CISOs Academy · The CISO Pipeline

Where the next generation
of CISOs gets built.

Not a course catalog — a pipeline. The Academy takes a practitioner from their first 90 days as a deputy through board-level leadership, on the same career arc the C100, A100, and Deputy C100 programs recognize. Taught by the working CISOs who already author the CISOs Investigate research. Free for CISOs Connect members.

4
Learning paths · Foundation, Practitioner, Leadership, Specialist
CPE
ISC2 + ISACA credits · auto-submit on opt-in
100%
Faculty are working CISOs · peer-reviewed
$0
Cost to CISOs Connect members
The Pipeline

One arc, from first-90-days to board-level.

The Academy isn't a side product — it's the training arm of the same career arc CISOs Connect recognizes through C100, A100, and Deputy C100. Each learning path is built for practitioners at a specific point on that arc.

Path I

Foundation

Deputy CISOs and first-time CISOs — the same tier the Deputy C100 recognizes.

Path II

Practitioner

Working CISOs running active programs — the operating depth the A100 looks for in an emerging leader.

Path III

Leadership

Senior CISOs with board exposure — governance and communication at C100 caliber.

Path IV

Specialist

Topic depth at any career stage — the emerging-area expertise that keeps a program current.

How it works

Four ways to learn — picked to fit the way CISOs work.

Bite-sized when you need a CPE-credit-eligible answer this afternoon. Cohort-based when peer discussion is the actual learning. Masterclass when you want to hear it from a named practitioner. Roundtable when you want to convene with peers on the topic.

01 · Self-paced

Microcredentials

1–2 hour focused courses on a specific topic. Video, readings, knowledge checks, certificate, and CPE on completion. The bulk of the catalog.

02 · Cohort-based

Cohort programs

4–6 week programs with weekly 90-min live sessions, capstone projects, and a peer cohort of ~25 working CISOs. Foundational and leadership topics.

03 · Live

Masterclasses

Monthly 90-minute live sessions taught by named CISOs from the C100 / A100 / D100 cohorts. Q&A live; recording archived for members.

04 · Convening

Roundtables

Members-only working-group sessions on a topic. Chatham House Rule, professionally moderated. Now CPE-eligible as of 2026.

Learning Paths

Organized around the CISO career arc.

Four tracks, mapped to where you are in your security-leadership career. Take individual courses, or earn a full Path Certificate.

Path I · Foundation

For deputy CISOs and aspiring CISOs.

For Deputy C100-eligible practitioners and security leaders in their first two years as CISO. Sample courses: "The First 90 Days as CISO" · "Building Your First Security Program" · "Reporting Up: Your First Board Brief" · "Hiring Your Deputy".

Path II · Practitioner

For working CISOs running active programs.

Domain-specific deep dives on the issues that define a working security program. Sample courses: "Cloud Security at Three Clouds" · "Identity in the Agentic-AI Era" · "Vendor Evaluation: A CISO's Playbook" · "The SBOM Compliance Reality".

Path III · Leadership

For senior CISOs with board exposure.

Governance, board reporting, crisis communications, and the regulatory regime. Sample courses: "The Board's Cyber Posture" · "SEC Disclosure One Year In" · "Materiality and the 8-K" · "Leading Through a Breach".

Path IV · Specialist

Topic depth, any career stage.

Emerging-area specialization across any career stage. Sample courses: "Agentic AI Security" · "Quantum Risk for the 2028 Horizon" · "Operating Model for AI-Native Security Teams".

Phase 1 Launch · Q3 2026

Six microcredentials at launch.

The Phase 1 catalog draws directly from the CISOs Investigate: AI — Risk, Resilience & Reinvention research report — chapters peer-reviewed by CISOs Connect members and converted into structured courseware. More courses ship monthly from there.

Microcredential · Specialist · 1.5 CPE

The AI Risk Taxonomy a CISO Can Actually Use

A working risk-taxonomy framework for AI/ML systems — the four governance archetypes practitioners are converging on, with operational examples and a self-assessment template. From CISOs Investigate: AI, Chapters 1–2.

Microcredential · Leadership · 1 CPE

The Boardroom Conversation About AI

How to brief your board on AI risk in 15 minutes without losing the room. Board archetypes, the specific questions you'll get asked, and the deck pattern that lands.

Microcredential · Practitioner · 1.5 CPE

Identity for Agentic Systems

Machine identities, agent identities, and the operating-model implications. The control updates required before agentic deployment at scale.

Microcredential · Practitioner · 1 CPE

Model Lifecycle Controls Without the Theatre

Practical model-risk and lifecycle controls for production AI systems. The controls that survive contact with a real engineering org versus the controls that get bypassed.

