Home / Certificates / Cybersecurity
Pro Intermediate

Professional Certificate in Cybersecurity

Defend a real environment with AI as your analyst — spot the threats, harden the gaps, triage the alerts, respond to the incident, secure the AI — and verify every claim before you act. 44 lessons + capstone.

11 modules 26 hours 6 weeks Certificate

Why this instead of a traditional degree?

Typical Cybersecurity Bootcamp
  • $5,000-$15,000 for a multi-month bootcamp or cert track
  • Teaches tools in isolation, not a defensive practice you run
  • Little on the AI now on both sides of the fight
  • Generic labs, no real environment to actually defend
  • Assumes you'll trust AI output — never teaches you to verify it
Professional Certificate in Cybersecurity
  • Included with Pro subscription
  • One realistic organization threads through every module
  • Every lesson runs real prompts, then verifies AI's work
  • A verification habit that catches AI's confident, wrong claims
  • Produces a reusable playbook + a capstone you self-score

What you'll learn

Execute the AI-augmented operating model across the defensive lifecycle — you direct, AI drafts, you verify — and recognize the six ways AI fails a defender before acting on any of them

Examine the threat landscape a real organization faces, map attacker behavior with MITRE ATT&CK as a defender's map, and inventory its assets and attack surface

Apply the vulnerability pipeline — prioritize with CVSS, EPSS, and the KEV list, decide what to patch, and trace every AI vulnerability claim to NVD before acting

Implement hardening for a real environment — audit configs against CIS Benchmarks, apply least privilege, secure the human gateways, and verify backups by testing a restore

Distinguish real alerts from noise with AI triage without falling for automation bias, write detection rules with Sigma, and hunt for the threats that fired no alert

Execute the incident-response lifecycle — investigate with AI, decide containment, handle the ransomware playbook, and communicate the incident honestly

Examine the AI systems your organization deployed for security — the AI attack surface, prompt injection and the OWASP LLM Top 10, shadow AI, and ATLAS-based monitoring

Build a personal AI-defender playbook and produce a complete defensive assessment solo in the capstone, scored against a professional rubric

Curriculum

11 modules · 44 lessons · capstone

Orientation — Your Path & Your Defender's Workbench

0.75h · Defender's workbench setup

See the full pathway from security-literate to complete defensive practitioner and where you stand on it, self-assess your prerequisites honestly, and set up the AI workbench and learn-with-AI method you'll use for the entire program.

Your Path to AI-Augmented Cyber DefensePrerequisite Self-AssessmentSet Up Your Defender's AI Workbench

Portfolio Deliverable: Working AI workbench with an engagement-context block and the learn-with-AI method

Start Module

The AI-Augmented Defender Operating Model

1.5h · Operating model + verification habit

The division of labor that runs the whole program — you direct, AI drafts, you verify — plus where AI fits the six-function defense lifecycle, the real AI-security tool landscape, and the six documented ways AI fails a defender.

The Operating Model: You Direct, AI Drafts, You VerifyWhere AI Fits: the Six-Function Defense MapThe Tool Landscape: Your Workbench vs. Security-Native AIWhen AI Is Wrong: the Defender's Verification Habit

Portfolio Deliverable: Your operating model: tool choice with reasoning + the five-check verification pass

Start Module

Know the Adversary, Know Your Terrain

1.5h · Terrain & risk map

Meet Coastal Supply — the organization you'll defend through Module 9. Read the threat landscape it actually faces, map attacker behavior with MITRE ATT&CK as a defender's map, inventory its assets and attack surface, and threat-model its risks with AI.

The Threat Landscape a Defender Actually FacesMITRE ATT&CK: the Defender's Map of Attacker BehaviorYou Can't Defend What You Can't See: Assets & Attack SurfaceRisk Assessment & Threat Modeling with AI

Portfolio Deliverable: A terrain map: threat briefing, ATT&CK mapping, asset inventory, and a prioritized risk register

Start Module

Vulnerability Management with AI

1.5h · Verified vuln posture

48,000 CVEs a year, and you can't patch them all. Run the vulnerability pipeline, prioritize with CVSS, EPSS, and the KEV reality check, make patch decisions — and verify every AI vulnerability claim against NVD before you act on it.

