Professional Certificate in Cybersecurity
Defend a real environment with AI as your analyst — spot the threats, harden the gaps, triage the alerts, respond to the incident, secure the AI — and verify every claim before you act. 44 lessons + capstone.
Why this instead of a traditional degree?
- $5,000-$15,000 for a multi-month bootcamp or cert track
- Teaches tools in isolation, not a defensive practice you run
- Little on the AI now on both sides of the fight
- Generic labs, no real environment to actually defend
- Assumes you'll trust AI output — never teaches you to verify it
- Included with Pro subscription
- One realistic organization threads through every module
- Every lesson runs real prompts, then verifies AI's work
- A verification habit that catches AI's confident, wrong claims
- Produces a reusable playbook + a capstone you self-score
What you'll learn
Execute the AI-augmented operating model across the defensive lifecycle — you direct, AI drafts, you verify — and recognize the six ways AI fails a defender before acting on any of them
Examine the threat landscape a real organization faces, map attacker behavior with MITRE ATT&CK as a defender's map, and inventory its assets and attack surface
Apply the vulnerability pipeline — prioritize with CVSS, EPSS, and the KEV list, decide what to patch, and trace every AI vulnerability claim to NVD before acting
Implement hardening for a real environment — audit configs against CIS Benchmarks, apply least privilege, secure the human gateways, and verify backups by testing a restore
Distinguish real alerts from noise with AI triage without falling for automation bias, write detection rules with Sigma, and hunt for the threats that fired no alert
Execute the incident-response lifecycle — investigate with AI, decide containment, handle the ransomware playbook, and communicate the incident honestly
Examine the AI systems your organization deployed for security — the AI attack surface, prompt injection and the OWASP LLM Top 10, shadow AI, and ATLAS-based monitoring
Build a personal AI-defender playbook and produce a complete defensive assessment solo in the capstone, scored against a professional rubric
Curriculum
Orientation — Your Path & Your Defender's Workbench
See the full pathway from security-literate to complete defensive practitioner and where you stand on it, self-assess your prerequisites honestly, and set up the AI workbench and learn-with-AI method you'll use for the entire program.
Orientation — Your Path & Your Defender's Workbench
Portfolio Deliverable: Working AI workbench with an engagement-context block and the learn-with-AI method
Start ModuleThe AI-Augmented Defender Operating Model
The division of labor that runs the whole program — you direct, AI drafts, you verify — plus where AI fits the six-function defense lifecycle, the real AI-security tool landscape, and the six documented ways AI fails a defender.
The AI-Augmented Defender Operating Model
Portfolio Deliverable: Your operating model: tool choice with reasoning + the five-check verification pass
Start ModuleKnow the Adversary, Know Your Terrain
Meet Coastal Supply — the organization you'll defend through Module 9. Read the threat landscape it actually faces, map attacker behavior with MITRE ATT&CK as a defender's map, inventory its assets and attack surface, and threat-model its risks with AI.
Know the Adversary, Know Your Terrain
Portfolio Deliverable: A terrain map: threat briefing, ATT&CK mapping, asset inventory, and a prioritized risk register
Start ModuleVulnerability Management with AI
48,000 CVEs a year, and you can't patch them all. Run the vulnerability pipeline, prioritize with CVSS, EPSS, and the KEV reality check, make patch decisions — and verify every AI vulnerability claim against NVD before you act on it.
Vulnerability Management with AI
Portfolio Deliverable: A prioritized, verified vulnerability posture with a defensible patch order and a stakeholder readout
Start ModuleHardening & Protection with AI
Reduce what an attacker can reach. Audit configs against CIS Benchmarks, apply least privilege and access review, harden the human gateways (email, endpoints, policies), and build resilience — verifying backups by actually testing a restore.
Hardening & Protection with AI
Portfolio Deliverable: A hardening plan: config audit, access-review findings, gateway checklist, and a tested-restore plan
Start ModuleDetection & Triage: the AI-Augmented SOC
Where AI's leverage is largest — and its trap deepest. Learn how logs become alerts, run the AI triage discipline (enrich, hypothesize, verify, verdict), write detection rules with Sigma, and tune false positives without falling for automation bias.
