cybersecurity
cybersecurity
2024 3rd Run: Dec. 14
2025 1st Run: Jan. 18
2025 2nd Run: Jul. 5
2025 3rd Run: Dec. 13
Time: 0900-1700H (3.5 hours synchronous, 4.5 hours asynchronous)
Module Fee: P10,895
This module introduces the participant to the theories, principles, frameworks, and practices in Cybersecurity. The aim of this program is to prepare and equip the learners to allow them to pursue their cybersecurity career. This foundational approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of cybersecurity cases from the industry.
Module Objectives
At the end of the module, the participant will be able to:
- Identify the terms, techniques, and methods used in developing cybersecurity plans and program.
- Demonstrate thorough understanding of the cybersecurity knowledge.
- Determine the right approach, techniques, methods, and tools in solving cybersecurity problems.
- Evaluate solutions, programs, or plans to determine effectivity of cybersecurity solution.
Module Outline
- History and Importance of Cybersecurity
- Information Security vs IT Security
- Defense In-Depth
- Security Principles
- Security Service and Security Mechanisms
- Security Concepts in Business Case Building
- Types of Access Controls
- Types of Authentications
Lecturer: Justin Pineda
Justin Pineda is a Security Architect and Head of Cybersecurity for a Digital Transformation company in the Philippines where he helps build productized solutions for various clients such as cybersecurity advisory, technology build and managed security operations.
He also worked at one of the biggest Philippine conglomerates as Cybersecurity Manager where he spearheaded conglomerate-wide Security Operations Program and Policies that were implemented across various business units in the fields of real estate, bank, retail, manufacturing, media, and airline. Apart from IT Security Governance, he had notable technical stints in one of the largest beverages company in the world where he built and implemented an in-house Application Security Program for the Asia Pacific, Latin America, and Europe Regions; and a US-based Managed Security Service Provider (MSSP) as part of Security Operations Center (SOC) for more than 500 clients mostly banks and credit unions in the United States.
In the academe, he helped develop the curriculum and course content of cybersecurity courses in an IT College in the Philippines. He has also published and presented several cybersecurity research papers in local and international conferences. Some certifications he holds include Certified Information Systems Security Professional (CISSP), GIAC Web Application Penetration Tester (GWAPT), GIAC Mobile Security Analyst (GMOB) and Certified Ethical Hacker (CEH). He finished a Master in Information Systems (MIS) and BS Computer Science.
2025 1st Run: Feb. 1 & 8
2025 2nd Run: Jul. 12 & 19
Time: 0900-1700H (14 total hours)
Module Fee: P17,895
This module introduces students to vulnerability assessment and penetration testing. Through understanding how a penetration testing work, they can more effectively protect their organization or their clients from potential cyber-attacks. In simulating the capabilities of real-world cybersecurity attackers, students can gain knowledge in this module to prepare themselves in conducting a successful penetration testing engagement. In essence, penetration testers find security holes before cybercriminals do.
Instructional Tools
Synchronous Teaching Strategies:
- Online Lecture & Discussion
Asynchronous Teaching Strategies:
- Information Gathering
- Penetration Testing
Target Audience
This module is intended for:
- Individuals who are interested in pursuing a career in Offensive Security
- Government employees who would like to protect their online assets
- Security professionals who would like to transition from other areas of Cybersecurity to Offensive Security
Module Objectives
At the end of the module, the participant will be able to:
- Understand the difference between Vulnerability Assessment and Penetration Testing.
- Understand the objectives of performing a Vulnerability Assessment and Penetration Testing.
- Learn how to perform detailed reconnaissance using different tools to build a technical understanding of the target environment.
- Analyze the results or output of tools and to remove false positive findings.
- Manually discover security vulnerabilities and perform exploitation.
- Evaluate the impact and risks of identified security vulnerabilities.
- Learn how to properly write a technical report.
