Skip to content

Program Overview

The Harrisburg University, Security Center of Excellence, Information Security Officer Certificate Program provides a unique focus on leadership information security for executive-level IT professionals. It enables IT leaders responsible for information security to further develop the knowledge and skills necessary to succeed at the executive level.

The program focuses on enhancing the following skills:

  • Leadership and Management – leadership and communication skills to build alliances across the business and establish security strategies that align with organizational objectives.
  • Information Security Governance & Risk Management – Compliance requirements and the strategic decisions based on the identification of risk
  • Information Security Architecture Management – Fundamental concepts of computer security, software development lifecycle, and countermeasures
  • Security Technology & Operations – Incident detection, incident response, and disaster recovery scenarios.

Target Audience/Pre-Requisites/Qualifications

Executive-level IT Professionals

Candidates must possess the following criteria to be considered for admission in Information Security Officer Certificate program:

  • A Minimum of 5 years’ IT security experience -OR- IT security leadership responsibility in their current role;
  • Senior-level management/executive responsibility; AND
  • Candidates are anticipated to be an Information Security Officer, -OR- have CISO or ISO responsibilities.

Program Benefits

To enable Information Security Officers to successfully bridge business and security strategies, the curriculum balances technical and management topics, and will appeal to both those who are natural techies, and those who are more at home with business and management responsibilities.

By focusing on security strategy, technology, communications policy, finance, and emerging technologies, the program covers a broad range of knowledge and skills needed to lead at the executive level.

Senior level IT security professionals will experience a venue for peer learning, network building and brainstorming that is refreshing and highly valuable.

Participants will explore all of the relevant skills and knowledge to conduct a thorough security assessment of their own organization, resulting in an action plan for improvement as an applied project and work-product.

Curriculum & Learning Methods

This course prepares individuals to perform the primary responsibilities of a Information Security Officer. Application of these skills to the performance of security management will be emphasized.

The program will help develop the skills and knowledge needed to:

  • Provide strategic leadership as a steward of the organization’s information security and a trusted partner with other business executives in the organization.
  • Develop and implement a robust, accurate, and actionable metrics reporting process that maps back to the business.
  • Understand and manage the risk posture of an organization.
  • Communicate and work closely with legal and privacy officers to protect the organization from legal and regulatory non-compliance.
  • Establish and manage the organization’s security policy catalog.
  • Understand requirements for secure development lifecycle, and application security concepts.
  • Understand and manage the security implications of emerging technologies.
  • Secure adequate resources, and manage the IT Security budget.
  • Lead and manage a technical staff of security managers, architects, engineers and specialists, as well as contractors and vendors.

Program Format

  • Classes meet VIRTUALLY/ONLINE via Microsoft Teams, one and a half days (1.5) per month, on Thursdays and Fridays.
    • Thursday class time is 9:00 am – 4:00 pm, ET
    • Friday class time is 9:00 am – 12:00 pm, ET

See “NEXT COHORT” at the bottom of the page for the full schedule

Topics Covered

Module 1: Information Security Implementation Skills
Creating a security culture within your organization by leading people and managing programs:

Establishing a strong security culture is critical for protecting organizational assets and ensuring long-term cybersecurity resilience.  This module focuses on the leadership and communication skills necessary for managing security teams, fostering a security-conscious workforce, and aligning security initiatives with business goals.

Module 2: Information Risk Management
Identifying acceptable organizational risk thresholds and developing a risk management program:

Understanding and managing risk is essential for making informed security decisions and safeguarding critical business operations.  This module explores risk assessment methodologies, frameworks for identifying and mitigating threats, and the development of a comprehensive risk management program that aligns with organizational objectives.

Module 3: Information Security Governance
Establishing and maturing internal governance processes to ensure all the below initiatives run smoothly and receive the required funding and that corporate leadership understands the importance:

Effective governance ensures that security policies, programs, and investments receive executive support and adequate funding.  This module covers the development and maturation of security governance structures, regulatory compliance requirements, and strategies for integrating security governance into enterprise-wide decision-making.

Module 4: Information Security Architecture Management
Discuss a mature organizational posture that mitigates vulnerabilities and risks:

A well-designed security architecture is the foundation for protecting enterprise systems, networks, and sensitive data. This module examines enterprise security models, key architectural frameworks, and best practices for mitigating vulnerabilities through layered
security controls and strategic defense measures.

Module 5: End to End Security Operations and Continuous Monitoring
Developing a proactive culture around security operations, ongoing monitoring, and preemptive responsiveness:

Security operations teams must proactively monitor, detect, and respond to cyber threats to minimize risk and maintain business continuity. This module covers security operations center (SOC) functions, continuous monitoring strategies, incident response planning, and threat intelligence integration for real-time security management.

Module 6: Ownership and Authorization Process
Establish executive sponsorship for the Authorization to Operate (ATO) process to ultimately develop an “Ongoing Authorization” Culture:

Executive sponsorship and formal authorization processes are essential for establishing a sustainable security program and ensuring compliance with regulatory standards. This module provides an in-depth exploration of the Authorization to Operate (ATO) process, risk-based decision-making frameworks, and strategies for fostering an ongoing culture of security authorization.

Module 7: Capstone Presentations & Graduation

The Information Security Officer Capstone Project challenges participants to design and present a comprehensive security and privacy program for an assigned industry, simulating real-world executive security leadership. In teams, participants will develop security governance structures, risk management frameworks, and security operations strategies, ensuring alignment with compliance and business objectives. Additionally, teams will analyze and respond to a realistic cyber security breach, demonstrating their ability to manage incidents, mitigate risks, and communicate effectively with executive stakeholders.

