Aviation Cybersecurity Oversight

3-day course | Classroom & In-company training, or
4-day course | Virtual training (5-hour daily sessions)
  • Interpret the 6 steps of the UK CAA’s Cybersecurity Oversight Process for Aviation
  • Learn how to conduct a critical systems scoping exercise
  • Explore the synergies between SMS and SeMS
Start Date End Date Venue Price (Excl. VAT) Availability Book
14/10/2024 17/10/2024 Online £1,350.00 More than 5 places Book
What is Cybersecurity Oversight?

Cybersecurity risk profiles are dynamic, meaning attackers are always looking to exploit vulnerabilities and can quickly develop new ways of breaching cyber defences. The aviation sector’s progressively interconnected systems require the sector to maintain an up-to-date awareness of both direct and indirect cybersecurity threats and hazards. The changing threat landscape therefore, encourages a proactive approach to cybersecurity and in response means aviation organisations need dynamic protection.

Course Overview

In line with ICAO’s Aviation Cybersecurity Strategy and the corresponding Cybersecurity Action Plan, ICAO is partnering with the UK’s Civil Aviation Authority (CAA) to address cybersecurity oversight.

The course builds on UK CAA’s experience in developing and implementing its cybersecurity oversight framework to ensure a proportionate and effective approach to cybersecurity oversight that enables aviation to manage their cybersecurity risks without compromising aviation safety, security, or resilience.

Aviation regulations increasingly include cybersecurity requirements and the aviation sector needs to demonstrate compliance with them. This ICAO TRAINAIR Plus course provides in-depth knowledge and insight into the cybersecurity regulations and how the oversight process developed by the UK CAA is one model that could be used to cover them.

The course provides practical examples and application of this material which can be taken away with you. This course is not a cybersecurity training course and will not provide general cybersecurity awareness or training.

This course is suitable for individuals in any role responsible for managing or implementing cybersecurity / Information Security, Compliance Managers or other regulators implementing cybersecurity oversight.

This training course will include the following topics:

  • ICAO Annex 17
  • Aviation Cybersecurity regulatory requirements and threat landscape
  • Cybersecurity Oversight Process for Aviation (CAP1753)
  • Cybersecurity Strategy

By the end of this course, learners will be able to:

  • Describe the relevant aviation cybersecurity regulatory requirements applicable to the aviation sector internationally and nationally, as well as explain how Risk Based Oversight (RBO) and Performance Based Oversight (PBO) can be utilised.
  • Understand and interpret the 6 steps that form the UK CAA’s Cybersecurity Oversight Process for Aviation (CAP1753), as one model for cybersecurity oversight.
  • Understand the importance of identifying a scope and how to conduct a critical systems scoping exercise.
  • Measure an organisation against the 14 principles of cybersecurity good practices, identify a variety of standards which are available to use (e.g., NIST, ISO27K standards), and understand how the UK’s Cyber Assessment Framework for Aviation could be used to support this.
  • Prepare and consolidate the evidence required for a Cyber Audit and requirements around levels of assurance.
  • Understand how to collate self-assessments, conduct audits and  create  Corrective Action Plans.
  • Understand the synergies between Safety Management System (SMS) and Security Management System (SeMS), as well as the possible options for implementing an Information Security Management Framework using the documentation produced from self-assessment, audit, and corrective actions plans.
  • Understand as a regulator or NAA, how to set a required level of cybersecurity and considerations on how to assess cybersecurity submissions from overseen entities.

You should be a stakeholder for cybersecurity within your organisation, you might be responsible for cybersecurity or for its oversight.

Meet your Instructors

Jonathan Hogben

Aviation Cybersecurity Oversight

Jonathan is responsible for Cyber Security Policy decisions and the regulatory direction across the United Kingdom aviation industry. Jon leads the Cyber Security Policy team that work domestically to provide support, guidance, and expertise to organisations, across the range of applicable cyber regulations. Jon is a member of both the ICAO Cybersecurity and Trust Framework Panels in addition to collaborating in various European cyber security forums.

