Overview
CISO-level skills are not just for CISOs. Senior engineers and tech leads increasingly own security decisions — architecture reviews, vendor choices, compliance questionnaires, and risk conversations with leadership. This track gives you the governance language and frameworks to navigate those decisions confidently.
What You Will Learn
- Risk assessment: CIA triad, risk registers, 5×5 matrices, treatment options
- Security policy writing: AUP, IS policy, incident response plans
- Compliance frameworks: ISO 27001, SOC 2, NIST CSF 2.0, GDPR, PCI DSS
- Risk quantification: FAIR model, cyber insurance, board reporting
- Vendor risk: TPRM, due diligence, contract security clauses
- AI governance: AI risk management, vendor AI due diligence
- Leadership: security roadmaps, budget requests, board communication
Learning Path
| Level | Focus |
|---|---|
| Beginner | Governance fundamentals, risk basics, policy writing |
| Intermediate | Compliance frameworks, vendor risk, board metrics |
| Advanced | Operating models, M&A, NIS2/DORA, crisis management |
Start at By Example — Beginner or read the full by-example overview to see all 85 examples.
Last updated May 20, 2026