TÜV Nord-certified Security Engineer (Automotive)

In collaboration with German technical inspectorate TÜV Nord, we equip you with the practical project know-how you require to implement cybersecurity requirements according to the international ISO/SAE 21434 standard. You will also learn how to successfully and effectively apply further relevant guidelines, such as UNECE. The course ends with an examination to become an official TÜV Nord Automotive Security Engineer.

back to Cybersecurity-Trainings
  • Automotive Cybersecurity Engineer

    Training objectives & content

    This certification course allows you to

    • Become familiar with the new ISO/SAE DIS 21434 security standard
    • Understand regulations, requirements and work outputs
    • Understand the background to different types of regulations
    • Consolidate your understanding through exercises
    • Learn about UNECE WP.29 homologation requirements
    • Understand Cybersecurity SPICE, the future intacs™ add-on to Automotive SPICE®
    • Explore ways to achieve your cybersecurity objectives

     

    This course, which is certified by German technical inspectorate TÜV Nord, equips you with specific insights into different ways to develop cybersecurity requirements in an automotive setting. These include the automotive security standard ISO/SAE DIS 21434, the homologation requirements of the United Nations Economic Commission for Europe (UNECE), functional safety (ISO 26262) and the security add-on to Automotive SPICE®.

    You will work on an end-to-end example, allowing you to familiarise yourself with the complex area of automotive cybersecurity and the knowledge it requires. You will benefit from detailed insights gained through large-scale business projects conducted by Kugler Maag Cie during numerous improvement projects.

    •   3 Days
    •   9 - 17 Uhr o'clock
    •   Public | Inhouse
    •   DE | EN
    •   limited to 12 participants
    •   TUEV Nord certification
    In cooperation with TUEV Nord

    Together with the TUEV Nord certification body we qualify you as a "Cybersecurity Engineer (Automotive)". During the training you will learn how to achieve the required end-to-end security. As a TUEV Nord certified Cybersecurity Engineer, you will know how ISO/SAE 21434 supports your work and which homologation requirements are imposed by UNECE for your task.

     

    ISO/SAE 21434

    ISO/SAE 21434 has allowed the international standardisation committee to lay a foundation for establishing automotive security as a fixed element of the development process for automotive electronics. The ISO/SAE 21434 standard addresses the central tasks of electronics development and the overall supply chain. To find out more about the upcoming standard, see the interview with security expert Dr Thomas Liedtke.

    READ THE INTERVIEW

     

    Target audience of the automotive security training

    Training to become an Automotive Security Engineer is targeted at decision-makers and people with responsibility in the development functions of manufacturers and automotive suppliers.

    In particular:
    • Project managers and management
    • Engineers, system architects, testers and engineers working on systems, hardware and software
    • Managers and experts in cybersecurity and systems used in information assets security and quality assurance
    • People responsible for purchasing and sales

    Agenda on Day 1 of the Automotive Security Engineer training

    The motivations behind ISO/SAE 21434

    • Background and origins of the ISO/SAE 21434 cybersecurity standard
    • Structure of the standard including provisions, objectives, requirements, output and annexes
    • Relationship to similar standards such as SAE J3061, ISO 27001 and UNECE
    • Importance for functional safety, SOTIF and IT Security

    Introduction to sections 1 to 4 of ISO/SAE 21434

    • Scope
    • Terms and definitions with examples
    • Relationship to risk management under ISO 31000
    • Importance to functional safety

    Regular tasks of cybersecurity

    • Monitoring of cybersecurity
    • Event management
    • Assessment of vulnerabilities
    • Management of vulnerabilities
    • Practical examples showing how you can achieve your objectives

    Agenda on Day 2 of the Automotive Security Engineer training

    Cybersecurity management

    • Overview of security management systems like ISO 27001, TISAX and UNECE.
      UNECE is used to regulate homologation, so you will be shown the requirements it involves with respect to CSMS, SUMS and vehicles. We also discuss underlying risk assumptions and suitable approaches to risk assessment and protection measures.
    • The objectives and requirements of a comprehensive security management system, including implementation examples and areas of responsibility
    • We will compare and contrast a cybersecurity management system and an information cybersecurity management system

    Risk assessment methods

    • The seven steps of carrying out a risk assessment 
    • An example of how to estimate risks using TARA and how to deal with these risks
    • A practical exercise to walk through a risk assessment step by step

     

    We will share with you the many insights we have gained at Kugler Maag Cie while implementing cybersecurity management systems.