Module Outline
Session 1:
- Introduction to VAPT
- Penetration Testing Phases
- Information Gathering
Session 2:
- Common Website Vulnerabilities
- Different Penetration Testing Tools
- Penetration Testing
- Offensive Security Certifications
Lecturer: Christian Villapando
Christian is a highly motivated and driven information security professional with five years of progressive industry experience operating in public and private domains. He specializes in penetration testing and ethical hacking - helping organizations identify and fix weaknesses before attackers exploit them. One of his career goals is to be a "proficient, well-rounded, and highly impactful information security professional."
Christian currently works as a security consultant for a Fortune 100 company, providing various types of penetration testing assessments (network, wireless, application, etc.) for EMEA and APAC customers, acting as "ethical hackers" to evaluate the security of enterprise networks, applications, mobile devices, and data. He previously worked as an engineer for the National Computer Emergency Response Team of DICT, a security analyst for Red Rock IT Security, and a senior security engineer for a global financial organization. He has worked with customers in the government, banking and finance, insurance, health, e-commerce, retail, athletics, and education.
Christian is very passionate about sharing his knowledge and skills with others, especially those who are new or want to enter the field. He teaches computer security-related courses to undergrad and graduate students at several educational institutions in the Philippines. Christian is also a proud member of hackstreetboys, a CTF team based in the Philippines. He is also an active member of PHCYBERUNITS, an advocacy group that helps career shifters get into cybersecurity.
Christian has multiple industry certifications, including the GIAC Security Professional (GSP), Certified Information Systems Security Professional(CISSP), Offensive Security Experienced Penetration Tester (OSEP), Offensive Security Certified Professional (OSCP), GIAC Experienced Incident Handler Certification (GX-IH), GIAC Experienced Cybersecurity Specialist Certification (GX-CS), GIAC Penetration Tester (GPEN), and GIAC Mobile Device Security Analyst (GMOB). He completed his Bachelor of Science in Electronics Engineering from Mapua University and his Master of Information Security from De La Salle University-Manila.
2025 1st Run: Feb. 22 & Mar. 8
2025 2nd Run: Aug. 2 & 9
Time: 0900-1700 (14 total hours)
Module Fee: P17,895
This diploma program introduces the learner to the theories, practices, processes, and techniques used in Cybersecurity Defense (Blue Team). The aim of this program is to prepare and equip the learners to allow them to specialize in the field in Cybersecurity Defense (Blue Team). This introductory approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of incidents and breaches from the industry.
Module Objectives
At the end of the module, the participant will be able to:
- Compare security roles and security controls
- Explain threat actors and threat intelligence
- Perform security assessments and identify social engineering attacks and
malware types - Summarize basic cryptographic concepts
- Implement different cybersecurity defense methods
Module Outline
Session 1:
- Security Roles and Security Controls
- Threat Actors and Threat Intelligence, Threat Detection and Response Strategies
- Performing Security Assessments, Vulnerability Management, Security
Testing and Penetration Testing - Identifying Social Engineering and Malware
- Incident Response and Disaster Recovery Planning
Session 2:
- Basic Cryptographic Concepts
- Public Key Infrastructure
- Authentication Controls, Zero Trust Framework
- Identity and Account Management Controls
- Secure Network, Designs, Appliances, Protocol
- Data Protection and Privacy Laws
- Cybersecurity Resilience
Lecturer: Ricson Singson Que
Ricson Singson Que is a seasoned expert in digital transformation, cybersecurity, and information security. Holding an MBA and a Bachelor’s in Computer Science with a focus on IT, he has served as Chief Information Security Officer (CISO) across industries such as finance, retail, healthcare, and education. As President and CEO of SQrity Consulting OPC, he leads cybersecurity and enterprise architecture initiatives, advising companies and academic institutions.
Notably, Ricson developed the Benilde Information Security Plan and the BS Cybersecurity curriculum at De La Salle-College of Saint Benilde. A sought-after speaker and facilitator, he has led numerous seminars and conferences locally and internationally. Certified in ISO27001, CISM, CCSK, CC, and CompTIA Security+, he actively advances cybersecurity education and advocacy in both academic and corporate spheres.
