abilities (KSA) to:

Develop a strategy to adopt the NIST Cybersecurity Framework (NCSF) and other cybersecurity programs (GDPR etc.)

Create a Written Information Security Program (WISP) that will become policy for an organization or industry association

Engineer a solution to operationalize the WISP program across an enterprise and its supply chain using the UMass Lowell NCSF Controls Factory™ Model (NCSF-CFM)

Build and Operate a Security Operations Center (SOC) to continuously monitor and respond to changes in the cybersecurity profile documented in the WISP

Conduct continuous Business Risk assessments to compare the current profile against the target profile (documented in the WISP) to identify any gaps that need to be addressed

Prepare for the Certification exams outlined in the NICE Cybersecurity Workforce Framework (NCWF)

The UML NCSF-CFM program and its author have won the following industry awards:

• Security Magazine’s Most Influential People in Security, 2016
• SANS People Who Made a Difference in Cybersecurity Award, 2013
• Information Security Executive (ISE) nominee for Executive of the Year for North America, 2013
• ISE North America Project Award Winner I for the Academic and Public-Sector Category, 2013

UMass Lowell Curriculum

Curriculum options for the UMass Lowell NCSF-CFM program are listed below. Curriculum can be delivered as part of a university degree or continuing education program.

All programs come with a certificate of completion and continuing education credits, such as PDU and CEUs. Students who successfully complete the certification program and its exam and meet university requirements may transfer credits and enroll in one of UMass Lowell’s master’s degree programs in information technology, such as network security or cybersecurity.

Those interested in taking the courses may find that programs such as workforce development, the G.I. Bill, apprenticeships, internships, employers and others will fund their participation.

  • NCSF-CFM Foundation Certification Training with Exam – 1 Day Program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program. The NCSF-CFM Foundation Course Datasheet & Outline can be found here
  • NCSF-CFM Practitioner Certification Training with Exam – 4 Day Program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program. The NCSF-CFM Practitioner Course Datasheet & Outline can be found here  
  • NCSF-CFM Boot Camp Certification Training with Exam – 5 day Boot Camp (Foundation + Practitioner) program that can be delivered in an instructor led classroom or virtual classroom or as a self-paced mentored video training or blended learning program with just one exam at the end. The NCSF-CFM Boot Camp Course Datasheet & Outline can be found here
  • NICE Cybersecurity Workforce Framework (NCWF) Video Training Library – This video training library prepares candidates to sit for up to 200+ Information Technology, Information Security, IT Service Management, IT Project Management and Business Skill certification programs outlined in the NCWF. NCSF NICE Certification Training Library Datasheet and Outlines can be found here
  • NIST Cybersecurity Framework Oceans 99 Simulation/Gamification Program Training –  ½ Day Program Oceans 99 Course Datasheet & Outline can be found here

About the Author

Larry Wilson | NCSF-CFM Author & Chief Information Security Officer UMass President’s Office

Larry Wilson is the Chief Information Security Officer (CISO) in the UMASS President’s office and is responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University program is based on a “Controls Factory” approach Larry created to help organizations operationalize the NIST Cyber Security Framework and its industry best practices (ISO 27001, SANS 20 Critical Controls etc.) across an enterprise and its supply chain. Larry’s approach has been implemented consistently across all five UMASS campuses plus six other universities in the Commonwealth of Massachusetts.

Prior to joining UMASS, Larry was the Vice President, Network Security Manager at State Street Bank. Larry’s industry experience includes IT audit manager for Deloitte Enterprise Risk Services (ERS) consulting practice. In this role he managed a staff responsible for developing and completing a Sarbanes Oxley compliance audit for MasterCard International.

Larry holds a Master of Science degree in Civil / Structural Engineering from the University of New Hampshire. His industry certifications include CISSP, CISA and ISA (PCI Internal Security Assessor). He serves on the Advisory Board for Middlesex Community College and CISO Advisory Board for Oracle. He co-chairs the Massachusetts State University and Community College Information Security Council, and serves as Certification Director for ISACA New England. Larry has been teaching CISA certification training for ISACA for 5 years
His major accomplishments include Finalist for Information Security Executive® (ISE®) of the Year for both the Northeast Region and North America; the SANS People who made a difference in Cybersecurity award in 2013 and one of the top two most influential people in cyber security as selected by Security Magazine in 2016.

Copyright © 2017 itSM Solutions LLC