48,000 CVEs a Year: the Vulnerability PipelinePrioritization: CVSS, EPSS, and the KEV Reality CheckPatch Decisions — and Verifying AI's Vulnerability ClaimsCommunicating Vulnerability Posture

Portfolio Deliverable: A prioritized, verified vulnerability posture with a defensible patch order and a stakeholder readout

Start Module

Hardening & Protection with AI

2h · Hardening plan

Reduce what an attacker can reach. Audit configs against CIS Benchmarks, apply least privilege and access review, harden the human gateways (email, endpoints, policies), and build resilience — verifying backups by actually testing a restore.

Baselines: CIS Benchmarks and the Configuration GapIdentity Is the Perimeter: Least Privilege & Access ReviewHardening the Human Gateways: Email, Endpoints & PoliciesResilience: Backups, Change Safety & Verifying HardeningCumulative Review 1: From Operating Model to Hardened Terrain

Portfolio Deliverable: A hardening plan: config audit, access-review findings, gateway checklist, and a tested-restore plan

Start Module

Detection & Triage: the AI-Augmented SOC

1.5h · Triage + detection rule

Where AI's leverage is largest — and its trap deepest. Learn how logs become alerts, run the AI triage discipline (enrich, hypothesize, verify, verdict), write detection rules with Sigma, and tune false positives without falling for automation bias.

How Logs Become Alerts (and Why There Are Too Many)The AI Triage Discipline: Enrich, Hypothesize, Verify, VerdictWriting Detection Rules with AI: Sigma as Lingua FrancaTuning, False Positives & the Automation-Bias Trap

Portfolio Deliverable: An AI triage workflow and a tuned Sigma detection rule you own the verdict on

Start Module

Threat Hunting & Threat Intelligence

1.5h · Hunt + intel workflow

Go looking for what fired no alert. Hunt beyond the alert queue, query your own logs with AI, turn a threat-intelligence report into action, and run exposure discovery — writing the hunt report that turns a finding into a new detection.

Hunting: Beyond the Alert QueueHunting Your Own Logs with AIThreat Intelligence with AI: From Report to ActionExposure Discovery & the Hunt Report

Portfolio Deliverable: A hunt hypothesis, a log-hunt with AI, an actioned CTI report, and a hunt report

Start Module

Incident Response & Recovery

1.5h · Incident-response kit

When something breaks. Learn the IR lifecycle and the plan you'll actually use, investigate with AI (timelines, evidence, the story), make containment decisions and run the ransomware playbook, and communicate the incident and the review honestly.

The IR Lifecycle — and the Plan You'll Actually UseInvestigating with AI: Timelines, Evidence & the StoryContainment Decisions & the Ransomware PlaybookIncident Communications, the Report & the Review

Portfolio Deliverable: An IR plan, an AI-assisted incident timeline, a containment decision, and an incident report

Start Module

Securing AI Systems

2h · Secured AI systems

The newest terrain, and the one this certificate uniquely trains. Map your organization's AI attack surface, defend against prompt injection with the OWASP LLM Top 10, handle shadow AI and vendor risk, and monitor AI systems with the ATLAS map.

Your Organization's AI Attack SurfacePrompt Injection & the OWASP LLM Top 10 in PracticeShadow AI, Usage Policy & Vendor RiskMonitoring AI Systems & the ATLAS MapCumulative Review 2: Detect, Hunt, Respond, Secure

Portfolio Deliverable: An AI-attack-surface review, an injection-defense analysis, a shadow-AI plan, and an AI-monitoring approach

Start Module

Compliance, Reporting & the Human Layer

1.5h · AI-Defender Playbook

Turn your practice into something you can prove. Learn what each framework (CSF, ISO 27001, SOC 2) is for, collect evidence and run gap analysis with AI, write executive reports and awareness comms, and assemble your personal AI-defender playbook.

