Course Info
Introduction
Tier 3 – Strategy & Leadership is aimed at experienced cybersecurity professionals
preparing for leadership roles. This tier moves beyond hands-on operations and focuses on
governance, risk, compliance, enterprise security architecture, and program management.
You will learn how to design and lead security programs, align cyber initiatives with
organizational goals, manage risk at the enterprise level, and communicate effectively with
executives and stakeholders. The curriculum is aligned with high-level certifications such as
CISSP, CISM, CCISO, and PMP.
Who Should Enroll
Cybersecurity professionals advancing from practitioner to leadership roles, or learners who have completed Tier 2.
What You'll Learn
- Develop and govern security policies and controls using major GRC frameworks.
- Align cybersecurity initiatives with enterprise-level goals, budgets, and priorities.
- Lead risk management, cyber policy, and security architecture projects across the organization.
- Navigate legal, ethical, and regulatory responsibilities, including privacy and compliance mandates.
- Oversee operational risk, incident management, business continuity, and disaster recovery.
- Build and manage high-performing security teams, programs, and metrics.
Aligned Certifications
-
Certified Information Systems Security Professional (CISSP)
-
Certified Information Security Manager (CISM)
-
Certified Chief Information Security Officer (CISM)
-
Project Management Professional (PMP)
Learning Time
Tier 3 is an 8-week course that includes approximately 18 hours of independent study each week and 2 hours of live virtual class sessions via Zoom, for a total of 160 hours.
Modules
- Examine security governance principles and regulatory mandates such as FISMA, HIPAA, PCI-DSS, and FedRAMP.
- Apply enterprise risk management frameworks including NIST RMF, ISO 27001, and COSO/COBIT.
- Design policies and controls that support organizational objectives while meeting compliance requirements.
- Understand cybersecurity laws, privacy frameworks (GDPR, CCPA), and regulatory expectations.
- Distinguish between due care and due diligence in organizational security.
- Manage accountability for incident reporting, breach notifications, and compliance obligations.
- Design layered security architectures based on NIST SP 800-53 and related standards.
- Integrate security into the SDLC, system accreditation, and enterprise project lifecycles.
- Align technical controls with business goals, risk appetite, and stakeholder expectations.
- Lead threat modeling and vulnerability management at the enterprise level.
- Apply NIST SP 800-61 for incident response planning and execution.
- Develop business continuity and disaster recovery strategies using NIST SP 800-34 and related guidance.
- Build, fund, and sustain enterprise security programs aligned with business strategy.
- Manage teams, budgets, and vendor relationships in complex organizational environments.
- Develop KPIs, metrics, and reporting strategies that resonate with executives and boards.
