Cyber Security Specialist

///

The main purpose of the course is to provide practical knowledge of the technical and organizational aspects of cyber security. The studies focus on the practice of information security and protection. However, to the necessary extent, they also cover the issues of cyber security management and its legal aspects.

Cyber security is a key issue in the modern world. The challenges of information security and protection have become a everyday reality not only for businesses, but also for individuals – exposed to a wide range of threats. It is a very broad multidisciplinary field of knowledge that is rapidly and constantly evolving.

Surveys of industry organizations clearly indicate the huge shortage of specialists available on the market – the numbers reach hundreds of thousands of people needed, which clearly gives shape to labor market demand according to the well-known laws of supply and demand. However, many people, even if they want to gain knowledge in this area, are unsure how to get started and how to structure the learning process.

Are you interested in this direction?

Sign up

Main benefits

214 hours of practical lectures and workshops

Our goal is to provide an in-depth knowledge of cyber security, not just a general overview of the topic. To achieve this, we have created a program that includes 214 hours of lectures and workshops – the amount necessary to really master such a difficult and broad topic.

Excellent staff of lecturers  

Classes taught by practitioners with years of experience in information security and protection. Classes are taught by cyber security executives, leaders who create and manage SOCs, architects, consultants, experts and auditors and others.

We focus on practice

Our postgraduate courses are designed to provide the practical, reliable knowledge necessary in the daily work of a cyber security specialist. We therefore use active teaching methods (so-called, learning by doing), including case analysis, group work and, above all, workshops that allow us to test the acquired knowledge in practice. The study program includes the following workshops:

  • safety tests,
  • ethical hacking, 
  • securing Cloud Computing environments,
  • incident management workshops, 
  • our partners’ workshops.

A highly paid profession with a future

This course facilitates the acquisition of an extremely interesting, challenging and therefore helping you grow and, what’s also important, very well-paid and rewarding job. Graduates can find employment as SOC staff, specialists, and cyber security consultants in the private and public sectors.

As part of our postgraduate studies, we offer professional development support and facilitate contact with potential employers.

Social event and networking 

We emphasize networking among cyber security professionals. Both the classes and also the planned networking event will allow new contacts to be made and professional experiences to be exchanged.

CPE Education Credits (ISACA) 

Graduates of our study receive 204 CPE credits in the certification process conducted by the ISACA association.

Hybrid mode classes 

Up to 20% of the lectures will be held in an online format. This will save considerable time and, in the case of visitors, reduce costs. All workshops are organized on site.

LAW TECH NET  

Graduates gain the opportunity to further deepen their knowledge and networking within a community of people interested in various aspects of new technologies, including cyber security (“graduate club”) created in cooperation with the AI LAW TECH Foundation. Details are coming soon on the foundation’s website.

During the course of the study, students will learn:

  • subject of so-called “best practices” in information security and protection,
  • methods and techniques used by hackers to break through security and obtain information,
  • offensive tools used by cyber criminals,
  • tools used to protect against intrusions,
  • techniques and methods of hacking into information systems,
  • intrusion detection tools,
  • methods for using and configuring “cloud” solutions in a secure manner (cloud computing),
  • tools related to blockchain technology – especially with regard to the issue of “digital money” security,
  • ways to use mechanisms of so-called “artificial intelligence” to support security,
  • the realities of working in a SOC team,
  • requirements and methods of information systems audits,
  • requirements and methods for estimating risks and ensuring business continuity
  • principles of the national cyber security system operations, including requirements for incident management,
  • selected legal aspects of cyber security, including computer crimes, information protection, employment basics for specialists and consultants,
  • opportunities for further professional development and certification.

Participation in postgraduate studies is recommended primarily for:

  • people working or intending to work in SOC (Security Operation Center) of private companies and public institutions,
  • cyber security specialists and consultants,
  • cyber security managers in private companies and the public sector,
  • employees of key service operators and digital service providers responsible for ensuring information security and protection,
  • Data Protection Officers (DPOs),
  • those wishing to change their professional profile,
  • all those wishing to systematize, deepen or broaden their knowledge primarily in the technical aspects of cyber security.

Study program

Introduction to information security and protection 

The subject “Introduction to Security Testing” is designed to familiarize the student with the realities of the work of an IT security specialist.IT security professionals use on a daily basis. The course will introduce the student to the most important concepts of application and infrastructure security testing – including what penetration testing is, for what purpose it is performed, and how it differs from vulnerability assesssment scans or simulation of a real-world attack on a given system (red teaming). During the course, special emphasis will be placed on the practical part, where students will learn to use penetration testing tools and vulnerability scanners that of an IT security specialist.IT security professionals use on a daily basis. By completing the course, the student will be able to distinguish the most important concepts and elements related to security testing. In addition, during the practical workshops, the students will learn the most popular methodologies for conducting security tests, perform threat modeling, develop test scenarios and prepare a test report on a selected application.

Introduction to IT 

The purpose of the course is to fill the gaps in information technology for those who have had less exposure to the issue, and to systematize and refresh knowledge for the rest. The class will present basic concepts, a historical outline of the development of the field, and discuss technical issues to develop an understanding of IT.

The role and organization of SOC in business 

In light of increasingly sophisticated cyber attacks, rapid response time to cyber security incidents is an essential prerequisite for the safe operation of a business, as well as a requirement for meeting the rules and regulations that modern businesses are increasingly subject to. The class aims to introduce the role of the Security Operation Center (SOC) both in terms of security mechanisms and information protection, and in terms of the location of such units in the overall structure of the enterprise. Issues of creating this type of unit (PPT – People, Process, Technology) will be discussed. Information on sample SOC structures, their dimensioning and the type of qualifications needed will be presented. During the lectures we will also discuss issues related to the cooperation of the SOC team with other Cyber Security units and with other organizational units of the enterprise.

Cryptography 

The lectures will also include the introduction the basic elements of cryptography and encryption, including symmetric and asymmetric key encryption. Practical aspects of using cryptography will be discussed.