Detection & Triage: the AI-Augmented SOC
Portfolio Deliverable: An AI triage workflow and a tuned Sigma detection rule you own the verdict on
Start ModuleThreat Hunting & Threat Intelligence
Go looking for what fired no alert. Hunt beyond the alert queue, query your own logs with AI, turn a threat-intelligence report into action, and run exposure discovery — writing the hunt report that turns a finding into a new detection.
Threat Hunting & Threat Intelligence
Portfolio Deliverable: A hunt hypothesis, a log-hunt with AI, an actioned CTI report, and a hunt report
Start ModuleIncident Response & Recovery
When something breaks. Learn the IR lifecycle and the plan you'll actually use, investigate with AI (timelines, evidence, the story), make containment decisions and run the ransomware playbook, and communicate the incident and the review honestly.
Incident Response & Recovery
Portfolio Deliverable: An IR plan, an AI-assisted incident timeline, a containment decision, and an incident report
Start ModuleSecuring AI Systems
The newest terrain, and the one this certificate uniquely trains. Map your organization's AI attack surface, defend against prompt injection with the OWASP LLM Top 10, handle shadow AI and vendor risk, and monitor AI systems with the ATLAS map.
Securing AI Systems
Portfolio Deliverable: An AI-attack-surface review, an injection-defense analysis, a shadow-AI plan, and an AI-monitoring approach
Start ModuleCompliance, Reporting & the Human Layer
Turn your practice into something you can prove. Learn what each framework (CSF, ISO 27001, SOC 2) is for, collect evidence and run gap analysis with AI, write executive reports and awareness comms, and assemble your personal AI-defender playbook.
Compliance, Reporting & the Human Layer
Portfolio Deliverable: A framework gap analysis, an executive readout, and your personal AI-defender playbook
Start ModuleCapstone — A Fresh Environment to Defend
A fresh organization you've never seen — Verdant Grocers, a grocery chain that bolted on AI and doesn't know how exposed it is. You scope the vague ask, run a complete defensive assessment across the whole practice solo, and score your own work against a professional rubric.
Capstone — A Fresh Environment to Defend
Portfolio Deliverable: A complete defensive assessment on a fresh organization, self-scored against a professional rubric
Start ModuleYour AI Toolkit
You'll use these AI tools throughout the program — the free tiers cover every exercise.
Your defender's workbench: threat modeling, vulnerability triage, hardening audits, detection-rule drafting, incident investigation, and executive reporting — with you verifying every claim
Free / $20/moThe free authoritative sources you trace AI's claims against — the vulnerability database, the actively-exploited list, and the attacker-behavior maps
FreeThe open standards you harden against, write portable detection rules in, and review deployed AI systems with
FreeEvery exercise works with free AI tools and free, public security resources. Security-native AI (Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple AI) and agentic SOC platforms are covered in the tool-landscape lesson so you can evaluate them at work — but none are required.
About this program
Cybersecurity is being reshaped in real time — and, unusually, by a force that sits on both sides of the fight. Attackers now use AI across the whole intrusion workflow (the median threat actor leveraged it across roughly 15 attack techniques last year), and defenders who use AI extensively save an estimated $1.9 million per breach and cut the breach lifecycle by about 80 days. But AI fails a defender in specific, dangerous ways: it invents CVE numbers that don’t exist, delivers wrong verdicts with the same confidence as right ones, and can be steered by instructions an attacker hides inside the very logs it reads. This program lives in exactly that gap. Across 44 lessons you’ll learn the operating model that makes AI a genuine defensive force multiplier — you direct, AI drafts, you verify — and apply it to the complete defensive practice: know the adversary and terrain, manage vulnerabilities, harden, detect and hunt, respond and recover, secure the AI your organization runs, and prove its compliance.
The spine of the program is one organization you defend the whole way through: Coastal Supply, a mid-size distributor with a thin IT team, an internet-facing order portal, and a marketing-added AI chatbot nobody reviewed. You’ll read the threats it actually faces, run its vulnerability pipeline and trace every AI claim to the authoritative source, harden its configuration and test whether its backups actually restore, triage its alerts without falling for the automation-bias trap, hunt for what fired no alert, respond to its incident, secure its AI systems, and turn the whole practice into something you can prove to an auditor. Every module adds a skill and a verification check. Then the capstone takes the training wheels off: Verdant Grocers, a grocery chain with e-commerce, consumer payment data, and two unreviewed AI systems — a genuinely different environment you assess solo and score against a professional rubric.