Microcredential · Practitioner · 1.5 CPE

Vendor Evaluation in the AI Era

The vendor-question battery for AI/ML capabilities, plus how to read marketing claims against engineering reality. Built from CISOs Connect member experience evaluating ~40 AI-security vendors.

Microcredential · Foundation · 1 CPE

The First 90 Days as CISO in an AI-Native Org

For new and aspiring CISOs taking on a security program at an organization where AI is already in production. What to inventory, who to meet, and what to defer.

Faculty

Taught by working CISOs.

Faculty for the Academy is recruited from the CISOs Connect membership — predominantly from the C100, A100, and D100 cohorts. Every course is peer-reviewed by three additional working CISOs before publication. Faculty names appear on every course they author.

Bob Turner
Curriculum Chair · Head of Research

Bob chairs the Academy's curriculum advisory board and runs the peer-review process — the same editorial discipline that governs the CISOs Investigate research series applies to Academy courseware.

Curriculum Advisory Board
5–7 working CISOs · rotating annually

A standing board drawn from C100/A100/D100 alumni reviews community signal monthly and approves the next 2–3 topics for production. The board is the connective tissue between what the community is asking about in the forum and what ships as courseware.

Named Faculty
Working CISOs across financial services, healthcare, energy, retail, and tech

Each course names its faculty — working practitioners who teach what they're doing right now. Phase 1 faculty includes contributors to the CISOs Investigate: AI report; Phase 2 expands to the broader C100 / A100 cohort. Full faculty page ships alongside the Phase 1 launch.

CPE Credits

The credits CISOs actually need.

Every Academy course publishes its CPE allocation upfront. ISC2 CISSP holders need 120 CPE over three years (40/yr minimum). ISACA CISM holders need 120 over three years (20/yr minimum). GIAC and other certification bodies have similar requirements. The Academy's CPE strategy is built so members accumulate credits without friction.

Phase 1 · Live at launch

ISC2 CPE Submitter

CISOs Connect becomes an approved ISC2 CPE Submitter at launch, which lets the Academy submit CPE credits to ISC2 on behalf of members who opt in. One click on the certificate page; the credit posts to your ISC2 record within ~48 hours.

Phase 3 · Q1 2027

ISACA Accredited Training Organization

The Academy will pursue ISACA ATO status in Phase 3, which lets us issue ISACA CPE credits directly — same trust level as SANS, ISACA-affiliated providers, and the major certification training organizations. ATO status will apply retroactively to all eligible courses.

The one-click pitch

Most CPE-eligible courses elsewhere require you to manually submit certificates to ISC2 / ISACA / GIAC. The Academy auto-submits on opt-in. Members tell us this is the single largest UX improvement over the alternative platforms — once you've used it, the manual process feels broken.

Access

Three ways in.

Members · Free

CISOs Connect Members

Full Academy access is included with CISOs Connect membership. All courses, all paths, all live masterclasses, all roundtable CPE — at no additional cost. Sign in with the same identity as the members area.

Individual · Pricing on inquiry

Non-member individuals

Per-course and per-learning-path access for CISOs and security leaders who aren't community members but want the courseware. Practitioner-taught at a fraction of what executive-ed programs charge.

Corporate License · Pricing on inquiry

Enterprise security teams

Tiered per-seat licensing for organizations that want their CISO + deputies + directors on the Academy. Develop your security leadership bench with content authored by working CISOs at peer companies.

Enter the Academy

Members: sign in. Non-members: apply or browse.

The Academy itself lives at academy.cisosconnect.com with Cloudflare Access SSO. Same sign-in as the members area. Phase 1 launches Q3 2026 with the six microcredentials above.

Enter the Academy →
Roadmap

What ships when.

The Academy is launched in phases. Each phase delivers value standalone; if priorities shift, we can pause cleanly between any two.

  • Phase 1 · Q3 2026 (launch). Six microcredentials live, ISC2 CPE Submitter approved, public storefront at /academy/, LMS at academy.cisosconnect.com. Free for members.
  • Phase 2 · Q4 2026 (ramp). Catalog grows to 14+ courses. First cohort program launches (Foundation path). Monthly live masterclasses begin.
  • Phase 3 · Q1 2027 (CPE depth). ISACA Accredited Training Organization status. One-click CPE auto-submit to ISC2 + ISACA. Working-group roundtables registered for CPE retroactively. Corporate licensing pilot.
  • Phase 4 · Q2 2027 (breadth). Cohort programs added in Practitioner and Leadership paths. xAPI/LRS analytics layer fully live. Faculty page expanded; named-CISO branding on flagships.
  • Phase 5 · Q3 2027+ (depth + AI). Specialist path launches in full. AI tutor + AI-driven course recommendations (opt-in, per Academy AI Ethics statement). International cohort timing under evaluation.