Foundations of risk and governance

You frame security goals using confidentiality, integrity, and availability, then connect them to business outcomes executives recognize. Workshops build lightweight risk registers that capture threats, likelihood, impact, and existing controls without becoming paperwork theater. High-level tours of common frameworks explain when SOC 2, ISO, or sector-specific rules influence control selection. Discussions stress proportionality: not every asset deserves the same investment, but every decision should be traceable.

Identity, authentication, and authorization

Lessons explain passwords, MFA, phishing-resistant factors, directory integrations, and role-based access patterns that scale. You practice spotting excessive permissions in sample IAM tables and drafting remediation steps that operations teams can schedule. Privileged access receives extra attention, including break-glass accounts and session recording trade-offs. Short labs use policy checklists rather than live exploitation so beginners stay safe.

Network defenses and monitoring

You study segmentation strategies, TLS roles, VPN use cases, and the purpose of IDS versus IPS in layered defense. Logs become a theme: what to collect, how long to retain, and how alerts triage without burning out analysts. Scenarios include lateral movement after a phished credential and how network controls slow attackers even when detection is imperfect.

Incident response essentials

The closing unit walks through detection signals, containment choices, eradication steps, and recovery validation. Communication templates cover legal, PR, and customer notification pressures without promising unrealistic timelines. Tabletop exercises emphasize coordination across IT, legal, and leadership so participants leave knowing their own org’s escalation gaps.

Career pathways and ethics

You map how foundation skills connect to roles like SOC analyst, GRC specialist, or IT administrator with realistic next certifications. Ethical scenarios reinforce responsible disclosure and avoiding fear-based selling when advising leadership. A curated reading list highlights free reputable resources so learners can deepen specific domains without vendor lock-in. Alumni share anonymized stories about interviews and junior rotations so expectations stay grounded in real hiring pipelines. Optional journaling prompts help you translate classroom vocabulary into resume bullets that survive automated screening and recruiter phone screens.