Jon has over ten years of aviation regulation and policy experience. Jon started his aviation career as an Aviation Security Compliance Auditor, prior to which he held various roles within the UK Government. He then moved into Aviation Security Regulation where he first worked on Cyber through the development of the Cyber Security regulation within the National Aviation Security Programme. Jon has completed formal cyber training through ICAO, ISO, and the SANS institute.

Shaun Southall

Aviation Cybersecurity Oversight

Shaun Southall is a Cyber Security Oversight Specialist with the UK Civil Aviation Authority, bringing over 20 years of experience across physical and information security disciplines. Shaun has a strong working knowledge of both industry-specific regulations, and broader control frameworks as part of his role of progressing Airports, Airlines and Air Navigation Service Providers through the UK’s Cyber Security Oversight Process for Aviation which is his core area of responsibility since joining the CAA in 2021.

Shaun’s expertise spans Governance, Risk and Compliance, and his other core competency areas include Cloud Security and Quantitative Risk Analysis. He holds a number of industry accreditations, and in 2020 he completed the International Security Management Institute’s Level 6 Certified Security Management Professional Diploma. Shaun was also awarded ‘Freedom of the City of London’ for services to the Security Industry.

Shaun’s training experience includes developing and co-delivering ‘Continued Professional Development Days’ for ASIS CPP holders for several years. More recently, Shaun has been part of ECAC’s BPNA (Best Practices for National Auditors) training programme, delivering several modules from the three-day course to delegates from Civil Aviation Authorities across Europe, underlining his passion for improving standards in cybersecurity throughout the aviation industry.

Additional Information

Course delivery methods

We offer two different ways to attend this course:

  • Face-to-Face Classroom Course: Embrace the traditional learning method by attending our physical training venue. Benefit from direct interaction with our instructors and fellow participants, creating an immersive and hands-on learning experience. To book a classroom course, please check the booking table at the top of this page and select your preferred training venue location.
  • Instructor-Led Virtual Course: Enjoy the flexibility of attending this training remotely from your home or office with our live virtual course. Engage in interactive learning from anywhere in the world. We usually use WebEx or Zoom for our virtual courses. To attend this course virtually, look for the ‘online’ venue option in the booking table above.

Please note that course durations may vary slightly between our face-to-face and virtual deliveries. Please refer to the start and end date of your chosen course.

Our goal is to offer flexible, effective and convenient course delivery methods that suit your preferences and learning needs. Please choose the option that works best for you!

If you can’t see a classroom or virtual option, we likely haven’t released the next set of dates. Please get in touch to find out when we’ll announce the new dates, and we’ll be sure to keep you informed once they are available or even add you to our waiting list.

In-company delivery

We can also tailor this training course to suit your organisation’s training requirements. These bespoke training packages can be delivered at your organisation’s location – almost anywhere, worldwide. Please Contact us for more information and to discuss your requirements.

VAT information

Please ensure you have your company VAT number available when booking. For additional information regarding VAT please click here.


To help make your decision about booking training with CAAi, we have put together a list of frequently asked questions.

If your question isn’t answered, please get in touch and speak to a member of our training team.

Questions and Answers

Course Reviews

No reviews yet

Other courses you might be interested in

Security Management Systems (SeMS)

This course provides the fundamentals of how to develop and maintain an effective Security Management System concept developed by the UK CAA.

Accountable Manager – Security Management System (SeMS)

This 1-day course will provide a high level overview of the principles of a Security Management System, outline the role of the Accountable Manager and illustrate how implementing a SeMS will help maintain the integrity of aviation security within entities responsible for managing their own security risks.

Let’s talk

If you’d like to speak with us about your training requirements,
our friendly team are here to help.
+44 (0)330 022 4401
View shopping cart