GRC Portfolio Studio · The Tech Academy
August Guided Cohort Begins Saturday, August 29 at 10:00 AM ET Enrollment closes Thursday, August 27 Only 10 seats
Self-Paced · ISO/IEC 27001-Aligned

Build a Job-Ready GRC Portfolio in 5 Weeks

Build practical, ISO/IEC 27001-aligned GRC work samples from one realistic company case, so your portfolio feels like a real project.

For people moving into non-coding cybersecurity roles who need a flexible, self-paced way to build proof employers can understand.

Not sure GRC is your path? Take the free Cyber Role Finder →

Start with this short welcome video

Dr. Shumba explains how the Studio works, who it is for, and what you will build before you review the portfolio details below.

Welcome video

A welcome from Dr. Shumba

How the Studio works, who it is for, and what you will walk away able to show.

Listen · Podcast

Why your portfolio comes first

A short audio note on why GRC proof matters, how your portfolio pieces connect, and how to think about the work before you build.

Listen after the welcome video, then continue to the portfolio build below.

Eleven portfolio pieces that follow the same company case

You start with risk and keep building until you can brief leadership. Each piece connects to the next.

01

Risk Register with Treatment Plan

Foundation
02

Control Mapping

Controls
03

Statement of Applicability

ISO 27001
04

Vendor Risk Review

Third-party
05

Policy Pack

Governance
06

Audit Evidence Tracker

Evidence
07

Control Testing Worksheet

Assurance
08

Remediation Tracker

Follow-up
09

Executive GRC Summary

Capstone
10

Resume & LinkedIn Refresh

Career
11

Interview Story Bank

Career

A self-paced, portfolio-building program, with the option to present your work for feedback

You have short lessons, templates, worked examples, and clear instructions, and you complete the work on your own schedule. Cohort members also join three live review sessions with instructor feedback.

02

Build the portfolio pieces

Every task produces a real GRC deliverable from the TechFlow case, so your portfolio reads like one professional project instead of separate class assignments.

03

Present your work for feedback

Cohort members join three live review sessions, not weekly lectures. Get instructor feedback, see how others approached the work, and practice explaining your portfolio pieces like an analyst.

Open your portfolio and walk through the work

That is the difference between saying "I took a course" and saying "Here is the work I can do."

How you assessed risk

How you mapped controls

How you completed a Statement of Applicability

How you reviewed a vendor

How you wrote security policies

How you collected and tested audit evidence

How you tracked remediation

How you summarized the program for leadership

Your portfolio speaks the language real organizations use

Aligned to ISO/IEC 27001:2022, one of the most recognized information security management standards in the world, with control logic supported by ISO/IEC 27002. Your work follows the structure of the standard itself:

Clause 4 · Context Clause 5 · Leadership Clause 6 · Risk planning Clause 7 · Support Clause 8 · Operation Clause 9 · Evaluation Clause 10 · Improvement Annex A · Controls

Optional ISO Foundation path

The Studio is not an exam prep course. The work gives you practical exposure to how an information security management system is structured.

After the Studio, students who want a recognized credential may choose to pursue an ISO/IEC 27001 Foundation exam separately. Your portfolio shows you can apply the concepts in practical GRC work.

This course does not make you ISO-certified or PECB-certified. It helps you build practical, ISO-aligned portfolio proof.

Portfolio first. Certification second.

Built for doers, not spectators

This Studio is for you if…

  • You want to move into a non-coding cybersecurity role
  • You are interested in GRC, compliance, risk, vendor risk, or IT audit
  • You are busy and need a flexible, self-paced structure
  • You have certificates but still nothing practical to show
  • You are a recent graduate who needs proof beyond a degree
  • You have experience in IT, healthcare, finance, audit, admin, military, or compliance
  • You can commit 5 to 7 hours per week to building the portfolio

This is not for you if…

  • You want weekly live lectures
  • You want someone to do the work for you
  • You are only looking for exam prep
  • You want a purely technical cybersecurity course
  • You cannot complete the weekly portfolio work
  • You are looking for an ISO certification issued by this program
A Word from Dr. Shumba

"I built this Studio for people who are ready to move."

You may be working, raising a family, or in a different time zone. You may have taken courses, watched videos, earned certificates, and still feel like you have nothing strong enough to show an employer. I understand that.

GRC is one of the most practical non-coding paths into cybersecurity, but you need more than motivation. You need proof. That is why this Studio is built around doing. Five weeks from now, you should be able to open your portfolio and show the work.

Dr. Rose Shumba

Cybersecurity Educator & Computing Professor

Former director of an NSA/DHS Center of Academic Excellence in Cyber Defense.

More than 20 years preparing students and professionals for technology careers. She has led cybersecurity and computing programs, developed student success pathways, and helped learners translate technical knowledge into career opportunities.

Holds the PECB ISO/IEC 27001 Foundation credential. Created this Studio to help learners build practical GRC proof.

Join at the founding cohort price

Both prices below are Founding Cohort pricing for the August launch. They rise for the next cohort. The August cohort begins Saturday, August 29 at 10:00 AM ET. Enrollment closes Thursday, August 27. The Guided Cohort is limited to 10 seats.

Self-Study

Everything you need to build it on your own
$397
  • All video lessons across five modules
  • Downloadable Excel & Word templates
  • Module podcasts and build guidance
  • Full portfolio build instructions
  • Eligibility to earn the GRC Portfolio Studio digital badge after completing the required work and a recorded final presentation
  • No office hours or instructor feedback
Get Self-Study Access · $397

Already purchased the Risk Register Starter or Sprint? Join the Studio within 14 days of your purchase and your full payment is credited toward it.

Purchases made between July 12 and July 22 will receive feedback beginning July 23, 2026.

Frequently asked

Is this live or self-paced?

The Studio is self-paced. Each module includes lessons, templates, examples, and instructions. The three live sessions in the Guided Cohort are review and practice sessions, not lectures.

Do I have to attend the live sessions?

No. You can complete the Studio through the self-paced lessons and templates. To earn the badge, you must complete either a live or recorded final presentation.

Will every portfolio piece be reviewed one-on-one?

This is not weekly one-on-one coaching. You receive templates, worked examples, checklists, and three live group review sessions in the Guided Cohort. Final portfolio review is tied to badge completion.

Do I need a technical background?

No. You need basic computer and spreadsheet skills, attention to detail, and time to complete the work.

Is this an ISO certification course?

No. The Studio does not issue ISO or PECB certification. It helps you build ISO-aligned GRC portfolio pieces.

Can I take an ISO Foundation exam after this?

Yes, that is an option. The exam is separate from the Studio and must be purchased through the exam provider. The Studio gives you practical exposure to the structure of an information security management system.

How much time should I plan each week?

Plan for 5 to 7 hours per week. Most weeks include about one hour of video and several hours of portfolio building.

Can I share my portfolio publicly?

Yes, but only share polished PDFs. Do not include private information, real employer data, copyrighted ISO text, or anything that looks confidential.

You do not need another course you cannot show

You need proof.

Five weeks from now, you can open a complete GRC portfolio and walk through how you assessed risk, mapped controls, reviewed vendors, wrote policies, tested evidence, tracked remediation, and briefed leadership.

Join the August Cohort