TÜV Nord Cybersecurity Engineer (Automotive)

In collaboration with German certification body TÜV Nord, we qualify you with the practical project know-how you require to implement cybersecurity requirements according to the international ISO/SAE 21434 standard. You will also learn how to successfully and effectively apply further relevant guidelines, such as UNECE. The course ends with an examination to become an officially qualified "TÜV Nord Cybersecurity Engineer (Automotive)".

back to Cybersecurity-Trainings
  • Automotive Cybersecurity Engineer

    Training objectives & content

    This qualification course allows you to

    • Become familiar with the new ISO/SAE 21434 security standard
    • Understand regulations, requirements and work outputs
    • Understand the background to different types of regulations
    • Consolidate your understanding through exercises
    • Learn about UNECE WP.29 homologation requirements
    • Explore ways to achieve your cybersecurity objectives


    This course – which is designed in a close co-operation with the German technical inspectorate and certification body TÜV Nord – equips you with specific insights into different ways to develop cybersecurity requirements in an automotive setting. These include the automotive security standard ISO/SAE 21434 as well as relations to the homologation requirements of the United Nations Economic Commission for Europe (UNECE), functional safety (ISO 26262) and the security add-on to Automotive SPICE®.

    Based on examples, you will learn how to familiarize yourself with the topic of automotive cybersecurity and acquire the necessary knowledge. You will gain sound insights from Kugler Maag Cie's extensive project practice, which we have gained in numerous improvement projects.

    •   4 Days
    •   9 - 17 o'clock
    •   Public | Inhouse
    •   DE | EN
    •   limited to 12 participants
    •   Letter of Qualification by TUEV Nord


    Following the course, you can take the exam. This takes place as an open book exam online and under camera supervision of TÜV Nord at a location of your choice. 

    Once you have successfully passed the exam, you will receive a Letter of Qualification from TUEV Nord stating your qualification as a Cybersecurity Engineer (Automotive).

    You will work on an end-to-end example, allowing you to familiarise yourself with the complex area of automotive cybersecurity and the knowledge it requires. You will benefit from detailed insights gained through large-scale business projects conducted by Kugler Maag Cie during numerous improvement projects.

    Consider to register for our TARA training additionally. This course will deepen your practical knowledge significantly.

    In cooperation with TUEV Nord

    Together with the TUEV Nord certification body we qualify you as a "Cybersecurity Engineer (Automotive)". During the training you will learn how to achieve the required end-to-end security. As a TUEV Nord qualified Cybersecurity Engineer, you will know how ISO/SAE 21434 supports your work and which homologation requirements are imposed by UNECE for your task.


    ISO/SAE 21434

    ISO/SAE 21434 has allowed the international standardisation committee to lay a foundation for establishing automotive security as a fixed element of the development process for automotive electronics. The ISO/SAE 21434 standard addresses the central tasks of electronics development and the overall supply chain. To find out more about the upcoming standard, see the interview with security expert Dr Thomas Liedtke.



    Agenda on the training


    • History of ISO/SAE 21434 standard, objectives, purpose and scope
    • Structure: clauses, objectives, requirements, work products, annexes, …
    • Meaning and relation to other security standards like SAE J3061TM, ISO PAS 5112, ACSMS, ASPICE® for cybersecurity, ISO/IEC 27001, UNECE, ISO/IEC 31000, EU-GDPR, ISO 26262, TISAX, GSR, …
    • Motivation for the standard
    • Embedding and correlation to similar domains, like Functional Safety


    • Explanation of structure of the training / clustering of subjects
    • The clauses (chapters) and their objectives/ content will be explained


    • Explanation of the first four administrative chapters of the standards
      • Scope
      • References: list of standards including Kugler Maag Cie experiences regarding evaluation for relevance
      • Terms and definitions: examples, relationship to each other
      • Relationship to ISO 31000 risk management
      • Interaction with Safety

    Cybersecurity management

    • General overview and focus of Security Management Systems: ISO/IEC 27001, TISAX, UNECE, QMS, RMS
    • Objectives and requirements for an overall Cybersecurity Management | examples for implementation | organizational responsibilities | definition of a CSMS (Cybersecurity Management System) and relation to ISMS (Information Cybersecurity Management System)
    • Objectives and requirements for a project dependent Cybersecurity Management | examples in correlation with overall Cybersecurity Management
    • Kugler Maag Cie experiences implementing efficient and effective Cybersecurity Management Systems in organizations


    • Consolidation of learning material

    Distributed Cybersecurity Activities

    • How to work together between supplier and customer? | example for an Cybersecurity Interface Agreement (CIA)

    Continuous Cybersecurity Activities

    • Presentation of ongoing activities: Cybersecurity Monitoring | Event Management | Vulnerability Analysis | Vulnerability Management
    • Examples how to achieve goals for continuous cybersecurity activities


    • Concept Phase: from item definition to security concept, defining cybersecurity goals, deriving cybersecurity requirements
    • ProductDevelopment and Validation: relationship to V-model, activities on left side and right side of development V | consideration of system, software and hardware development | verification and validation
    • Post development phases: requirements for production (e.g. TARA refinement), operation and maintenance (e.g. SW-OTA) and decommissioning (e.g. TARA refinement for logistics) | operation and maintenance (incident management and updates) | decommissioning


