Build a Job-Ready GRC Portfolio in 5 Weeks
Build practical, ISO/IEC 27001-aligned GRC work samples from one realistic company case, so your portfolio feels like a real project.
For people moving into non-coding cybersecurity roles who need a flexible, self-paced way to build proof employers can understand.
Not sure GRC is your path? Take the free Cyber Role Finder →
Start with this short welcome video
Dr. Shumba explains how the Studio works, who it is for, and what you will build before you review the portfolio details below.
A welcome from Dr. Shumba
How the Studio works, who it is for, and what you will walk away able to show.
Why your portfolio comes first
A short audio note on why GRC proof matters, how your portfolio pieces connect, and how to think about the work before you build.
Listen after the welcome video, then continue to the portfolio build below.
Eleven portfolio pieces that follow the same company case
You start with risk and keep building until you can brief leadership. Each piece connects to the next.
Risk Register with Treatment Plan
FoundationControl Mapping
ControlsStatement of Applicability
ISO 27001Vendor Risk Review
Third-partyPolicy Pack
GovernanceAudit Evidence Tracker
EvidenceControl Testing Worksheet
AssuranceRemediation Tracker
Follow-upExecutive GRC Summary
CapstoneResume & LinkedIn Refresh
CareerInterview Story Bank
CareerA self-paced, portfolio-building program, with the option to present your work for feedback
You have short lessons, templates, worked examples, and clear instructions, and you complete the work on your own schedule. Cohort members also join three live review sessions with instructor feedback.
Learn on your schedule
Short lessons, templates, and worked examples, organized module by module. About one hour of video each week, then several hours of building. No fixed lecture times.
Build the portfolio pieces
Every task produces a real GRC deliverable from the TechFlow case, so your portfolio reads like one professional project instead of separate class assignments.
Present your work for feedback
Cohort members join three live review sessions, not weekly lectures. Get instructor feedback, see how others approached the work, and practice explaining your portfolio pieces like an analyst.
Open your portfolio and walk through the work
That is the difference between saying "I took a course" and saying "Here is the work I can do."
How you assessed risk
How you mapped controls
How you completed a Statement of Applicability
How you reviewed a vendor
How you wrote security policies
How you collected and tested audit evidence
How you tracked remediation
How you summarized the program for leadership
Your portfolio speaks the language real organizations use
Aligned to ISO/IEC 27001:2022, one of the most recognized information security management standards in the world, with control logic supported by ISO/IEC 27002. Your work follows the structure of the standard itself:
Optional ISO Foundation path
The Studio is not an exam prep course. The work gives you practical exposure to how an information security management system is structured.
After the Studio, students who want a recognized credential may choose to pursue an ISO/IEC 27001 Foundation exam separately. Your portfolio shows you can apply the concepts in practical GRC work.
This course does not make you ISO-certified or PECB-certified. It helps you build practical, ISO-aligned portfolio proof.
Portfolio first. Certification second.Built for doers, not spectators
This Studio is for you if…
- ✓You want to move into a non-coding cybersecurity role
- ✓You are interested in GRC, compliance, risk, vendor risk, or IT audit
- ✓You are busy and need a flexible, self-paced structure
- ✓You have certificates but still nothing practical to show
- ✓You are a recent graduate who needs proof beyond a degree
- ✓You have experience in IT, healthcare, finance, audit, admin, military, or compliance
- ✓You can commit 5 to 7 hours per week to building the portfolio
This is not for you if…
- ✕You want weekly live lectures
- ✕You want someone to do the work for you
- ✕You are only looking for exam prep
- ✕You want a purely technical cybersecurity course
- ✕You cannot complete the weekly portfolio work
- ✕You are looking for an ISO certification issued by this program
"I built this Studio for people who are ready to move."
You may be working, raising a family, or in a different time zone. You may have taken courses, watched videos, earned certificates, and still feel like you have nothing strong enough to show an employer. I understand that.
GRC is one of the most practical non-coding paths into cybersecurity, but you need more than motivation. You need proof. That is why this Studio is built around doing. Five weeks from now, you should be able to open your portfolio and show the work.
Dr. Rose Shumba
Former director of an NSA/DHS Center of Academic Excellence in Cyber Defense.
More than 20 years preparing students and professionals for technology careers. She has led cybersecurity and computing programs, developed student success pathways, and helped learners translate technical knowledge into career opportunities.
Join at the founding cohort price
Both prices below are Founding Cohort pricing for the August launch. They rise for the next cohort. The August cohort begins Saturday, August 29 at 10:00 AM ET. Enrollment closes Thursday, August 27. The Guided Cohort is limited to 10 seats.
August Guided Cohort
- Everything in Self-Study, and:
- Three live review sessions with instructor feedback
- Structured feedback on your portfolio work
- Accountability throughout the program
- Final presentation and verifiable badge
Self-Study
- All video lessons across five modules
- Downloadable Excel & Word templates
- Module podcasts and build guidance
- Full portfolio build instructions
- Eligibility to earn the GRC Portfolio Studio digital badge after completing the required work and a recorded final presentation
- No office hours or instructor feedback
Already purchased the Risk Register Starter or Sprint? Join the Studio within 14 days of your purchase and your full payment is credited toward it.
Purchases made between July 12 and July 22 will receive feedback beginning July 23, 2026.
Frequently asked
Is this live or self-paced?
The Studio is self-paced. Each module includes lessons, templates, examples, and instructions. The three live sessions in the Guided Cohort are review and practice sessions, not lectures.
Do I have to attend the live sessions?
No. You can complete the Studio through the self-paced lessons and templates. To earn the badge, you must complete either a live or recorded final presentation.
Will every portfolio piece be reviewed one-on-one?
This is not weekly one-on-one coaching. You receive templates, worked examples, checklists, and three live group review sessions in the Guided Cohort. Final portfolio review is tied to badge completion.
Do I need a technical background?
No. You need basic computer and spreadsheet skills, attention to detail, and time to complete the work.
Is this an ISO certification course?
No. The Studio does not issue ISO or PECB certification. It helps you build ISO-aligned GRC portfolio pieces.
Can I take an ISO Foundation exam after this?
Yes, that is an option. The exam is separate from the Studio and must be purchased through the exam provider. The Studio gives you practical exposure to the structure of an information security management system.
How much time should I plan each week?
Plan for 5 to 7 hours per week. Most weeks include about one hour of video and several hours of portfolio building.
Can I share my portfolio publicly?
Yes, but only share polished PDFs. Do not include private information, real employer data, copyrighted ISO text, or anything that looks confidential.
You need proof.
Five weeks from now, you can open a complete GRC portfolio and walk through how you assessed risk, mapped controls, reviewed vendors, wrote policies, tested evidence, tracked remediation, and briefed leadership.
Join the August Cohort