Cybersecurity Maturation Methodology Training
Where Product Security meets Cybersecurity
The Boeing Company’s Cybersecurity Maturation Methodology (CMM) training was created in close coordination between Boeing Phantom Works and CT Cubed Inc. to fill a void in the professional education and training of Product Security Engineers, Systems Engineers, and Mission System Software Developers.
If you are interested in a customized training course similar to the CMM to meet the specific needs of your company, reach out to us for more details.
Who Should Attend (Only open to Boeing-approved companies and employees)
Recent engineering college graduates
Product Security Engineers
Systems Security Engineers
Mission Systems Software Developers
Boeing supplier and customer Engineers
What Students Will Learn
By taking the CMM training, students will learn realistic threats to embedded systems, current adversary tactics, and the appropriate selection of security controls within a financially constrained environment. Students will also gain hands-on experience with the CMM using Boeing Proprietary processes and documentation.
Students will be exposed to the entire production cycle from Request for Proposal to competitive demonstration. Students will learn to secure the platform each day as they work through challenging lab scenarios from attack tree development through risk analysis and security control tailoring. During the training capstone event, students will employ the lessons learned throughout the week against a thinking adversary and they will receive immediate feedback about their decisions.
5-DAY TRAINING
Students Will Be Able To
Identify the unique challenges of embedded systems
Understand the strengths & weakness of common data buses
Recognize the unique defense-in-depth aspects of platform systems
Develop platform attack surface diagrams
Think like the adversary & develop attack tree diagrams
Conduct risk assessments & develop first and second pass risk cubes
Identify residual risk
Identify the necessary security controls for a given platform
Translate security controls into requirements to pass to suppliers
Balance platform performance & security requirements
Understand the “so what” behind compliance requirements
Make future-proof security design decisions and stop the “prisoner of legacy” condition
Apply Boeing’s proprietary CMM processes to give your company a competitive advantage
Syllabus
Academics
Boeing Defense, Space & Security (BDS) Cybersecurity Maturation Process (CMM) Overview
Security Architectures
Embedded Systems
Data Buses
System Integrity
Software Assurance
Defense-In-Depth
Labs
Attack Surface
Attack Trees
Risk Assessment: 1st Pass Risk Cubes
Security Controls Tailoring Part 1
Security Controls Tailoring Part 2
Residual Risk: 2nd Pass Risk Cubes
Capstone
Live gamification play as students take on the role of the operator
Multi-round competitive down-selection between student teams
MOUSE
The MOUSE (Mobile Optical Ultrasonic Sensor Explorer) links all lessons and labs together. It is an unclassified, strictly academic, virtual, online learning environment. It supports other training material such as the MOUSE concept of operations (CONOPS), attack surface, and information system boundary. The MOUSE itself is a system-of-systems that includes communications, navigation, identification (CNI), system storage, sensors, vehicle management, and mission computer subsystems.
Reviews
Press
As featured on Boeing News Now article: Not Just Any Game of Cat and Mouse Boeing-developed cybersecurity training offers interactive hands-on training to engineers, suppliers and customers.
Student Experiences
It is a course that largely covers what would normally encompass skills gained over the course of years. I think ALL product security folks, no matter time in company, should take this class.”
– Boeing Senior Product Security Engineer
I think you packed a lot of information and thought process in a short period of time, and delivered it in a fun, engaging way! I really enjoyed your knowledge, organization, and delivery of the material.’
– Boeing Senior Software Security Engineer
I really enjoyed your course! This training has definitely set a solid framework that I can use moving forward into this Industry.’
– Boeing Systems Security Engineer
Training and Pricing
If you are a Boeing employee contact us to so we can direct you to the internal Boeing contact for scheduling. After completing the training, students will receive a memo certifying the completion of the 40-hour CMM training. This memo can be used by students to serve as proof when logging continuing education unit requirements for industry certifications.
Contact us for questions.
1-888-638-6814 | [email protected]