    • Content, purpose and objectives of the 8 annexes will be explained: summary of work products, examples for a good cybersecurity culture (real-world examples in relation with safety will be given), use-case example will be presented, tables for the determination of attack feasibilities will be explained, …

    Interaction with other standards

    • Cooperation with Functional Safety ISO 26262 standard, development interfaces between Safety and Cybersecurity. Point of contact within the V-model and management
    • Combination of methods to gain synergies. E.g. HARA and TARA: How to perform together? Safety FMEA vs. Security FMEA, …


    • Consolidation of learning material

    Risk Assessment Methods

    • Presentation of the seven steps to perform a risk assessment from asset identification till risk determination decision | get familiar with valuation tables for attack feasibility and estimation of damage | creation of risk matrix | parameter and content of attack feasibility | get familiar with different terms like damage scenario, threat scenario, attack path, attack
    • Example of performing a TARA | network of work products and dependabilities
    • KMC XLS-TARA template will be provided to each participant

    Exercises for the different steps of the risk analysis

    UNECE WP.29 regulation No. [155] (CSMS); No. [156] (SUMS)

    • Objectives and motivation; GSR (General Safety Regulation)
    • Interpretation and interface to ISO/SAE 21434
    • Regulation for Homologation: Management Systems
    • Regulation for Homologation: Type Approval
      • Risk analysis, Annex 5: Threats and potential attacks

    Target audience of the automotive security training

    Training to become an Automotive Security Engineer is targeted at decision-makers and people with responsibility in the development functions of manufacturers and automotive suppliers.

    In particular:
    • Project managers and management
    • Engineers, system architects, testers and engineers working on systems, hardware and software
    • Managers and experts in cybersecurity and systems used in information assets security and quality assurance
    • People responsible for purchasing and sales

    There are no formal prerequisites for participating in this course. We highly recommend a profound knowledge on systems engineering in electronic development, or on Automotive SPICE®, or on Functional Safety. A general understanding on cybersecurity in automotive electronics is advisable as well.

    The training lasts three days. On the fourth day, the online examination takes place under the supervision of TÜV Nord.

    We strongly advise you to have the cybersecurity standard ISO/SAE 21434 with you for, and during the exam, and of course in your further employment.

    For legal reasons, we are unfortunately not allowed to provide you with a copy of the standard. Ask your employer if you can obtain the standard there.

    Next training dates


    17 Jun - 20 Jun 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,790 eur p.P.*

    08 Jul - 11 Jul 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,790 eur p.P.*

    12 Aug - 15 Aug 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,611 eur p.P.*

    23 Sep - 26 Sep 2024 Automotive Cybersecurity Engineer

    Greater Stuttgart
    1,791 eur p.P.*

    17 Jun - 20 Jun 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,790 eur p.P.*

    08 Jul - 11 Jul 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,790 eur p.P.*

    12 Aug - 15 Aug 2024 Automotive Cybersecurity Engineer

    Online (EU)
    1,611 eur p.P.*

    23 Sep - 26 Sep 2024 Automotive Cybersecurity Engineer

    Greater Stuttgart
    1,791 eur p.P.*

    We strongly advise you to have the cybersecurity standard ISO/SAE 21434 with you for, and during the exam, and of course in your further employment.

    For legal reasons, we are unfortunately not allowed to provide you with a copy of the standard. Ask your employer if you can obtain the standard there.

    Book early to receive an early-bird discount or apply for a group discount on course fees.


    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    Process & organisation

    Information on the training programme

    Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.

    To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include digital course materials, and, if you come to our sites, lunch and refreshments during breaks.

    Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.

    All courses outlined in our training programme can be held in German or English. Our training materials are written in English.

    You will receive the training documents as a PDF. We recommend that you have your notebook or tablet with you during the course.

    Training package: Seminar skills and attractive discounts

    • 10% early-bird booking discount if you register six or more weeks before a training session.
    • 10% group discount if you register more than one participant from your company for the same course.

    Want to save even more? Discounts can be combined for the same course.

    These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.

    We strongly recommend that you have the appropriate ISO standards at hand for and during the exam, and of course during your further work.

    For the Cybersecurity Engineer training (TÜV Nord) this concerns ISO/SAE 21434, for the Functional Safety Engineer course (TÜV Rheinland) the safety standard ISO 26262. For Automotive SPICE® training, however, you will receive the model in the form of our original pocket guide.

    For legal reasons, we are unfortunately not authorized to provide you with a copy of ISO standards. Please ask your employer if you can obtain the respective standard there.

    Conditions of participation

    For courses in our seminar rooms, the fees include digital course materials, lunch and refreshments during breaks per person.

    Our services will be invoiced before beginning of training course.

    Terms of payment: 10 days net. In case of late payment late interest will be charged in accordance with current BGB regulations, in particular §288 BGB (German Civil Code).

    This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.

    We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; after that the following rules apply:

    • 6 weeks to 4 weeks before the start of the event = 10%. 
    • 4 weeks to 7 days before the event = 50%.
    • Fees will not be refunded if you cancel a course less than a week before an event.

    We will gladly accept a substitute participant at no additional cost. 

    All courses may be subject to change due to unforeseen circumstances.

    We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord) on their behalf. Such fees are not eligible for a discount.

    Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.

    If you take part in an examination with a third-party provider such as the VDA QMC and Scaled Agile Inc. as well as TÜV Rheinland and TÜV Nord, we will pass on the necessary data to the respective provider.