Governance, Compliance & Career Readiness
Governance, risk and compliance for security engineers — ISO 27001, SOC 2, GDPR, risk management, audits, and building a security career.
100% Free · All lessons unlocked
Course Content
Foundations
Core concepts and groundwork
GRC frameworks — ISO 27001, SOC 2 and NIST CSF in practice
Reading
Risk assessment methodology and risk registers
Reading
Third-party / vendor risk management
Reading
Security policies, standards and procedures hierarchy
Reading
Audit preparation and evidence collection
Reading
Practice — build a risk register for a sample SaaS company
Exercise
Core Skills
Essential techniques and patterns
GDPR principles and data subject rights
Reading
CCPA/CPRA and the US privacy landscape
Reading
India's DPDP Act 2023 — obligations for data fiduciaries
Reading
Data classification, retention and minimisation
Reading
Breach notification requirements across jurisdictions
Reading
Practice — draft a data protection impact assessment (DPIA)
Exercise
Applied Practice
Hands-on, real-world scenarios
Zero Trust Architecture — NIST 800-207 principles
Reading
Secure architecture review and reference architectures
Reading
Network segmentation and micro-segmentation strategies
Reading
Identity-centric security — passwordless and continuous auth
Reading
Security architecture documentation and diagramming
Reading
Practice — design a Zero Trust architecture for a remote workforce
Exercise
Advanced Topics
Deeper, more complex material
CompTIA Security+ — domain map and exam strategy
Reading
CEH and OSCP — what they test and how to prepare
Reading
AWS Certified Security – Specialty exam roadmap
Reading
CISSP domains overview for long-term career planning
Reading
Building a study plan and practice-exam strategy
Reading
Practice — take a timed Security+ style practice exam
Exercise
Production & Scale
Building for the real world
Building a security portfolio — write-ups, CTFs and GitHub
Reading
Resume and LinkedIn positioning for security roles
Reading
Mock technical interview — common security interview questions
Reading
Bug bounty platforms — getting started on HackerOne/Bugcrowd
Reading
Negotiation and evaluating job offers in security roles
Reading
Practice — publish a CTF write-up and polish your portfolio
Exercise
Mastery & Capstone
Projects and final review
Project brief — design a security program for a 200-person startup
Reading
Build governance docs, risk register and compliance roadmap
Exercise
Design Zero Trust architecture and incident response plan
Exercise
Present a board-level security risk briefing
Exercise
Capstone — submit full security program portfolio
Project
100% Free · All lessons unlocked
Topic Overview
What you'll learn
- Core concepts and fundamentals of Governance, Compliance & Career Readiness
- Industry best practices and design patterns
- Hands-on exercises with real-world scenarios
- Performance optimization and advanced techniques
- Building production-ready applications