8 career paths, 7 bootcamps, and 31 courses & certification-prep programs — what each one is, who it's for, and where it leads. Browse below, or download the full catalog to share or review offline.
Opens your print dialog — choose “Save as PDF.”8 career paths · 7 bootcamps · 31 courses & cert-prep programs.
Guided, multi-course tracks that take you to a job-ready outcome.
Career-changers entering cybersecurity through governance, risk & compliance — no technical background needed.
People who want to work in a Security Operations Center — monitoring, triaging alerts, and responding to incidents. A hands-on route into blue-team cybersecurity, no prior experience needed.
Analysts, IT and audit staff who want to specialize in vendor and third-party risk management.
Those who want to build and audit an ISO 27001 ISMS — a globally recognized route into GRC and information-security management.
Those targeting federal information-system security roles — running the NIST RMF and assessing controls toward an authorization.
Analysts and audit staff who want to plan and run IT audits across NIST, ISO, SOX and COBIT.
Those targeting U.S. government and defense-contractor roles handling controlled information.
GRC professionals future-proofing into the fast-growing field of AI governance and risk.
Cohort-based, instructor-led programs with labs and a portfolio.
A role-based bootcamp that walks you through the entire NIST Risk Management Framework — Prepare to Monitor — building the real artifacts (SSP, SAP, SAR, POA&M) federal employers expect. Finish with a portfolio and the language of the job.
Portfolio: Mini SSP · Security categorization memo · POA&M
A hands-on bootcamp that takes you through building an ISMS end to end — scope, risk treatment, Statement of Applicability, policies and ISO 27002 controls — ready for certification and a real implementation role.
Portfolio: ISO scope statement · Risk assessment workbook · Statement of Applicability
Learn to plan and run ISO 27001 audits — clause-by-clause logic, evidence collection, finding writing and CAPA — and finish ready for internal and lead-auditor support roles.
Portfolio: Internal audit plan · Audit checklist · Findings report
Master the full third-party risk lifecycle — intake, inherent risk, vendor assessments, evidence review, decisions and monitoring — with a portfolio of real vendor work.
Portfolio: Inherent Risk Questionnaire · Vendor Risk Assessment · Vendor assessment summary
Learn IT audit end to end — planning, control testing, evidence review, findings and reporting across NIST, ISO, SOX and COBIT — and finish with an audit portfolio.
Portfolio: Audit plan · Test script · Findings memo
Prepare for defense-contractor compliance — DFARS, NIST 800-171, SSP and POA&M, the CMMC assessment process and SPRS — ready for CMMC analyst and CCP/CCA pathways.
Portfolio: CMMC readiness summary · SSP sample · POA&M sample
The bootcamp for the AI era: govern AI to NIST AI RMF, ISO/IEC 42001 and the EU AI Act — and actually use AI, hands-on, to do the work. You leave able to both certify and operate responsible AI.
Portfolio: AI system inventory · AI risk assessment (NIST AI RMF) · AI governance policy
Start here — no background needed
The core concepts, threats and defenses — your on-ramp into a cybersecurity career.
Governance, risk & compliance from the ground up — policies, risk registers, control mapping, audit readiness.
Specialize in the core frameworks
Plan and run internal audits against Annex A — scoping, evidence, findings and reporting.
Take an organization from gap assessment to audit-ready against the Trust Services Criteria.
Control design and testing, evidence collection, and working effectively with auditors.
The 12 requirements, scoping a cardholder data environment, and maintaining compliance.
Write the policies, standards and procedures that pass audits and actually get used.
Advanced controls testing and assurance across multiple frameworks for senior audit roles.
The HIPAA Security and Privacy Rules in practice — safeguards, risk analysis, BAAs and breach notification for healthcare data.
Use CSF 2.0 to assess and improve a security program — Govern, Identify, Protect, Detect, Respond, Recover — and build a profile and roadmap.
Manage vendors, continuity and incidents
The full vendor lifecycle — due diligence, SIG/CAIQ, SOC 2 review, scoring and monitoring.
Design, complete and analyze security questionnaires — and turn answers into real risk decisions.
Build and test BCP/DR plans — business impact analysis, RTO/RPO, and recovery strategies.
Detection-to-reporting workflows, regulatory notification, and post-incident governance.
Data protection and securing the cloud
Lawful processing, data subject rights, DPIAs and building a working privacy program.
Shared-responsibility, cloud controls and mapping compliance across the major providers.
Bake security and governance into the software lifecycle — from design to deployment.
Meet the EU's tightening cyber rules — NIS2 for essential entities and DORA for financial services: scope, obligations and incident reporting.
Government and defense-contractor pathways
Protect CUI and prepare defense contractors for CMMC assessment against NIST 800-171.
The day-to-day ISSO role — system security plans, POA&Ms, continuous monitoring.
Run the Risk Management Framework end to end — categorize, select, implement, assess, authorize, monitor.
How cloud services earn and keep a FedRAMP authorization — baselines, the SSP, 3PAO assessment, the ATO and continuous monitoring.
The future-facing and leadership tracks
Govern AI systems — risk, regulation, and controls for responsible, compliant AI.
Board-level cyber governance and strategic risk — for leaders accountable for security.
Design awareness and phishing-simulation programs that actually change behavior.
What LLMs really are and how to use them well — a practical, hands-on intro for non-engineers who want to work confidently with AI.
Write prompts that get reliable results — draft policies, summarize evidence, and accelerate GRC work with AI, safely and repeatably.
Put AI to work in the real workflow — accelerate risk assessments, control mapping, audit prep and evidence review with the tools, guardrails and prompts that hold up.
Secure AI systems against prompt injection, data leakage, model and supply-chain risk — the practical threats behind every LLM deployment.
Stand up an AI Management System (AIMS) to ISO/IEC 42001 — scope, AI risk, controls and the documentation an auditor expects.
Assess and audit AI systems using the NIST AI Risk Management Framework — model cards, bias and robustness checks, and an AI governance evidence pack.
