Cybersecurity Governance & Risk Management – Digital Nova Scotia – Leading Digital Industry

From Technical Expertise to Cybersecurity Leadership

Move beyond technical expertise and gain the skills to communicate risk, lead strategic initiatives, and influence executive decision-making. LevelSec’s Cybersecurity Governance & Risk Management course equips mid-career and senior cybersecurity professionals with applied knowledge in governance, risk assessment, maturity modeling, and executive-level reporting.

This project was made possible in part through the support of the National Cybersecurity Consortium and the Government of Canada (CSIN). // Ce projet a été rendu possible en partie grâce au soutien du Consortium national pour la cybersécurité et du gouvernement du Canada (RIC). 

Thanks to support from the Government of Nova Scotia, this training is currently offered at no cost for 10 individuals per cohort and is open exclusively to unemployed or underemployed individuals looking to take the next step in their cybersecurity career.

Course length
Date
Format
Price
8 weeks + 1 week onboarding (approx 40 hours total)
Starts March 23, 2026
Online self-paced course with independent study
$299+HST (DNS Members) $399+HST (Non-Members)

Academic Partner

Course developed and delivered in partnership with WatSPEED at the University of Waterloo.

About this course

This 8-week virtual program combines weekly 2-hour live sessions with flexible asynchronous learning, designed for working professionals balancing full-time roles. Participants complete a phased final project grounded in their own organization, including:

  • Enterprise risk assessment
  • Maturity model evaluation
  • Multi-year roadmap and budget
  • Executive-ready presentation

Beyond course content, LevelSec provides professional development opportunities, including expert panels, peer networking sessions, and optional career coaching to support long-term career growth and leadership visibility.

What You Will Gain

By completing this course, participants will:

  • Translate technical cybersecurity risk into executive-ready insights
  • Apply frameworks such as NIST CSF and CMMI to assess organizational maturity
  • Develop multi-year cybersecurity roadmaps and budgets
  • Present strategic findings to executives with clarity and confidence
  • Expand professional networks and access leadership guidance

Course Modules and Schedule

  • Week 1: Cybersecurity Governance and Risk Management Introduction | Introduction to the NIST Cybersecurity Framework (CSF) and the Capability Maturity Model Integration (CMMI). The session explores how cybersecurity governance supports risk management and how maturity models help communicate security posture to executives.
  • Week 2: NIST CSF – The Govern and Identify Functions | Learn how organizations establish cybersecurity governance structures and identify risks across their environment. This week focuses on understanding key assessment questions and gathering evidence to evaluate risk management maturity.
  • Week 3: NIST CSF – the Protect and Detect Functions | This module explores the controls and monitoring practices that protect systems and detect potential threats. Participants examine how organizations safeguard assets and identify gaps in operational security.
  • Week 4: NIST CSF – the Respond and Recover Functions | Examine how organizations prepare for and respond to cybersecurity incidents and recover from disruptions. This module highlights the processes and capabilities required for effective incident management.
  • Week 5: Identifying Strategic Projects | Analyze risk assessment results to identify key security gaps and translate them into strategic cybersecurity initiatives aligned with organizational priorities.
  • Week 6: Building a Multi-Year Roadmap and Budget | Develop a multi-year cybersecurity roadmap that sequences initiatives and estimates costs. This module focuses on prioritizing investments based on risk, maturity goals, and available resources.
  • Week 7: Storytelling and Executive Presentations | Learn how to communicate cybersecurity strategy effectively to senior leadership. The session focuses on framing risk, justifying investments, and presenting complex technical topics clearly to executives.
  • Week 8: Presentation Delivery
This course is designed for professionals who:
  • Are moving into leadership, management, or strategic cybersecurity roles
  • Need to communicate technical risk to executives or boards
  • Want to design, evaluate, and govern enterprise cybersecurity programs
  • Seek to expand professional networks and access leadership guidance
Ideal participants include cybersecurity analysts, architects, risk and compliance practitioners, and IT professionals responsible for systems, controls, or secure operations.
Participants should have foundational cybersecurity or IT experience. This course is not a certification program, but a completion-based credential focused on governance, risk, and strategic leadership skills.

Through funding from the Government of Nova Scotia’s One Journey Initiative, 10 full scholarships are available for Nova Scotian's to complete this course in our LevelSec program.

To be eligible for this scholarship, professionals:

  • Must reside in Nova Scotia
  • Currently unemployed or underemployed
  • Actively looking for a full-time role in IT / tech

This program is made possible through funding by Nova Scotia's Department of Labour, Skills and Immigration's One Journey Initiative.

Course Author and Instructor

Ken Muir | CISO / CSC / CISA / CRISC

Ken Muir is a globally recognized cybersecurity expert with over 30 years of experience. Ken’s thought leadership is widely recognized—he has been named a Top 100 Global Thought Leader and Top 50 Who’s Who in Cybersecurity. He is also a co-author of the Centre for Internet Security (CIS) Cybersecurity Framework V8, a globally adopted cybersecurity standard.

Ken is also a Chief Information Security Officer (CISO); Ken helps organizations build robust security strategies aligned with NIST CSF, CIS, and ISO 27001 frameworks. His extensive background spans aerospace, energy, retail, finance, manufacturing, and government sectors at provincial, state (US), and national levels.

FAQs

[ click on a question to view the answer ]

Do I need prior cybersecurity experience?

Yes. This course is designed for professionals with foundational cybersecurity or IT experience who are moving into leadership, management, or strategic roles.

Is this a certification program?

Yes, this is a micro-credential program.

How is this different from technical cybersecurity training?

Unlike technical or tool-focused training, this course emphasizes governance, risk communication, budgeting, and executive engagement. You’ll gain the skills to translate technical risk into strategic decision-making at the leadership level.

What does applied learning look like in this course?

Participants complete a phased final project based on their own organization. This includes a risk assessment, maturity evaluation, multi-year roadmap, budget forecast, and an executive-ready presentation.

How much time will I need to commit each week?

Expect 2 hours per week for live sessions plus 4–5 hours of asynchronous learning and project work. Total time commitment is approximately 40 hours over 8 weeks.

Can I take this course while working full-time?

Yes. The course is fully virtual with a blend of structured live instruction and flexible asynchronous learning, designed for working professionals.

How is the course delivered?

The course is online and instructor-led, with weekly live sessions and supporting asynchronous materials, readings, and applied exercises.