Module 1: What a Security Program Actually Is

60 minutes

Module 1: The Map

Before you can mature a program, you need to know what a program is. Not the vendor-brochure version. Not the compliance-framework version. The version that matches how you actually experience security when you own it.

This module gives you six pillars — People, Devices, Data, Systems, Vendors, Incidents — as a mental map. One lesson per pillar, each answering three questions:

What lives here?
What typically goes wrong?
What do mature orgs do differently?

The module closes with a one-page NIST CSF crosswalk. You won’t need NIST as your daily model, but you’ll need the vocabulary when auditors, consultants, or your board ask.

What you’ll walk away with

A mental map you can draw on a whiteboard in two minutes
Pattern recognition for “where does this thing live in the program?”
The NIST vocabulary without having to internalize NIST

Time

~60 minutes across 8 short lessons. Expository only — no decision scenario in this module (that’s Module 2).

Start Lesson 1.1