Course Overview Cyber Security - Deloitte

Course Overview 

Cyber Security 

Sharpen your mind. 

Deloitte Academy 

2014

We believe it is important to share our knowledge with clients and business relations. 

For this reason, we want to offer you the opportunity to participate in a training 

course together with our Deloitte Security & Privacy professionals. 

This overview contains the following training courses: 

• CISSP Certification 

• CISM Certification 

• SAP Security 

• Prepare for Privacy 

• HackLab: Hands-on Hacking 

• HackLab: Malware Analysis 

• HackLab: Introduction to Cybercrime 

• HackLab: SAP 

• ISO 27001 Implementation and Audit 

• SCADA Security 

• Oracle GRC 

• SAP GRC 

• In-house training, custom training and learning programmes 

CyberLympics 2011, 2012 and 2013. 

Deloitte has extensive experience in the field of advising and assessing the information security within governments 

and business. Our team consists of more than 30 specialists that describe "ethical hacking" as their great passion. 

The knowledge, experience and passion are reaffirmed in the recent finals of the Global CyberLympics. The team of 

Deloitte Netherlands did win, for the third time in a row a contest which consisted of both offensive and defensive 

security challenges.

CISSP Certification 

The Certified Information Systems Security Professional (CISSP) certification is a globally 

recognized credential: the first of its kind and accredited by the American National 

Standards Institute (ANSI). 

Course objectives 

The Deloitte (ISC)2 CISSP Certification course is an intensive, five-day 

course that covers the most comprehensive compendium of 

information security best practices – the Common Body of Knowledge 

(CBK). The CISSP CBK establishes a common framework of 

information security terms and principles that allow information security 

professionals worldwide to discuss, debate and resolve matters 

pertaining to the profession, with a common understanding. 

The CISSP CBK consists of the following 10 domains: 

1. Access Control; 

2. Application Security; 

3. Business Continuity and Disaster Recovery Planning; 

4. Cryptography; 

5. Information Security and Risk Management; 

6. Legal, Regulations, Compliance and Investigations; 

7. Operations Security; 

8. Physical (Environmental) Security; 

9. Security Architecture and Design; 

10. Telecommunications and Network Security 

The Deloitte CISSP certification course has a passing rate of over 90% 

as opposed to the average CISSP success rate of around 60%. 

Target audience 

Programme 

Day 1 

• Information Security Governance and 

Risk Management 

• Security Architecture and Design 

Day 2 

• Access Control 

• Application Security 

• Operations Security 

Day 3 

• Cryptography 

• Physical Security 

Day 4 

• Networking 

• Business Continuity Planning 

Day 5 

• Business Continuity Planning 

• Legal and Regulatory 

• Sample exam (100 questions) 

Exam 

Participants will receive a voucher with which 

they can book an examination at a desired 

date and time at a Pearson VUE test centre 

of their choice. 

Security managers, risk managers, IT auditors, IT security 

professionals and security officers 

Course date and location 

This five-day course will be held on 3 – 7 March and on 

10 – 14 November 2014 in Amsterdam, the Netherlands. 

Costs 

The costs are EUR 2,995 ex VAT. Exam voucher, catering (lunch) and 

course materials are included in the price. 

Course overview − Security & Privacy 2

CISM Certification 

CISM, Certified Information Security Manager, is a globally acknowledged information 

security management certification. This certification demonstrates you can connect 

information security to your organization’s business goals, understand the security aspects 

of new and current technologies, and possess the knowledge and skills to manage 

information security within your organization. 


The Deloitte CISM certification course is a three-day course, which 

aims to prepare participants for successfully passing the CISM exam. 

The CISM certification indicates that participants understand a global 

framework of information security management concepts and 

principles. These can be applied to different situations, so information 

security is managed in the best way possible. Areas of interest include 

risk management, handling security incidents, compliance issues, 

managing information security programs and integrating information 

security into the business. 

The CISM framework clarifies the use of information security 

management in the organization, while it ensures its application is in 

sync with the organisation’s business goals. Information security 

management thus becomes more effective and efficient. 

The CISM course comprises four domains: 

1. Information security governance 

2. Information risk and compliance 

3. Information security program development and management 

4. Information security incident management 

Besides these four domains, exam preparation will be a significant part 

of the course. 

Programme 

Day 1 

• Introduction to CISM 

• Information security governance 

• Exercises 

Day 2 

• Information risk and compliance 

• Information security incident management 

• Exercises 

Day 3 

• Information security program 

development and management 

• Summary 

• Exam preparation 

Exam 

The exam can be taken on 14 June or 13 

December 2014. Participants have to 

register themselves at ISACA 

(www.isaca.org), up to 4 weeks prior to 

the exam. 

