cybersecurity

cybersecurity

2024 1st Run: Jan. 20

2024 2nd Run: Jun. 29

2024 3rd Run: Dec. 14

Time: 0900-1700H (3.5 hours synchronous, 4.5 hours asynchronous)

Module Fee: P9,895

This module introduces the participant to the theories, principles, frameworks, and practices in Cybersecurity. The aim of this program is to prepare and equip the learners to allow them to pursue their cybersecurity career. This foundational approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of cybersecurity cases from the industry.

Module Objectives

At the end of the module, the participant will be able to:

  • Identify the terms, techniques, and methods used in developing cybersecurity plans and program.
  • Demonstrate thorough understanding of the cybersecurity knowledge.
  • Determine the right approach, techniques, methods, and tools in solving cybersecurity problems.
  • Evaluate solutions, programs, or plans to determine effectivity of cybersecurity solution.

Module Outline

  • History and Importance of Cybersecurity
  • Information Security vs IT Security
  • Defense In-Depth
  • Security Principles
  • Security Service and Security Mechanisms
  • Security Concepts in Business Case Building
  • Types of Access Controls
  • Types of Authentications

Lecturer: Justin Pineda

Justin Pineda is a Security Architect and Head of Cybersecurity for a Digital Transformation company in the Philippines where he helps build productized solutions for various clients such as cybersecurity advisory, technology build and managed security operations.

He also worked at one of the biggest Philippine conglomerates as Cybersecurity Manager where he spearheaded conglomerate-wide Security Operations Program and Policies that were implemented across various business units in the fields of real estate, bank, retail, manufacturing, media, and airline. Apart from IT Security Governance, he had notable technical stints in one of the largest beverages company in the world where he built and implemented an in-house Application Security Program for the Asia Pacific, Latin America, and Europe Regions; and a US-based Managed Security Service Provider (MSSP) as part of Security Operations Center (SOC) for more than 500 clients mostly banks and credit unions in the United States.

In the academe, he helped develop the curriculum and course content of cybersecurity courses in an IT College in the Philippines. He has also published and presented several cybersecurity research papers in local and international conferences. Some certifications he holds include Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT), GIAC Mobile Security Analyst (GMOB) and Certified Ethical Hacker (CEH). He finished a Master in Information Systems (MIS) and BS Computer Science.

2024 1st Run: Feb. 3 & 17

2024 2nd Run: Jul. 13 & 20

Time: 0900-1700H (14 total hours)

Module Fee: P16,895

This module introduces students to vulnerability assessment and penetration testing. Through understanding how a penetration testing work, they can more effectively protect their organization or their clients from potential cyber-attacks. In simulating the capabilities of real-world cybersecurity attackers, students can gain knowledge in this module to prepare themselves in conducting a successful penetration testing engagement. In essence, penetration testers find security holes before cybercriminals do.

Instructional Tools

Synchronous Teaching Strategies:

  • Online Lecture & Discussion

Asynchronous Teaching Strategies:

  • Information Gathering
  • Penetration Testing

Target Audience

This module is intended for:

  • Individuals who are interested in pursuing a career in Offensive Security
  • Government employees who would like to protect their online assets
  • Security professionals who would like to transition from other areas of Cybersecurity to Offensive Security

Module Objectives

At the end of the module, the participant will be able to:

  • Understand the difference between Vulnerability Assessment and Penetration Testing.
  • Understand the objectives of performing a Vulnerability Assessment and Penetration Testing.
  • Learn how to perform detailed reconnaissance using different tools to build a technical understanding of the target environment.
  • Analyze the results or output of tools and to remove false positive findings.
  • Manually discover security vulnerabilities and perform exploitation.
  • Evaluate the impact and risks of identified security vulnerabilities.
  • Learn how to properly write a technical report.

Module Outline

Session 1:

  • Introduction to VAPT
  • Penetration Testing Phases
  • Information Gathering

Session 2:

  • Common Website Vulnerabilities
  • Different Penetration Testing Tools
  • Penetration Testing
  • Offensive Security Certifications

Lecturer: Christian Villapando

Christian is a highly motivated and driven information security professional with five years of progressive industry experience operating in public and private domains. He specializes in penetration testing and ethical hacking - helping organizations identify and fix weaknesses before attackers exploit them. One of his career goals is to be a "proficient, well-rounded, and highly impactful information security professional."