Notable Contributions to Society:
- Commission on High Education SME – drafting the BS in Cybersecurity (since 2017)
- Validator for Philippine Skills Framework (since 2023)
- Program designer and instructor (fellow) for Philippine Public Safety College - National Cyber Training Institute (NCTI) (since 2024)
- Cybersecurity Consultant for USAID-UPSKILL Program
- Cybersecurity Consultant for Australia Awards in coordination with DLSU Jesse M. Robredo Institute of Governance
2025 1st Run: Mar. 22
2025 2nd Run: Aug. 23
Time: 0800-1600H (4.5 hours synchronous, 2.5 hours asynchronous)
Module Fee: P10,895
This certification program exposes the learner to the approaches, theories and practices in the areas of managing and implementing Education, Awareness, and Training in the field of information/cyber security. It focuses on determining the needs as well as particular content to be included in materials to be prepared. As a consequence, this allows the development of the specific approach in providing knowledge or skill, or both, to target participants. The differences and similarities of education, awareness and training will be established, thus cultivating the ability to develop the syllabus, based on the different role requirements of their target participants.
Module Objectives
At the end of the module, the participant will be able to:
- Demonstrate a clear understanding of the differences among education, awareness and training
- Facilitate the identification of learning and development requirements of target personnel
- Adapt education, awareness and training toward achieving the strategic goals of effective information security implementation in the work area
Module Outline
- Information/Cyber Security Education, Awareness and Training
- The application: Engage, Equip, Empower
- Learning and Development Analysis
- The Information Security Education, Awareness and Training (ISEAT) Program
Lecturer: Luis A. Jacinto, MBA, CISA, CISM, CRISC, PIE, CPISI
Mr. Luis A. Jacinto has retired as the Chief Information Security Officer (CISO) of Rizal Commercial Banking Corporation (RCBC). He has been an Information Technology (IT) practitioner for over thirty-six (36) years, through which he gained his IT governance experience. He has concurrently spent more than twenty-eight (28) of those years, both as a training professional and as an educator.
Chito, as he is better known by his peers, is presently the Vice-President and a founding member of the Information Security Officers Group (ISOG), a Philippine-based organization of senior level information / cyber security professionals. He is also a past president of the ISACA Manila Chapter, a post to which he was elected for calendar years 2007 and 2008. He has served ISACA in various capacities since he joined the association, and presently sits in the current Board of Trustees of the Manila Chapter.
He has become a part of different professional institutions in various capacities. Aside from ISOG and ISACA, he is presently a member of the board and Corporate Secretary of the Philippine Institute of Industrial Engineers (PIIE). He was also a part of the Business Continuity Managers Association of the Philippines (BCMAP) as a member of the original forum.
During these years, Chito earned various certifications. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Professional Industrial Engineer (PIE), and Certified Payment Card Industry Security Implementer (CPISI). He also holds a Masteral degree in Business Administration (MBA).
2025 1st Run: Apr. 5 & 12
2025 2nd Run: Sep. 6 & 13
Time: 0900-1700H (3.5 hours synchronous, 4.5 hours asynchronous)
Module Fee: P13,895
This module exposes the learner to the approaches, theories and practices in the areas of Risk Management in relation to Cybersecurity Governance. It includes the development and maintenance of policies that allows the business to establish Cybersecurity Plans that aims to ensure the security of personnel, and consequently, assures the continuity of business operations.
Module Objectives
At the end of the module, the participant will be able to:
- Demonstrate a clear understanding of the difference between governance and management.
- Facilitate the adoption of the Risk Management Lifecycle.
- Adapt to the inherent connection between cybersecurity incidents and the Business Continuity or Disaster Recovery Plans.
- Review the process used in the development of a Business Continuity and/or Disaster Recovery Plan
- Direct the development, update or retirement of information/cyber security policies.
- Assess the effectiveness of a Cybersecurity Plan using the above capabilities.