It is advisable to take the exam right after the 

training. 


(Information) Security managers (senior and junior level), business 

managers with information security in their portfolio, IT security 

professionals and security officers. 


This three-day course will be held on 10 – 12 June and on 8 – 10 

December 2014 in Amsterdam, the Netherlands. 

Costs 

The costs are EUR 1,295 ex VAT. Catering (lunch) and course 

materials (CISM Review Manual and review questions) are included in 

the price. Exam fee is excluded. 


SAP Security 

During this five-day course, we will facilitate an in-depth view of SAP security. Starting 

from the basic concepts, the most important SAP security options will be discussed. Since 

we believe in ‘doing is learning’, the course not only provides technical background: it 

includes plenty of opportunity to discuss practical use, benefits, constraints and real-life 

examples. More importantly, many hands-on exercises are included, challenging 

participants to put the theory into practise. Deloitte uses its own sandbox environments to 

this end. 


If you have ever been involved with SAP and its security concept, you 

are most likely familiar with the term SAP_ALL. Developers say they 

can’t work without it, auditors say nobody should have it assigned. 

This course will teach you the most important SAP security features 

and will allow you to understand their implications. It will enable you to 

tailor the security settings and procedures to best fit your organization 

without losing sight of best practises. 


Security managers, SAP application managers, SAP security 

professionals and IT auditors regularly dealing with SAP related 

security challenges and such. 

Other stakeholders such as internal control managers, risk managers 

and IT professionals with an interest to learn more about SAP Security 

concepts and techniques will benefit from this course as well. 


This course is split into two parts. The first part is held on 30 – 31 

January 2014 and provides an introduction to the SAP security concept. 

The second part, held on 3 – 5 February 2014, provides additional 

details and advanced topics. 

The complete course will be held in Amsterdam. 

Costs 


materials are included in the price. 

Programme 

The SAP Security course will cover the most 

important security settings for an SAP ERP 

system. You will be introduced to SAP basis 

security features, their implications and 

constraints, where they are implemented, and 

how they can be audited. The course will also 

address topics such as ‘hacking’ 

vulnerabilities, tooling and best practises. 

Although the course will focus on SAP ERP 

(commonly also referred to as R/3 and ECC), 

these concepts likewise apply to all other 

ABAP based systems, such as CRM, SRM 

and BI. 

The following topics will be addressed: 

• The SAP Landscape; 

• Access Path; 

• Introduction to Security; 

• Navigation; 

• User Management; 

• Authorization concept; 

• Profile Generator; 

• Logging; 

• System Parameters; 

• Transaction Security; 

• Program Security; 

• Table Security; 

• Job Scheduling; 

• Change Management; 

• Interfaces; 

• Use of tooling such as GRC. 


Prepare for Privacy: Are you prepared? 

The importance of protecting personal data within organisations has increased 

exponentially. Technological developments have facilitated organizations in processing 

more personal data and on a larger scale. This has triggered a rapidly growing public interest 

in the protection of personal data and related legislation and regulations. 


This practical course will provide the participants with insight into the 

rules on processing personal data and the steps required for complying 

with privacy legislation. 


Data officers, HR managers, chief information officers, security 

managers and other persons who are responsible for protecting 

personal data or who work with personal data every day. 

The participants will not need a thorough knowledge of privacy 

legislation. 


Programme 

The course will discuss the notification and 

information requirement, the requirements for 

international transfers and the security 

measures to be implemented. The cookie 

legislation, the rules on direct marketing, 

emails and internet monitoring and privacy 

aspects of “the Cloud will be dealt with too. 

Finally, the course goes into the various risks 

of processing personal data, unnecessary or 

otherwise, preventing data leakage, and the 

upcoming European Privacy Regulation. 

This one-day course will be held on 16 May 2014 in Amsterdam, the 

Netherlands. 

Costs 

The costs are EUR 695 ex VAT. Catering (lunch) and course materials 

are included in the price. 


HackLab: Hands-on Hacking 

Computer hacking is the practice of influencing computer hardware and software to 

accomplish a goal outside of their original purpose. A computer hacker is a person who 

identifies weaknesses and exploits them. Hacking is considered a complex activity. This 

course will explore the world of hacking and shed a light on how hackers work. 


The practical five-day course equips participants with hands-on black 

box, white box and grey box vulnerability testing. We will address 

testing of web applications, mobile applications, mobile devices, 

wireless security, host based and network based infrastructure. 