Operating systems security 

In the lectures, students will learn about security threats to operating systems and the targets and methods of attacks on systems. Differences in the approach to security in different operating system families will be presented, as well as models for providing security and ways to counter attacks. We will also discuss, methods of hardening the configuration of operating systems based on the main families of systems and ways to protect integrity. The students will also learn about data storage mechanisms in the context of system security.

Network security 

The lecture covers an introduction to network security issues, with a particular focus on system interoperability taking place on the Internet. As part of the lecture, participants will learn about different types of threats and attacks on IT infrastructure and methods of counteraction. Security services and threat modeling using flowcharts will also be discussed. Students will also learn about tools to help ensure network security.

Physical security 

During the classes the subject of physical security will be discussed. The topics of the classes will cover both mechanical security measures and closed circuit television (CCTV) systems, alarm systems, access control systems (including biometric).

Security of mobile applications and devices 

The class will provide an understanding of information security and protection issues in the context of mobile applications and devices. Security mechanisms of technologies used to develop applications, technologies used to manage mobile devices, the most popular methods of breaking through security will be presented. In addition, the class will include information on security in terms of the mobile systems ecosystem – particularly the telecommunications infrastructure.

Cloud computing security 

An introduction to cloud security, with special emphasis on AWS and GCP, which are among the most popular cloud platforms today.

The course will consist of a discussion of the basics and history of the cloud – what the cloud is, why it was created, and what IaaS, PaaS, SaaS, FaaS and HaaS are.

The benefits of using the cloud will be discussed, as well as the biggest threats and risks associated with it.

In addition, the most important services related to the security of both platforms will be presented, including those related to monitoring or alerting or managing access and identity of cloud users. The theoretical part will be combined with practice, during which students will be able to learn about modern methods of attacking, as well as assessing the security of cloud infrastructures.

Basics of design and architecture in the area of information systems security 

The class will provide an overview of information systems security architecture. Popular framework structures will be discussed in order to plan information protection accordingly. Typical security architecture objectives (including in corporate terms), and selected methodologies will be presented.

Security as a strategic element of the enterprise architecture 

The subject will allow to plan security in the context of building it into the structure of the organizational unit. Typical motivations for implementing protective measures, proper placement of security departments and cyber security officers will be discussed – along with a discussion of typical examples (along with popular yet suboptimal or flawed cases). The economics of cyber security and techniques for estimating the return on investment of information protection measures will be discussed.

Cyber security management 

The lectures will familiarize students with the theoretical and practical aspects of building a cyber security program in organizations of various types. Participants will be introduced to the topics of identifying an organization’s critical assets, creating a threat model, risk management, compliance with standards and regulations, and creating and executing a security strategy based on best practices. Topics related to team building, working with service providers, maintaining the right relationships with key stakeholders, and presenting team results will also be covered. The students will also receive information on additional materials to deepen their knowledge in selected areas.

Risk and business continuity management 

The purpose of the class is to present the applicable requirements and good practices in the area of systemic risk management for ensuring business continuity of the organization and to improve risk management skills, such as: risk identification and analysis, risk response, risk handling. During the class, students will be introduced to a practical approach to the risk management process vs. IT risk management, and will develop skills on examining the criticality of resources, communicating and reporting on risks and emergencies.

Curriculum:

  1. Legal, organizational and cultural basis for systemic risk management and business continuity in various organizations (case study) – lecture – 2h 2. Best practices for risk management and business continuity – COBIT, ISO 31000, ISO 27001, ISO 22301 – lecture – 1h.

 

  1. Strategy and framework structure of risk management in the organization – workshop -1h. 4. Risk management process – methodology with tools – workshop – 1h. 5. Business continuity management process – examining the criticality of the organization’s resources (BIA, RTO, RPO) and communicating a crisis situation – workshop – 1h.

Secure SDLC – creating secure applications 

The subject will introduce the issue of System Development Life Cycle (SDLC). In a modern enterprise, software creation and development should follow a certain order. The software development life cycle, or SDLC, is a broadly defined process that helps plan, build, test and maintain software. The class will cover the basic stages of the SDLC – from Planning and Analysis Requirements, through Design, Coding and Testing to Deployment and Maintenance. The basic SDLC methods and methodologies will also be discussed, along with an identification of their advantages and disadvantages, both those in use for a long time (e.g. Waterfall) and the newest ones – such as Agile and DevOps. During the classes Secure SDLC methods and methodologies aimed at introducing security elements at the earliest possible stages of software development will also be discussed.

Compliance and information security management (norms and standards) 

The subject is intended to introduce the issues of so-called compliance in terms of requirements, so-called best practices in the field of information security and protection. Normative issues and key standards globally will be discussed. The subject also aims to demonstrate how the requirements in this area affect the overall level of security, and how to apply this issue to support business in the implementation of tasks.

Among other, during the lecture the following topics will be presented:

  1. Compliance in an organization – why should it be implemented?
  2. IT compliance in business – Polish IT regulations
  3. ISO 27000 – a family of international standards standardizing information security management.
  4. ISO/IEC 27001 implementation project in an organization – a case study
Audit in information security and protection 

During the lectures on IT auditing, the students will learn what types of IT auditing are and why it is important for the organization’s risk management. Using an example developed by the Information Systems Audit and Control Association (ISACA), they will learn about the IT audit standard and selected audit methodologies. The requirements for those conducting IT audits will also be presented. During the class the students will be provided with materials to assist in the development of an IT audit program.

Cyber warfare 

The lecture will present issues related to the development of a new form of armed conflict-cyber warfare. The differences between a cyber incident, cyber conflict and cyber warfare will be discussed, as well as the key elements of Advanced Persistent Threat (APT) attacks. Using the examples of Georgia, Iran, Russia and the current situation in Ukraine, the evolution of international disputes and conflicts in cyberspace will be presented.

