The AI Visibility Playbook: AEO Strategies for Business Owners

Access Control in Practice: Onboarding, Offboarding, and the Gap in Between

Most access control failures are not sophisticated attacks. They are provisioning mistakes, forgotten accounts, and accumulated privileges that were never reviewed. This course covers the full identity lifecycle: how to grant access correctly, how to keep it right as people change roles, and how to revoke it completely when they leave.

Claude Course Launch Plan

A 4-week fillable workbook (77 pages) that walks you, step by step, through building and launching an online course on using Claude in a small business. Instead of staring at a blank page, you fill in the blanks (interview answers, sample prompts, pricing, lesson outlines, recording notes) as you go, so by the end of week 4 you have an MVP course that's actually live, not just a pile of notes.

Cyber Liability Insurance: A History

How cyber insurance went from a late-1990s afterthought to a volatile, high-stakes market -- and why that history explains every exclusion, premium swing, and coverage gap in your policy today.

Cyber Liability Insurance: Reading the Policy Before You Need It

Most organizations buy cyber insurance without fully understanding what they purchased. This course walks through how cyber policies are structured, what first-party and third-party coverages actually mean, which exclusions most commonly deny claims, and how to make sure your security program matches what your insurer expects.

Cybersecurity for Local Government: Protecting the Public Sector on a Public Budget

A practical cybersecurity guide for local government IT staff, administrators, and elected officials. Covers the government threat landscape, regulatory requirements, ransomware preparedness, critical infrastructure protection, small IT team strategies, public accountability, and how to build a defensible program with limited resources.

Cybersecurity and Aging Adults: Understanding and Reducing Risk for Older Users

A practical guide for organizations and individuals working with aging populations. Covers why older adults are disproportionately targeted, how common scams and social engineering tactics work, and how senior centers, healthcare providers, financial advisors, and families can build protective practices into their everyday work.

Email Security Essentials: SPF, DKIM, and DMARC Explained

Attackers impersonate your domain every day. SPF, DKIM, and DMARC are the email authentication standards that stop them. This course explains how they work, how to implement them correctly, and how to move from monitoring to full enforcement without breaking your email.

FedRAMP Authorization: Impact Levels, Equivalency, and the New NTC-0004 Framework

A practical guide to FedRAMP's evolving authorization landscape, including the shift from High/Moderate/Low impact levels to the new equivalency model and what Notice NTC-0004 means for cloud service providers and agencies.

Incident Response Planning: From Tabletop to Playbook

Most organizations have an incident response plan. Very few have one that would actually work under pressure. This course shows you how to build a plan that holds up, who needs to be involved, and how tabletop exercises turn paper plans into operational readiness.

HIPAA Security for Healthcare Technologists

A practical course on HIPAA Security Rule requirements for IT and security professionals in healthcare, updated to cover the 2026 proposed rule changes.

Making the Case: How to Sell Cybersecurity to Leadership (Without Sounding Like You're Crying Wolf)

A practical communication course for security and IT professionals who need executive and board buy-in. Learn how to translate technical risk into business language, build compelling business cases, present to boards, and sustain credibility over time.

Introduction to Large Language Models

Understand how LLMs work, how they evolved from early AI research into ChatGPT, Gemini, and Claude, and how to write effective prompts to get better results.

NIST Cybersecurity Framework: Implementation for Small and Mid-Sized Organizations

A practical guide to implementing the NIST Cybersecurity Framework, including SP 800-53 and SP 800-171, scaled for organizations that don't have a dedicated compliance department.

NCUA Cybersecurity Examination Readiness: What Credit Unions Need to Know Before the Examiner Arrives

A practical guide for credit union staff and leadership covering NCUA examination authority, the ACET maturity framework, governance expectations, incident notification requirements, and how to prepare evidence before the examiner arrives.

SOC 2 Fundamentals for Non-Technical Leaders

Understand what SOC 2 actually requires, what auditors look for, and how your leadership decisions determine whether your audit succeeds or fails — explained in plain language for business owners and executives.

Operational Risk Assessment: Finding What Nobody's Looking For

Most risk assessments find what they were set up to find. This course teaches you how to conduct an operational risk assessment that surfaces what is actually there: the dependencies nobody mapped, the controls that exist on paper but not in practice, and the gaps that only appear when you look across systems and processes together.

