CISO Executive Certificate Program
- Provide oversight and governance for a cybersecurity program.
- Develop cybersecurity metrics that align to organizational goals. Identify regulatory or legal risk to the organization.
- Identify goals for high performance cybersecurity operations teams.
- Understand emerging technologies and potential risk impact to the organization.
2025 Registration Details:
- Application Deadline: April 30, 2025
- Program Dates: May 19-23, 2025
- Program Tuition: TBD
- Provide oversight and governance for a cybersecurity program.
- Develop cybersecurity metrics that align to organizational goals. Identify regulatory or legal risk to the organization.
- Identify goals for high performance cybersecurity operations teams.
- Understand emerging technologies and potential risk impact to the organization.
2025 Registration Details:
- Application Deadline: April 30, 2025
- Program Dates: May 19-23, 2025
- Program Tuition: TBD
Course Overview
The Industrial Security Certificate program consists of three key modules*: Foundations, Policy and Regulation, and Security Management. After completing this comprehensive two-day program, participants will take an exam covering the material presented. Successful completion will earn them the Duke Industrial Security for Leaders certificate.
*Schedule and sequencing of programming are subject to change.
Week 1 | In-Person Immersion at Duke University
Candidates will attend the Duke Sanford School of Public Policy Cybersecurity Leadership Program. The program is a five-day collaborative effort between the Sanford School of Public Policy, School of Law, Pratt School of Engineering and Department of Computer Science. The fourth day of the program will be a dedicated immersion day exclusively for CISO program participants. The focus of the program is to educate senior leaders so that they can better execute the responsibilities of a board member of a publicly traded company in the United States. That same content is critical for government officials to understand how best to work with the private sector to mitigate the risk of cybersecurity attacks. The content from the Cybersecurity Leadership Program will prepare you for the subsequent remote sessions.
- Definition of OT Environment.
- Basic Operations of OT System/Controls.
- History of OT and IT convergence.
- Purdue Model.
- Aspects of OT environments.
- Lifecycle of OT.
- Critical Infrastructure Sectors.
- Current and Emerging Threat Landscape.
- Cyber Attacks on OT Systems.
- Identify threat sources, vulnerabilities, and incidents.
- Understand the importance of 1st order and 2nd order impacts to operations from OT cyber-attack events.
- Environmental concerns from attacks on OT.
- Understand criticality of the facility, or various parts of the OT environment, to the overall business.
- Introduction to Enterprise Cybersecurity Operations.
- Cybersecurity in the Cloud Environment.
- AI Enablement for Cybersecurity.
Weeks 2-6 | Online Modules
The Duke CISO Executive Education program will provide live, virtual modules of 3-hour blocks of instruction. The online modules will be recorded for those attendees that are not able to view the session synchronously and will be provided via a remote learning application. The remote sessions will be taught by instructors from the Duke Cybersecurity Program, Sanford School of Public Policy, Department of Computer Science, and the Law School.
ISO 27001/NIST CSF
IEC62443
NIST SP 800-82r3
NERC CIP
NIS2
NRC CFR 810
TSA Security Directives
Reporting requirements
US Government Role in OT Policy.
International (EU, etc.) Role in OT Policy.
Corporate OT Governance and Policy.
National Cybersecurity Strategy Defend Critical Infrastructure.
Week 7 | Final Examination
At the conclusion of the online sessions, attendees will complete an examination. Participants who pass the exam will receive the Duke CISO Executive Education Certificate.
- Why is a business continuity plan needed/required.
- What constitutes a cyber or physical event.
- How does the utilization of a business continuity plan save time and money.
- Business continuity plan considerations per Industry.
- Early warning comms and collaboration.
- Private sector awareness and active involvement.
IEC62443 3-1
Operational impact assessment.
Safety & Resiliency
Role of Management Oversight in OT Security.
Board of Director Governance of OT Security in the Enterprise.
Metrics and KPI’s for Directors of Boards and Managers.
Budgeting for OT Security.
Legacy Technology in the OT Infrastructure.
The Risk to OT from Third Party Vendors
Managing Risk from Third Party Vendors
How to Apply
We have outlined the application process for the program and key deadlines below.
Step 1: Apply
Visit our application page to start your application.
Application Deadline: April 30, 2025
Step 2: Acceptance
Once applications are received and reviewed, candidates will be notified of their status and will receive information about how to join the program, course materials, and schedule.
Step 3: Prepare
Complete the tuition payment and arrange accommodations for the in-person component of the program.
Ready to boost your skills in CISO leadership?
Priority Registration Deadline: TBD
Application Deadline: April 30, 2025
Tuition Deadline: TBD
- Executives and managers (e.g.,Chief Security Officers/Directors, Chief Risk Officers/Directors, Chief Information Officers/Directors, Chief Technology Officers/Directors, Chief Financial Officers/Directors, etc.) who are interested in understanding the role and functions of a CISO and cybersecurity operations.
- Executives and managers that aspire to become CISOs.
- Current CISOs that would like to enhance their knowledge on emerging trends in cybersecurity.
- Board of Directors who have an interest in cybersecurity functions for governance and oversight purposes.
- Senior managers who need to receive briefings from CISOs.
- Financial managers responsible for overseeing information security expenditures.
- Lawyers who need to provide guidance on cyber security risks. Policy analysts and government officials whose work is at the intersection of policy and cyber security.
The fee for attending the program is $15,000 and includes admission into the CLP program and access to the course materials and platform. Tuition payment should be paid in full prior to the program start date.
We offer flexible payment installment plans and priority pricing for alumni and partners. If you are interested in creating a payment plan or if you are interested in our priority pricing, please email us at pratt_cybersec@duke.edu.
The CISO Executive Certificate Program is now providing scholarships for a limited number of participants. These individuals will be recognized as the Paladin CISO Scholars. To qualify, please email the following to pratt_cybersec@duke.edu: 1) a copy of your CV/Resume, and 2) a brief explanation of why you are interested in the CISO program and how this scholarship will support your professional goals (500 words max)
Program Director
Art Ehuan is the Executive in Residence at the Pratt School of Engineering and Executive Director of the Master of Engineering in Cybersecurity Program. Previously Art served as the Vice President at Palo Alto Networks, a global cybersecurity corporation and managing director at Alvarez & Marsal, global cyber risk service management practice, an international consulting firm. Art has held cybersecurity leadership roles at USAA, Northrop Grumman Corporation and Cisco Systems. Art has worked with governments and law enforcement in the U.S. and overseas on cybersecurity cases, frequently giving expert testimony in federal, military, and state courts on digital forensics and cybercrime matters. For nearly two decades he has served as a lecturer for the U.S. State Department’s Anti-Terrorism Assistance Cyber Training Program, and he previously also worked as a supervisory special agent with the Federal Bureau of Investigation (FBI) and a special agent for the U.S. Air Force Office of Special Investigations. Art has been retained as a cyber expert on prominent data breaches to include Sony Pictures, Target, Anthem, Equifax, Marriott and Capital One.