    Agenda on Day 3 of the Automotive Security Engineer training

    Different phases of the life cycle

    • Concept phase
      Item definition, security concepts, determination of security objectives and derivation of cybersecurity requirements
    • Product development and validation 
      Reference to the V Model (the German project management methodology), activities on both sides of the V Model, assessments of system, software and hardware development, verification and validation
    • Production and operating phase
      Production requirements (TARA), operation and maintenance (e.g. software OTA) and decommissioning (e.g. TARA for logistics)

    Distributed cybersecurity activities

    • How manufacturers and suppliers can work together
    • Example of a cybersecurity interface agreement (CSIA)

    ISO/SAE 21434 annexes

    • Explanation of the purposes, objectives and content of the ten annexes
    • Examples of a successful culture of security
    • Tables for determining potential attacks

    Regulations of UNECE WP.29 governing homologation

    • How important is the committee for transnational vehicle registration?
    • The role of registration bodies with CSMS and SUMS requirements 
    • Vehicle requirements with respect to type registration and software identification
    • Principles of cybersecurity and relationship to ISO/SAE 21434
    • Threats and limitations, as well as suitable risk assessment

    The connection between cybersecurity and functional safety

    • Overlaps with functional safety (ISO 26262)
      Areas of overlap between functional safety and cybersecurity when using the V Model and carrying out management tasks
    • Achieving synergies by combining methods
      Using HARA and TARA together, and the differences between Safety FMEA and Security FMEA

    Personal certification

    Following the course, there's a exam on the last day. If you have successfully passed the exam, you are certified by TUEV Nord as a Cybersecurity Engineer (Automotive).

    Next training dates

    16.11. - 18.11 Automotive Cybersecurity Engineer

    EN
    Greater Stuttgart
    1.890 eur p.P.*

    08.03. - 10.03 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    05.07. - 07.07 Automotive Cybersecurity Engineer

    EN
    Greater Stuttgart
    1.890 eur p.P.*

    08.11. - 10.11 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    16.11. - 18.11 Automotive Cybersecurity Engineer

    EN
    Greater Stuttgart
    1.890 eur p.P.*

    08.03. - 10.03 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    05.07. - 07.07 Automotive Cybersecurity Engineer

    EN
    Greater Stuttgart
    1.890 eur p.P.*

    08.11. - 10.11 Automotive Cybersecurity Engineer

    DE
    Greater Stuttgart
    1.890 eur p.P.*

    Book early to receive an early-bird discount or apply for a group discount on course fees.

    Extra value

    KNOWING HOW IT’S DONE

    Whether its certification training you need or an individual workshop, you always benefit from the full advantages of our know-how. We will design the right training to match your needs, for you (individually) as an expert, or as an exclusive in-house course for your company. Our experts offer all courses in German and English.

    Smilja Mateja, Training Coordination

    Process & organisation

    Information on the training programme

    Some courses take place several times a year as classroom training sessions. Others are only offered as in-house training.

    To make a binding reservation, book directly through the website or send us an order. We will confirm course dates as soon as we have received a minimum number of reservations. You will be sent all required information on course arrangements in advance. Fees include course materials, lunch and refreshments during breaks.

    Most of our courses can also be booked as in-house training sessions. Our instructors will be happy to travel directly to your place of work and train your teams on site. We can also mix and match the content of in-house courses and take a particular situation affecting your projects into account. We will be happy to write a concept proposal for your specific training requirements.

    All courses outlined in our training programme can be held in German or English. Our training materials are written in English.

    Training package: Seminar skills and attractive discounts

    • 10% early-bird booking discount if you register six or more weeks before a training session.
    • 10% group discount if you register more than one participant from your company for the same course.

    Want to save even more? Discounts can be combined for the same course.

    These conditions do not apply to VDA examination fees for Automotive SPICE® assessor training sessions or the Scaled Agile, Inc. fee for SAFe training.

    Conditions of participation

    Course fees include course materials, lunch and refreshments during breaks per person.

    This offer is only open to companies or registered tradespersons. All fees are subject to current sales tax and must be paid on receipt of invoice. Early-bird and group discounts will be subtracted as necessary from invoices.

    We will confirm receipt of your registration. Registrations can be cancelled without penalty up to 6 weeks before each individual event; 10% of the fee will be charged for courses cancelled up to 14 days before each event; 50% of the fee will be charged for courses cancelled up to 7 days before each event. Fees will not be refunded if you cancel a course less than a week before an event. You may send somebody else to take your place on a course without additional cost. All courses may be subject to change due to unforeseen circumstances.

    We charge the examination fees of third parties (such as VDC QMC and Scaled Agile Inc.) on their behalf. Such fees are not eligible for a discount.

    Your personal information will be stored by KUGLER MAAG CIE GmbH in order to organise the event. By registering for a course you also agree to us contacting you by fax, email or telephone. If you do not wish to consent to us using your information in this way, please send us a message or get in touch. You have the right to withdraw your consent to this arrangement at any time.

    DATA PROTECTION