The course takes the participants through the different stages of our 

proven methodology of information gathering, target selection and 

vulnerability identification and exploitation. Besides the methodology 

we will also discuss the different leading practises, such as OWASP 

and go into the different tools for vulnerability testing. 


Security managers, application developers, IT professionals and IT 

auditors who have an interest in ‘Vulnerability Assessment’ and 

‘Hacking’. 

Participants of the course are expected to have a basic understanding 

of network, TCP/IP and Operating Systems (Windows and Linux). 


This five-day course will be held on 7 – 11 April and on 15 – 19 

September 2014 in Amsterdam, the Netherlands. 

Costs 



Programme 

Day 1: Introduction and external 

penetration tests 

• Introduction and security trends 

• Penetration testing methodology 

• External Infrastructure penetration test 

• Firewall security / Prevention systems 

• Physical security assessments and social 

engineering 

Day 2: Internal penetration tests 

• Infrastructure security test 

• Host-based security test 

• Wireless security test 

• Network security test 

Day 3: Application Assessments 

• Architecture 

• Information Gathering 

• Vulnerability analysis 

• Code review 

• OWASP top 10 

• Executing of a web application 

vulnerability assessment 

Day 4: Current trends in hacking 

• Mobile Applications and security 

• Incident response / Security Operating 

Centres 

• Malware analysis 

• Hacking game 

• Reporting Exercise 

Day 5: Vulnerability assessment case 

• Summarizes all topics of the week 

• Interview the client 

• Vulnerability assessment execution 

• Reporting and presentation of the results 

• Evaluation and closing 


HackLab: Malware Analysis 

Malware stands for malicious software, scripts or code meant to aid an attacker to hack a 

system, keep control, steal information or to cause damage. Analysing malware is a difficult 

task without the right knowledge and experience. During this course hands-on experience is 

gained with the analysis of malware, from the first 

steps to the analysing of advanced malware. 


This hands-on course enables participants to make their first steps 

towards malware analysis up to the full reverse engineering of malware. 

We will deal with different methods of malware analysis, such as 

behavioural and static analysis. Topics addressed in this course include: 

the different properties and actions of malware, forensic traces, network 

traffic, obfuscation and encryption. Various malware files, specifically 

written for this course, will be analysed prior to analysing existing malware. 

A major element of this course is hands-on reverse engineering, giving 

maximum experience to participants during the three days. 

Following this course enables participants to perform their first analysis on 

encountered malware, correctly estimate the behaviour of malware, and 

understand how it can be countered. 


Incident response employees, digital forensic researchers, IT system & 

network administrators and IT professionals interested in malware 

analysis. 

The participants should have fundamental insight into network protocols, 

IP network services, and operating systems. Experience with malware is 

not required, but a solid technical background is desired. 


This three-day course will be held on 15 – 17 April and on 9 – 11 


Costs 

The costs are EUR 1,295 ex VAT. Catering (lunch) and course materials 


Programme 

Day 1: Introduction 

• General malware overview 

• Malware history 

• How victims are infected 

• Botnets 

• Malware analysis introduction 

• Malware identification 

• Malware packers and unpacking 

• Behavioural analysis 

• Malware debugging 

Day 2: Analysis 

• Banking Malware 

• Static Analysis 

• Anti-Virus products 

• Malware recovery 

• Malware crypto 

• Malware tools 

• Malware scripts analysis 

• Malware network traffic analysis 

• Exploit analysis 

• Malware Anti-Forensics 

Day 3: Training and deepening 

On Day 3, the knowledge gained is further 

put into practice. In different assignments, 

including the analysis of advanced malware 

specimens and Capture The Flag (CTF) 

exercises, insight will be provided into the 

inner working of malware analysis and 

reverse engineering in practice. 


HackLab: Introduction to Cybercrime 

Over the last couple of years, cyber attacks have frequently made the headlines. Newspapers 

and online media are filled with terms such as trojans, botnets, phishing, denial of service 

attacks and data breaches. But what do these terms really mean and why are these attacks 

possible? This course will provide you with a theoretical and practical understanding of 

cyber attacks: essential if you wish to deal effectively with cybercrime within your 

organisation. 


This course will explain the most common types of cyber attacks, the 

technology they are based on and the weaknesses they exploit in IT 

systems. To better understand cybercrime, we will look into the 

evolution of the Internet, the underlying technology and its global 

democratisation. We will also show how this insight into cybercrime 

can be used to design and implement effective risk mitigation 

measures, advise on security or prosecute cyber fraudsters. 

This course is a good foundation for any professional wanting to 

pursue training or further their knowledge of this field. It is not a deep 

dive into hacking activities or malware analysis. For more information 

on these topics please refer to HackLab: Hands-on Hacking and 

HackLab: Malware Analysis. 