What makes this program different is its verification spine and its defensive discipline. This is the practitioner’s craft of defending an environment — not code-level security auditing (a sibling course), not AI governance and ethics (a sibling certificate), and not offensive security (a separate path with its own envelope). AI fails in documented, recurring ways — the hallucinated CVE, the confident-wrong triage verdict, the “all clear” that only checked one log source, the detection rule that fires on nothing — and every module trains the specific check that catches each one. You graduate with a complete defensive practice, a personal AI-defender playbook you carry into any tool or job, and the habit that keeps a defender valuable through every model generation: never acting on an AI claim you haven’t traced to its source. Module 0’s pathway map shows where this certificate sits on the road to mastery, with the Master Certification (designing the defense program) and the adjacent electives as the marked next steps.
Prerequisites
Complete these 3 short courses before starting the program. They give you the security hygiene, AI-agent risk sense, and hands-on AI-security fluency this program builds on — the program's self-assessment in Module 0 tells you exactly where you stand.
The end-user security layer — passwords, MFA, phishing, device and Wi-Fi safety, personal incident response. The literacy floor every defender starts from.
Threat modeling for AI agents — isolation, permissions, and an intro to prompt injection. The AI-risk intuition the securing-AI module deepens.
Hands-on AI for vulnerability scanning and triage, hardening, monitoring, and compliance basics — the practical on-ramp this program turns into a full practice.
Frequently asked
Do I need specific AI tools, a SOC, or paid security software?
No. Every exercise works with the free tiers of Claude, ChatGPT, or Gemini, plus free, public security resources — the NVD vulnerability database, the CISA KEV list, MITRE ATT&CK and ATLAS, CIS Benchmarks, Sigma, and the OWASP LLM Top 10. The tool-landscape lesson covers the paid security-native AI (Microsoft Security Copilot, CrowdStrike Charlotte, SentinelOne Purple AI) and agentic SOC platforms so you can evaluate them at work, but none are required for the program.
Is this the same as the AI-Powered Security Auditing course?
No — they sit at different levels and cover different work. The AI-Powered Security Auditing course teaches AI-assisted source-code security review for people who read code: finding injection, overflow, and RCE vulnerabilities in a codebase. This certificate is the operational defensive practice — environments, not codebases: threat and risk, hardening, detection, response, compliance, and securing deployed AI. They touch at exactly one seam (Module 3 notes that code-level auditing exists), and it's a signpost, not a lesson. If you want the code-audit craft specifically, take that course; if you want to defend a real organization end to end, this is the path.
How is this different from the Ethics & Governance certificate?
The line is simple: if the question is 'is this AI system fair, lawful, and accountable?' — that's the Ethics & Governance certificate (bias audits, fairness, the EU AI Act, governance charters). If the question is 'can an attacker abuse this AI system, and would we notice?' — that's this one. This certificate owns the security controls: prompt-injection defense, shadow-AI discovery, AI asset inventory, OWASP-LLM reviews, and monitoring AI systems for abuse. Governance program design and AI-specific regulation live in the Ethics & Governance certificate.
Is this the same as security-awareness training (spot the phish, lock your screen)?
No — that's the other side of the desk. Employee-awareness content is what our Cybersecurity Basics course delivers to end users, and what team-training short courses deliver to a workforce: being trained not to click links. This certificate trains the professional who practices cybersecurity — the analyst, the security-hatted sysadmin, the IT pro who owns the defense. You'll even learn to write the awareness layer with AI (Module 9), because real mid-level jobs include it — but writing and running the defense is the certificate; being trained not to click is Stage 0.
Does this teach hacking, penetration testing, or offensive security?
No — this is a defensive-practice pathway: hardening, detection, response, compliance, and securing AI. You'll learn attacker behavior as a map — MITRE ATT&CK, the shape of real intrusions, 'think like the attacker' threat modeling — because you can't triage what you can't recognize. But no lesson walks through offensive tooling: conducting penetration tests, developing exploits, or red-team tradecraft is a separate craft with its own legal and ethical envelope, flagged for the Master tier and adjacent tracks. Here, verification means 'confirm the patch took,' not 'pop the box.'
Will AI replace cybersecurity analysts?
