Skip to main content

Cybersecurity · Practice & Strategy

Cybersecurity Practice and Strategy

Page 3 of 4

Advanced systems, adversaries, and resilience

Core path

Your path through this level

Progress saves in this browser and syncs after you sign in

Completed
0 of 9
You will be able to
  • Analyse a system design for weak assumptions across identity, secrets, and trust boundaries.
  • Evaluate vulnerability and incident information to prioritise remediation and response.
  • Explain how governance, logging, and monitoring support detection and recovery in practice.

Pick up where you left off

Secure SDLC gatesTrust boundaries and policy pointsRuntime signals and controlsCode to deploy chainVulnerability work as a loopDetect to recoverAuditability by designSecurity is a quality attributeOperational security pack
Optional
Full module map
Use this if you want the shape of the level before you start
Show
Module P1Secure SDLC gates
Security becomes real when it lives in the delivery pipeline, not only in review meetings.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain secure sdlc gates in your own words and apply it to a realistic scenario.
  2. Security becomes real when it lives in the delivery pipeline, not only in review meetings.
  3. Check the assumption "The gate is usable" and explain what changes if it is false.
  4. Check the assumption "Checks match risk" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Bypass culture. When gates feel unfair, bypass becomes normal. Then the system has no control surface.
  • False confidence. A pass result can hide gaps. Review what you do not test.
Module P2Trust boundaries and policy points
Zero trust is not a product. It is explicit trust decisions, enforced at boundaries.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain trust boundaries and policy points in your own words and apply it to a realistic scenario.
  2. Zero trust is not a product. It is explicit trust decisions, enforced at boundaries.
  3. Check the assumption "Identity is reliable" and explain what changes if it is false.
  4. Check the assumption "High-risk paths are isolated" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Flat network thinking. If everything can talk to everything, one compromise becomes many.
  • Policy drift. Policies change. If you do not version and test them, they quietly break your assumptions.
Module P3Runtime signals and controls
Runtime security is about reducing blast radius and making misuse visible.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain runtime signals and controls in your own words and apply it to a realistic scenario.
  2. Runtime security is about reducing blast radius and making misuse visible.
  3. Check the assumption "Signals are collected safely" and explain what changes if it is false.
  4. Check the assumption "Response is rehearsed" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Blind production. If you cannot see behaviour, you cannot secure it. Visibility is a prerequisite.
  • Over-collection. Logging everything creates noise and risk. Log what supports decisions.
Module P4Code to deploy chain
Supply chain security is protecting what you build and proving what you shipped.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain code to deploy chain in your own words and apply it to a realistic scenario.
  2. Supply chain security is protecting what you build and proving what you shipped.
  3. Check the assumption "Dependencies are known" and explain what changes if it is false.
  4. Check the assumption "Artefacts are traceable" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Unsigned artefacts. If anybody can publish an artefact, integrity becomes optional.
  • Invisible transitive risk. Most risk hides in transitive dependencies. Track and review them.
Module P5Vulnerability work as a loop
Scanning produces work. Triage turns it into action. Fixing reduces risk.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain vulnerability work as a loop in your own words and apply it to a realistic scenario.
  2. Scanning produces work. Triage turns it into action. Fixing reduces risk.
  3. Check the assumption "Fix capacity exists" and explain what changes if it is false.
  4. Check the assumption "Severity is contextual" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Backlog as strategy. A growing backlog is not a plan. Choose what you will fix and what you accept.
  • Fix without verification. If you never verify, you do not know if risk actually reduced.
Module P6Detect to recover
Incident response is a sequence: detect, contain, recover, learn.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain detect to recover in your own words and apply it to a realistic scenario.
  2. Incident response is a sequence: detect, contain, recover, learn.
  3. Check the assumption "Roles are clear" and explain what changes if it is false.
  4. Check the assumption "Evidence is captured early" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Panic response. Rushing creates more harm. A rehearsed sequence prevents chaos.
  • Over-containment. Containment that breaks the business can be its own incident. Choose proportional actions.
Module P7Auditability by design
If you cannot explain what happened, you cannot defend it. Auditability is a system feature.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain auditability by design in your own words and apply it to a realistic scenario.
  2. If you cannot explain what happened, you cannot defend it. Auditability is a system feature.
  3. Check the assumption "Logs are protected" and explain what changes if it is false.
  4. Check the assumption "Access is minimised" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Logs leak secrets. If you log tokens or personal data, you create a new breach surface.
  • No review cadence. An audit log nobody reads is a filing cabinet, not a control.
Module P8Security is a quality attribute
Security competes with cost, speed, and usability. Good teams make the trade-offs explicit.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain security is a quality attribute in your own words and apply it to a realistic scenario.
  2. Security competes with cost, speed, and usability. Good teams make the trade-offs explicit.
  3. Check the assumption "Trade-offs are recorded" and explain what changes if it is false.
  4. Check the assumption "Constraints are real" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Optimising one quality only. A system can be secure and unusable, or fast and unsafe. Balance is the job.
  • No owner for the system view. Without a system view, local optimisations create global risk.
Module P9Operational security pack
A defensible system pack joins risks, controls, verification, and evidence.
Open
Prerequisites
  • Comfort with earlier modules in this track
  • Ability to explain trade-offs and risks without jargon
Outcomes
  1. Explain operational security pack in your own words and apply it to a realistic scenario.
  2. A defensible system pack joins risks, controls, verification, and evidence.
  3. Check the assumption "Controls map to evidence" and explain what changes if it is false.
  4. Check the assumption "Evidence is safe to share" and explain what changes if it is false.
Practice
  • Solve a complex scenario with explicit assumptions and constraints
  • Write one mitigation plan and one fallback plan
Artefact and failure modes
  • A concise design or governance brief that can be reviewed by a team
  • Unprovable claims. Confidence is not evidence. A pack must be testable and reviewable.
  • Stale documentation. If the pack is not updated with the system, it becomes misleading.
Optional
Planning and evidence
Objectives, timing, and CPD tracking
Show

If you want to start learning now, leave this closed. Come back when you want to plan your practice or keep evidence for CPD. This is guidance and it is not endorsed by awarding bodies. Standards mapping lives on the course overview page.

