 Hi, my name is Patrick von Schlag and I'm pleased to be your instructor for the Resilio Practitioner Program. My background in IT and business management gives me a bit of a unique perspective on why resilience is important because while we in IT organizations have for many years worked to implement appropriate security controls, in reality is not really just an IT responsibility but a full enterprise-ride risk management approach that's needed in order to be successful helping our organizations best optimize managing risks with getting certain kinds of benefits for the organization. I've had the privilege of working with some very large organizations, somewhat smaller organizations, so with all of these types of practices it's important to be able to adopt them but then adapt them appropriately to your organization's context to make sure that they reflect the needs of your particular enterprise. One of the things I certainly encourage you to do as you're working through the program is again to think about the so what question as I call it. So here a set of controls, here a set of key questions in each of the portions of the Resilio book. How would you as a practitioner apply that? And how does this reflect the needs of your particular organization or your particular customers? Again, it's a tremendous privilege to be able to work with you on this course. Hopefully the capabilities in the background I bring both in the security side, IT service management side and the business management side will help you a little bit to make sense not only of what it is but how to leverage and use it and why it's so important and valuable for organizations today. Enjoy the course. In this first chapter we're going to take a look at the structure of the Resilio practitioner course. We'll talk a little bit about the agenda and how the course is organized, a little bit about your course materials, some of the conventions you'll see in the materials and the structure and also talk a little bit about the certification exam and how we can help you prepare. In this lesson we're going to talk a little bit about the organizational structure of the course. We'll look at overall the value proposition behind Resilio. We'll talk a little bit about some of your expectations and how you plan to work your way through this course successfully and do a little bit of housekeeping and how to help you make a successful entry not only in terms of preparing for the certification exam but more importantly helping your organization and your customers implement these practices successfully. By this time all of you will have successfully completed the Resilio foundations program and the Resilio foundations program provides you good information on what the Resilio approach to best practices is, how to prevent, detect and correct activities and establish appropriate controls to be able to provide a higher level of assurance that your organization can become cyber resilient. In this particular course the focus shifts toward that of a practitioner as someone who is maybe responsible for establishing, improving and sustaining these controls both on the business side and within information technology organizations, how do we actually successfully adopt and adapt these practices in a way that helps our organizations optimize their cyber resilience postures. One of the things I'm going to encourage you to think through as we're working through the course is to ask yourself what I call the so what question. Why is this specifically important in the context of your organization, in the context of the customers that you are trying to serve? Likewise as you're working your way through the learning program each of you have your own preferences and learning styles and I certainly encourage you to take advantage of all of the materials you have available. Your Resilia book, your online learning program and any other third party materials on the Oxalos website that you can leverage and use for the purpose of helping you establish and improve your practices. Having a lot of experience in security is helpful but ultimately it's very important to think about this not just in the context of your security practice but more explicitly in the context of your organization's overall approach to risk optimization. As you start working your way through the various pieces try to make action items for yourself specific places where you gain certain lessons where you want to be able to take things that we talk about in the course and to begin to adopt and adapt those within your organization. Like your Resilia foundations course the course here really focuses on aspects of the Bloom's Taxonomy focused on your ability to understand the Resilia practices but here extending to your ability to apply them. Given a particular scenario, a particular set of constraints, how do I take the Resilia practices and enable them in a way that optimizes the value for a particular customer in a particular situation? So one of the things we're going to encourage you to do is to engage with other stakeholders as you're working your way through this program. Whether you're working through the mentoring community, whether you're working with other colleagues, whether you're working in support of a particular family of customers, I certainly encourage you to set and manage your expectations accordingly. This program certainly is useful in helping you prepare for the Resilia practitioner examination but in addition hopefully it's going to give you a way to think different as we'll talk in how your organization approaches risk management regarding resiber resilience both from an IT perspective but even more especially from the business's perspective as well. So a few things for you to think about as you're getting started with your study. Like any other type of course, you'll find that getting through the course successfully really is useful to set aside certain time either every day or in a particular week where you can actually concentrate on the material in question. If you're taking long snippets of the course as you're working your way through, we certainly encourage you to take breaks the same way you would in a traditional course. Likewise, we recognize that there