Module Outline
Session 1:
- Governance and Management in Cybersecurity
- Risk Management and Evaluation
- Business Impact Analysis (BIA)
Session 2:
- Incident Management (IM)
- The Business Continuity (BCP)
- Disaster Recovery Planning (DRP)
- Policy Development, Maintenance and Retirement
Lecturer: Luis A. Jacinto, MBA, CISA, CISM, CRISC, PIE, CPISI
Mr. Luis A. Jacinto has retired as the Chief Information Security Officer (CISO) of Rizal Commercial Banking Corporation (RCBC). He has been an Information Technology (IT) practitioner for over thirty-six (36) years, through which he gained his IT governance experience. He has concurrently spent more than twenty-eight (28) of those years, both as a training professional and as an educator.
Chito, as he is better known by his peers, is presently the Vice-President and a founding member of the Information Security Officers Group (ISOG), a Philippine-based organization of senior level information / cyber security professionals. He is also a past president of the ISACA Manila Chapter, a post to which he was elected for calendar years 2007 and 2008. He has served ISACA in various capacities since he joined the association, and presently sits in the current Board of Trustees of the Manila Chapter.
He has become a part of different professional institutions in various capacities. Aside from ISOG and ISACA, he is presently a member of the board and Corporate Secretary of the Philippine Institute of Industrial Engineers (PIIE). He was also a part of the Business Continuity Managers Association of the Philippines (BCMAP) as a member of the original forum.
During these years, Chito earned various certifications. He is a Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Professional Industrial Engineer (PIE), and Certified Payment Card Industry Security Implementer (CPISI). He also holds a Masteral degree in Business Administration (MBA).
2025 1st Run: Apr. 26 & May 3
2025 2nd Run: Sep. 27 & Oct. 4
Time: 0900-1200H, 1300-1800H (16 total hours)
Module Fee: P13,895
This module will provide a basic understanding of IT systems and Architecture Design. A simple overview of web application components will be discussed, followed by a discussion about how these systems have evolved over time.
Once students have a basic understanding of how systems evolved they will be introduced to Micro-Services, CIA Triad, Disaster Recovery, Business Continuity, and High availability. Then cloud solutions, containerization, and virtualization will be discussed leading to a final project.
Module Outline
Topic 1: Why is it important to incorporate security controls into System Architecture
Topic 2: Understand the Stages to System Architecture
Topic 3: Understand how the CIA triad works
Topic 4: Understand Basic Security Controls for System Architecture
Topic 5: Understanding of Modern System Architecture and the use of Microservices
Topic 6: Understanding of Historic / Legacy Systems
Topic 7: Understanding of Multi-Tiered systems
Topic 8: Understanding the Cloud
Topic 9: Understanding Containers and Containerization
Lecturer: John Paul Alarcon
John Paul is a seasoned cybersecurity professional with over two decades of experience in the field, including 12 years in banking and finance. Prior to his current role as CISO at HSBC, he served as Security Officer at British Telecoms and Account Security Officer at Hewlett-Packard. His clients spanned a wide range of industries, including airline, manufacturing, telecommunications, retail, and pharmaceuticals.
John Paul received comprehensive training in cybersecurity, anti-cyber crimes, and forensic investigations during his tenure at the police academy in Germany, which provided him with a strong foundation in the technical aspects of his work.
2025 1st Run: May 17 & 24
2025 2nd Run: Oct. 18 & 25
Time: 1230-1930H (14 total hours)
Module Fee: P12,495
This module covers the fundamental concepts of data privacy and protection. Participants will learn through lectures and activities the concepts and requirements of Data Privacy and relevant data protection processes and techniques. The course is ideal for participants who want to embark on or increase their knowledge about Data Privacy and apply practical knowledge when they go back to their respective organizations or businesses.
Module Objectives
At the end of the module, the participant will be able to:
- Understand the objectives of data privacy and protection.
- Identify relevant legal provisions and regulations pertaining to privacy.
- Apply privacy principles and measures to personal information.
- Apply the compliance requirements of NPC on privacy through organizational, physical, process and technological controls.
- Increase practical understanding of Data Privacy through the means of
presentations, case studies and interactive workshop activities.