The Frameworks Map: CSF, ISO 27001, SOC 2 — What Each Is ForEvidence Collection & Gap Analysis with AIExecutive Reporting & the Human LayerYour AI-Defender Playbook

Portfolio Deliverable: A framework gap analysis, an executive readout, and your personal AI-defender playbook

Start Module

Capstone — A Fresh Environment to Defend

1.25h · Capstone assessment

A fresh organization you've never seen — Verdant Grocers, a grocery chain that bolted on AI and doesn't know how exposed it is. You scope the vague ask, run a complete defensive assessment across the whole practice solo, and score your own work against a professional rubric.

The Capstone Brief: Verdant GrocersBuilding the Defense AssessmentCapstone Close-Out: Score & Continue

Portfolio Deliverable: A complete defensive assessment on a fresh organization, self-scored against a professional rubric

Start Module
Professional Certificate in Cybersecurity
Verified credential

Your AI Toolkit

You'll use these AI tools throughout the program — the free tiers cover every exercise.

Claude / ChatGPT / Gemini

Your defender's workbench: threat modeling, vulnerability triage, hardening audits, detection-rule drafting, incident investigation, and executive reporting — with you verifying every claim

Free / $20/mo
NVD, CISA KEV, MITRE ATT&CK / ATLAS

The free authoritative sources you trace AI's claims against — the vulnerability database, the actively-exploited list, and the attacker-behavior maps

Free
CIS Benchmarks, Sigma, OWASP LLM Top 10

The open standards you harden against, write portable detection rules in, and review deployed AI systems with

Free

Every exercise works with free AI tools and free, public security resources. Security-native AI (Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple AI) and agentic SOC platforms are covered in the tool-landscape lesson so you can evaluate them at work — but none are required.

About this program

Cybersecurity is being reshaped in real time — and, unusually, by a force that sits on both sides of the fight. Attackers now use AI across the whole intrusion workflow (the median threat actor leveraged it across roughly 15 attack techniques last year), and defenders who use AI extensively save an estimated $1.9 million per breach and cut the breach lifecycle by about 80 days. But AI fails a defender in specific, dangerous ways: it invents CVE numbers that don’t exist, delivers wrong verdicts with the same confidence as right ones, and can be steered by instructions an attacker hides inside the very logs it reads. This program lives in exactly that gap. Across 44 lessons you’ll learn the operating model that makes AI a genuine defensive force multiplier — you direct, AI drafts, you verify — and apply it to the complete defensive practice: know the adversary and terrain, manage vulnerabilities, harden, detect and hunt, respond and recover, secure the AI your organization runs, and prove its compliance.

The spine of the program is one organization you defend the whole way through: Coastal Supply, a mid-size distributor with a thin IT team, an internet-facing order portal, and a marketing-added AI chatbot nobody reviewed. You’ll read the threats it actually faces, run its vulnerability pipeline and trace every AI claim to the authoritative source, harden its configuration and test whether its backups actually restore, triage its alerts without falling for the automation-bias trap, hunt for what fired no alert, respond to its incident, secure its AI systems, and turn the whole practice into something you can prove to an auditor. Every module adds a skill and a verification check. Then the capstone takes the training wheels off: Verdant Grocers, a grocery chain with e-commerce, consumer payment data, and two unreviewed AI systems — a genuinely different environment you assess solo and score against a professional rubric.