are going to be interruptions that happen for work reasons, for personal reasons and so we certainly encourage you to try to schedule your time in a way to keep those to a minimum. That said, if you find yourself being interrupted, it may be useful to reset portions of the course to be able to ensure that you can keep all of the core pieces together and that the components actually come together in your mind to support the overall needs and objectives of that particular control set. At the end of each of the main chapters, we're going to ask you a series of questions to think about. And really these are exercises to be done on your own but really are going to ask you as a practitioner to think about which processes and practices need to be adopted within your organization or your customer organizations, what kinds of adaptations are most appropriate given your organization's constraints and to help you begin the process of taking the guidance and applying it in some useful way. So one of the things that makes this course useful I hope for you is a challenge to immediately start thinking about how and where to apply it in a way that's going to drive value for you and for your organization. Now for many of you, one of the opportunities here will be to gain the Resilio Practitioner Certification. And so the certification itself is really again based on Bloom's level two and three type questions where effectively they're going to give you a scenario and then given that particular scenario ask you to select the most appropriate approach to helping them establish your maintained controls. The exam itself takes 135 minutes, that's two hours and 15 minutes if you're scoring at home. You will be given 50 questions and the pass mark there is 60%. And so in order to be able to successfully pass your Resilio certification, again you're really looking for 30 out of 50. So whether you've had a lot of experience doing online programs like this or this is the first time for you, it's very important for you to take some ownership of your learning experience and to be able to establish a study plan that you can live with. If that means one hour a day or even a half an hour a day, then that's fine, but make sure that you establish a schedule and treat it like any other meeting on your calendar. Take the time at the beginning of each of the chapters to focus on the key learning objectives and when the chapter is completed, check yourself against those objectives. Do you feel comfortable that you understand those and could apply those concepts and controls? If you were given a particular scenario and asked to do so. When we go through this particular program, we're going to use a lot of different terms like the Resilio Foundations Program. Many of these are maybe not new to you, but we may be using different language than you often may be familiar with. So understand that this isn't necessarily a question of whether Resilio is right or wrong, but whether or not these are the most appropriate things for you to use in your particular organization. For the purposes of the exam, of course, the exam is about Resilio and not whether or not you believe certain aspects of the Resilio framework are the most appropriate for you. So for the purposes of the test, you want to be able to answer the questions in a way that's consistent with the Resilio framework. That said, when you start thinking about which things you're going to adopt and adapt in your organization, that has obviously much more to do with your particular needs. Please, by all means, take a full advantage of all the resources that you have available to you. So in addition to this course itself, you presumably have a copy of the Resilio Guide. I strongly encourage you to read that if you have not already done so. And to reference those chapters as we're working through them for the purpose of helping reinforce the ideas that we talk about here. You'll give you a different perspective on certain aspects of it. They use some different examples than the ones that we'll use. And it gives you an opportunity again to hear the messaging in a different voice and perhaps to help certain messages sink in for you. Likewise, we actively encourage you to participate in the online mentoring community. There are tens of thousands of other people who, like you, are trying to capture and work with these practices who are wrestling down some of the hard challenges of driving and integrating continual improvement and organizational change and who can provide you some wisdom in how they've been able to successfully implement various aspects of this. Last and certainly not least, please take the opportunity to leverage and use the sample examinations prior to sitting the actual examination. In many cases, taking an oxalose exam is very much about understanding how they write questions and the types of questions in the field of the questions associated with them. When you take the sample exam, you'll get a much better sense of the kinds of questions you're going to be asked, and it will help you prepare successfully to challenge the test. So let's take a moment now and go through the agenda for the program. The first chapter here is just an introduction to the Resilient Practitioner Program. We'll then go through a chapter talking about how to think about Resilient in the context of supporting enterprise-wide cyber resilience needs. We'll talk about risk management practices, risk treatment plans, and risk registers, and then we'll go through and look at ITIL as a management system to support how you create and maintain a cyber-resilient set of capabilities in support of a cyber-resilient organization. We'll introduce the CSI approach for cyber resilience, talk about cyber-resilient strategies, designs, transition, and then eventually operational support. As we're working our way through the course, you're going to have checkpoint activities that you're going to engage in at the end of each section. So look online in your chapter to identify where your checkpoint booklet is, and it's very important to take the time to work through each of the exercises and then to use the results of the exercises to help you address and try to answer the questions in each piece.