Module Outline
Session 1:
- DPA Structure, Sections and Principles
- Rights of Data Subjects
- NPC Five Pillars
- Personal Data Protection and Security
Session 2:
- Operational Compliance
- Privacy by Design
- Breach Management
- Incident Response Lifecycle
Lecturer: Robert S. Paguia, JD, MPM
Robert S. Paguia is a Data Privacy Advocate / Practitioner who conducts Lectures and does Consulting Services on Republic Act (RA) No. 10173 or the Data Privacy Act (DPA) of 2012 under his own consulting firm, the RSP Data and Digital Svcs, which is DTI-Registered, BIR-Registered and PhilGEPS-Registered. To date, he has already conducted close to a hundred lectures and trainings on RA No. 10173.
One of the most sought-after Resource Speaker, Panel Member and Panel Moderator in the field of Information and Communications Technology (ICT) specifically in Data Privacy and Cybersecurity, he has been a permanent fixture in local and international conferences like the PhilSec 2022 and PhilSec 2023 organized by Tradepass, 2nd Philippine ICTEX Innovation Summit 2022 organized by Mykar Philippines, CybersecPhil Conference 2023 organized by CybersecAsia and Escom Events, Cloudnative and Open Source Summit 2023 organized by Escom Events and CyberSecAsia, Fintech Revolution Summit 2023 organized by Traicon, 7th DX Leaders Strategy Forum and 8th DX Leaders Strategy Forum organized by EDX Events Singapore and others.
As a Data Privacy Advocate, he serves as Consultant to government agencies such as the Philippine Trade Training Center (PTTC), the training arm of the Department of Trade and Industry (DTI), Light Rail Transit Authority (LRTA) and the Department of the Interior and Local Government (DILG),among others.
2025 1st Run: Jun. 14 & 21
2025 2nd Run: Nov. 8 & 15
Time: 1230-2030H (16 total hours)
Module Fee: P13,895
This program provide its participants with an overview and initial understanding of what is Security Operations and equip its participants with the knowledge on particular activities in a Security Operations Center (SOC), such as defining and handling security threats, the use of various SOC tools, and other pertinent information on different workstreams.
Module Objectives
At the end of the module, the participant will be able to:
- Understand the concept, importance, and features of a Security Operations Center.
- Examine how incident lifecycle management fits into the overall SOC process.
- Analyze the people, process, and technology aspect of SOC and be able to define best practices and each of these pillars.
- Evaluate common security incidents in the industry.
- Formulate use cases to cater to different security incident scenarios and be able to articulate how each of these use case can streamline operational and tactical efforts in the organization.
Module Outline
Session 1:
- Security Threats 101
- What is Security Operations Center (SOC)?
- Cybersecurity Kill Chain & Defensible Matrix
- Incident Lifecycle, Service Value Chain and Continual Improvement
Session 2:
- SOC Tools
- Phishing/Email Security
- Web Application Firewall (WAF)
- Data Loss Prevention (DLP)
- USB/Tools Health/File Permission and File Integrity Monitoring
Lecturer: Ronald "Gonz" Gonzales
Ronald “Gonz” Gonzales is an information risk management, security architecture and business technology practitioner. He brings with him three decades of experience and demonstrated value delivery across various industries in local, regional and global settings.
Gonz was a Risk Advisory Partner at Deloitte Southeast Asia and helped clients achieve a robust cybersecurity and data privacy posture for compliance and continuing information protection.
In his immediate past enterprise role, Gonz served as Chief Information Security Officer of JG Summit Holdings, one of the Philippines’ largest and most diversified multinational conglomerates where he is responsible for the design and implementation of enterprise information security’s architecture; governance, risk and compliance function; cybersecurity operations and security engineering.
Before joining JG Summit, Gonz was an independent IT risk consultant with his practice focusing on information security, data privacy and enterprise risk management in the fast-moving consumer goods, banking and finance, sales and distribution, logistics and transportation, information technology, telecommunications, manufacturing, health care, development and government sectors.