What makes this program different is its verification spine and its defensive discipline. This is the practitioner’s craft of defending an environment — not code-level security auditing (a sibling course), not AI governance and ethics (a sibling certificate), and not offensive security (a separate path with its own envelope). AI fails in documented, recurring ways — the hallucinated CVE, the confident-wrong triage verdict, the “all clear” that only checked one log source, the detection rule that fires on nothing — and every module trains the specific check that catches each one. You graduate with a complete defensive practice, a personal AI-defender playbook you carry into any tool or job, and the habit that keeps a defender valuable through every model generation: never acting on an AI claim you haven’t traced to its source. Module 0’s pathway map shows where this certificate sits on the road to mastery, with the Master Certification (designing the defense program) and the adjacent electives as the marked next steps.

Prerequisites

Complete these 3 short courses before starting the program. They give you the security hygiene, AI-agent risk sense, and hands-on AI-security fluency this program builds on — the program's self-assessment in Module 0 tells you exactly where you stand.

Frequently asked

Do I need specific AI tools, a SOC, or paid security software?

No. Every exercise works with the free tiers of Claude, ChatGPT, or Gemini, plus free, public security resources — the NVD vulnerability database, the CISA KEV list, MITRE ATT&CK and ATLAS, CIS Benchmarks, Sigma, and the OWASP LLM Top 10. The tool-landscape lesson covers the paid security-native AI (Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple AI) and agentic SOC platforms so you can evaluate them at work, but none are required for the program.

Is this the same as the AI-Powered Security Auditing course?

No — they sit at different levels and cover different work. The AI-Powered Security Auditing course teaches AI-assisted source-code security review for people who read code: finding injection, overflow, and RCE vulnerabilities in a codebase. This certificate is the operational defensive practice — environments, not codebases: threat and risk, hardening, detection, response, compliance, and securing deployed AI. They touch at exactly one seam (Module 3 notes that code-level auditing exists), and it's a signpost, not a lesson. If you want the code-audit craft specifically, take that course; if you want to defend a real organization end to end, this is the path.

How is this different from the Ethics & Governance certificate?

The line is simple: if the question is 'is this AI system fair, lawful, and accountable?' — that's the Ethics & Governance certificate (bias audits, fairness, the EU AI Act, governance charters). If the question is 'can an attacker abuse this AI system, and would we notice?' — that's this one. This certificate owns the security controls: prompt-injection defense, shadow-AI discovery, AI asset inventory, OWASP-LLM reviews, and monitoring AI systems for abuse. Governance program design and AI-specific regulation live in the Ethics & Governance certificate.

Is this the same as security-awareness training (spot the phish, lock your screen)?

No — that's the other side of the desk. Employee-awareness content is what our Cybersecurity Basics course delivers to end users, and what team-training short courses deliver to a workforce: being trained not to click links. This certificate trains the professional who practices cybersecurity — the analyst, the security-hatted sysadmin, the IT pro who owns the defense. You'll even learn to write the awareness layer with AI (Module 9), because real mid-level jobs include it — but writing and running the defense is the certificate; being trained not to click is Stage 0.

Does this teach hacking, penetration testing, or offensive security?

No — this is a defensive-practice pathway: hardening, detection, response, compliance, and securing AI. You'll learn attacker behavior as a map — MITRE ATT&CK, the shape of real intrusions, 'think like the attacker' threat modeling — because you can't triage what you can't recognize. But no lesson walks through offensive tooling: conducting penetration tests, developing exploits, or red-team tradecraft is a separate craft with its own legal and ethical envelope, flagged for the Master tier and adjacent tracks. Here, verification means 'confirm the patch took,' not 'pop the box.'

Will AI replace cybersecurity analysts?

The evidence points the other way. AI absorbs the mechanical work — enriching alerts, drafting detection rules, reconstructing timelines — but it's confidently, silently wrong in ways that matter in security: it invents CVE numbers, delivers wrong verdicts with full confidence, and can be steered by instructions hidden in the very logs it reads. On realistic full-investigation benchmarks, top AI models complete 61-67% of the tasks alone; top humans working with AI hit 73-85%. That gap is the job. This program trains exactly that human-plus-AI combination — and the verification habit that catches what AI can't see it's getting wrong — which is why it's more durable than tool skills alone.