This course is targeted at members of law enforcement agencies, 

policy makers, security officers, security managers, IT managers, 

application developers, IT professionals and IT auditors who have an 

interest in the latest developments in cybercrime. 


This three-day course will be held on 10−12 February and on 24−26 


Costs 



Programme 

Day 1: The Internet, protocols, phishing 

• The birth of the Internet 

• The Internet protocols: IP and TCP 

• The basis of HTTP and HTML 

• Proxies and firewalls 

• The mail protocol SMTP 

• Routers 

• The Domain Name System (DNS) 

• Phishing 

• Countermeasures phishing 

Day 2: DDOS, web applications and 

malware 

• Denial of Service attacks 

• Operating systems 

• (Web) servers and applications 

• HTTP 

• Browsers 

• Malware 

• Botnets 

• Banking trojans 

Day 3: Hacking and countermeasures 

• Hacking 

• Hacking phases 

• Vulnerabilities 

• Cases 

• SCADA/ICS 

• Countermeasures 


HackLab: SAP 

Hacking and cybercrime currently receive a lot of media attention after recent incidents like 

Distributed Denial of Service (DDOS) attacks and theft of account and credit card data. 

Critical business applications like SAP have so far received little attention, even though they 

are the administrative heart of any business. This course shows a selection of vulnerabilities 

and how you can defend yourself against them. 


This one-day course provides insight into the vulnerabilities of a SAP 

application and the associated infrastructure. After a brief introduction 

on SAP security and penetration testing in general, we will discuss a 

selection of known SAP vulnerabilities, showing you how easy it can 

be to access critical functions and data. We will also discuss how you 

can detect these vulnerabilities and properly secure your system 

against them. 


(SAP) Security professionals, IT managers, risk managers and IT 

professionals having an interest in SAP security and ethical hacking. 


This one-day course will take place on 13 February 2014 in 

Amsterdam. 

Costs 

The costs of this course will be EUR 395 ex VAT. Catering (lunch) and 

course materials are included in the price. 

Programme 

Introduction 

• Introduction 

• Penetration test methodology 

• Overview SAP components 

Risks 

• What can go wrong 

• Risks in a SAP landscape 

Vulnerabilities 

• Sample vulnerabilities for the different 

SAP components 

• Possible countermeasures 

An average SAP landscape comprises a 

large number of technical components. It is 

impossible to discuss all possible 

vulnerabilities for all these components in a 

single day. Hence we have selected a 

number of relevant vulnerabilities, applicable 

for different components. This enables us to 

clearly outline the security possibilities in a 

SAP landscape. 


ISO 27001 Implementation and Audit 

Gaining and delivering information is critical to achieving your business goals and building 

a sustainable business. Securing information within organizations is therefore becoming 

more important. The ISO 27001 standard is designed to help your organization manage and 

secure critical business information in the context of overall business risk and signals your 

clients that you are actively working towards a more secure organization. 


This three-day course offers practical guidance on how ISO 27001 

certification can be achieved and what the biggest challenges are 

during an audit. It explains the required Plan, Do, Check & Act cycle 

and the role of the Information Security Management System (ISMS). 

The course offers insight on how controls are selected in order to cover 

business risks and explains the relationship between ISO 27001 and 

other ISO standards. 

Areas of interest include risk analysis, business risk, creating 

improvement plans and integrating information security into your 

business. Special attention is given to incident management, business 

continuity, data classification and access control. 

Participants will benefit from our experience as both implementers and 

auditors through real-life cases and examples. 

All topics will be handled from both an implementer and auditor point of 

view. 


Information security managers, internal IT auditors, business 

managers with information security in their portfolio, IT security 

professionals and security officers. 

Programme 

Day 1 

• Introduction to ISO 27001 standard 

• Structure of ISO 27001 standard and 

relationship to other ISO standards 

• Differences between 2005 and 2013 

version 

• Information Security Management 

System and role of the Plan, Do Check & 

Act cycle 

Day 2 

• Risk analysis and improvement plans 

• Security policies and ISO 27001 

• Project planning 

Day 3 

• ISO 27001 controls 

• Audit and review, including improvement 

cycle 

• Steps towards certification of the 

organization 


This three-day course will be held on17−19 February 2014 in 

Amsterdam, the Netherlands. 