Gonz’s past professional experience includes serving as Global Service Management Leader for Mondelēz Business Services, Director for Performance & Technology Advisory Services at KPMG Philippines, Director for Knowledge and Transformation for Prople BPO, IT consultant for Ayala Corporation, IT Head of AstraZeneca Philippines, and Operations Manager for D.F. King & Co. in New York.
Gonz received his B.A. in Public Administration from the University of the Philippines, Diliman and is candidate for a master’s degree in Technology Management in the same University. He also attended the City University of New York’s Baruch College (application development graduate certificate program) and the U.S. Army Field Artillery School in Fort Sill, Oklahoma.
Gonz is certified in IT Infrastructure Library (ITIL) Foundations, a Computer Hacking Forensics Investigator (CHFI), has a Certificate of Cloud Security Knowledge (CCSK), an Information Security Management System (ISMS – ISO/IEC 27001) Certified Practitioner, Certified Payment-Card Industry Security Implementer (CPISI), Certified Payment Security Practitioner (CPSP), Lead Auditor for ISO 22301 (BCMS) and ISO/IEC 27001 (ISMS), Auditor for ISO 9001 (QMS), Certified Data Privacy Solutions Engineer (CDPSE), Certified Information Security Manager (CISM), Certified Ethical Hacker (CEH), Certified Threat Intelligence Analyst (CTIA), and Certified Information Systems Security Professional (CISSP).
Gonz maintains active memberships with various professional and industry organizations: Information Systems Audit and Control Association (ISACA), the Internet Society (ISOC), the Association of Business Process Management Professionals (ABPMP), Information Systems Security Association (ISSA), Information Security Officers Group (ISOG), International Association of Privacy Professionals (IAPP), EC-Council, and the International Information
System Security Certification Consortium (ISC2). He is the President of the Cloud Security Alliance (CSA) Philippines Chapter, Chapter Leader of OWASP Manila, and is a founding member of the SABSA Institute.
Gonz participates in government and industry activities and is a member of the Technical Committee on Information Technology (BPS/TC 60) of the Philippine national government (jointly under the Department of Information and Communications Technology and the Bureau of Philippine Standards,
Department of Trade and Industry).
Gonz is a Philippine representative to the International Organization for Standardization (ISO) and is designated as a country expert in the field of information security controls and services.
Gonz writes about and lectures on information security and data privacy as part of his practice and advocacy. He works with several learning institutions to promote STEM and cybersecurity education. He also serves as President of the Manila Science High School Alumni Foundation Board of Trustees.
executive diploma program in cybersecurity
This diploma program introduces the learner to the theories, principles, frameworks, and practices in Cybersecurity. The aim of this program is to prepare and equip the learners to allow them to pursue their cybersecurity career. This foundational approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of cybersecurity cases from the industry.
specialized cybersecurity short course
2025 1st Run: Jun. 14 & 21
2025 2nd Run: Nov. 8 & 15
Time: 0900-1700H (5 hours synchronous, 11 hours asynchronous)
Module Fee: P13,895
This certification program introduces the learner to the theories, practices, processes and techniques used in Digital Forensics and Incident Response (DFIR). The aim of this program is to prepare and equip the learners to allow them to specialize in the field in DFIR. This introductory approach is a combination of classroom and laboratory exercises to capture the real-life scenarios of incidents and breaches from the industry.
Module Objectives
At the end of the module, the participant will be able to:
- Respond to incidents and collaborate with different stakeholders
- Contain, eradicate and recover from incidents
- Conduct Incident Response tabletop exercises within their own organization
- Understand the chain of custody and common forensic artifacts
- Collecting and analyzing forensic artifacts to be able to provide Iindicators of compromise for Security Operations monitoring
- Relate and consider the legal requirements and compliance related to the DFIR
Module Outline
Session 1:
- DFIR Ethics, Legal, and Compliance
- Incident Response
- Cyber Kill Chain & MITRE ATT&CK
- Containment and Eradication
- Common Pitfalls of implementing IR
- Cybercrime
Session 2:
- Digital Forensics
- Memory and Storage Media
- Forensic Acquisition
- Data Storage Recovery and Analysis
- Memory Acquisition
- Memory Recovery and Analysis