What prerequisites do I need?

Three short courses: Cybersecurity Basics (the end-user security layer), Don't Trust Your AI Agent (threat modeling for AI agents), and AI for Security & DevOps (hands-on AI for scanning, hardening, and monitoring). Together they give you the security hygiene, AI-risk intuition, and practical fluency this program builds on. The Module 0 self-assessment tells you honestly whether you can skip any of them.

Do I need coding or deep technical skills?

You need security literacy and comfort using AI tools — not programming. In 2026 you describe what you need in plain English and AI drafts the detection rule, the triage analysis, or the incident timeline; your job is to direct it, read the output, and verify it against authoritative sources. You'll read a Sigma rule and a log, not hand-write code. The certificate is calibrated for a security-literate practitioner (a SOC analyst, a security-hatted sysadmin, an IT pro moving into defense), and Modules 0-1 build the AI operating model before any deep work.

What AI tools will I actually use?

Your primary tool is a general-LLM workbench — Claude, ChatGPT, or Gemini — used across every function: threat modeling, vulnerability triage, hardening audits, detection-rule drafting, incident investigation, and reporting. Alongside it you'll use the free authoritative sources you trace AI's claims against (NVD, CISA KEV, MITRE ATT&CK/ATLAS) and the open standards you work in (CIS Benchmarks, Sigma, OWASP LLM Top 10). The paid security-native tools are covered so you can evaluate them, not required to complete the program.

How long does it take to complete?

About 6 weeks at 4-5 hours per week — roughly 26 hours total, split between the lessons and the hands-on defensive practice. Fully self-paced, and the capstone rewards learners who don't rush it. Two cumulative reviews (at the one-third and two-thirds marks) consolidate the practice before the final stretch.

What do I actually build during the program?

You defend one realistic organization — Coastal Supply, a ~150-person distributor — across Modules 2-9: mapping its threats and risks, running its vulnerability pipeline, hardening it, detecting and hunting in its logs, responding to an incident, securing its AI systems, and proving its compliance. You assemble a personal AI-defender playbook along the way. Then the capstone hands you a completely different organization — Verdant Grocers, a grocery chain with e-commerce and two unreviewed AI systems — to assess solo and self-score against a professional rubric. You finish with a full practice, a reusable playbook, and a capstone assessment.

What's the difference between this certificate and the prerequisite courses?

The courses teach individual skills in a couple of hours each — security hygiene, AI-agent risk, hands-on scanning and hardening. This certificate integrates everything into a working defensive practice across 44 lessons: the complete lifecycle on a realistic organization, from threat and risk through detection, response, securing AI, and compliance, with the verification habit running through all of it and a capstone you run solo. It's the difference between knowing the pieces and being able to defend an environment end to end.

Is the certificate recognized by employers, and how does it map to industry certs?

The certificate carries a verifiable credential ID. More practically, it's built to the shape of the mid-level defensive craft the industry already recognizes — its modules mirror the domain weights of CompTIA's CySA+ (Security Operations, Vulnerability Management, Incident Response, Reporting), the mid-level anchor. And it produces artifacts you can show: a risk register, a hardening plan, a tuned detection rule, an incident report, an AI-security review, and a capstone assessment scored against a professional rubric. In interviews, walking through how you caught an AI-hallucinated CVE before it drove a patch cycle lands harder than any certificate line.

What comes after the certificate?

This takes you to practitioner (mid) level — running the defensive practice for a real environment. To go deeper, the pathway continues to the Master Certification: designing the defense program, detection strategy, SOC architecture, and incident command at org scale. To go wider, adjacent tracks cover the code-level craft (the AI-Powered Security Auditing course) and AI governance (the Ethics & Governance certificate). Module 0 shows the full map, and the capstone's final lesson marks exactly where you stand and every next climb.

Ready to master Cybersecurity with AI?

Start Learning
First 2 lessons free · $9/mo Pro