Cyber security inteligence (open-source intelligence) 

Cyber security intelligence presents the problem of intelligence in cyberspace using traditional and modern methods of intelligence, psychological, technological, special tasks. OSINT, HUMINT, TECHINT, new cyber-intelligence technologies, operating techniques. Legal aspects of cyber warfare under international and domestic law. Cyber intelligence institutions and non-governmental groups.

Computer forensics 

The subject is intended as an introduction to computer forensics. Topics in historical and contemporary methods developed by digital forensics will be discussed, as well as contemporary opportunities and limitations. Issues related to digital evidence and legal aspects of the aforementioned topic will also addressed.

Social Engineering 

Social engineering is a branch of cyber security that deals with exploiting human emotions, gullibility and ignorance to gain access to sensitive information or resources. The goal is to trick the user into performing a certain action or revealing important information, such as passwords, bank account numbers, etc. Social engineering can be done through various channels, such as emails, phone calls, social media or direct interactions with people. In order to protect against such attacks, it is important for users to be aware of the possibility of social engineering and learn how to recognize and avoid such situations.

The following topics will be presented during the class:

1. Introduction to social engineering: what it is and its primary targets and types of attacks.

2. Social engineering techniques and tactics: the most common techniques and tactics, such as phishing, baiting, vishing and many others, used to gain access to sensitive information.

3. Psychology in social engineering: how people react to social engineering attacks and how these reactions can be used to gain access to information.

4. Protection against social engineering: how organizations and individual users can protect themselves from social engineering attacks, including through training, security policies and technical protection measures.

5. Practice and case study: participants will have the opportunity to take part in exercises and case studies that will help them better understand and apply the knowledge they have gained in practice.

6. Discussions and questions: at the end of classes there will be time for discussion and answering questions on social engineering issues.

An overall goal of the class is not only to familiarize students with the basics of social engineering, but also to learn how to recognize and avoid attacks and how to protect themselves.

New challenges in cyber security 

Artificial Intelligence: 

The lecture will introduce participants to the basic issues that are involved in the use of (broadly defined) artificial intelligence in cyber security. We will discuss both the ways in which techniques/algorithms derived from machine learning and artificial intelligence can be used to help secure computer systems, as well as the dangers of being able to launch attacks on learning systems.

The lecture will introduce:

Basic information about machine learning, neural networks and deep learning

  • From simple spam detectors to GANs networks and deepfake.GAN oraz deepfake.
  • Zastosowanie sztucznej inteligencji w cyberbezpieczeństwie (detekcja nadużyć w bankowości elektronicznej, sposoby przewidywania ryzyka ataku, identyfikacja i priorytetyzacja zagrożeń, automatyzacja)
  • Hacking AI – przegląd typowych ataków (na systemy uwierzytelniania, autonomiczne, medyczne) oraz zagrożenia związane z atakami na systemy uczące się.

Quantum computers:

W ramach wykładu przedstawione zostaną zasady działania komputerów kwantowych, problematyka kryptografii kwantowej i postkwantowej oraz łączności kwantowej. 

Blockchain 

Incident management 

The goal of the workshop is to put into practice the knowledge gained in lectures, expanded to include elements of computer forensics. We will learn to take appropriate action in response to an incident. We will identify incidents by analyzing monitoring events. We will try to limit losses by isolating resources. We will coordinate damage restoration and operational recovery. Finally, we will prepare an incident report with lessons learned. Based on the experience, we will consider how to prepare well for handling incidents in the organization.

National cyber security system 

The lecture will introduce the functioning of the national cyber security system in the context of the law and the application of regulations after 5 years. Detailed powers, duties and competencies of the subjects of this system will be discussed, taking into account practical aspects. It will be indicated what changes have been made, what are being designed, and explain whether they are solutions implementing EU law or respond to needs identified at the national level. At the same time, the knowledge provided during the lecture will support the answer to the fundamental questions of whether the system is complete, orderly, whether it meets expectations, and whether it could be constructed differently.

Legal aspects of cyber security 

The purpose of the lecture is to present basic legal issues in the field of cyber security. European Union regulations and national laws will be discussed. In particular, the students will learn:

  • European cyber security regulations,
  • ENISA’s mission and position,
  • European cyber security certification systems and their role,
  • selected sector regulations: financial, medical, AI sectors,
  • rules for the protection of confidential information, including company secrets, protection of employer information, classified information,
  • legal liability rules for hacking, electronic eavesdropping, etc.,
  • intellectual property law challenges in cybersecurity (including legal aspects of reverse engendering),
  • cyber security agreements,
  • legal aspects of quantum technology.
Cyber Threat Intelligence

The subject is a practical introduction to Cyber Threat Intelligence, which is already an integral part of mature processes from security monitoring to incident handling to decision support for a company’s business units. During the lectures we will analyze several case studies in which CTI will help assess the situation to understand what we are up against, predict the attacker’s next steps, and find out who the attacker might be and what his intentions are. To do this, students will be introduced to mental models such as the Diamond Model, Cyber Kill Chain and the MITRE ATT&CK framework, thanks to which the acronym IOC will not be associated mainly with IP addresses, domain names or calculated hash values from files.

Workshops: Safety testing 

The subject will include a workshop to conduct a practical security audit and also practice other types of tests aimed at understanding the resilience of the subject/subject of the tests in the context of a possible security breach.

Workshops: Ethical hacking 

During the ethical hacking workshop, the following steps will be presented:

Planning and assessment – gathering information about a target system or network to understand its components and potential attack vectors.

Scanning and enumeration – the use of various tools and techniques to identify resources and systems that are connected to the network.

Vulnerability assessment – identifying and sorting out vulnerabilities that have been found in a system or network.

Exploitation – an attempt to use identified vulnerabilities to gain access to sensitive information or systems.

Reporting – presentation of a sample report that describes the results of the IT system security test, including recommendations on the variability of identified vulnerabilities.

