TN-813: Certified in Governance, Risk and Compliance (CGRC)

Course Overview:

TN-813: Certified in Governance, Risk, and Compliance (CGRC) course is for the (ISC)²® Certified in Governance, Risk, and Compliance (CGRC) credential previously known as Certified Authorization Professional (CAP). This course walks the student through the Risk Management Framework following practices the NIST pubs. CGRC is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of certifying and accrediting security of information systems. Specifically, this credential applies to those responsible for formalizing processes used to assess risk and establish security requirements. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals.The CGRC credential is appropriate for civilian, state and local governments in the U.S., as well as commercial markets. CGRC certification applies to job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers. CGRC is crucial to the Management staff.

This course is the “why” of the entire security field. It provides a logical way of allocating resources where there is greatest risk and why we make the decisions we make in the field of security. It is TechNow’s view that of all the security courses we have seen, this course genuinely puts the “big picture” of security in front of the students. Students actually come to an understanding of truly what is critical to security of an enterprise versus a bunch of nuts and bolts of security.

TechNow’s CGRC course covers all of the (ISC)²® CGRC 7 Knowledge domains:

Security and Privacy Governance, Risk Management, and Compliance Program
Scope of the System
Selection and Approval of Framework, Security, and Privacy Controls
Implementation of Security and Privacy Controls
Assessment/ Audit of Security and Privacy Controls
System Compliance
Compliance Maintenance

RMF Related Steps

Prepare – Process Initiation
Categorize Information Systems
Establish the Security Control Baseline
Apply Security Controls
Assess Security Controls
Authorize Information System
Monitor Security Controls

TechNow’s CGRC Instructors have extensive knowledge and experience in the field, and have been working with organizations to build assessor teams for over 20 years.

Attendees to TN-813: Certified in Governance, Risk, and Compliance (CGRC) will receive TechNow authorized training materials, including access to the documentation of the CGRC Exam domains, and expert instruction.

Dates/Locations:

Date/Time	Event
05/26/2026 - 05/29/2026 08:00 -16:00	TN-813: Certified in Governance, Risk and Compliance (CGRC)</a> TechNow, Inc, San Antonio TX
09/08/2026 - 09/11/2026 08:00 -16:00	TN-813: Certified in Governance, Risk and Compliance (CGRC) TechNow, Inc, San Antonio TX

Duration: 3 Days

Course Objectives:

Initiate the Preparation Phase
Perform Execution Phase
Perform Maintenance Phase
Understand the Purpose of Security Authorization

Prerequisites:

IT Security
Information Assurance
Information Risk Management certification and systems administration
1-2 years of general experience technical experience
2 years of general systems experience
1-2 years of Database/Systems Development/Network Experience
Information Security Policy Experience

Comments

Latest comments from students

Liked the class? Then let everyone know!

CompTIA

Increase your credibility, job security, and career opportunities by reaching your goal and getting certified! TechNow offers many CompTIA bootcamp style courses in which we administer an exam on the last day of class. We have a proven testing program that will get you the results you want!

CT-415: CompTIA SecAI+

CompTIA SecAI+ is the first certification in CompTIA’s expansion series, designed to help you secure, govern and responsibly integrate artificial intelligence into your cybersecurity operations. You’ll build the skills to defend AI systems, meet global compliance expectations and use AI to enhance threat detection, automation and innovation—so you can strengthen your expertise and help keep your organization’s systems and data secure.

SecAI+ helps you build practical AI security and automation skills on top of your existing expertise, so you can secure AI deployments, use AI‑assisted security tools with confidence, and stay ready for the next step in your cybersecurity career.

Course Objectives:

Apply AI concepts to strengthen your organization’s cybersecurity posture
Secure AI systems using advanced controls and protections to safeguard data, models, and infrastructure
Leverage AI technologies to automate workflows, accelerate incident response, and scale security operations
Navigate global GRC frameworks to ensure ethical and compliant AI adoption across industries
Defend against AI-driven threats like adversarial attacks, automated malware, and malicious use of generative AI
Integrate AI securely into DevSecOps pipelines and enterprise security strategies.