Expectations & Class Attendance Policy

  • Participants will be expected to complete readings and some written work prior to sessions.
  • A capstone project, applying the program’s core curriculum to a tech assessment project, will be produced and presented by participants.
  • Attendance at a minimum of 90% of the sessions is required.

 

Certificate of Completion

This program is a non-degree, non-credit bearing course.

A Certificate of Completion is awarded at the end of the program.

  • A capstone project, applying the program’s core curriculum to a tech assessment project, will be produced and presented by participants.
  • Attendance at a minimum of 90% of the sessions is required.

Awarding of a certificate of completion will be based on a pass-fail assessment of the program’s curriculum, attendance, and class requirements.

Materials

All course materials will be stored in HU’s Learning Management System (Canvas).

Materials such as: Module agenda, instructor/facilitator slide decks, guest speaker slide decks (when available), etc.

Participants will be enrolled into the Canvas platform and will have access to materials and session recordings.

Program Fee

2025 Program Fees*

  • For-profit organizations (private-sector): $3,885
  • Non-profit organizations and government (public-sector): $2,885

Those accepted into the program or their organizations are responsible for the per-participant cost of the program.

*Fee is not required at time of application; applicants that are accepted into the program will be provided with an invoice shortly after notification of acceptance.

Application Process

Application Deadline: FRIDAY, JUNE 27, 2025

Candidate Application

Candidates will complete an application form to present their learning goals, past experiences, expertise, and knowledge they will bring to the cohort for consideration.  [CLICK ON “APPLY NOW” AT THE BOTTOM OF THIS PAGE]

Required: Letter of Support/Recommendation
A letter of support/recommendation is also required from the candidate’s supervisor.

Candidates should provide the following information to their supervisor for letter submission:

The letter should include current position and responsibilities of the applicant, along with skills, knowledge, and any special projects for which the applicant is responsible.

The letter should be addressed to “ISO Directors” and emailed to ProfessionalEd@HarrisburgU.edu with the subject line as, “ISO Nomination Letter for [YOUR FIRST AND LAST NAME]”

Note: Your application will not be considered complete until your letter of support/recommendation has been received. 

Acceptance Notification

Applicants will be notified whether they have or have not been accepted into the program. At that time, accepted applicants will receive full course details and information on Orientation.

Recent Graduates

Information Security Officer – Class of 2024/2025

Graduation Date: February 7, 2025 (Virtual)

“Coming from a mostly operational background, I benefitted most from the discussions on risk management and building a security program. Plus I learned how to get a seat at the leadership table.”

Chief Information Security Officer (CISO) Certificate Student

**NOW ACCEPTING APPLICATIONS FOR THE 2025-2026 COHORT**

If you are interested in applying for a future cohort, please email ProfessionalEd@HarrisburgU.edu to be added to our mailing list to receive updates and announcements.

 

Format & Location:

The 2025-2026 Information Security Officer (ISO) Program will be delivered  VIRTUALLY, via Microsoft Teams – with live presenters and facilitators.

Class Time:

Thursdays – 9:00 am – 4:00 pm, EST/EDT
Fridays – 9:00 am – 12:00 pm, EST/EDT

Application deadline: FRIDAY, JUNE 27, 2025*

Application Status Notification:

  • Applicants that completed the application process by the original deadline date of June 27 will be notified of their status on/around July 1
  • Applicants that complete the application process by the extended deadline date of July 11 will be notified of their status by July 15
  • *Late application submissions will be accepted for consideration up until July 18 as long as your supervisor’s letter of recommendation/support is received by this date. (Note: Orientation will be held on July 24, Module 1 is August 7-8)

CLASS SCHEDULE

2025-2026 Information Security Officer (ISO) Cohort Schedule

Module #/Topic
Days
Dates
Orientation
Thursday July 24, 2025

1:30 pm

Module 1 – Information Security Leadership Skills
Thursday-Friday August 7-8, 2025
Module 2 – Information Risk Management and Implementation
Thursday-Friday September 18-19, 2025
Module 3 – Information Security Governance
Thursday-Friday October 16-17, 2025
Module 4 – Information Security Architecture Management
Thursday-Friday November 13-14, 2025
Module 5 – End to End Security Operations and Continuous Monitoring Thursday-Friday December 18-19, 2025
Module 6 – Ownership, Authorization and Prioritization Process
Thursday-Friday January 15-16, 2026
Module 7 – Capstone Presentations, Program Review Session, Graduation
Thursday-Friday February 19-20, 2026

 

a gold ring on a colorful surface

Our Centers and Institutes Security Center of Excellence (SCE)

The Harrisburg University GTI Security Center of Excellence aims to be a strategic partner with public sector organizations in their information security and cyber defense efforts by providing innovative and effective educational programs and community building services.

SCE’S FOUNDING & PLATINUM SPONSORS

ADA Statement: HU is committed to providing equal education opportunity and full participation for persons with disabilities. It is HU’s policy that no qualified person be excluded from participating in any HU program or activity, be denied the benefits of any HU program or activity, or otherwise be subject to discrimination regarding any HU program or activity. Should you potentially require an accommodation under the ADA to participate in this program, please email ProfessionalEd@HarrisburgU.edu. Please send your request for an accommodation at least 5 business days in advance of the event or program.