Skip to main content
Image coming soon

The Practitioner-Academic Security Assessment Playbook

$199.00
Adding to cart… The item has been added

A focused course, tailored for you

The Practitioner-Academic Security Assessment Playbook

Run a client security assessment and turn the same engagement into a teachable practitioner methodology your students can follow.

One desk holds a client scope-of-work that needs a defensible report by month-end, and a stack of CompE capstone briefs asking the same questions. Right now those two streams run in parallel and consume time twice.

$199 one-time
Tailored to your situation. Access within 24 hours. 30-day money-back.

Includes a hand-built implementation playbook delivered alongside course access, generated for your specific situation.

Why this course

An independent security consultant who is also a tenured computer-engineering professor sits between two demanding audiences. The client wants a scoped assessment, a clear finding write-up, an evidence pack that survives a follow-on auditor, and a remediation roadmap that names owners and dates. The students want a methodology they can apply to a capstone, an annotated example of how a real practitioner moves from scope to evidence to recommendation, and a body of work that gets them hired. Both audiences are asking for the same intellectual artefact, packaged differently. Today the engagement notes live in one place, the lecture material lives in another, and the capstone briefings get redrawn from scratch each semester. The result is two part-time jobs done at full intensity, and the practitioner case studies that would make the strongest teaching material never get written down because the consulting deliverable absorbs the available hours. This course collapses the two workflows into one. Every artefact built for the client becomes a teachable artefact for the capstone, with the IP-sensitive content abstracted and the methodology preserved.

What you walk away with

  • A single workflow that produces both a client-ready assessment report and a teachable practitioner methodology in one pass.
  • Reusable scoping memo, threat model, control assessment, evidence pack, finding write-up, and remediation roadmap templates that work across small-firm clients and CompE capstone teams.
  • An abstraction pattern that keeps client-confidential content out of teaching material while preserving the methodology a student needs to learn.
  • A capstone briefing pack that lets a CompE team replicate the practitioner workflow on a public-domain or sanitised target without further faculty intervention.
  • A practitioner case-study format that produces a teachable artefact after every billable engagement, with consent and abstraction handled inside the workflow.