Costs 




SCADA Security 

The past years, off-the-shelve software and hardware as well as remote access possibilities 

in industrial environments have increased. The broader threat landscape and increased 

sophistication of attacks indicate the need to improve SCADA (supervisory control and data 

acquisition) security capabilities. But where to begin? During this course we will provide 

insight in threats, best practices, vulnerabilities and mitigating controls. We will take the 

participant through the complete SCADA security cycle: Know, Prevent, Detect, Respond 

and Recover. 


This intensive, three-day course that covers various topics to improve 

understanding of the SCADA environment and security of SCADA 

systems. 

The course provides the fundamentals on SCADA security. The 

participants will be able to make informed decisions regarding the 

security of controls systems and understand the implications of these 

decisions. 

The course delivers knowledge about the differences between 

industrial and business IT, including the difficulties of implementing 

common security practices on SCADA systems. From a compliance 

perspective several standards provide helpful insights to improve the 

security capabilities. For this purpose the course will elaborate on 

standards and best practices such as: ISO-27000, NERC-CIP, SANS 

and ISA-99. On a practical level, the course will provide a hands-on 

workshop in which participants can experience SCADA exploitation. In 

addition, the program elaborates on SCADA vulnerability and security 

assessments. 


IT professionals, penetration testers and managers that want to 

increase their understanding and knowledge of the SCADA 

environment and SCADA security assessments. 

Programme 

Day 1: Know 

• Understanding the SCADA threat 

landscape 

• Understanding the differences between 

industrial- and business IT security 

• Understanding best practices and 

standards 

Day 2: Prevent & Detect 

• Reviewing SCADA architecture 

• Reviewing SCADA vulnerabilities 

• Security logging and monitoring 

• Selecting and implementing security 

controls 

Day 3: Respond & Recover 

• Hands-on SCADA exploitation workshop 

• Active and passive security assessments 

• Implementing a security operations centre 

and disaster recovery strategies 

• Future SCADA security technologies 


This three-day course will be held on 17 – 19 March 2014 in 

Amsterdam, the Netherlands. 

Costs 




Oracle GRC 

This two day course enables you to smoothen your Oracle Governance, Risk & Compliance 

(GRC) implementation journey. It brings insight in how Oracle’s GRC software can help in 

managing risks and controls (access, process and business controls) from a single repository. 

The course aims to get you comfortable with a best practise implementation strategy and 

approach, lessons learned and key success factors. For those looking for hands-on 

experience and practical use cases the course offers a technical Deep Dive. 


In today’s unpredictable and highly competitive business environment, 

it’s important to take a holistic view of governance, risk and compliance 

(GRC) — while focusing not only on the risks that can threaten value, 

but also the risks that an enterprise can take to create value. People, 

processes and technology should all work together to help the 

enterprise stay in control of the risks it chooses to take. 

Oracle’s comprehensive GRC software provides the functionalities to 

automate your GRC initiatives and processes to optimize business 

processes, manage risks and comply with regulations. 

This course will teach you how Oracle’s GRC software can help in 

managing risks and controls (access, process and business controls) 

from a single repository. Additionally, the course covers 

implementation strategy, lessons learned, key success factors and 

best practices to make you more comfortable with your GRC 

implementation. We will also take a deep-dive into the system to 

understand the technical basics, based on a case study. 


Risk managers, financial and business controllers, Oracle competence 

centre managers, functional consultants, implementation consultants, 

security & GRC consultants, program managers and IT governance 

experts. 


This two-day course will be held on 13 − 14 March 2014 in Amsterdam, 

the Netherlands. 

Costs 



Programme 

This two day course contains both functional 

and high-level technical aspects of Oracle 

GRC and will help audience with both 

technical and non-technical background. 

Day 1 

The first day will mainly focus on functional 

side of Oracle GRC and covers: 

• Holistic view on GRC 

• Product overview of Oracle GRC 

• New features and key enhancement 

• Implementation strategy and approach 

• Lessons learned 

• Key success factors 

• Best practices. 

Day 2 

The second day is designed to give you a 

more comprehensive understanding of the 

technical implementation of GRC and focuses 

on: 

• Installation requirements 

• Technical configuration basics of Oracle 

GRC based on use cases and exercises, 

e.g: 

− TCG – Transaction Controls Governor 

− AACG – Application Access Controls 

Governor 

− CCG – Configuration Controls 

Governor 

− PCG – Preventive Controls Governor 

Although this program is specifically designed 

for Oracle GRC Controls, it will touch upon 

the integration point with Oracle GRC 

Manager and Oracle GRC Intelligence. 


