CERTIFYING PATHWAY PASI
MANAGING AND LEADING IT SECURITY
Reference: PASI
Duration: 31 days (217 hours)
Cost : 19 530 € HT
Our in-company training courses are customised, flexible and tailored to the specific needs of your team.
The PASI pathway is a certifying training program with a total duration of 31 days (217 hours) spread over approximately 6 months. This training aims to provide professionals with the keys to managing IT security within their organization, combining technical knowledge, project management, governance, and team leadership. Validation is achieved through the completion of a professional dossier and an oral defense before a jury.
Target audience
CISOs, CIOs, security managers, cybersecurity project managers, and professionals seeking to move into security leadership roles.
Objectives
- Understand the fundamental concepts of system and network security.
- Master the implementation of appropriate security solutions.
- Know and apply cybersecurity regulations and standards.
- Be able to manage a strategic action plan and collaborate effectively with stakeholders.
- Lead awareness initiatives and develop a cybersecurity culture within teams.
PREREQUISITES
- Have a good knowledge of operating systems (Windows, Linux) and computer networks (TCP/IP, protocols, topologies).
- Have a personal computer with virtualization capability (to run simulated environments) and a stable high-speed internet connection.
- Mastery of basic cybersecurity concepts is a plus, to better benefit from practical exercises on real cases.
- Be able to use standard office tools (Excel spreadsheets, reporting tools) and be ready to familiarize with specialized security tools (SIEM, network security solutions).
DETAILED PROGRAM
The pathway is organized around 7 major modules, covering theory, practice, and real-world cases.
Module 1: Fundamentals of System and Network Security
Duration: 5 days – 35 hours
Objectives: Enable participants to master the main vulnerabilities, threats, security equipment, and solutions to secure systems and networks, while developing active monitoring in the field of cybersecurity.
Contents:
- Specificities and vulnerabilities of different information systems (Windows, Linux, Mac, Android, iOS).
- Main current risks and threats: ransomware, phishing, DDoS attacks.
- Security architectures: PKI, cryptography.
- Data security principles and securing exchanges (protocols, VPN, encryption).
- Methods and tools for technical, technological, and regulatory monitoring (ANSSI, CVE).
- Practical exercises: identification and classification of assets, log analysis from our SOC, real case studies on attacks.
Module 2: Fundamentals of Cybersecurity Regulations
Duration: 1 days – 7 hours
Objectives: Enable participants to understand the regulatory issues related to data protection and security, notably GDPR and associated ISO standards.
Contents:
- Issues related to regulatory compliance: cybercrime, data theft, etc.
- Introduction to GDPR: key principles, scope, role of the DPO, sanctions.
- Correspondence between ISO 27001, 27005 standards and GDPR.
- Other sector-specific regulations and obligations of OIV and OSE.
- Practical exercises: Privacy Impact Assessment (PIA), compliance evaluation, drafting mitigation plans.
d’atténuation.
Module 3: Managing a Cybersecurity Action Plan
Duration: 10 days – 70 hours
Objectives: Train participants in implementing, managing, and leading a strategic cybersecurity action plan in line with corporate governance.
Contents:
- Security policy (PSSI), stakeholders, constraints, and documentation.
- Writing and structuring an action plan based on ISO 27001.
- Collaboration with stakeholders (IT Director, CISO, DPO, service providers).
- Project management: tasks, resources, budget, tools (Trello, MS Project).
- Leading meetings, communicating with management.
- Practical exercises: maturity analysis, development of dashboards, drafting and presenting a strategic plan.
Module 4: Security Risk Analysis and Assessment
Duration: 6 days – 42 hours
Objectives: Master cybersecurity risk analysis according to ISO 27005 and EBIOS Risk Manager, from asset inventory to prioritization and treatment plan.
Content
- Regulatory framework and ISMS: ISO/IEC 27000, ISO 27005; risk analysis principles.
- Threats and mapping: STRIDE, OWASP, outsourcing; TOGAF/CMDB and critical dependencies.
- EBIOS RM: context, feared events, scenarios, risks, measures.
- Prioritization and tools: impact/probability matrices, risk mapping, ISO 27001/27002, ANSSI guidelines.
- Practical case: MITRE ATT&CK scenarios, prioritization, and treatment plan.
Module 5: Organization and Coordination of Incident Response
Duration: 2 days – 14 hours
Objectives: Organize and coordinate incident response, formalize crisis and continuity processes, and manage business recovery to maintain critical functions.
Contents:
- Incident response and continuity (DRP/BCP): objectives, structure, teams, procedures.
- Crisis governance and stakeholders: roles, responsibilities, alert/escalation.
- Operational execution and inter-team coordination, monitoring/reporting tools.
- Internal/external crisis communication: messages, channels, coordination with management/regulators.
- Practical exercises: drafting a DRP/BCP, crisis simulations, ransomware/phishing scenarios.
Module 6: Security Control and Evaluation Actions
Duration: 2 days – 14 hours
Objectives: Deploy control measures and audit the implementation of security actions.
Contents:
- Conducting technical and organizational audits.
- Penetration testing, analysis of results.
- Analysis of action plans, defining effectiveness metrics.
- Writing reports and continuous improvement recommendations.
Module 7: Penetration Testing and Technical Audits
Duration: 2 days
Objectives: Master the methods and tools to perform penetration tests and technical audits in a secure environment.
Contents:
- Vulnerability assessment techniques.
- Exploitation of vulnerabilities, incident documentation.
- Preparation Practical exercises in a virtualized environment.
- Exercises of detailed reports and recommendations.
LEARNING ASSESSMENT
- Skills acquisition is validated through a professional dossier prepared by each participant.
- Oral defense before a jury, where the candidate presents their dossier and answers experts’ questions.
- Throughout the training, regular quizzes validate the understanding of theoretical concepts.
- Practical exercises (labs) are highly detailed and immersive: asset inventory, log analysis, configuration of security tools (firewall, SIEM, VPN), detection and documentation of simulated real attacks (ransomware, phishing).
- Each lab is delivered as reports, summary tables, action plans, or audit reports. These deliverables also form a basis for evaluation.
- Assessment includes the ability to apply methodologies (e.g., ISMS, ISO 27001, GDPR) as well as the relevance and accuracy of recommendations provided.
Teaching Methods
- Alternation of theoretical inputs, demonstrations, feedback, and case studies.
- Intensive practical exercises using real tools (SIEM, monitoring tools).
- Continuous assessment through quizzes, practical exercises, professional dossier, and oral defense.
KEY STRENGTHS
- Real data and advanced tools from the ACG Cybercampus SOC.
- Certified expert trainers with concrete field experience.
- Personalized feedback and improvement plan validated by a jury.
This program qualifies for OPCO Atlas funding as part of the CampusAtlas offering, recognized and funded up to 100%, with simplified procedures, a quality guarantee, and tailored support provided to member companies.