In this class, students will learn about configuring test environments based on open-source software, and learning materials will be provided to help develop knowledge in the topic covered. Potential career paths in the field related to information systems testing will be discussed.

Workshops: Securing cloud computing environments 

As part of the class, participants will be given a toolkit for effective communication related to cyber security: starting with proactive communication, covering issues on safe online behavior, reactive communication, addressing incidents and their consequences. In short, participants will know how to write about cybersecurity so that the messages will attract attention, and their emails don’t end up in spam. The workshop is aimed at practical implementation of the knowledge accumulated in learning about information security and protection in cloud computing systems. Security mechanisms provided as part of various environments of this type will be presented for configuration.

Workshops: Incident Management 

The goal of the workshop is to put into practice the knowledge gained in lectures, expanded to include elements of computer forensics. We will learn to take appropriate action in response to an incident. We will identify incidents by analyzing monitoring events. We will try to limit losses by isolating resources. We will coordinate damage restoration and operational recovery. Finally, we will prepare an incident report with lessons learned. Based on the experience, we will consider how to prepare well for handling incidents in the organization.

Workshops: SOC Workshop 

More information will follow shortly.

Assesment center: The cyber security market 

In this class, students will learn about the potential of cyber security projects. Both the current dynamics of the development of the global cyber security market (niches, financing models, sales models, monetization models, innovation centers, etc.) and practical ways to commercialize ITsec knowledge through the creation of scalable technology projects, among other startups, will be discussed.

Assesment center: A career in cyber security 

The purpose of the class is to discuss skill development in the field of information security and protection. In addition, the issue of industry certifications, specializations and image-building issues will also be addressed. The class will also address professional networking.

Assesment center: Certifications in the context of a career in cyber security 

The class will explore in-depth issues related to certification in information security and protection.

“A resume presents your skills but it’s the certificate that proves them” During the lectures, the audience will learn about:

  • the most important certifications that provide the best earnings in the cyber security field, (CISA, CISM, CRISC, CSX, CISSP, CEH, etc.)
  • Which legal acts require which certifications to undertake selected tasks in the area of cyber security,
  • the differences between certification and a certificate.

They will also learn:

  • what is the range of knowledge needed to pass the exams, for the most popular and significant certifications,
  • what conditions beyond passing the exam are needed to obtain certification,
  • what is required to sustain the validity of the certification.

Assesment center: Communication in cyber security 

As part of the class, participants will be given a toolkit for effective communication related to cyber security: starting with proactive communication, covering issues on safe online behavior, reactive communication, addressing incidents and their consequences. In short, participants will know how to write about cybersecurity so that the messages will attract attention, and their emails don’t end up in spam.

Partners

Main partner

HSBC

HSBC is one of the world’s largest banking and financial services organisations. Our global companies serve more than 40 million customers worldwide in 63 countries and territories.

HSBC Technology Poland is the HSBC’s strategic technology centre. HSBC Technology Poland develops and implements some of the most advanced and innovative technologies in the industry to make banking easier and safer for our customers.

The financial services industry continues to face increasingly sophisticated cybersecurity threats. Our dedicated, global cybersecurity teams provide 24/7 monitoring, detection, prevention and response, providing customers and colleagues with the best possible protection.

We invest heavily in business and technical controls and apply an in-depth approach to defence, taking into account the complexity of our environment.

 ISACA

ISACA is a precursor among associations dealing with cybersecurity, audit, supervision and IT control (isaca.waw.pl).
It was established more than 60 years ago in the USA and 25 years ago in Poland, and to this day it continues to gather professionals of various industries in its ranks, currently more than 160,000 members around the world.
The association supports members in their continuous professional development and motivates them to improve their professional qualifications. We promote extensive networking, i.e. meeting specialists involved in IT, audit, security, risk and governance.

We encourage to exchange experiences and share knowledge. Our members have many opportunities to exchange ideas, hold discussions and inspire each other. ISACA sponsors various industry events, thus providing access to conferences and presentations, very often at lower prices, or inviting to free events.
 ISACA is the issuer of many certificates both for professionals – the most well-known are e.g. CISA, CISM, CRISC – and for people who want to start a career in the security industry – e.g. CSX which includes certificates at different levels of competence.

ISACA certificates are recognised all over the world. In Poland, as many as four ISACA certificates were included in the list of audit certificates – these are CISA, CISM, CRISC, CGEIT (Regulation of the Minister of Digitisation of 12.10.2018;). Article 286 (1)(5)(a) of the Public Finance Act of 27 August 2009 lays down formal and qualification requirements for people who can conduct internal audit in public finance sector units – such a certificate is CISA (Certified Information Systems Auditor).

ISACA members can count on special prices for taking the exams as well as for renewing and maintaining the certificates.

Lecturers

Robert Pająk – Faculty AdvisorCISSP/CRISC/Senior ISO 27001 Lead Auditor

He currently holds the position of Information Security Director in Akamai’s security division. He leads a team responsible for managing compliance requirements in the area of cyber security (information security/compliance/security governance). He leads global projects demonstrating how Akamai meets the highest standards of information protection. Co-founder of the Affinity Conference. Previously, he held various roles in security and data protection – most notably Head of Security at Future Simple Inc. (Base – currently ZenDesk) – a Silicon Valley-based company that develops innovative software. Prior to joining Base, he served as Head of Information Security for EMEA region at Herbalife. For more than 14 years he also served as CSO at INTERIA.PL (and ABI at RMF Group) – responsible for the areas of security, compliance, and privacy at one of Poland’s largest portals. Founder or co-founder and member of the audit committees of various Polish branches of organizations and associations dealing with security issues, in particular: OWASP/ISACA/ISSA. As part of his work at INTERIA.PL, he also built and led the R&D team. Passionate about security and technology. He actively lectures at various universities and conferences – on the topics of broad aspects of information protection, compliance, and modern threats. He cooperates as an expert with numerous companies and organizations, in Poland and abroad, dealing with information security in its broadest sense.
He’s active in the media, commenting on issues related to modern IT threats. Author of numerous articles for newspapers and guides, among others, Safety from A to Z. Holds numerous professional certificates, such as CISSP, CRISC, ISO 27001 Senior Lead Auditor. Co-author of monographs including “Legal Tech” (Beck ed.), “Legal Tech / Information Security in Legal Firms (Nomos ed.) and others.