SAP GRC 

This course enables you to release the value of Governance, Risk & Compliance (GRC) 

within your organization through automation with SAP GRC. It brings insight in how SAP’s 

GRC software can help in managing risks and controls (access, process and business 

controls) from a single repository. The course aims to get you comfortable with a best 

practise implementation strategy and approach, lessons learned and key success factors. For 

those looking for hands-on experience and practical use cases the course offers a technical 

Deep Dive. 


In today’s unpredictable and highly competitive business environment, 

it’s important to take a holistic view of governance, risk and compliance 

(GRC) — while focusing not only on the risks that can threaten value, 

but also the risks that an enterprise can take to create value. People, 

processes and technology should all work together to help the 

enterprise stay in control of the risks it chooses to take. 

SAP’s comprehensive GRC software provides the functionalities to 

automate your GRC initiatives and processes to optimize business 

processes, manage risks and comply with regulations. 

This course will teach you how SAP’s GRC software can help in 

managing risks and controls (access, process and business controls) 

from a single repository. Additionally, the course covers 

implementation strategy, lessons learned, key success factors and 

best practices to make you more comfortable with your GRC 

implementation. We will also take a deep-dive into the system to 

understand the technical basics, based on a case study. 


Risk managers, financial and business controllers, SAP competence 

centre managers, functional consultants, implementation consultants, 

security & GRC consultants, program managers and IT governance 

experts. 


This five-day course will be held on 24 − 28 March 2014 in Amsterdam, 

the Netherlands. 

Costs 


materials (hand-outs and exercises) are included in the price. 

The costs for participants who only want to participate in Part 1: SAP 

GRC Essentials (2 Days) are 795 ex VAT. 

Programme 

This course is divided into two parts which 

enables participants to register, based on 

their experience and learning goals 

Part 1: SAP GRC Essentials (2 Days) 

The first two days mainly focus on functional 

side of SAP GRC and covers: 

• Holistic view on GRC 

• Product overview of SAP GRC 

• New features and key enhancement 

• Implementation strategy and approach 

• Lessons learned 

• Key success factors 

• Best practices. 

Part 2: SAP GRC Deep Dive (3 Days) 

The following 3 days are designed to give you 

a more comprehensive understanding of the 

technical implementation of GRC and focuses 

on: 

• Installation requirements 

• Technical configuration basics of SAP 

GRC Access Control based on use cases 

and exercises, e.g.: 

− Access Risk Analysis 

− Access Request Provisioning 

− Business Role Management 

− Emergency Access Management 

− MSMP Based Workflow design for 

workflow 

− BRF+ based rule creation 

• Technical configuration basics of SAP 

GRC Process Control and Risk 

Management based on use cases and 

exercises. 


In-house training, custom training and 

learning programmes 

Deloitte offers more than just the trainings referred to before. We provide in-house trainings 

too: anything from standard trainings to trainings tailored to your organization. We can even 

set up a full learning programme uniquely geared to your organization. 

In-house training 

In-house or in-company training distinguishes itself because it 

specifically focuses on your organization. The training can thus be 

adapted to your wishes. 

Standard training 

Apart from our offerings discussed in this flyer, we have a great choice 

of standard trainings available. We can consult with you to include 

specific priority aspects you consider to be important. 

Custom training 

A careful analysis of your learning needs and an extensive intake will 

enable us to prepare a custom training. This will allow you to train and 

educate your professionals very effectively. Since the course materials 

and examples will be geared to your own organization, your 

professionals will be able to immediately use what they have learned in 

their daily practice. 

Learning programme 

In addition to offering in-house trainings, we also offer you the option to 

prepare a full, tailored learning programme, entirely geared to your 

organization, the business objectives, and the employees’ learning 

needs. 

Costs 

Feel free to contact us for more information on pricing or to get a quote. 

Even a relatively low number of participants can make an in-house 

training more economical than a regular external training. 

Further information 

If the training you need is not stated here, or if you want further 

information on our training and learning offering, please contact us. 

Contact details can be found in the back of this brochure. 

Topics 

Deloitte provides a great deal of trainings all 

across the world, so we have a large number 

of standard trainings and topics readily 

available. These are just some of the 

trainings we have on offer: 

• Security & Risk Management 

(Governance, Frameworks, Architecture, 

Transformation) 

• Business Continuity & Disaster Recovery 

• Identity & Access Management 

• Security Architecture 

• Cyber Security 

• Infrastructure Protection 

• Application Protection 

• Secure Software Development 

• End User security (Awareness, Social 

media, Mobile devices) 

• Vendor control (Cloud computing, 

Assurance) 

• Privacy 

• Hacking and Vulnerability Assessments 

Specific systems & certifications 

In addition, we offer security trainings on 

specific systems, such as SAP and Oracle. 