The 12 modules

Module 1. The Dual-Audience Scoping Memo
A scoping memo that satisfies the small-client buyer and reads as a teachable problem statement for a CompE capstone team. Covers the conversation with the client to surface in-scope assets, the questions that separate a security assessment from an audit, and the abstraction rules that let the same memo become a sanitised student brief. Includes a one-page client version, an annotated faculty version, and a capstone version with the IP fingerprints stripped.
Module 2. Asset Inventory and Data-Flow Discovery for a Small Client
How to build a defensible asset inventory and data-flow picture inside a small-client engagement where there is no CMDB and no ServiceNow tenant. Uses interview scripts, network discovery output, and document review. Produces an inventory artefact the client signs off on, and a teaching case that lets a capstone team see the trade-offs between completeness, time-on-site, and engagement scope.
Module 3. Threat Modelling Without an Enterprise Tooling Stack
STRIDE, attack trees, and abuse cases applied to a real small-firm system the practitioner is engaged on. Replaces enterprise tooling with pen-and-paper, Miro, and a structured template the student can use on a capstone target. The artefact: a threat model the client signs and the capstone team can replicate on a sanitised twin of the same architecture.
Module 4. Control Selection Against a Practical Framework
Choosing a control framework that fits the client's actual obligations rather than the framework the consultant prefers. Covers NIST CSF 2.0 for general assessments, CIS Controls v8 IG1 and IG2 for smaller targets, NIST 800-171 for clients with federal contract flow-down. Produces a control selection memo a buyer understands and a teaching artefact that shows a student how a practitioner reasons about framework fit.
Module 5. The Engagement Control Assessment Workbook
A workbook that walks the assessor through each selected control with evidence prompts, interview questions, and a maturity rating. Designed to be filled in once and to produce both the client appendix and the capstone exemplar. Includes the conventions for marking observed versus self-attested evidence, and the abstraction patterns that let the workbook be shared with a class without exposing the client.
Module 6. Evidence Collection, Storage, and Chain of Custody for an LLC Engagement
Practical evidence handling for a sole-proprietor or small-LLC engagement. Covers what to collect, how to label it, where to store it, how long to retain it after the engagement closes, and the chain-of-custody record that protects the practitioner if a finding is later contested. Produces an evidence-pack template plus a teaching version that lets a capstone team rehearse the same discipline on a sanitised dataset.
Module 7. Vulnerability Discovery and Validation on a Constrained Scope
Running a focused vulnerability discovery pass inside a small-firm engagement where a full pentest is out of scope. Covers credentialed scanning, authenticated configuration review, manual validation of high-severity findings, and the documentation that lets the client and a downstream auditor see what was checked and what was excluded. Teaching version: a CompE capstone team replicates the pass on a lab-built twin.
Module 8. The Practitioner Finding Write-Up
Writing a finding in the shape a small-business buyer reads and acts on. Title, condition, criteria, cause, effect, recommendation, owner, target date. The same structure annotated for a student showing why each element is there and how it survives review. Includes the rewrite rules that turn a technical observation into a finding a non-technical client understands.
Module 9. Risk Rating Without a Heat Map
A defensible risk-rating method for a small engagement that does not borrow from a vendor's qualitative-only heat map. Combines likelihood drivers, impact drivers, and a calibration step the consultant can defend to the client. Produces a rating worksheet for the client and a teaching artefact that shows a student how a practitioner avoids the common pitfalls of subjective rating.
Module 10. The Remediation Roadmap and Owner Assignment
Translating findings into a remediation roadmap a small client will actually execute. Sequencing by dependency, naming owners, setting target dates the client agrees to, and identifying which items the client can do internally versus which need an outside specialist. Produces a roadmap the client signs and a teaching artefact that shows a student how a practitioner negotiates ownership without taking the work back.
Module 11. Executive Summary and Board Briefing for a Small-Firm Audience
Writing the one-page executive summary and the ten-slide board briefing for a small-business owner or board. Covers the language choices that make a finding land with a non-security audience, the trade-offs in showing detail versus summary, and the visual conventions a CompE student can adopt. Produces a finished summary plus an annotated version that becomes a teaching exhibit.
Module 12. Engagement Closeout, Reusable Methodology, and Capstone Briefing Pack
Closing the client engagement, archiving the artefacts, applying the abstraction rules so the methodology survives without the client's data, and producing a capstone briefing pack a CompE team can pick up next semester. Covers the consent language the consultant adds to the engagement letter that authorises sanitised teaching use, the abstraction patterns that strip identifiers, and the briefing structure that lets a student team work without further faculty involvement.

How this addresses your situation

Specific modules that map to what you said you are dealing with.

A scoping call with a new small-firm client lands and you need a memo the client signs and a capstone team can adopt next semester. Modules 1 and 2 produce both.
A threat model and control assessment are due to the client by week three, and you want the workbook to also be the artefact a CompE student can study. Modules 3, 4, and 5 deliver one workbook with two audiences.
A finding pack and remediation roadmap are due to the client by month-end, and you want the rewrite patterns to be teachable. Modules 6 through 10 produce the engagement deliverable and the annotated teaching version in parallel.
The engagement closes, the invoice goes out, and you have a sanitised capstone briefing pack ready for the next semester without rewriting anything from scratch. Modules 11 and 12 close the loop.

