1. Practical Infrastructure Protection according to ISO/IEC 27001 and ISO/IEC 27002

A technical course on the implementation and maintenance of modern security controls within corporate IT infrastructure. The program covers asset inventory, developing a Role-Based Access Control (RBAC) model, applying the Principle of Least Privilege (PoLP) and Zero Trust, protecting administrative accounts, Multi-Factor Authentication (MFA), PAM/PIM approaches for privileged access management, ZTNA for secure remote connectivity, and account lifecycle management. A dedicated technical module focuses on network segmentation and microsegmentation, firewall configuration, secure configuration of servers and workstations, operating system hardening, patch management, vulnerability management, EDR/XDR endpoint monitoring, backup and recovery, security event logging, centralized log collection, baseline SIEM use case configuration, suspicious activity monitoring, and incident response. Additionally, the course addresses the preparation of technical regulations, access control matrices, vulnerability reports, audit logs, and the compilation of evidentiary artifacts for internal or external audits. The program is designed in strict alignment with the requirements and guidelines of ISO/IEC 27001 and ISO/IEC 27002.

2. Cloud Infrastructure Security according to ISO/IEC 27017 and ISO/IEC 27018

A technical course on securing cloud and hybrid infrastructures, focusing on the practical security of IaaS, PaaS, SaaS, container platforms, and managed services. The program covers the Shared Responsibility Model between the customer and the cloud service provider (CSP), building a secure cloud architecture, designing a landing zone, configuring tenant isolation, organizing network segmentation, private endpoints, security groups, firewall rules, bastion host access, VPN/Direct Connect channels, and secure administrative perimeters. A dedicated module focuses on Identity and Access Management (IAM) and configurations in the cloud: setting up IAM, role-based models, service accounts, workload identity, federated access, MFA, the Principle of Least Privilege (PoLP), and monitoring privileged activities via PAM/PIM approaches. The course examines cloud hardening, secure configuration of virtual machines, managed databases, Kubernetes clusters, container registries, serverless functions, API Gateways, object storage, backup services, and logging systems. Special attention is given to data protection in cloud environments: data encryption at rest and in transit, management of keys, secrets, and certificates, KMS/HSM, secrets management, controlling public access to storage, protection of Personally Identifiable Information (PII) in the cloud, implementation of DLP/DCAP/DSPM approaches, anomaly monitoring, and the detection of insecure configurations. The course also explores CSPM, CWPP, CNAPP, Cloud SIEM, cloud-native logging, audit trails, vulnerability management, image scanning, runtime protection, threat detection, cloud incident response, and the compilation of evidentiary artifacts for audits. The program is designed in strict alignment with the requirements and guidelines of ISO/IEC 27017 and ISO/IEC 27018 regarding cloud service security and PII protection in cloud environments.

3. Practical Personal Data Protection: GDPR, ISO/IEC 27701, and Other Regulatory Frameworks

A practical course on the design and technical implementation of personal data protection processes. The program covers data flow inventory, maintaining Records of Processing Activities (RoPA), personal data classification, defining the roles of operators, controllers, processors, and sub-processors, configuring lawful bases for processing, consent management via Consent Management Platforms (CMP), fulfilling Data Subject Access Requests (DSARs), and conducting Data Protection Impact Assessments (DPIA) and privacy risk assessments. The technical module includes data minimization and masking, pseudonymization and anonymization, encryption at rest and in transit, access control at the application, database, and file storage levels, logging of operations involving personal data, data export controls, DLP and DCAP mechanisms, data retention management, secure data erasure, and the application of Data Security Posture Management (DSPM) approaches to identify sensitive data within the infrastructure. Additionally, the course addresses cross-border data transfers, vendor/processor oversight, preparation of evidence packs for regulatory inspections, analysis of common non-conformities, and the implementation of Privacy by Design and Privacy by Default principles in products and business processes. The program is designed in alignment with the requirements and guidelines of the GDPR, ISO/IEC 27701, and other applicable personal data protection laws.

4. AI Systems and AI Agents Security according to ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM Applications, and OWASP Agentic AI Threats and Mitigations

A technical course on securing artificial intelligence systems, LLM applications, and agentic solutions across the entire lifecycle: from model selection and data preparation to corporate system integration, operation, and monitoring. The program covers AI risk management, use case classification, control over training and fine-tuning data, protection against sensitive data leaks, prompt injection, prompt leaking, model abuse, data poisoning, insecure output handling, and insecure integration with external services. A dedicated technical module focuses on the security of AI agents: restricting agent permissions and scope of action, controlling connected tools, APIs, and external commands, sandboxing, human-in-the-loop for critical operations, access control to corporate systems, protection of agent memory, context management, logging of agent actions, monitoring call chains (execution traces), and preventing unauthorized command execution. The course also explores guardrails, policy enforcement, AI system red teaming, resilience testing against adversarial prompts, AI service provider oversight, and the preparation of evidentiary artifacts for internal or external audits. The program is designed in alignment with the requirements and guidelines of ISO/IEC 42001, NIST AI RMF, OWASP Top 10 for LLM Applications, and OWASP Agentic AI Threats and Mitigations.

5. Payment Infrastructure Security according to PCI DSS and Central Bank Requirements

A technical course on securing payment infrastructure, payment data processing systems, and services related to the acquiring, transmission, storage, and processing of card data and financial transactions. The program covers PCI DSS requirements for the Cardholder Data Environment (CDE), CDE segmentation, PAN (Primary Account Number) protection, and the configuration of network perimeters, firewalls, WAF, and IDS/IPS. It also explores access management, MFA, security event logging, vulnerability management, and regular scanning and penetration testing. A dedicated technical module focuses on Central Bank requirements for information security in financial institutions. This includes operational risk management, securing remote banking channels, user and administrator activity monitoring, incident monitoring, anti-fraud mechanisms, payment API security, cryptographic key management, ensuring high availability, and compiling evidentiary artifacts for internal or external audits. The program is designed in strict alignment with PCI DSS requirements and guidelines, as well as the regulatory and methodological documents of the Central Bank regarding information security and cyber resilience in the financial sector.