We can arrange trainings for most of the 

security certifications (CISSP, CISM, CISA, 

CEH, etc.) as well. 

Training forms 

We are able to provide various training forms 

such as: classroom based, e-learnings, 

webinars, workshops and game-based. 


Your facilitators 

Our professionals are your facilitators − sharing with you their practical knowledge. Our course offerings distinguish 

themselves by being topical and effective. The limited number of participants per course offers plenty of space for 

interaction between facilitator and participants in a stimulating and pleasant atmosphere. The following professionals 

facilitate the courses mentioned in this brochure: 

Marko van Zwam 

Partner Deloitte Security & Privacy 

Marko is a partner within Deloitte Risk Services and leads the Security & Privacy team, which consists of more than 

100 professionals. He has over 18 years of experience in IT, IT Security, IT Audit and IT Risk Management. 

Gijs Hollestelle 

Facilitator CISSP Certification 

Gijs is a senior manager in the Security & Privacy team. Gijs has over 8 years of experience in security issues, 

from security awareness to IT infrastructure security and Ethical Hacking. Gijs was part of the winning team at the 

Global CyberLympics 2013. 

Coen Steenbeek 

Facilitator HackLab – Hands-on Hacking 

Coen is a manager in the Security & Privacy team. Coen specializes in both technical engagements like 

vulnerability assessments and in performing security management related tasks (ISO27001 / 2). During his career 

at Deloitte Coen has earned the RE, CEH, CISSP, CISM and CGEIT certifications and he was part of the winning 

team at the Global CyberLympics 2013. 

Trajce Dimkov 

Facilitator SCADA Security 

Trajce is a manager within the Security & Privacy team and has over 7 years of experience in ICT infrastructure 

and security. Trajce specializes in both security management of industrial control systems and vulnerability 

assessment. Previous to his work at Deloitte, Trajce did a PhD at the University of Twente on social engineering 

and physical penetration testing and is currently involved in many vulnerability assessments that include these two 

ingredients. 

Frank Hakkennes 

Facilitator SAP Security & HackLab: SAP 

Frank is a manager in the Deloitte Security & Privacy Risk Services team. Frank specializes in security 

management, particularly for SAP environments. Frank is a certified SAP Security Consultant and has been 

responsible for audit, implementation and advisory services in respect of (SAP) security and configuration 

management. 


Tom-Martijn Roelofs 

Facilitator HackLab – Introduction Cybercrime 

Tom-Martijn is Director Cyber Security in the Security & Privacy team. Tom-Martijn has extensive experience in 

combating cybercrime, IT management and audit. As a former head of ABN AMRO’s cybercrime response team, 

Tom-Martijn has gained extensive expertise in incident response, fraud detection, network security monitoring and 

crisis. He has set up a training program for combating financial cybercrime. 

Henk Marsman 

Facilitator CISM Certification 

Henk is a senior manager in the Security & Privacy team and has over 13 years of experience in IT Security and 

risk management. Henk focusses on security management and identity & access management. He also has a 

background in public key infrastructure and network security. Currently Henk co-leads the Security management 

practice within the Security & Privacy team. 

Martijn Knuiman 

Facilitator HackLab – Hands-on Hacking 

Martijn is a senior manager in the Security & Privacy team. Martijn has over 10 years of experience in ICT 

infrastructure and security. Martijn has extensive experience in Network Operating Systems, IT forensics, Data 

Leakage Prevention, Security Governance, Security Management and Ethical Hacking. 

Annika Sponselee 

Facilitator Prepare for Privacy 

Annika is a senior manager within the Security & Privacy team. Annika has over 8 years of experience in privacy 

law and data protection law. Before Annika started working at Deloitte, she was a lawyer at Baker & McKenzie, 

also in privacy law. Her daily activities include advisory and support services for large companies and 

multinationals on national and international privacy law issues. Annika regularly gives trainings and presentations 

on privacy legislation. 

Thijs Bosschert 

Facilitator HackLab – Malware Analysis 

Thijs is a manager in the Security & Privacy team. Thijs has over 8 years of experience in Incident Response and 

Forensics and over 11 years of experience in IT security. Thijs has experience in conducting and managing 

incident responses and forensics investigations, pen-testing and malware research. Thijs was part of the Deloitte 

Global CyberLympics team that won at the Global CyberLympics 2013. 

Ruud Schellekens 

Facilitator CISSP Certification 

Ruud is a manager in the Security & Privacy team. With a strong IT background, Ruud started as an IT auditor. In 

this role he obtained a broad knowledge of the security of ERP applications and IT infrastructures. In addition, 

Ruud has been involved in developing various Deloitte security auditing tools. Ruud is a certified CISM, EDP 

auditor, CISSP and GRAPA professional. 