Dates/Locations:

No Events

Prerequisites: Recommended experience: 3–4 years in IT and 2+ years hands-on cybersecurity; Security+, CySA+, PenTest+, or equivalent recommended

SecAI+ (V1) exam objectives summary

Basic AI concepts related to cybersecurity (17%)

Explain core AI principles and terminology: Machine learning, deep learning, natural language processing, and automation.
Identify AI applications in security: Use cases for AI in threat detection, defense, and security operations.
Recognize AI-driven threats: Automated phishing, polymorphic malware, adversarial machine learning, and malicious use of generative AI.

Securing AI systems (40%)

Implement security controls: Protect AI systems, data, and models using robust technical safeguards.
Secure AI deployment environments: Apply best practices across on-premises, cloud, and hybrid infrastructures.
Mitigate adversarial risks: Defend against attacks targeting AI models, data pipelines, and inference layers.

AI-assisted security (24%)

Enhance detection and response: Use AI-driven tools to identify anomalies, detect threats, and accelerate incident remediation.
Automate security workflows: Integrate AI for event triage, alert correlation, and response orchestration.
Apply AI techniques in operations: Incorporate AI into threat modeling, behavior analysis, and continuous monitoring.

AI governance, risk, and compliance (19%)

Understand regulatory frameworks: Identify global governance requirements and their implications for AI adoption.
Integrate GRC into AI projects: Incorporate governance, risk management, and compliance practices throughout the AI lifecycle.
Ensure responsible AI use: Apply ethical guidelines, legal standards, and industry frameworks such as GDPR and NIST AI RMF.

TN-905: Cyber Threat Intelligence Analysis

Course Overview:

TechNow has worked worldwide enterprise infrastructures for over 30 years and has developed demos and labs to exemplify the techniques required to demonstrate technologies that effectively support CTI. This course integrates well with our courses TN-575: Open Source Network Security Monitoring and TN-865: Wireshark Network Traffic and Security Analysis .

TechNow develops Cyber Ranges and makes them available for conferences in support of annual meetings for Cyber Threat Response Teams. Developing scenarios and reacting to them appropriately is a big part of the value in understanding the contexts required to comprehend valuable CTI. As with many advanced TechNow security courses, there is a large hands-on ratio. This course helps Cyber Protection Teams (CPT), Defensive Cyber Operations (DCO), and Mission Defense Teams (MDT) to collect, analyze and apply targeted cyber intelligence to defensive operations in order to proactively act on and tune response to attacks by cyber adversaries. CPT, DCO, and MDT can take preemptive action by utilizing CTI, understanding CTI tools, techniques and procedures (TTPs) needed to generate and consume timely and relevant intelligence to improve resilience and prevention.

This course focuses on the collection, classification, and exploitation of knowledge about adversaries and their TTPs. . MDT puts us close the mission and helps define the internal context to be analyzed against the CTI. TechNow pushes the student to truly understand how to think about and use CTI to make a difference.

Attendees to TN-905: Cyber Threat Intelligence Analysis will receive TechNow approved course materials and expert instruction.

Date/Locations:

No Events

Course Duration: 5 days

Course Objectives:

Learn to comprehend and develop complex scenarios
Identify and create intelligence requirements through practices such as threat modeling
Utilize threat modeling to drive intelligence handling and practices
Breakdown tactical, operational, and strategic-level threat intelligence
Generate threat intelligence to detect, respond to, and defeat focused and targeted threats
How to collect adversary information creating better value CTI
How to filter and qualify external sources, mitigating low integrity intelligence
Create Indicators of Compromise (IOCs) in formats such as YARA, OpenIOC, and STIX
Move security maturity past IOCs into understanding and countering the behavioral tradecraft of threats
Breaking down threats mapped against their tradecraft to tweak IOCs
Establish structured analytical techniques to be successful in any security role
Learn and apply structured principles in support of CTI and how to communicate that to any security role.