Barbara Nerć-Szymańska – President, ISACA Warsaw Chapter

She heads the board of directors of the ISACA Warsaw Information Systems Audit and Control Association, an affiliate of the ISACA international association. Expert and manager working in the areas of cyber security, information security, IT risk assessment and business continuity planning. Co-founder and member of the Program Council of the Cyber Women Community- a collective that promotes and empowers women to discover their path in new-tech.

She obtained a master’s engineer’s degree, graduated from Warsaw University of Technology, she also completed management studies (Executive MBA,GFKM, IAE Aix-en-Provence Graduate School of Management) and banking studies (Warsaw University). She’s certified in information systems auditing and CISA and CISM information security management by ISACA.

She has been involved in the banking sector for years. At mBank, she implemented an identity and authorization management system, cyber security risk analysis, IT products and services, and external counterparty risk analysis. She is currently engaged in the development and maintenance of an IT security standards system. She previously ran the security hub for Central and Eastern Europe at Commerzbank, and before that at Bank ABN AMRO. She led an IT audit at Pekao S.A. bank, served as regional security officer at ABN AMRO bank and compliance officer at Invest bank. Privately, Bolognese dogs aficionada. She enjoys active leisure activities. Passionate about travel and skiing, both downhill and cross-country.

Tamara Rud, PhD.

Doctor of Social Sciences, graduate of the University of Warsaw. specializes in the subject of security in the Middle East region, an expert on cyber security and new technologies for protecting critical infrastructure and data, President of the Polish-Israeli Consortium for the Cyber Security of Poland, Israeli cyber intelligence analyst on Darknet.

Col. Łukasz Wojewoda

A graduate of the Jaroslaw Dabrowski Military University of Technology in Warsaw, with a degree in Electronics and Telecommunications, and the Polish-Japanese Academy of Computer Technology in Cyber Security. An officer with many years of experience in the areas of cyber security, communications and IT, and in particular in organizing and conducting processes for handling ICT security incidents and security testing of ICT systems.

He actively participated in the design and implementation of ICT systems for the required level of cyber security as well as in organizing and conducting cyber threat intelligence (CTI).

He co-founded and managed the Security Operation Center (SOC) in the Military Counterintelligence Service.

Representing the Ministry of National Defense, he co-founded the National Cyber Security System.

He’s certified as a GIAC Information Security Professional (GISP), a Certified Ethical Hacker (CEH) and others.

Marcin Wysocki

Civil servant with many years of work experience in government in the telecommunications and cyber security fields. He has worked at the Electronic Communications Authority and the Ministry of Digitization. Currently Deputy Director of the Cyber Security Department of the Prime Minister’s Office, a member of the team responsible for the proposed legal act on Electronic Communications, and the supervisor of the amendment to the Law on the National Cyber Security System. Graduate of law, administration, political science and postgraduate studies in new technology law.

Adam Jabłoński, Ph.D., Professor of the University

Chairman of the Board of Directors of the renowned OTTIMA plus Sp. z o.o. based in Katowice, founded in 1999. President of the Board of Directors of the Katowice-based Southern Railway Cluster, the only cluster from Poland that is among the founding members of the Unique European Railway Cluster Association (ERCI) registered with its headquarters in Brussels. Expert of the Polish Accreditation Commission. 

Academic Lecturer, Professor at the School of Banking in Poznań Director of the Institute of Management and Quality Sciences at the School of Banking in Poznań.

Graduate of many postgraduate studies and industry courses. Habilitated doctor of Economics in the field of management science.

He has created many innovative solutions for business and industry, and has led or been part of project teams for more than 2,000 expert and consulting projects domestically and internationally. Author of numerous monographs, publications, articles and scientific concepts published in Poland and internationally in prestigious publishing houses, including.Taylor & Francis Group – Routledge, Palgrave Macmillan, Springer Nature, Cambridge Scholar Publishing, Nova Publishers, IGI Global. He has authored many scientific articles published in global journals with high Impact Factor, including Sustainability, Energies, International Journal of Environmental Research and Public Health.

Long-time advisor to Polish and foreign companies on modern methods and techniques of strategic management and financial management, including business models, value management, performance management, corporate social responsibility mechanisms, Balanced Scorecard and Value Based Management.

The author’s research interests are focused on the issues of designing modern business models, especially digital business models, the issues of the functioning of the national and European cyber security system, and the principles of creating and implementing strategy and cyber security in organizations.

Jarosław Greser

Lawyer, doctor of legal sciences, assistant professor at the Faculty of Administration and Social Sciences at Warsaw University of Technology. Researcher specializing in the law of new technologies, particularly the regulation of medical technology, the Internet of Things and cyber security. He carried out the research project “Cyber security of the medical Internet of Things – a legal perspective” funded by the National Science Center. Member of the expert network at the European Commission Representation in Poland. Author of scientific publications on privacy, data protection and cyber security.

Wojciech Pilszak

Graduate of the Police Academy in Szczytno and the Faculty of Law and Administration at the University of Wroclaw. During his service in the Police Department, among other things, he supervised an international operation (deputy group leader in charge of the technical part) codenamed “Azahar,” targeting an international network of pedophiles sharing pornographic material with minors under 15 years of age via the Internet, and took part in the work of the Cyber Crime Group on behalf of the Police Headquarters during the French Presidency of the European Union. Since 2005 he has been an expert listed by the President of the District Court of Krakow in the field of computer forensics and criminal analysis. Content manager of the postgraduate program in computer forensics and lecturer at the postgraduate program “Management of Computer Networks and Information Security” at the University of Economics and Computer Science in Krakow. Member of the Employers’ Council at the Faculty of Mathematics and Computer Science of Jagiellonian University. Author and co-author of computer forensics and cyber security training projects carried out for the Army, Police, District Attorney’s Office and Courts. Speaker at multiple international scientific and specialized conferences on ICT security issues.  Founder and CEO of e-Detectives sp. z o.o.

