White Team Training

Stuart's new venture!

PolicyWizard.io is a website where people looking to gain the knowledge and skills required to develop great security policies for use in certifications including SOC 2 & ISO 27001

What will help me get a White Team Role?

White Team roles are generally for more experienced Professionals within the industry however there are oportunities for entry level candidates. Soft skills are the key to gaining a white team role. You need to have confidence, excellent communication, the ability to write effective documentation, active listening. The soft skills are hard to learn and often come with experience. That experience can be gained in any industry, not just Cyber Security. It is your job to get your soft skills across to the hiring managers on your CV and in the interview stage.

Understanding the industry is key to your success as a White Team Pro. A solid base knowledge such as a CompTIA Security+ Certification will help you attain the basics. From there you need to be looking at what specific part of the White Team you want to be working in? The role will give you clues as to what you need to study. Where are you going to be based? The location and the laws governing Personal Data within that area are going to be the driving factors on choosing which frameworks to learn.

Fundamental knowledge of the systems you will be working on will help you gain a role. Look at MS 100 and MS 101. These will give you knowledge of Access Control Lists and Group Policies etc. Azure and AWS Fundamentals will also help. If you are writing Policies over these systems then you should know the basics about them. The great thing about these courses is that they are available free online, You will only need to pay if you wish to get a certificate.

MS 100

MS 101

Azure Fundamentals

AWS Fundamentals

PolicyWizard Courses

Security Policy Cheat Sheet

A simple free guide to help you understand the very basics of policy development. Download it now and you'll soon be making yourself indispensable in your organization.

Security Policy Foundations

In this "pay what you can", foundational level course, I will show you how to cast your first spells as a budding Security PolicyWizard. You'll learn the basics:

What is security risk? What is a security policy?

What is a security framework? What is a security risk?

Security policy considerations:

- Layout - Readership - Accountability - Policy length - Legal terms - Title & references - Templates - Tracking methods - Development tools Plus a bunch more

Security Policy Masterclass

Remember the bit in Lord of the Rings where Gandalf fights the Balrog in the Mine of Moria? Well, this course is like that. Security policies are the Balrog, and you, well you are Gandalf the Gray. Standing on the bridge between where you are now, and your future as a Security PolicyWizard. You'll fight the monster, emerge victoriously and arise as Gandalf the White. You Shall Pass! I will show you the way.


Security Frameworks, 5 Steps to Learn them Fast!

  1. Read the framework - Read every line, understand what it is saying. What Laws are relevant? What are the requirements? Read the sub documents!

  2. Copy the document into a fresh word processor document - Format it so it's workable, Copy the requirements into a new document

  3. Create a Gap Analysis - Use the requirements to build a Gap Analysis document which you could use to audit a company. Add Notes and Recommendations areas

  4. Create a Best Practice Document - Read the requirements and decide what is the Best Solution to comply with that specific requirement. Repeat for all areas

  5. Create a fictional company - What industry? What Size? What is their current Security Profile? Take the company through a Gap Analysis. Write a report

  6. Bonus Tip! Get Experience - Publish your work, Help a small business comply with the framework, Help others learn by teaching the framework.

Laws vs Standards

Legislation such as the Computer Missuse Act state things that must or must not be done. It is down to the company or individual to decide to comply with the law, however acts which fall foul of the law may result in criminal prosecution. Standards are not laws; they are guidelines which help businesses implement best practice procedures and solutions. ISO 27001 is the International Standard for Implementing an Information Security Management System. It lists 114 security controls which may be implemented to secure company systems. If a company decides to ignore a standard, they will not face prosecution for ignoring the standard but they may fall foul of laws which state Personal Data must be secure and accurate such as the Data Protection Act.

In the UK we are governed by the Data Protection Act 2018 (GDPR) which is the UK Government version of the EU General Data Protection Regulation. This law is the foundation of data governance. If you wish to work in Governance, Risk and Compliance (GRC) within the United Kingdom or Europe, a solid understanding of this law is expected.

EU GDPR Courses

There are amazing free courses from Advisera. The course material is free but if you wish to get the certificate and additional material then you have to pay. I recommend doing both courses and if you feel you need to and have the budget, then take the exams.

EU GDPR Foundation

EU GDPR Practitioner

ISO 27001

As mentioned above, ISO 27001 is the International Standard for the Implementation of an ISMS. It is a complicated document with several sub documents. A solid understanding of this standard will help you in your search for a white team job. There are four levels to ISO 27001 Training; Foundation, Internal Auditor, Lead Implementor, Lead Auditor.

Buy the Standard

ISO 27001 Courses from IT Governance

Learn about ISO 27001 best practice and find out how to achieve compliance with the Standard at your own pace. This self-paced online course provides a complete introduction to the key elements required to achieve compliance

Learn how to drive continual improvement within your organisation’s information management system (ISMS) and find out how to identify opportunities for improvement and take corrective action to maintain conformity to the ISO 27001 standard

This fully accredited, practitioner-led course will equip you with the key skills involved in planning, implementing and maintaining an ISO 27001-compliant ISMS

Brought to you by the team that led the world’s first ISO 27001 implementation projects, this ISO 27001 Lead Auditor training course will teach you:

  • The skills to conduct second-party (supplier) and third-party (external and certification) Information Security Management System audits;

ISO 27005 - Risk Management

This is a sub standard of ISO 27001 and is primarily concerned with the implementation of the Risk Management procedures of 27001. It gives guidance on how to assess, treat and document the Risk Management procedure. Great courses are available for this standard however I have not found any for free.

Buy the Standard

Great ISO 27005 Course from IT Governance

  • Learn how to conduct an information security risk assessment from start to finish with this specialist led training course.

  • Learn practical risk management methodologies, including ISO 27005 and other risk management techniques.

  • Learn from anywhere – choose whether you attend our courses Live Online or in person.

  • Our Classroom / Live Online option allows you to study your way, keeping travel and costs down to a minimum.

  • IBITGQ accredited three-day training course.

  • Successful completion of the course and included exam leads to the ISO 27005 Certified ISMS Risk Management (CIS RM) qualification and 21 CPD/CPE points


Business Continuity -

Keeping the business running in the event of a disaster

One of the requirements of ISO 27001 is that plans have been put in place to enable the ISMS to withstand a number of disasters such as flooding, power outages, fire etc. The ISO standard for the implementation of Business Continuity is ISO 22301. Just like ISO 27001, Individuals can gain certification in the same four levels, Implementor, Auditor, etc.

IT Governance courses on Business Continuity Management

This course provides a comprehensive introduction to the ISO 22301:2019 standard and the requirements of a BCMS (business continuity management system)

Learn how to implement an effective BCMS (business continuity management system) that prepares your organisation for any disruption.

Gain the knowledge and skills required to plan and implement an ISO 22301:2019-compliant (BCMS) business continuity management system in your organisation. This three-day course provides a complete introduction to the key elements required to achieve ISO 22301 certification

The ISO 22301 Certified BCMS Lead Auditor training course provides attendees with comprehensive understanding of the requirements of an audit and the knowledge required to execute the audit of a BCMS to ensure its conformity to the ISO 22301:2019 standard.

Free ISO 27001 Training Courses!

The 4 courses from Advisera below are all free to watch, you'd just have to pay for the exam and certificate.

Advisera may not be the most cost effective for these courses if you do wish to get the certificates. I recommend searching other providers to get a better idea of any deals which may currently be offered. Search Linkedin for approved providers and see their current deals.

ISO 27001 Foundation ISO 27001 Internal Auditor ISO 27001 Lead Implementor ISO 27001 Lead Auditor