Floris Schoenmakers 

Facilitator SCADA Security 

Floris is a senior consultant within the Security & Privacy team. Floris has done research into the increasing 

integration of industrial and business IT in SCADA environments and the vulnerabilities associated with this 

integration. Floris is certified CISSP and CSSA. His main focus is the security of industrial systems and 

infrastructure. 


Suzanne Janse 

Facilitator SAP GRC 

Suzanne is working as director in the Security & Privacy team of Deloitte Risk Services. She heads the ERP Risk 

Consulting and GRC (Governance, Risk & Compliance) software practice; a team of highly motivated subject 

matter experts in the field of ERP (SAP, Oracle) Security & Controls and GRC software implementation. 

Ashees Mishra 

Facilitator SAP GRC 

Asheesh works as a manager in the Security & Privacy section of Deloitte Risk Services. He has more than 9 years 

of work experience in area of SAP GRC Access control, Process Control, Risk Management, SAP Security and Net 

weaver IDM. He has lead and been part of several SAP GRC (AC/PC) rollout projects, Controls and SOX 

engagements, SAP Security and authorization design. 

Willem van der Valk 

Facilitator Oracle GRC 

Willem is an experienced senior manager within the Security & Privacy team of Deloitte Risk Services. He has a 

background in Oracle eBS and has a broad knowledge of Governance, Risk & Compliance (GRC). Willem has 

been involved in many Oracle ERP and GRC implementations. Furthermore he regularly performs Oracle Security 

and Controls assessments at different type of clients. 

Berry Kok 

Facilitator Oracle GRC 

Berry is an experienced junior manager within the Deloitte Risk Services department and has a focus on GRC, 

Security and Controls, User Access Management and Segregation of Duties within Oracle applications. Berry 

developed his Oracle expertise by following multiple courses at the Oracle University (i.e. GL, AP, AR, 

Procurement, GRC) and performing several Oracle security related assignments, ranging from ERP and GRC 

implementations, SOD reviews and Security & Controls audits. 

Marlous Theunissen 

Facilitator HackLab – Malware Analysis 

Marlous is a consultant in the Security and Privacy team of Deloitte Risk Services. Marlous graduated cum laude in 

Computer Science and Engineering with focus on both security and algorithms. She has gained experience in 

penetrations tests and malware analysis, and passed both the CISM and CISSP examinations this year. 


Additional course information 

Number of participants 

Depending on the nature of the course and the level of 

interaction we have a maximum number of participants 

per course. 

Course hours 

9:00 to 17:30 hours, including lunch. 

Location 

Our courses are being facilitated at our office in 

Amsterdam. Approximately one month before the 

course date you will receive more information about the 

exact location of the course. 

Language 

The courses will be given in English or Dutch, 

depending on the participants’ preferred language. The 

course material is in English. 

Permanent Education 

Deloitte Academy is a NBA (The Netherlands Institute 

of Chartered Accountants) acknowledged institution. 

These courses will earn you PE points. 

Registration 

You can register for this course through 

www.deloitte.nl/academy. 

More information 

For more information about these courses contact: 


Postbus 2031 

3000 CA Rotterdam 

Phone: 088 − 288 9333 

Fax: 088 − 288 9844 

E-mail: nlacademy@deloitte.nl 

Internet: www.deloitte.nl/academy 

Cancellation policy 

Please refer to our website for our Terms and 

Conditions and cancellation policy. 

Deloitte Academy reserves the right to cancel the 

course in the event of insufficient registrations. You will 

be informed about this on time. 


Contact us 


Wilhelminakade 1 

3072 AP Rotterdam 

Postbus 2031 

3000 CA Rotterdam 

Phone 088 288 9333 

Fax 088 288 9844 

nlacademy@deloitte.nl 

www.deloitte.nl/academy 

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its 

network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.nl/about for a 

detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. 

Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. 

With a globally connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and 

high-quality service to clients, delivering the insights they need to address their most complex business challenges. Deloitte has 

in the region of 200,000 professionals, all committed to becoming the standard of excellence. 

This communication is for internal distribution and use only among personnel of Deloitte Touche Tohmatsu Limited, its member 

firms, and their related entities (collectively, the “Deloitte Network”). None of the Deloitte Network shall be responsible for any 

loss whatsoever sustained by any person who relies on this communication. 

© 2014 Deloitte The Netherlands

Course Overview Cyber Security - Deloitte

Transform your PDFs into Flipbooks and boost your revenue!

Delete template?

Save as template ?