- Zivile Necejauskaite
- Kristina Hojstricova
Advanced
- Bank transfer
Event Organizer(s)
Description
This course focuses on foundations of CSIRT/CERT/CIRT/SOC management and strategic leadership. Recognizing the critical transition from technical execution to strategic oversight, the course provides the necessary rationale for structured leadership within high-pressure incident response environments.
Every manager wants their team to be as effective as possible and achieve the best results that meet the expectations of their constituency. How much can a manager contribute to this and how can it be achieved? How can you stay motivated to move forward?
This is a unique training course that provides valuable practical knowledge that can be easily and quickly applied in real life. All training materials are based on the practical experience of the instructor and his clients, lessons learned in recent projects.
The training course will help answer questions such as how to allocate time for repetitive tasks, what can be optimized and what should be given more time, and how to correctly calculate and plan the CSIRT/CERT/CIRT/SOC budget. It will allow you to rethink the current mandate of CSIRT/CERT/CIRT/SOC and get ideas on how to update it.
Whether you are a newly appointed manager or an experienced leader, this training offers the foundational tools required to navigate the complexities of CSIRT/CERT/CIRT/SOC management with authority, foresight, and professional competence.
Leadership of CSIRT/CERT/CIRT/SOC
Qualifications or experience needed to participate in this training course:
Profile: The desirable candidate profile includes acting managers or deputies of a Computer Security Incident Response Team (CSIRT), Computer Emergency Response Team (CERT), Computer Incident Response Team (CIRT), or Security Operations Centre (SOC), as well as designated officials tasked with establishing such functions. Any staff engaged in executive functions within these institutions are also encouraged to apply.
Selection criteria: Selection will be based on the quality of the application, including the candidate’s professional experience, motivation, and engagement with the subject matter. Demographic and gender diversity will also be taken into account. Priority will be given to candidates from Least Developed Countries (LDCs) and Small Island Developing States (SIDS) that are engaged in the ITU Cyber for Good programme.
Number of available places for the cohort: 50
Number of available places for the cohort: 50
Upon completion of this course, participants will be able to:
- Formulate the strategy for CSIRT/CERT/CIRT/SOC improvement
- Elaborate and measure the services provided by cybersecurity team
- Demonstrate confidence in CSIRT/CERT/CIRT/SOC planning and decision-making
- Lead the preparation of annual reports
- Identify and coordinate with key stakeholders
The training combines best practices with global standards. The training tutor, who may be considered a mentor based on his experience in implementing projects around the world, provides valuable knowledge and assists participants in identifying the most suitable strategies for their leadership,
An equally important part of the training is the sharing of experiences among participants and the growth of their professional network. The training brings together experts who are willing to identify their weaknesses and thus understand expectations, while also sharing their experiences, which are valuable to others. This training programme is designed to enhance skills and promote professional growth.
In consideration of the participants' workloads, the training programme is meticulously structured into half-day sessions. A designated break is strategically scheduled between the first and second sessions to provide participants with the opportunity to apply their newly acquired skills and knowledge in a practical setting. Following this hands-on experience, the group reconvenes in the classroom to share their observations and, if any challenges are encountered, to collectively explore the underlying causes.
The assessment will take the form of a self-reflection exercise to identify the most useful skills and knowledge for running a CSIRT or SOC on a daily basis.
- Presence and active participation: 25%
- Groupwork 1: 20%
- Groupwork 2: 25%
- Groupwork 3: 30%
Participants shall achieve a grade of 70% to be awarded a certificate of completion.
24.03.2026 Session 1: CSIRT year planning workshop
Learning Outcomes
Set up the requirements and timelines for planning
Activity/Location
Lecturing, group work, discussions
25.03.2026 Session 2: Exercise on CSIRT operations measurement and KPI development
Learning Outcomes
Assessment of security services: how and when.
Elaboration of KPIs, SLAs and related metrics.
Activity/Location
Lecturing, group work, discussions
26.03.2026 Session 3: Annual CSIRT report preparation workshop
Learning Outcomes
Experimenting with writing posts on the website and understanding how and how often to report
Activity/Location
Lecturing, group work, discussions
Tutors
Registration information
Unless specified otherwise, all ITU Academy training courses are open to all interested professionals, irrespective of their race, ethnicity, age, gender, religion, economic status and other diverse backgrounds. We strongly encourage registrations from female participants, and participants from developing countries. This includes least developed countries, small island developing states and landlocked developing countries.