Christian currently works as a security consultant for a Fortune 100 company, providing various types of penetration testing assessments (network, wireless, application, etc.) for EMEA and APAC customers, acting as "ethical hackers" to evaluate the security of enterprise networks, applications, mobile devices, and data. He previously worked as an engineer for the National Computer Emergency Response Team of DICT, a security analyst for Red Rock IT Security, and a senior security engineer for a global financial organization. He has worked with customers in the government, banking and finance, insurance, health, e-commerce, retail, athletics, and education.

Christian is very passionate about sharing his knowledge and skills with others, especially those who are new or want to enter the field. He teaches computer security-related courses to undergrad and graduate students at several educational institutions in the Philippines. Christian is also a proud member of hackstreetboys, a CTF team based in the Philippines. He is also an active member of PHCYBERUNITS, an advocacy group that helps career shifters get into cybersecurity.

 Christian has multiple industry certifications, including the GIAC Security Professional (GSP), Certified Information Systems Security Professional(CISSP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Certified Professional (OSCP), GIAC Experienced Incident Handler Certification (GX-IH), GIAC Experienced Cybersecurity Specialist Certification (GX-CS), GIAC Penetration Tester (GPEN), and GIAC Mobile Device Security Analyst (GMOB). He completed his Bachelor of Science in Electronics Engineering from Mapua University and his Master of Information Security from De La Salle University-Manila.

2024 1st Run: Mar. 2 & 9

2024 2nd Run: Aug. 3 & 10

Time: 0900-1700 (14 total hours)

Module Fee: P16,895

This diploma program introduces the learner to the theories, practices, processes, and techniques used in Cybersecurity Defense (Blue Team). The aim of this program is to prepare and equip the learners to allow them to specialize in the field in Cybersecurity Defense (Blue Team).  This introductory approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of incidents and breaches from the industry. 

Module Objectives

At the end of the module, the participant will be able to:

  • Compare security roles and security controls
  • Explain threat actors and threat intelligence
  • Perform security assessments and identify social engineering attacks and
    malware types
  • Summarize basic cryptographic concepts 
  • Implement different cybersecurity defense methods

Module Outline

Session 1: 

  • Security Roles and Security Controls
  • Threat Actors and Threat Intelligence, Threat Detection and Response Strategies
  • Performing Security Assessments, Vulnerability Management, Security
    Testing and Penetration Testing
  • Identifying Social Engineering and Malware
  • Incident Response and Disaster Recovery Planning

Session 2: 

  • Basic Cryptographic Concepts
  • Public Key Infrastructure
  • Authentication Controls, Zero Trust Framework
  • Identity and Account Management Controls
  • Secure Network, Designs, Appliances, Protocol
  • Data Protection and Privacy Laws
  • Cybersecurity Resilience

Lecturer: Dr. Amos K. Kibet, CEH, CEI, CCNA-SEC, CBE - DIT

He is currently the Chief Technology Officer and part of the Executive team which includes the Chief Executive officer, Chief financial officer, and Chief operating officer for SynTechNX Corp.

He also assists in evaluating Jaka IT systems to meet Jaka Investment corporation objectives. Primary duties include analyzing and diagnosing a company's IT infrastructure, understanding a client's business needs, and designing and implementing a technology solution.

He is a Cybersecurity & Blockchain Professional, Author of international peer-reviewed papers, Speaker & trainer.

2024 1st Run: Mar. 23

2024 2nd Run: Aug. 31

Time: 0800-1600H (4.5 hours synchronous, 2.5 hours asynchronous)

Module Fee: P9,895

This certification program exposes the learner to the approaches, theories and practices in the areas of managing and implementing Education, Awareness, and Training in the field of information/cyber security. It focuses on determining the needs as well as particular content to be included in materials to be prepared. As a consequence, this allows the development of the specific approach in providing knowledge or skill, or both, to target participants. The differences and similarities of education, awareness and training will be established, thus cultivating the ability to develop the syllabus, based on the different role requirements of their target participants.

