Training

Costs (excl. VAT)

• € 3,950 per participant
• € 10,500 per management team
• Maximum of 6 participants

Duration

1 day

Language and course materials

Dutch or English.

Who is it for?

Board members, executives, supervisory board members and C-levels (CEO, CFO, COO, CISO, CIO) who are or will be responsible for risk management, compliance, or digital transformation within their organisation.

Why this training?

Cybersecurity is no longer purely a technical topic. Executives and board members are increasingly being held personally accountable for cyber incidents and compliance with legislation such as the NIS2 Directive and the DORA Regulation.

Many management teams are still looking for a shared language and practical tools to effectively steer digital resilience. This training offers exactly that — without the need to be a technical expert yourself.

What will you learn?

In one intensive day, you will learn:

• Your responsibilities under NIS2, DORA or sector-specific regulations.
• How to develop the right KPIs and dashboards for monitoring cyber resilience.
• When to escalate or act during an incident — and who you’ll need to involve.
• How to prevent cyber from remaining ‘just an IT issue’, and how to stay in control during audits or incidents.

Outcomes after completion

• You’ll have a clear overview of your obligations, risks, and mitigating measures.
• You’ll know which questions to ask your CISO, IT partner, or risk officer.
• You’ll make informed decisions about strategic choices, investments, and incidents.
• You’ll have a set of practical scenarios and checklists to stay sharp in your role.

Location

Nieuwe Vogels Campus (Vianen) or in-company.

Costs (excl. VAT)

• € 895 per participant
• € 4,500 per team
• Maximum of 6 participants

Duration

1 day

Language and course materials

Dutch or English.

Who is it for?

This workshop is intended for compliance leads, IT risk officers, and security professionals who want to translate NIS2 requirements into a concrete roadmap. It’s also suitable for NIS2 programme managers.

Why this workshop?

The NIS2 Directive requires more from organisations than just technical measures. You must be demonstrably ‘in control’ of your digital resilience – including executive involvement, risk management, and incident response.

Many organisations already meet parts of the NIS2 requirements through existing obligations such as the GDPR, ISO 27001, or sector-specific legislation (like DORA or NEN7510). Reinventing the wheel is inefficient and unnecessary. This workshop teaches you how to reuse existing processes and controls smartly – and only add what’s truly needed. This keeps NIS2 both achievable and workable.

What will you learn?

In one intensive day, you’ll learn:

• What NIS2 requires from your organisation and your role.
• How to perform a gap analysis using the NIS2 core requirements.
• How to create a realistic implementation plan, with quick wins and proper governance.
• How to build on existing measures from GDPR, ISO, or your sector.
• What controls, reports, and processes you need to be ‘audit ready’.

Outcomes after completion

• You’ll have a high-level first gap analysis completed.
• You’ll have a tailored action plan for your organisation.
• You’ll know which stakeholders to involve and what their role is.
• You’ll be prepared for audits, reporting duties, and incident escalation.
• You’ll recognise overlap with other compliance requirements and make the most of your existing systems.

Location

Nieuwe Vogels Campus (Vianen) or in-company.

e-CF competencies:

E.3 Risk Management, D.1 Information Security Strategy

Costs (excl. VAT)

• € 1,295 per participant
• € 7,500 per team
• Maximum of 6 participants

Duration

2 days

Language and course materials

Dutch or English – depending on participant preferences.

Who is it for?

Security specialists, auditors, risk managers, and policy advisors working on the structural improvement of cybersecurity measures.

In this workshop

You’ll dive into all 18 CIS Controls and learn how to apply the ‘Implementation Group’ (IG1–IG3) maturity model. Through mini-lectures, group cases, and practical assignments, you’ll work with concrete evidence, assess maturity, and translate results into improvement plans. You’ll also learn how to use CSAT (CIS Security Assessment Tool), the Risk Assessment Methodology (RAM), and the role of the Community Defense Model (CDM).

What will you learn?

Over two intensive days, you’ll learn:

• How the 18 CIS Controls are structured and what they focus on
• The differences between Implementation Groups (IG1–IG3) and how to apply them
• Which tools, evidence, and documentation are needed to demonstrate controls
• How to link risks to maturity levels per control
• How to use CIS as a bridge between IT, security, and compliance

Outcomes after completion

• Translate CIS Controls into concrete measures for your organisation
• Assess maturity per control and support it with evidence
• Carry out a CIS assessment and report on it
• Demonstrate measurable progress towards audits and security goals

Location

Nieuwe Vogels Campus (Vianen) or in-company.

e-CF competencies:

E.3 Risk Management; B.4 Solution Deployment; A.7 Technology Trend Monitoring

Costs (excl. VAT)

• € 1,295 per participant
• € 7,500 per team
• Maximum of 6 participants

Duration

2 days

Language and course materials

Dutch or English – based on participant preferences.