PCI DSS Readiness: What to Know Before Your Assessment

A practical pre-assessment guide covering PCI DSS history, merchant levels, SAQ selection, the 12 requirements, and what assessors actually look for.

State by State: Navigating the Patchwork of U.S. Cybersecurity and Privacy Laws

A practical guide to the fragmented U.S. privacy and cybersecurity legal landscape. Covers California's CCPA/CPRA, the second-wave state laws, breach notification variations across all 50 states, sector-specific requirements, and how to build a compliance program that holds up across jurisdictions.

The FTC Safeguards Rule and GLBA: Compliance as a Consumer Trust Strategy

A practical guide to the updated FTC Safeguards Rule for non-bank financial institutions. Covers who is actually covered (including auto dealers, mortgage brokers, and tax preparers who often don't know they are), what the 2023 requirements demand, and how to reframe compliance from a regulatory checkbox into a measurable competitive advantage.

Vendor Risk Management: Building a Third-Party Assessment Program

Most organizations do not have a clear picture of which vendors can access their systems or data — or what those vendors' security practices actually look like. This course shows you how to build a vendor risk program that identifies, assesses, and monitors third-party risk before it becomes your problem.

[Accelerator] Evidence Centralization

Establishes a structured, auditable evidence repository and training.

[Accelerator] IAM Cleanup

Access review normalization and role alignment.

[Accelerator] Incident Response Tabletop - The Compliance Accelerator

90-minute virtual simulation. Designed for early-stage companies (seed/first round).

[Accelerator] Incident Response Tabletop - The Enterprise Resilient

Full C-suite facilitated simulation. Designed for mid-market organizations (400–500 users).

[Accelerator] Incident Response Tabletop - The Continuity Anchor

60-minute focused simulation (ransomware / BEC). Designed for small businesses (50–100 users).

[Accelerator] Vendor Triage

Vendor inventory and SOC report collection.

[Assessment] Cloud Email Audit

Deep-dive of M365 or Google Workspace tenant, mail flow (SPF/DKIM/DMARC), and inbox rules. Includes a formal findings report and remediation roadmap.

[Accelerator] Incident Response Tabletop - The Scaling Shield

2.5-hour deep-dive (CEO, CTO, Head of Ops). Designed for funded startups (Series A/B).

[Implementation] Change Validation

A final "audit-back" to verify that all implemented changes are functional and secure.

[Implementation] Remediation Plan

A detailed step-by-step sprint schedule for IT staff to execute remediations.

[SOC 2] 3-Month Coverage / Bridge Letter Support

This is an accelerated, high-touch engagement to support a short-period SOC 2 Type II examination or a bridge letter. We enforce strict control execution and near-real-time evidence discipline over the critical 3-month coverage period.

[SOC 2] 12-Month Operating Effectiveness

[SOC 2] Rescue

Flat-fee engagement to step in, assess the situation, and get things moving again when a SOC 2 engagement has stalled. Engagement begins within 48 hours of intake.

[SOC 2] Type II Operating Effectiveness - Monthly

This is a recurring, 12-month engagement focused on achieving and demonstrating that SOC 2 controls operated effectively over the full audit period. Our service includes disciplined execution, ongoing evidence collection, and comprehensive audit support to successfully obtain the final Type II report.

[SOC 2] Type I Readiness & Audit Prep

This service is a fixed-fee engagement designed to prepare your organization for a successful SOC 2 Type I examination. We focus on designing and documenting controls aligned to the SOC 2 Common Criteria and supporting the external auditor through report issuance.

[Strategy] GRC Consult - Ad Hoc

[Strategy] Insurance/Vendor Review - Monthly Retainer

Assisting with cyber insurance renewals and security vetting for new software vendors.

[Strategy] Governance & GRC - Monthly Retainer

Ongoing alignment with frameworks (NIST/SOC2) and maintaining the Risk Register.

[Strategy] Insurance Review - Ad Hoc

[Strategy] Risk Assessment

Broad identification of vulnerabilities across the user environment, access controls, and data risks.

[Support] IR - Hourly

Active breach containment and forensics.

[Strategy] Vendor Review - Ad Hoc

[Support] 5 Hour Technical Escalation Block

[Support] Security Monitoring

Continuous review of automated email/tenant alerts and monthly health status reporting.

[Support] Technical Escalation - Monthly

5 hours of "Tier 3" security consulting for the IT team.

[Support] Technical Oversight - 12 hour block

Block of 12 hours for technical assistance.