Module Objectives

At the end of the module, the participant will be able to:

  • Demonstrate a clear understanding of the differences among education, awareness and training
  • Facilitate the identification of learning and development requirements of target personnel
  • Adapt education, awareness and training toward achieving the strategic goals of effective information security implementation in the work area

Module Outline

  • Information/Cyber Security Education, Awareness and Training
  • The application: Engage, Equip, Empower
  • Learning and Development Analysis
  • The Information Security Education, Awareness and Training (ISEAT) Program

Lecturer: Luis A. Jacinto, MBA, CISA, CISM, CRISC, PIE, CPISI

Mr. Luis A. Jacinto has retired as the Chief Information Security Officer (CISO) of Rizal Commercial Banking Corporation (RCBC). He has been an Information Technology (IT) practitioner for over thirty-six (36) years, through which he gained his IT governance experience. He has concurrently spent more than twenty-eight (28) of those years, both as a training professional and as an educator.

Chito, as he is better known by his peers, is presently the Vice-President and a founding member of the Information Security Officers Group (ISOG), a Philippine-based organization of senior level information / cyber security professionals. He is also a past president of the ISACA Manila Chapter, a post to which he was elected for calendar years 2007 and 2008. He has served ISACA in various capacities since he joined the association, and presently sits in the current Board of Trustees of the Manila Chapter.

He has become a part of different professional institutions in various capacities. Aside from ISOG and ISACA, he is presently a member of the board and Corporate Secretary of the Philippine Institute of Industrial Engineers (PIIE). He was also a part of the Business Continuity Managers Association of the Philippines (BCMAP) as a member of the original forum.

During these years, Chito earned various certifications. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Professional Industrial Engineer (PIE), and Certified Payment Card Industry Security Implementer (CPISI). He also holds a Masteral degree in Business Administration (MBA).

2024 1st Run: Apr. 6 & 13

2024 2nd Run: Sep. 14 & 21

Time: 0900-1700H (3.5 hours synchronous, 4.5 hours asynchronous)

Module Fee: P12,895

This module exposes the learner to the approaches, theories and practices in the areas of Risk Management in relation to Cybersecurity Governance. It includes the development and maintenance of policies that allows the business to establish Cybersecurity Plans that aims to ensure the security of personnel, and consequently, assures the continuity of business operations.

Module Objectives

At the end of the module, the participant will be able to:

  • Demonstrate a clear understanding of the difference between governance and management.
  • Facilitate the adoption of the Risk Management Lifecycle.
  • Adapt to the inherent connection between cybersecurity incidents and the Business Continuity or Disaster Recovery Plans.
  • Review the process used in the development of a Business Continuity and/or Disaster Recovery Plan
  • Direct the development, update or retirement of information/cyber security policies.
  • Assess the effectiveness of a Cybersecurity Plan using the above capabilities.

Module Outline

Session 1:

  • Governance and Management in Cybersecurity
  • Risk Management and Evaluation
  • Business Impact Analysis (BIA)

Session 2:

  • Incident Management (IM)
  • The Business Continuity (BCP)
  • Disaster Recovery Planning (DRP)
  • Policy Development, Maintenance and Retirement

Lecturer: Luis A. Jacinto, MBA, CISA, CISM, CRISC, PIE, CPISI

Mr. Luis A. Jacinto has retired as the Chief Information Security Officer (CISO) of Rizal Commercial Banking Corporation (RCBC). He has been an Information Technology (IT) practitioner for over thirty-six (36) years, through which he gained his IT governance experience. He has concurrently spent more than twenty-eight (28) of those years, both as a training professional and as an educator.

Chito, as he is better known by his peers, is presently the Vice-President and a founding member of the Information Security Officers Group (ISOG), a Philippine-based organization of senior level information / cyber security professionals. He is also a past president of the ISACA Manila Chapter, a post to which he was elected for calendar years 2007 and 2008. He has served ISACA in various capacities since he joined the association, and presently sits in the current Board of Trustees of the Manila Chapter.

He has become a part of different professional institutions in various capacities. Aside from ISOG and ISACA, he is presently a member of the board and Corporate Secretary of the Philippine Institute of Industrial Engineers (PIIE). He was also a part of the Business Continuity Managers Association of the Philippines (BCMAP) as a member of the original forum.

During these years, Chito earned various certifications. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Professional Industrial Engineer (PIE), and Certified Payment Card Industry Security Implementer (CPISI). He also holds a Masteral degree in Business Administration (MBA).

