Learning and Development

 

As business analysts, we’re used to working at the intersection of people, process, and technology. But in today’s environment, that often means stepping into conversations about risk, trust, and resilience — whether we planned to or not.  We don’t all need to become cybersecurity experts. But we do need to be fluent enough to recognise when something matters, ask the right questions, and bring the right people into the room. That’s a skill in itself. And like any skill, it can be learned.

That is why we are here to explore the most important issues in a way that’s practical and convenient. That means:

  • Running study groups that explore cybersecurity through the lens of the IIBA’s Certificate in Cybersecurity Analysis (CCA).

  • Hosting sessions where professionals share what they’ve learned on complex or high-risk projects — including what didn’t go to plan.

  • Offering masterclasses and panel discussions that go beyond the headlines and into the details of secure design, data protection, operational risk, and governance.

  • Creating space for thoughtful, open-ended conversations.

Some people join us because they’re studying for a certification. Others come to make sense of the cyber questions that keep coming up in their projects. Some are just curious. All are welcome.

If you’re looking for a place to build confidence in this space — without pressure, ego, or assumptions — you’ll find good company here.

Our scope reflects both established domains of practice and emerging themes, including the ten knowledge domains defined in IIBA’s Certificate in Cybersecurity Analysis (CCA):

  1. Module 1: Introduction to Cybersecurity Analysis - overview of cybersecurity from the business analysis perspective

  2. Module 2: Enterprise Security Concepts - security accountability, outsourcing, compliance, privacy, and audit

  3. Module 3: Risk and Cybersecurity Risk Analysis  - understanding risk tolerance, assessment, and mitigation from a cyber standpoint

  4. Module 4: Cybersecurity Risks and Controls - applying security controls based on risk identification and management

  5. Module 5: Securing the Layers - security across infrastructure layers: networks, applications, devices, and embedded systems

  6. Module 6: Data Security - protecting data at rest and in transit, encryption, digital signatures, and classification

  7. Module 7: User Access Control - authentication, privileged access management, and secure user practices

  8. Module 8: Solution Delivery and Change Impact Analysis - embedding security into solution delivery and evaluating the impact of changes

  9. Module 9: Operations - incident response, forensics, operational risk, and continuous security improvement