What you get with this course

  • Twelve written modules in the Art of Service learning environment, each with worked examples drawn from a small-firm security engagement and a CompE teaching context.
  • Downloadable templates for every engagement artefact: scoping memo, asset inventory, threat model, control selection memo, control assessment workbook, evidence-pack index, finding write-up, risk-rating worksheet, remediation roadmap, executive summary, board-briefing deck, capstone briefing pack.
  • An abstraction-pattern reference that shows how to strip client identifiers while preserving the methodology.
  • Engagement-letter consent language that authorises sanitised teaching use of the artefacts the practitioner produces.
  • A hand-built implementation playbook tuned to a Security and Analytics LLC engagement book and a JSU CompE teaching context, delivered alongside course access.

What you will have in hand by Day 1, Week 1, Month 1

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

Modules 1 and 2 in the first week sit alongside the next scoping conversation you have with a client or a capstone team.

Modules 3 through 10 fit a six-to-eight week engagement cadence, with each module producing the artefact you need that week for both audiences.

Modules 11 and 12 close at engagement end and set up the next semester's capstone briefing without further writing.

Before and after

Before

The consulting engagement and the CompE capstone teaching run as two separate workflows. The engagement deliverable absorbs the available hours, the case-study material never gets written down, and the capstone briefings get redrawn from scratch each semester.

After

One workflow produces a defensible client report and a teachable practitioner methodology in the same pass. Every billable engagement yields a sanitised case study and a capstone briefing pack with no extra writing burden.

What happens if you do not address this

The strongest practitioner case studies, the ones drawn from your own engagements, never get written down. Capstone briefings keep being rebuilt from scratch. The teaching artefact gap widens as the engagement book grows, and at some point either the consulting practice or the teaching depth has to give.

Who it is for

An independent security and analytics practitioner running a small LLC engagement book who is also a long-tenured computer-engineering faculty member. The client work spans assessment, control review, evidence packaging, and remediation planning for small and mid-sized organisations. The teaching work covers undergraduate and graduate CompE students who need to see how a real practitioner moves through a security engagement end to end, with the artefacts that mark each step.

Who this is NOT for. A pure-academic researcher with no current client engagements. A large-firm consultant whose deliverables are dictated by an internal template library. A practitioner who does not teach and has no interest in turning engagement artefacts into a teachable methodology.

How it arrives

Text-based course in the Art of Service learning environment, plus downloadable templates and worked examples for every module, plus the hand-built implementation playbook delivered alongside course access.

Time investment. Six to ten hours of reading and template application over the run of one client engagement, plus the time you would already spend on the engagement itself. The course runs inside the engagement, not on top of it.

Why $199 is the right number

A generic CISSP-style review course teaches the body of knowledge but does not produce the engagement artefacts a practitioner needs to ship and a student needs to study. A consulting-methodology book describes the workflow but does not give you the templates or the abstraction patterns. A capstone curriculum gives the students the project but leaves the practitioner case material to be invented by the faculty member. This course gives the practitioner-academic the one workflow that serves both audiences with one set of artefacts.

FAQ

Does this course assume a specific control framework?
No. Module 4 walks through framework selection across NIST CSF 2.0, CIS Controls v8, and NIST 800-171, and the assessment workbook in module 5 accepts whichever framework the client engagement requires.
Can I use the artefacts in a JSU CompE capstone without exposing client information?
Yes. Module 1 establishes the abstraction rules, module 12 produces the sanitised capstone briefing pack, and an engagement-letter consent template authorises the sanitised teaching use.
How is this different from the consulting templates I already use on Security and Analytics LLC engagements?
The course is not a template library swap. It is a workflow that runs your existing engagement and produces a teachable artefact in the same pass, with the abstraction step built in. Your current templates can be folded into the workbook in module 5.
Is the implementation playbook generic?
No. The implementation playbook is hand-built for your dual context: a small-LLC security and analytics engagement book plus an active JSU CompE teaching load. It is delivered alongside course access.

30-day money-back guarantee. If after a week of working through the materials this is not what you needed, reply to the receipt email and a full refund is processed. No questions, no forms.

Within 24 hours your account in the learning environment is provisioned and the tailored implementation playbook is delivered alongside it.

!