Course Prerequisites:

Security+, or equivalent experience

Comments

Latest comments from students

Liked the class? Then let everyone know!

Trademark Recognition

(ISC)², CBK, and CISSP are registered marks of the International Information Systems Security Certification Consortium in the United States and other countries.

Access, Excel, Hyper-V, Outlook, Microsoft, SharePoint, Silverlight, SQL Server, Visual Basic, Win32, Windows, Windows PowerShell and Windows Server are registered trademarks of Microsoft Corporation.

Adobe, Acrobat, Flash and Photoshop are registered trademarks of Adobe Systems Incorporated in the United States and/or other countries

Amazon Web Services is a trademark of Amazon.com, Inc.

Android is a trademark of Google Inc.

APMG-International Change Management, The APMG-International Change Management and Swirl Device logo, APMG-International AgilePM and The APMG-International AgilePM and Swirl Device logo are trademarks of The APM Group Limited.

Certified Ethical Hacker (CEH) is a registered trademark of EC-Council.

Cisco is a registered trademark of Cisco Systems Inc.

CMMI® is registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

IIBA®, the IIBA® logo, BABOK® and Business Analysis Body of Knowledge® are registered trademarks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

CAPM, Certified Associate in Project Management (CAPM), PMP, Project Management Professional (PMP), PMI-ACP, PMI Agile Certified Practitioner (PMI-ACP), PMBOK, and the R.E.P. Logo are marks of Project Management Institute, Inc.

CBAP® and CCBA® are registered certification marks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

Certified Business Analysis Professional, Certification of Competency in Business Analysis, Endorsed Education Provider, EEP and the EEP logo are trademarks owned by International Institute of Business Analysis. These trademarks are used with express permission of International Institute of Business Analysis.

COBIT is a trademark of ISACA, registered in the U.S. and other countries.

CompTIA A+ and CompTIA Network+ are registered trademarks of the Computing Technology Industry Association, Inc.

CompTIA CASP and CompTIA Cloud Essentials are trademarks of the Computing Technology Industry Association, Inc.

GIAC and associated certifications: GSEC, GPEN, GXPN, GCFW, GCUX, GCWN, GCIA, GREM are registered trademarks of the SANS Institute

Hadoop is a registered trademark of the Apache Software Foundation.

Hibernate is a registered trademark and servicemark of Red Hat, Inc.

iPad, iPhone, Mac and Mac OS are trademarks of Apple Inc., registered in the U.S. and other countries.

ITIL®, PRINCE2® and MSP® are registered trademarks of AXELOS Limited.

JavaScript, JavaServer, JavaServer Pages, Enterprise JavaBeans, MySQL and PL/SQL are trademarks of Oracle Corporation.

Linux is a registered trademark of Linus Torvalds.

Java and Oracle are registered trademarks of Oracle Corporation.

Palo Alto Networks, PAN-OS, App-ID, Content-ID, Url-ID, GlobalProtect, Wildfire, and Panorama are trademarks of Palo Alto Networks, Inc.

"Python" is a registered trademark of the Python Software Foundation, used by Learning Tree International with permission from the Foundation.

Red Hat and Red Hat Enterprise Linux are registered trademarks of Red Hat, Inc. in the United States and other countries.

SANS and associated certifications: GSEC, GPEN, GXPN, GCFW, GCUX, GCWN, GCIA, GREM are registered trademarks of the SANS Institute

SAP Crystal Reports is the registered trademark of SAP AG in Germany and in several other countries.

Scrum Alliance REP^SM is a service mark of Scrum Alliance, Inc. Any unauthorized use is strictly prohibited.

TechNow® is a registered trademark of TechNow Incorporated.

The Swirl logo™ is a trademark of AXELOS Limited.

Transact-SQL is a trademark of Sybase, Inc.

UNIX is a registered trademark of The Open Group.

VMware is a registered trademark of VMware, Inc. in the United States and/or other jurisdictions.

XML is a trademark of MIT, INRIA or Keio on behalf of the World Wide Web Consortium.