The evidence points the other way. AI absorbs the mechanical work — enriching alerts, drafting detection rules, reconstructing timelines — but it's confidently, silently wrong in ways that matter in security: it invents CVE numbers, delivers wrong verdicts with full confidence, and can be steered by instructions hidden in the very logs it reads. On realistic full-investigation benchmarks, top AI models complete 61-67% of the tasks alone; top humans working with AI hit 73-85%. That gap is the job. This program trains exactly that human-plus-AI combination — and the verification habit that catches what AI can't see it's getting wrong — which is why it's more durable than tool skills alone.
What prerequisites do I need?
Three short courses: Cybersecurity Basics (the end-user security layer), Don't Trust Your AI Agent (threat modeling for AI agents), and AI for Security & DevOps (hands-on AI for scanning, hardening, and monitoring). Together they give you the security hygiene, AI-risk intuition, and practical fluency this program builds on. The Module 0 self-assessment tells you honestly whether you can skip any of them.
Do I need coding or deep technical skills?
You need security literacy and comfort using AI tools — not programming. In 2026 you describe what you need in plain English and AI drafts the detection rule, the triage analysis, or the incident timeline; your job is to direct it, read the output, and verify it against authoritative sources. You'll read a Sigma rule and a log, not hand-write code. The certificate is calibrated for a security-literate practitioner (a SOC analyst, a security-hatted sysadmin, an IT pro moving into defense), and Modules 0-1 build the AI operating model before any deep work.
What AI tools will I actually use?
Your primary tool is a general-LLM workbench — Claude, ChatGPT, or Gemini — used across every function: threat modeling, vulnerability triage, hardening audits, detection-rule drafting, incident investigation, and reporting. Alongside it you'll use the free authoritative sources you trace AI's claims against (NVD, CISA KEV, MITRE ATT&CK/ATLAS) and the open standards you work in (CIS Benchmarks, Sigma, OWASP LLM Top 10). The paid security-native tools are covered so you can evaluate them, not required to complete the program.
How long does it take to complete?
About 6 weeks at 4-5 hours per week — roughly 26 hours total, split between the lessons and the hands-on defensive practice. Fully self-paced, and the capstone rewards learners who don't rush it. Two cumulative reviews (at the one-third and two-thirds marks) consolidate the practice before the final stretch.
What do I actually build during the program?
You defend one realistic organization — Coastal Supply, a ~150-person distributor — across Modules 2-9: mapping its threats and risks, running its vulnerability pipeline, hardening it, detecting and hunting in its logs, responding to an incident, securing its AI systems, and proving its compliance. You assemble a personal AI-defender playbook along the way. Then the capstone hands you a completely different organization — Verdant Grocers, a grocery chain with e-commerce and two unreviewed AI systems — to assess solo and self-score against a professional rubric. You finish with a full practice, a reusable playbook, and a capstone assessment.
What's the difference between this certificate and the prerequisite courses?
The courses teach individual skills in a couple of hours each — security hygiene, AI-agent risk, hands-on scanning and hardening. This certificate integrates everything into a working defensive practice across 44 lessons: the complete lifecycle on a realistic organization, from threat and risk through detection, response, securing AI, and compliance, with the verification habit running through all of it and a capstone you run solo. It's the difference between knowing the pieces and being able to defend an environment end to end.
Is the certificate recognized by employers, and how does it map to industry certs?
The certificate carries a verifiable credential ID. More practically, it's built to the shape of the mid-level defensive craft the industry already recognizes — its modules mirror the domain weights of CompTIA's CySA+ (Security Operations, Vulnerability Management, Incident Response, Reporting), the mid-level anchor. And it produces artifacts you can show: a risk register, a hardening plan, a tuned detection rule, an incident report, an AI-security review, and a capstone assessment scored against a professional rubric. In interviews, walking through how you caught an AI-hallucinated CVE before it drove a patch cycle lands harder than any certificate line.
What comes after the certificate?
This takes you to practitioner (mid) level — running the defensive practice for a real environment. To go deeper, the pathway continues to the Master Certification: designing the defense program, detection strategy, SOC architecture, and incident command at org scale. To go wider, adjacent tracks cover the code-level craft (the AI-Powered Security Auditing course) and AI governance (the Ethics & Governance certificate). Module 0 shows the full map, and the capstone's final lesson marks exactly where you stand and every next climb.