Education

A practical, jargon-free introduction to cybersecurity for business professionals. Learn what it is, how organizations manage it, and why your daily decisions matter more than any software your company buys.

A practical guide for organizations and individuals working with aging populations. Covers why older adults are disproportionately targeted, how common scams and social engineering tactics work, and how senior centers, healthcare providers, financial advisors, and families can build protective practices into their everyday work.

How cyber insurance went from a late-1990s afterthought to a volatile, high-stakes market -- and why that history explains every exclusion, premium swing, and coverage gap in your policy today.

Attackers impersonate your domain every day. SPF, DKIM, and DMARC are the email authentication standards that stop them. This course explains how they work, how to implement them correctly, and how to move from monitoring to full enforcement without breaking your email.

HIPAA is not just a legal obligation for clinicians. Everyone who touches systems that store or transmit patient data is accountable. This course explains the HIPAA Security Rule from a technical perspective: what the safeguards require, how to implement them, and how to build a program that holds up when regulators ask questions.

Most organizations buy cyber insurance without fully understanding what they purchased. This course walks through how cyber policies are structured, what first-party and third-party coverages actually mean, which exclusions most commonly deny claims, and how to make sure your security program matches what your insurer expects.

Most access control failures are not sophisticated attacks. They are provisioning mistakes, forgotten accounts, and accumulated privileges that were never reviewed. This course covers the full identity lifecycle: how to grant access correctly, how to keep it right as people change roles, and how to revoke it completely when they leave.

A practical communication course for security and IT professionals who need executive and board buy-in. Learn how to translate technical risk into business language, build compelling business cases, present to boards, and sustain credibility over time.

Understand what SOC 2 actually requires, what auditors look for, and how your leadership decisions determine whether your audit succeeds or fails — explained in plain language for business owners and executives.

Most organizations do not have a clear picture of which vendors can access their systems or data — or what those vendors' security practices actually look like. This course shows you how to build a vendor risk program that identifies, assesses, and monitors third-party risk before it becomes your problem.

Most organizations have an incident response plan. Very few have one that would actually work under pressure. This course shows you how to build a plan that holds up, who needs to be involved, and how tabletop exercises turn paper plans into operational readiness.

A practical pre-assessment guide covering PCI DSS history, merchant levels, SAQ selection, the 12 requirements, and what assessors actually look for.

A practical cybersecurity guide for local government IT staff, administrators, and elected officials. Covers the government threat landscape, regulatory requirements, ransomware preparedness, critical infrastructure protection, small IT team strategies, public accountability, and how to build a defensible program with limited resources.

A practical guide to the updated FTC Safeguards Rule for non-bank financial institutions. Covers who is actually covered (including auto dealers, mortgage brokers, and tax preparers who often don't know they are), what the 2023 requirements demand, and how to reframe compliance from a regulatory checkbox into a measurable competitive advantage.

Most risk assessments find what they were set up to find. This course teaches you how to conduct an operational risk assessment that surfaces what is actually there: the dependencies nobody mapped, the controls that exist on paper but not in practice, and the gaps that only appear when you look across systems and processes together.

A practical guide for credit union staff and leadership covering NCUA examination authority, the ACET maturity framework, governance expectations, incident notification requirements, and how to prepare evidence before the examiner arrives.

A practical guide to the fragmented U.S. privacy and cybersecurity legal landscape. Covers California's CCPA/CPRA, the second-wave state laws, breach notification variations across all 50 states, sector-specific requirements, and how to build a compliance program that holds up across jurisdictions.

A practical guide to implementing the NIST Cybersecurity Framework, including SP 800-53 and SP 800-171, scaled for organizations that don't have a dedicated compliance department.

As AI-powered tools like ChatGPT, Gemini, and Perplexity become how customers find and choose businesses, traditional SEO is no longer enough. This 10-session course teaches business owners how to optimize for AI recommendation systems: from structuring your content and data for machine understanding, to measuring your visibility in AI-generated answers and outcompeting rivals in a new era of search.