2024 1st Run: Apr. 27 & May 4

2024 2nd Run: Oct. 5 & 12

Time: 0900-1200H, 1300-1800H (16 total hours)

Module Fee: P12,895

This module will provide a basic understanding of IT systems and Architecture Design. A simple overview of web application components will be discussed, followed by a discussion about how these systems have evolved over time.

Once students have a basic understanding of how systems evolved they will be introduced to Micro-Services, CIA Triad, Disaster Recovery, Business Continuity, and High availability. Then cloud solutions, containerization, and virtualization will be discussed leading to a final project.

Module Outline

Topic 1: Why is it important to incorporate security controls into System Architecture

Topic 2: Understand the Stages to System Architecture

Topic 3: Understand how the CIA triad works

Topic 4: Understand Basic Security Controls for System Architecture

Topic 5: Understanding of Modern System Architecture and the use of Microservices

Topic 6: Understanding of Historic / Legacy Systems

Topic 7: Understanding of Multi-Tiered systems

Topic 8: Understanding the Cloud

Topic 9: Understanding Containers and Containerization

Lecturer: John Paul Alarcon

John Paul is a seasoned cybersecurity professional with over two decades of experience in the field, including 12 years in banking and finance. Prior to his current role as CISO at HSBC, he served as Security Officer at British Telecoms and Account Security Officer at Hewlett-Packard. His clients spanned a wide range of industries, including airline, manufacturing, telecommunications, retail, and pharmaceuticals.

John Paul received comprehensive training in cybersecurity, anti-cyber crimes, and forensic investigations during his tenure at the police academy in Germany, which provided him with a strong foundation in the technical aspects of his work.

2024 1st Run: May 25 & June 1

2024 2nd Run: Oct. 26 & Nov. 9

Time: 1230-1930H (14 total hours)

Module Fee: P11,495

This module covers the fundamental concepts of data privacy and protection. Participants will learn through lectures and activities the concepts and requirements of Data Privacy and relevant data protection processes and techniques. The course is ideal for participants who want to embark on or increase their knowledge about Data Privacy and apply practical knowledge when they go back to their respective organizations or businesses.

Module Objectives

At the end of the module, the participant will be able to:

  • Understand the objectives of data privacy and protection.
  • Identify relevant legal provisions and regulations pertaining to privacy.
  • Apply privacy principles and measures to personal information.
  • Apply the compliance requirements of NPC on privacy through organizational, physical, process and technological controls.
  • Increase practical understanding of Data Privacy through the means of
    presentations, case studies and interactive workshop activities.

Module Outline

Session 1:

  • DPA Structure, Sections and Principles
  • Rights of Data Subjects
  • NPC Five Pillars
  • Personal Data Protection and Security

Session 2:

  • Operational Compliance
  • Privacy by Design
  • Breach Management
  • Incident Response Lifecycle

Lecturer: Robert S. Paguia, JD, MPM

Robert S. Paguia is a Data Privacy Advocate / Practitioner who conducts Lectures and does Consulting Services on Republic Act (RA) No. 10173 or the Data Privacy Act (DPA) of 2012 under his own consulting firm, the RSP Data and Digital Svcs, which is DTI-Registered, BIR-Registered and PhilGEPS-Registered. To date, he has already conducted close to a hundred lectures and trainings on RA No. 10173.

One of the most sought-after Resource Speaker, Panel Member and Panel Moderator in the field of Information and Communications Technology (ICT) specifically in Data Privacy and Cybersecurity, he has been a permanent fixture in local and international conferences like the PhilSec 2022 and PhilSec 2023 organized by Tradepass, 2nd Philippine ICTEX Innovation Summit 2022 organized by Mykar Philippines, CybersecPhil Conference 2023 organized by CybersecAsia and Escom Events, Cloudnative and Open Source Summit 2023 organized by Escom Events and CyberSecAsia, Fintech Revolution Summit 2023 organized by Traicon, 7th DX Leaders Strategy Forum and 8th DX Leaders Strategy Forum organized by EDX Events Singapore and others.

As a Data Privacy Advocate, he serves as Consultant to government agencies such as the Philippine Trade Training Center (PTTC), the training arm of the Department of Trade and Industry (DTI), Light Rail Transit Authority (LRTA) and the Department of the Interior and Local Government (DILG),among others.