Who is it for?

System and infrastructure admins, cloud/platform engineers, DevOps and security specialists looking to implement a standardised hardening approach.

In this workshop

This intensive bootcamp teaches you how to harden systems, applications, and cloud services using international CIS standards. You’ll start by exploring the 18 CIS Controls (what needs to be secured – and why), followed by a deep dive into the CIS Benchmarks (how to harden systems in practice).

Through hands-on labs, you’ll apply this directly: running benchmark analyses, balancing usability and security, and finishing with a compliance check and reporting. You’ll develop a repeatable approach that makes your environment both demonstrably secure and workable.

What will you learn?

Over two intensive days, you’ll learn:

• How the 18 CIS Controls relate to the Community Defense Model
• How to apply CIS Benchmarks to systems, applications, and cloud services
• How to assess trade-offs between usability and security
• How to perform a baseline audit using tools and scripts
• How to justify and document exceptions for compliance

Outcomes after completion

• Assess your environment against a CIS Benchmark and report your findings
• Create a plan to make your systems both compliant and manageable
• Carry out hardening using a repeatable methodology
• Account for chosen configurations in audits or management reporting

Location

Nieuwe Vogels Campus (Vianen) or in-company.

e-CF competencies:

C.5 Configuration Management; C.3 Service Delivery; B.4 Solution Deployment

Costs (excl. VAT)

• € 1,295 per participant
• € 7,500 per team
• Maximum of 6 participants

Duration

2 days

Language & course material

Dutch or English – depending on participant preferences.

Who is this for?

For Microsoft 365 administrators, cloud architects and security specialists who want to harden their tenant based on an international standard — without compromising productivity.

Why this workshop?

Microsoft 365 is at the heart of many organizations — and a highly attractive target for attackers. Think account takeovers, abused mail rules or vulnerable default settings.

Many teams lack a concrete plan to make configurations demonstrably secure. This bootcamp provides exactly that: a hands-on approach to hardening your tenant using the CIS Microsoft 365 Benchmark; smart, structured, and tailored to your environment.

What will you learn?

In two intensive days you’ll learn:

• How the CIS Benchmark for Microsoft 365 is structured and what it assesses
• Which components of your tenant are critical for baseline security
• How to identify deviations using audit tools and scripts
• How to create a manageable hardening plan that fits your own environment

Outcomes after completion

After this training you’ll be able to:

• Apply the CIS Benchmark to your Microsoft 365 tenant
• Clearly demonstrate where your configuration meets — or does not meet — recommended settings
• Set up a verifiable and repeatable security baseline using scripts and templates
• Substantiate your choices for audits, compliance or IT management

Location

Nieuwe Vogels Campus (Vianen) or in-company.

e-CF competencies:

C.5 Configuration Management; C.3 Service Delivery; B.4 Solution Deployment; E.3 Risk Management

Costs (excl. VAT)

• € 895 per participant
• € 4,500 per team
• Maximum of 6 participants

Duration

1 day

Language and course materials

Dutch or English – based on participant preferences.

Who is it for?

• Management team & executive board – decision-makers and crisis leaders
• Key stakeholders – product, risk, or compliance owners
• SOC, Infra & DevOps teams – technical first responders
• Communications & PR – those responsible for internal and external messaging

Why this workshop?

Incident response is not a paper process – it’s teamwork under pressure. In this workshop, all participants take on their real-life role in a realistic cyber crisis simulation (e.g. ransomware or cloud data breach).

The facilitator feeds the team with new ‘injects’: forensic findings, signs of escalating threats, supplier issues or technical complications. Every decision is made out loud, assigned, and logged on a clear timeline. After each round, a short ‘hot wash’ captures improvement points immediately.

This exercise leads to demonstrable process improvement and awareness – far more effective than rewriting policy periodically.

What will you learn?

• How to escalate, communicate and decide quickly and effectively under time pressure
• How to identify and improve gaps in runbooks and agreements
• How to conduct an After-Action Review (AAR) and set clear priorities
• How to facilitate a tabletop simulation within your own organisation

Outcomes after completion

• A structured timeline of the crisis scenario with actions, insights and improvements
• A concrete improvement plan with priorities based on real-world behaviour
• Clarity on who takes which role during incidents – and when
• Improved collaboration between tech, business and leadership

Location

Nieuwe Vogels Campus (Vianen) or in-company.

e-CF competencies:

D.1 Incident Management; E.3 Risk Management