Szymon Chadam

IT security specialist at SecuRing. He breaks down applications – both web and mobile – on a daily basis. He majored in Cyber Security at the AGH University of Science and Technology, so he is well aware of how to use a student’s limitless imagination in cyberspace. Mainly interested in the security of mobile applications on the Android platform. Among other things, he has spoken at OWASP Krakow meetings and as part of the “ZeroDay” scientific circle at AGH.

Social media:
* Linkedin – https://pl.linkedin.com/in/szymon-chadam

Certificates:
* eLearnSecurity Web Application Penetration Tester eXtreme (eWPTXv2)
* Burp Suite Certified Practicioner

Gen. Brig. r. Paweł Pruszyński

Lawyer, former deputy head of the State Protection Office and the Internal Security Agency in Warsaw, vice president of the Association for the Support of National Security. Expert of the National Association for the Protection of Classified Information on the protection of classified information and the Business Security Committee of the National Chamber of Commerce. Social engineering test expert of the Wielkopolska Association of Private Employers in Poznań. Lecturer at renowned Polish Universities, including Leon Kozminski Academy, Warsaw Business School, University of Silesia, Wszechnica Polska, Andrzej Frycz Modrzewski Krakow Academy, Social Academy of Sciences. He was Chairman of the Board of Directors of limited liability companies and joint stock companies. He is the author of dozens of publications in the subject of security. He participates in numerous debates and interviews for: TVN, TVP, Polsat, Super Station, PR, Onet.pl, Defence24.

Attorney Roman Bieda

Legal counsel and patent attorney at the Maruta Wachta Law Firm of Attorneys at Law. For almost 20 years, he has specialized in the broad field of new technology law.
President of the AI LAW TECH Foundation. Member of the Virtual Chair of Ethics and Law, a scientific consortium with the involvement of leading Polish universities, INP PAN, NASK, MC.
Chairman of the subgroup on legal aspects of AI in the Ministry of Digital Affairs’ expert team on the AI agenda. As part of the team’s work, he participated in the preparation of the “Foundation of the AI strategy for Poland.”

He is currently leading the work of the task force on Ethical and Legal Aspects of Artificial Intelligence (GRAI), established at the Prime Minister’s Office. The purpose of the task force is, among other things, to assist the Polish government in evaluating the AI strategy for Poland.
Member of the Sector Competence Council Telecommunications and Cyber Security. Member of the Commission for New Technologies at the OIRP Krakow. He was part of the Council  Digital Affairs Council for the second term, appointed by the Minister of Digital Affairs.
He teaches subjects related to intellectual property law and the law of new technologies at Kozminski University, the Warsaw School of Economics and the Upper Silesian University in Katowice.
He is a faculty supervisor and lecturer at the postgraduate program Law of Modern Technologies, postgraduate program Cyber Security Management and postgraduate program Business.AI Managing Artificial Intelligence Projects, conducted by Leon Kozminski Academy in Warsaw. He has taught legal subjects in MBA programs.

Paweł Przybyłowicz, Ph.D., professor of AGH

Paweł Przybyłowicz, Ph.D., professor of AGH, is an employee of the Department of Applied Mathematics at AGH. In January 2019, he received a postdoctoral degree in mathematics (WMS AGH). In 2022, he completed a postgraduate MBA in cyber security (Collegium Humanum) and obtained a Tutor Certificate (Collegium Wratislaviense). His research interests focus on the computational complexity of differential, stochastic and deterministic equations, Monte Carlo simulations using GPU graphics cards, and quantum computing. He also works on practical applications of differential equations and neural networks to model real-world phenomena such as option pricing, modeling energy consumption/prices and the course of epidemics. He is the recipient of two international awards: “Information-Based Complexity Young Researcher Award” (2012) and “Joseph Traub IBC Award” (2018). He was a DAAD (Germany) scholarship recipient in 2013, and has made research visits to Austria and Canada, among others. He has also participated/is currently participating (as a contractor or manager) in ten research projects (NCN, NCBiR). He has authored/co-authored about 40 scientific publications of international scope and is a member of the editorial committees of the mathematical journals Journal of Complexity (Elsevier Publishing House) and Opuscula Mathematica (AGH).

Gen. Brig. r. Włodzimierz Nowak

Cyber security systems architect, expert in business continuity of ICT, civilian and military systems. Practitioner in the construction, operation and protection of sensitive data in data storage and transmission systems, including for military missions in Iraq, Afghanistan, Libya and the Syrian borderlands. He has held many important positions both domestically and internationally, including:

– Authorized representative of the Minister of Digital Affairs for Cyber Security;

– T-Mobile board member,

– chief operating officer of the NATO Communication Services Agency,

– Chief of Staff/Deputy Commander NATO CIS Group,

– Director of the Department of Information Technology and Telecommunications of the Ministry of Defense,

– Head of the Communications and Information Technology Board of the General Staff of the Polish Army,

– Poland’s long-time representative to the Working Group of National Technical Experts
on Telecommunications (WGNTE/COM) at NATO Headquarters.

Marcin Szydłowski

He currently serves as Head of Security at Booksy, where he is responsible for the security of the platform, as well as all other aspects of information security within the organization.
Previously responsible for building a global team (Poland, Indonesia, Portugal) to handle the security of thousands of systems at Philip Morris International.
In the past, he has supported numerous international organizations in the area of security as a consultant for the consulting firm EY.
Outside of work, he is passionate about cyber security – a participant in numerous bug bounty programs and number 1 in Poland in terms of the number of bugs found on the Synack platform. Speaker at many local and international conferences – including OWASP 20th Anniversary, Confidence, TechRisk, OWASP Poland, SysOps/DevOps.

