Build the knowledge and practical skills to protect your organisation from cyber threats — covering risk assessment, security frameworks, incident response, and security culture.
Cyber threats are no longer the exclusive concern of IT departments. Ransomware attacks, data breaches, phishing campaigns, and supply-chain compromises affect organisations of every size and sector, with consequences that extend far beyond technical systems to encompass financial loss, regulatory penalties, and lasting reputational damage. Every professional — not just those in security roles — plays a part in an organisation's defence posture.
This seven-module course provides a comprehensive grounding in cybersecurity fundamentals. You will learn to understand the threat landscape, assess and manage risk, apply industry-standard security frameworks, protect networks and endpoints, manage identity and access, plan for and respond to security incidents, and build a culture where security is everyone's responsibility. The course balances conceptual understanding with hands-on labs that let you practise in realistic simulated environments.
Security is not a product you can buy — it is a process you must build, maintain, and continuously improve. This course gives you the blueprint.
Each module includes scenario-based exercises drawn from real-world incidents, giving you the opportunity to apply what you learn to situations that mirror the challenges security professionals face daily. By the end of the course, you will have the foundational knowledge needed to contribute meaningfully to your organisation's cybersecurity posture, whether you are in a dedicated security role or a business function that intersects with security.
This course serves a broad audience, from those exploring a career in cybersecurity to professionals in adjacent roles who need to understand security principles.
Understanding what you are defending against is the first step toward effective security. This module surveys the current cyber threat landscape: the actors (nation-states, organised crime, hacktivists, insiders), their motivations (financial gain, espionage, disruption, ideology), and the techniques they employ. You will study the anatomy of major attack types — phishing, ransomware, denial-of-service, supply-chain attacks, and zero-day exploits — and learn how to use threat intelligence sources to stay informed about emerging risks relevant to your industry. Labs in this module include analysing real phishing emails and mapping attack chains using the MITRE ATT&CK framework.
Not all risks are equal, and no organisation has unlimited resources to address them. This module teaches you how to systematically identify, analyse, and prioritise cybersecurity risks using both qualitative and quantitative methods. You will learn to conduct asset inventories, identify vulnerabilities and threats, assess likelihood and impact, and produce risk registers that inform investment decisions. The module covers risk treatment options — accept, mitigate, transfer, and avoid — and walks you through building a risk management programme that aligns security spending with business priorities. A hands-on lab guides you through completing a risk assessment for a realistic mid-size organisation scenario.
Security frameworks provide the structure and common language that enable organisations to build, measure, and improve their security programmes. This module provides an in-depth examination of two of the most widely adopted frameworks: the NIST Cybersecurity Framework (CSF) with its five core functions — Identify, Protect, Detect, Respond, Recover — and ISO/IEC 27001, the international standard for information security management systems. You will learn how each framework is structured, how to conduct a gap analysis against them, and how to use them to build a security improvement roadmap. The module also addresses how the two frameworks complement each other and how organisations frequently use them in combination.
Networks and endpoints are the primary attack surfaces for most organisations. This module covers the technical controls that protect them: firewalls, intrusion detection and prevention systems (IDS/IPS), network segmentation, VPNs, endpoint detection and response (EDR), patch management, and encryption in transit and at rest. You will learn how these controls work, when to deploy each one, and how they fit together as layers of a defence-in-depth strategy. Labs include configuring firewall rules in a simulated environment, analysing network traffic for indicators of compromise, and evaluating endpoint protection solutions against common malware samples.
Compromised credentials are involved in the majority of data breaches. This module focuses on the principles and technologies that ensure the right people have the right access to the right resources — and nothing more. You will learn the concepts of least privilege, separation of duties, and role-based access control (RBAC), and explore authentication technologies including multi-factor authentication (MFA), single sign-on (SSO), and passwordless authentication. The module also covers privileged access management (PAM), identity governance, and the lifecycle management of user accounts from onboarding through offboarding. Labs include designing an access control policy for a multi-department organisation and configuring MFA in a simulated identity provider.
When a security incident occurs — and in today's threat environment, it is a matter of when, not if — the speed and quality of your response determines whether a minor event becomes a catastrophic breach. This module teaches you how to build, test, and maintain an incident response plan. You will learn the phases of incident response (preparation, identification, containment, eradication, recovery, and lessons learned), how to assemble and train an incident response team, and how to establish communication protocols for internal and external stakeholders — including regulators, customers, and the media. The centrepiece lab is a tabletop exercise where you walk through a simulated ransomware incident from detection through to recovery and post-incident review.
Technology alone cannot protect an organisation if its people are the weakest link. This final module addresses the human dimension of cybersecurity: building a culture where security-conscious behaviour is the norm rather than the exception. You will learn how to design and deliver effective security awareness programmes that go beyond compliance checkboxes, use behavioural science principles to encourage lasting habit change, measure the effectiveness of awareness initiatives, and gain executive sponsorship for security culture investments. The module also covers the role of policy in shaping behaviour — acceptable use policies, data handling procedures, and incident reporting expectations — and how to write policies that are clear, enforceable, and actually read by the people they apply to.
Upon successful completion of this course, you will be able to:
This course is accessible to learners with a basic understanding of IT concepts. Specifically, you should have:
No programming knowledge is needed. The labs use guided, point-and-click environments that teach security concepts without requiring command-line expertise. Where command-line tools are introduced (such as basic network analysis), step-by-step instructions are provided.