Learning objectives

What you will be able to do

  1. 1. Analyse a system design for weak assumptions across identity, secrets, and trust boundaries.
    Weak assumptions are where serious incidents start, so we hunt them deliberately.
  2. 2. Evaluate vulnerability and incident information to prioritise remediation and response.
    You must prioritise response because you cannot fix everything at once.
  3. 3. Explain how governance, logging, and monitoring support detection and recovery in practice.
    Governance and monitoring keep detection and recovery reliable.
  4. 4. Evaluate how to communicate risk and mitigations to non technical stakeholders with clear trade offs.
    Risk communication decides whether security work actually changes behaviour.
What comes next
Workspace drills keep your judgement sharp with realistic scenarios.
Continue to Workspace and labs

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent
Practice and Strategy

Governance, risk communication, and defensible decisions with evidence.

Style
mixed
12 questions
20 min timed
Pass standard
80%
Not externally certified
Evidence you can save (CPD friendly)
  • A minimal secure SDLC gate plan with owners, triggers, and audit trail expectations.
  • A detection and response mini pack: signals, triage steps, and a containment checklist you can run under stress.
  • A vulnerability management policy draft: severity rules, patch timelines, and exception handling with time-boxing.

CPD timing

Practice and strategy time breakdown

Defensible timing based on page content: reading, labs, checkpoints, and reflection.

Reading
43m
6,559 words × 1.3
Practice
210m
14 × 15m
Checkpoints
45m
9 × 5m
Reflection
72m
9 × 8m
Estimated total
6h 10m
Based on page content
Claimed hours
11h
Includes reattempts + capstone
Claimed hours exceed on-page estimate by ~5h. Gap will be filled with guided practice and assessment-grade work.

CPD tracking

Fixed hours for this level are 11. Timed assessment time is included once on pass.

View in My CPD
Pricing and CPDSign in to sync progress and unlock assessments
Progress minutes
0.0 hours

Learning objectives

What you will be able to do

  1. 1. Analyse a system design for weak assumptions across identity, secrets, and trust boundaries.
    Weak assumptions are where serious incidents start, so we hunt them deliberately.
  2. 2. Evaluate vulnerability and incident information to prioritise remediation and response.
    You must prioritise response because you cannot fix everything at once.
  3. 3. Explain how governance, logging, and monitoring support detection and recovery in practice.
    Governance and monitoring keep detection and recovery reliable.
  4. 4. Evaluate how to communicate risk and mitigations to non technical stakeholders with clear trade offs.
    Risk communication decides whether security work actually changes behaviour.
What comes next
Workspace drills keep your judgement sharp with realistic scenarios.
Continue to Workspace and labs

What changes at this level

Level expectations

Each level is independent but clearly deeper than the last. This panel makes the jump explicit.

Assessment intent
Practice and Strategy

Governance, risk communication, and defensible decisions with evidence.

Style
mixed
12 questions
20 min timed
Pass standard
80%
Not externally certified
Evidence you can save (CPD friendly)
  • A minimal secure SDLC gate plan with owners, triggers, and audit trail expectations.
  • A detection and response mini pack: signals, triage steps, and a containment checklist you can run under stress.
  • A vulnerability management policy draft: severity rules, patch timelines, and exception handling with time-boxing.

Learning contract

Practice & Strategy outcomes

About 11 hours

Read the explanation first, then use the tools to test the idea. Skip any tool that is not useful for your goal.

  1. Analyse a system design for weak assumptions across identity, secrets, and trust boundaries.
  2. Evaluate vulnerability and incident information to prioritise remediation and response.
  3. Explain how governance, logging, and monitoring support detection and recovery in practice.
  4. Evaluate how to communicate risk and mitigations to non technical stakeholders with clear trade offs.
Loading content...

Next step

Practise this level, then take the timed assessment

I recommend you start with the practice assessment for Practice and Strategy. It is not timed and it helps you write a clear CPD reflection before the full assessment.

12

Questions

20

Minutes

80%

Pass mark

Practice assessment

Start the practice assessment for Practice and Strategy

It is designed for confidence and evidence, and you can retry as often as you need.

Start practice assessment

Full assessment

Cybersecurity Practice and Strategy assessment

This assessment is timed. It is free to take and you can retry as often as you need.

  • Detailed feedback on every question
  • Pass evidence recorded in your account on pass
  • Personalised recommendations on weak areas
Sign in to start the full assessment

Sign in to save progress and keep your pass record

You can complete the course while signed out, and your progress saves in this browser. Sign in before assessments so your pass record is attached to your account.

Sign in for trackingContinue to Summary and gamesSupport us

Courses and assessments are free. There is no paywall for the learning path, practice questions, or formal assessments. Optional donations support hosting, maintenance, and ongoing updates.

During timed assessments, copy and the context menu are restricted to reduce casual cheating. Passed assessments are recorded in your account as evidence.

Course materials are protected by intellectual property rights.View terms