He obtained his professional education at the AGH University of Science and Technology in Krakow and the National University of Singapore. He holds industry certifications such as CISSP, CISA, AWS SAA, AWS SEC, GCP ACE, OSWE, OSCP, GCIH.

Małgorzata Mazurkiewicz, CISA

She graduated from the Faculty of Electronics at the Warsaw University of Technology with Master of Science degree in electronics. She has been in the IT industry for more than 26 years, including 20 years in banking. She has been working at one of the so-called Big Four (BIG4) companies for several months. Since 2005 she has been a member of ISACA (Information Systems Audit and Control Association) and is a Certified Information Systems Auditor (CISA). At work, she had the opportunity to lead IT projects, manage the IT department and the information security department, where she was responsible for implementing cyber security policies. She also served as Information Security Administrator. She is currently engaged in auditing IT processes in accordance with the COBIT methodology developed by the ISACA Association, among others projects. She follows the development of neuroscience and sees the need to change the approach to the issue of transferring knowledge in school and work, so that the process is effective.

Ireneusz Wochlik, Ph.D.

Biocybernetics and artificial intelligence specialist. Co-founder and CEO of Aigorithmics sp. z o.o., board member of the AI LAW TECH Foundation, lecturer in the postgraduate course Business.AI: Technology, Law, Application of Artificial Intelligence and co-founder of the postgraduate course Managing Cyber Security, conducted by Kozminski University, member of the Working Group on Artificial Intelligence (GRAI) at the Prime Minister’s Office, Leader of the Energy Subgroup. From 1997 to 2016, he worked at the AGH University of Science and Technology in the Department of Electrical Engineering, Automation, Computer Science and Biomedical Engineering as an assistant professor. He received his doctorate in technical sciences in 2005. He has included the results of his scientific work in more than 50 publications.

He has been involved in data analysis and the development of intelligent solutions to support business for more than 20 years. He specializes in broad digital transformation processes, as well as advanced data analysis based on Big Data, Machine Learning and Deep Learning tools. Speaker at a number of scientific and business conferences.

Łukasz Bobrek

Principal Security Consultant | Head of Cloud Security @SecuRing | Cloud | GCP | Android

https://www.linkedin.com/in/lukaszbobrek/

He has been involved in risk analysis, consulting and security testing of web and mobile applications for more than 6 years. He also specializes in cloud platform security, particularly Google Cloud Platform. He has participated in many projects for leading companies in the financial, insurance, retail and IT sectors.

Certifications: GWAPT (GIAC Web Application Penetration Tester), Google Cloud Professional Cloud Security Engineer

Selected publications: Security testing of applications dedicated to the Android platform, Possibilities of malware for mobile platforms, Guidelines on mobile application security – Android edition.

Presentations at conferences: Secure, GISec, Confidence, CyberSec, BSides, Affinity, and NGSec.

Paweł Kusiński

Senior IT security consultant at SecuRing since March 2020, specializing in cloud security.
Paweł performs penetration testing and infrastructure audits for a wide range of IT projects. His main area of interest is cloud security – specifically Amazon Web Services. He has experience in conducting AWS configuration reviews, as well as raising security awareness among project teams in this area.
Instructor of the advanced training course “Practical AWS Security”, and instructor of the subject “Penetration Testing” at the postgraduate course “Cyber Security” at AGH.

Social media:
https://www.linkedin.com/in/pkusik
https://medium.com/@pkusik

Anna Baranowska

She has been professionally involved in communications for more than 12 years. Previously associated with the media as a news journalist, she worked at the largest media stations in Poland (Onet, TVN24, RMF FM). She has been in the IT industry since 2017, and currently looks after communications in Cybersecurity at HSBC.

Outside of work, she is also passionate about communication – since this year she has been trying to communicate with a new family member, a large poodle named “Halka.” So far, with mixed results.

Dawid Krystkowiak

Global Head of Cybersecurity Risk & Controls Strategy and Head of Poland Cybersecurity Practice w HSBC. He has been with HSBC for more than 10 years, where he has held a number of roles including change management, management for Group COO and cyber security. A skilled manager who places a high value on acquiring knowledge and developing his teams. Before his career at HSBC, he worked as a teacher and translator. Graduate of the University of Birmingham and Adam Mickiewicz University in Poznan. Privately an avid Lego, Marvel and Star Wars fan.

Dariusz Jurewicz

At HSBC he was responsible for setting up HSBC Cybersecurity Operations Centre in Poland since 2018. He currently manages this unit, which, along with two other locations, monitors and responds to incidents at all HSBC units worldwide. He has been involved in the cyber security industry for more than 20 years. Before moving to HSBC, he worked for UBS, where, as head of the Central Risk Services department, he was in charge of various areas of IT risk control and management, as well as support for IT security units. At T-Mobile Poland, as Head of Technology Security, he was responsible for all areas related to IT system security, network security and mobile service security.

Dorian Nalepa

Computer network engineer, ethical hacker, and member of the world-renowned blue team. It is the experience gained in these teams that allows me to look at security issues from several different perspectives. I am a practitioner and almost obsessive fan of white hat hacking. I currently lead the Cybersecurity Research and Offensive Security team in Poland, at HSBC.

What I like most about my job is the opportunity to co-create and develop our team and the fact that, regardless of my leadership position, I can also remain one of the pentesters.

Hacking is fun.

Join the dark side and hack the bank.

We have cookies.

Mikołaj Rappé-Niemirski

Social engineering test expert in the cyber security management area of global financial group HSBC. He has been involved in the banking sector since 2003. He gained professional experience at Bank BGŻ (now BNP PARIBAS Bank Polska S.A.), where he took part in the Management Development program, and Kredyt Bank S.A. He has worked in both specialized and managerial positions in the sales network, strategic project implementation, internal audit, compliance and cyber security functions.