2024 1st Run: Jun. 8 & 15

2024 2nd Run: Nov. 23 & Dec. 7

Time: 1230-2030H (16 total hours)

Module Fee: P12,895

This program provide its participants with an overview and initial understanding of what is Security Operations and equip its participants with the knowledge on particular activities in a Security Operations Center (SOC), such as defining and handling security threats, the use of various SOC tools, and other pertinent information on different workstreams.

Module Objectives

At the end of the module, the participant will be able to:

  • Understand the concept, importance, and features of a Security Operations Center.
  • Examine how incident lifecycle management fits into the overall SOC process.
  • Analyze the people, process, and technology aspect of SOC and be able to define best practices and each of these pillars.
  • Evaluate common security incidents in the industry.
  • Formulate use cases to cater to different security incident scenarios and be able to articulate how each of these use case can streamline operational and tactical efforts in the organization.

Module Outline

Session 1:

  • Security Threats 101
  • What is Security Operations Center (SOC)?
  • Cybersecurity Kill Chain & Defensible Matrix
  • Incident Lifecycle, Service Value Chain and Continual Improvement

Session 2:

  • SOC Tools
  • Phishing/Email Security
  • Web Application Firewall (WAF)
  • Data Loss Prevention (DLP)
  • USB/Tools Health/File Permission and File Integrity Monitoring

Lecturer: John Panes

John is currently a Cyberdefense Operations manager handling various security workstreams of 60+ security consultants and analysts. He liaises with global security leaders to ensure that the organization is protected from targeted attacks as well as continuously upscale security tools and processes through automation and orchestration initiatives. He has a demonstrated history of performing Technical Vulnerability Management, Threat Modelling, Security by Design, Social Engineering, Gap Analysis, Policy Mapping, Risk Management, Cybersecurity Strategy Implementation, and Information Security Assessment. He also has extensive understanding and meaningful hands-on experience on various international standards and security frameworks. John was also internationally deployed onsite and managed security teams across Singapore, Poland, USA, Malaysia, Philippines, and India.

He is a certified ITILv4 Service Management Practitioner and a Microsoft Technology Associate (MTA).

executive diploma program in cybersecurity

This diploma program introduces the learner to the theories, principles, frameworks, and practices in Cybersecurity. The aim of this program is to prepare and equip the learners to allow them to pursue their cybersecurity career. This foundational approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of cybersecurity cases from the industry.

specialized cybersecurity short course

2024 1st Run: Jun. 8 & 15

2024 2nd Run: Nov. 23 & Dec. 7

Time: 0900-1700H (5 hours synchronous, 11 hours asynchronous)

Module Fee: P12,895

This certification program introduces the learner to the theories, practices, processes and techniques used in Digital Forensics and Incident Response (DFIR). The aim of this program is to prepare and equip the learners to allow them to specialize in the field in DFIR. This introductory approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of incidents and breaches from the industry.

Module Objectives

At the end of the module, the participant will be able to:

  • Respond to incidents and collaborate with different stakeholders
  • Contain, eradicate and recover from incidents
  • Conduct Incident Response tabletop exercises within their own organization
  • Understand the chain of custody and common forensic artifacts
  • Collecting and analyzing forensic artifacts to be able to provide Iindicators of compromise for Security Operations monitoring
  • Relate and consider the legal requirements and compliance related to the DFIR

Module Outline

Session 1:

  • DFIR Ethics, Legal, and Compliance
  • Incident Response
  • Cyber Kill Chain & MITRE ATT&CK
  • Containment and Eradication
  • Common Pitfalls of implementing IR
  • Cybercrime

Session 2:

  • Digital Forensics
  • Memory and Storage Media
  • Forensic Acquisition
  • Data Storage Recovery and Analysis
  • Memory Acquisition
  • Memory Recovery and Analysis
 

Contact Us

Jhune Tavera
rodolfo.tavera@benilde.edu.ph

Benilde School of Professional and Continuing Education (SPaCE)
4/F Design + Arts Campus 
950 Pablo Ocampo Street, Malate, Manila, Philippines
☎ (+63) 2 8230-5100 local 3801 or 3802
✉️ space@benilde.edu.ph