This course focuses on industry frameworks and best practices for building a comprehensive cybersecurity program to protect critical infrastructure, industrial controls, and private and public utilities. The course is divided into these three sessions:

Part 1: Business / Risk Management

How organizations use the NIST Risk Management Framework and NIST Cybersecurity Framework to build and report on a Cybersecurity Risk Management Program to protect critical infrastructure. In addition, the BSA Framework for Secure Software is included to evaluate best practices to secure software applications. Deliverables include a Cybersecurity Strategy, Cybersecurity Policies, and Cybersecurity Risk Report.

Part 2: Cybersecurity Engineering / Design

How organizations use the DHS Continuous Diagnostics and Mitigation Architecture (Volume 1) and Continuous Diagnostics and Mitigation Technical Capabilities (Volume 2) to build and report on a Cybersecurity Engineering Program. The CDM Program includes engineering and design of both critical infrastructure security as well as securing software applications. Deliverables include a Cybersecurity Architecture, Cybersecurity Workloads, and a Cybersecurity Dashboard

Part 3: Cybersecurity Industry Standards / Operations

How organizations use Security and Privacy Controls for to secure and resilient infrastructure based on industry best practices. The focus is on NIST 800-53, CIS Critical Controls, ISO 27002 Code of Practice, etc., for Infrastructure security. For an added bonus, we cover how organizations will need to tie in compliance with the CMMC in order to fulfill work for the Federal sector. Deliverables include a System Security Plan, Risk Assessment and Plan of Action and Milestones (POA&M).

At the conclusion of the class, attendees will understand the key frameworks and outcomes that organizations should follow in developing a comprehensive / standards-based cybersecurity program to protect critical infrastructure.  

Location and cost:

Three 90-minute sessions will be conducted live using the ON24 web platform. You can take this course on the live dates or by viewing the on-demand recordings at your pace.

Course price: $495
(includes all three parts and access to the on-demand recording for six months for one user; group rates available)

Attendees will earn 5 CPE credit hours.

If you have any questions, please contact Tom Bechtold at or 503-303-7871.

speaker photo
Instructor: Benjamin Brooks
Cybersecurity Expert and Consultant, Praevalidis

Benjamin D. Brooks is president of Praevalidis LLC and founding partner at Zandaka LLC. He is a Ponemon Institute Distinguished Research Fellow, CISSP, and adjunct professor who provides subject matter and exam writing expertise for (ISC)2. Benjamin also has earned his Executive Master of Business Administration degree from Case-Western Reserve Weatherhead School of Management.

With more than 20 years of information security experience, Benjamin began his professional career in the Department of Defense. Working primarily with the National Institute of Standards and Technology frameworks as guidance, his endeavors focus on behavioral and administrative controls for organizations to prevent information security breaches and optimize security practice within the organization. He is also a Cybersecurity architect and “purple team” leader specializing in systems analysis and social engineering.

Benjamin is a veteran of Naval Special Warfare, Special Intelligence and Electronic Warfare teams and is currently a drilling Navy Reserve Officer. During his time on active duty, Benjamin quickly distinguished himself as an expert in electronic signals exploitation and was assigned to special units for duty with the Navy SEALs and other government organizations. He currently serves with JIOC INDOPACOM.

Benjamin’s previous client engagements include Proctor and Gamble, AXA insurance, the State of New Jersey Judiciary, Massachusetts Department of Transportation, Pennsylvania Department of Transportation, and The Ohio State University, amongst others. He has performed PCI, HITRUST, and NIST Information security advisory, audit, and architecture engagements at the highest levels to re-align the businesses process, technology and policy to meet their compliance needs while achieving their current security goals.

Visit to see how the Praevalidis team can enable your organization with the power to overcome its greatest data and security challenges.