A graduate of the Faculty of Law at Lazarski University, he also completed Postgraduate Studies at the Warsaw School of Economics (Cyber Security Management and Postgraduate Studies in Foreign Service) and numerous courses in risk management and managerial skills organized by universities including Universita Bocconi in Milan (Italy), Universiteit Leiden (Netherlands), State University of New York and University of Georgia (United States).

In pursuit of his private passions, he also completed extramural studies at universities in Sweden (Hogskolan Dalarna and Hogskolan pa Gotland). He is a Certified Business Coach (TROP Group) and holds the following designations: CICA (Certified Internal Control Auditor), CFS (Certified Fraud Detection Specialist), ICA-FCR (International Compliance Association-Financial Crime Risk), ICA (Advanced Diploma in Anti-Money Laundering) and LEAN Six Sigma Green Belt.

Marek Zibrow

IT practitioner with 30 years of professional experience working in business including many global corporations. For the past 12 years, he has focused on issues related to IT security in the broadest sense, particularly threat modeling and security of data storage, processing and transmission (protocol and passive security). Co-discoverer of the Heartbleed Bug. Visiting lecturer at Stanford University and West Point Academy. Currently working as a security expert for one of the largest banks in the world.

Anna Barteczko

She currently holds the position of Incident Management Lead in HSBC’s cyber security division. Graduate of the Faculty of Law and Administration at the Jagiellonian University, majored in Administration. Associated with the IT industry since 2015, she started by working in the first line of technical support. She then focused her development path on incident management issues, starting as an Incident Manager. The culmination of this career phase was the position of Major Incident Manager and the associated management of critical incidents in the IT infrastructure. Associated with the security industry since 2019. On a daily basis, she manages, coordinates and resolves cyber security incidents.

Artur Napora

GCFA, GREM, GIAC Advisory Board.
He has 25 years of experience in a variety of IT security roles in the financial sector. He has performed penetration tests. He managed identities, vulnerabilities, security incidents. He has participated in the implementation of five different online banking systems. Co-developed information security management systems. He has designed and implemented network security systems operating at every ISO/OSI layer. Currently Principal Incident Responder in HSBC Bank’s cyber security team.

Witold Perłowski

Graduate of MBA, postgraduate studies in project management, audit and internal control, quality management and controlling. On a day-to-day basis, he is Director of Operations and Culture at TKH Technology Poland, where he is responsible for the development of SSDLC – Secure Software Development Lifecycle. He has been involved in the information security field for more than 20 years. In his career, he has served as a consultant, management representative and project manager for such solutions as implementations of ISO 27001, ISO 27017, ISO 27018, ISO 22301, ISO 20000-1 and RODO in small organizations and large corporations. He has many years of experience as an ISO/IEC 27001 Lead Auditor at TUV Nord Polska. Experienced trainer and lecturer on information security and ISO 27001 internal auditor and lead auditor.

Małgorzata Michniewicz

A graduate of the Krakow University of Economics with a major in “computer science and econometrics” and postgraduate managerial studies “IT project management” at the University of Warsaw, she has been involved in IT for 20 years. She has built from the ground up a systematic information security management system at the Social Insurance Institution. Project manager for the construction of the Security Operations Center Concept for ZUS (Social Insurance Institution). Data Protection Officer at the Central Sports Center and all Olympic Centers. She advises, trains and audits private companies, government organizations, and SOEs on information security, business continuity, risk management and blockchain issues. Certified in: ISO 27001 LA, ISO 22301 LA, ISO 9001 LA, CDPSE, PRINCE, P3O, MoR, ITIL, CyberSec, COBIT. She has been active in the ISACA Warsaw Chapter association for 12 years. A doctoral student at the Department of Cybernetics at the Military University of Technology, her area of research is consensus mechanisms applied to blockchain technology.

Anna Nastuła

Lawyer, certified ISO/IEC 27001 and AQAP 2110:2016 and ISO 9001:2015 lead auditor. She is a doctoral student at the Doctoral School of the Military University of Technology in Warsaw. Data Protection Officer, works for public and private entities. Partner in the law firm “Nastula and Partners” in Bielsko-Biala. Representative of the Consultative Council of the Polish-Indian Chamber of Commerce in Poznań. It carries out activities in the field of training and workshops on the topics of data protection and cyber security. Speaker at scientific conferences. Lecturer at the University of Finance and Law in Bielsko-Biała and Warsaw Business School (MBA studies). Author of scientific publications on law and cyber security.

Przemysław Skowron

He’s currently leading Cyber Threat Intelligence at Standard Chartered Bank.
Before the recent color change, Threat Hunter at Global Cybersecurity
Operations – HSBC. Founder of the White Cat Security brand reversing the unfavorable ratio of attackers to defenders in Poland’s largest financial and critical infrastructure companies. In the years 2008-2015, he created and developed the CSIRT (Computer Security Incident Response Team) for Alior Bank Group, previously associated with the Interia.PL portal and PROIDEA Foundation. He has several years of experience as a member of offensive (“red team”) and defensive (“blue team”) teams. A proponent of learning about different approaches and combining them – without clinging to one dogma (dogma -Am God).

Mec. Mateusz Bartoszcze

Graduate of the Faculty of Law of the Jagiellonian University, Legal Counsel. His narrow professional specialisation is business insurance law, public procurement law. Passionate about modern technologies and issues related to cybersecurity. In his professional work, he combines the aspect of legal knowledge with practice gained in the financial market. Co-author of the largest insurance programmes for the largest Polish companies. Particularly interested in legal concepts of AI liability and insurance, insurance related to cyber risks and practical application of AI solutions in the financial sector.

Fees and enrollment

Total fee: PLN 7500 or 4 equal, interest-free installments (including  PLN 100 reservation fee)

Bank account number: 61 1440 1127 0000 0000 0193 3148

 

Are you interested in our offer?

Do not hesitate, choose WSZiB and take care of your future

Enroll

 or check out the Admissions Office


Skip to content