star twitter bluesky linkedin facebook envelope linkedin instagram youtube alert-red alert home left-quote chevron hamburger minus plus search triangle x

Be Prepared


The role of the CISO is gaining in prominence. Are you ready?

Chief Information Security Officer (CISO) Certificate


Cybersecurity leadership starts where the discipline was built and where more than 1,000 security leaders have come to prepare for the CISO role.

CISO program sealCybersecurity has become a defining business challenge of the digital era. Today's Chief Information Security Officers must do far more than protect technology assets; they must lead enterprise risk management efforts, strengthen organizational resilience, govern emerging technologies, and effectively communicate with executives, boards, regulators, and stakeholders.

The Carnegie Mellon University Chief Information Security Officer (CISO) Certificate Program prepares current and aspiring security leaders to operate at the intersection of business strategy, cybersecurity, technology, risk management, and organizational leadership. Developed by Carnegie Mellon University's Heinz College and the Software Engineering Institute (SEI), the program equips participants with the frameworks, tools, and leadership skills required to lead modern cybersecurity organizations in an increasingly complex threat environment.

Through an interdisciplinary curriculum, participants explore critical topics including cyber risk management, operational resilience, supply chain risk, incident response, cyber law, security operations, governance, cyber economics, security architecture, cloud security, software and product security, threat intelligence, AI security and governance, agentic AI assurance, and AI-enabled cyber defense. Throughout the program, participants learn how to align cybersecurity strategy with business objectives, quantify and communicate risk, build high-performing security organizations, and drive informed executive decision-making.

A hallmark of the program is its long-standing team-based practicum, which provides participants with the opportunity to apply program concepts to a complex, real-world cybersecurity challenge. Working in collaborative teams and supported by experienced CISO mentor industry practitioners, participants develop and present strategic recommendations for a project organization. The practicum serves as an integrating experience that brings together key program themes while strengthening executive leadership, stakeholder engagement, strategic thinking, and board-level communication skills.

The program is delivered through a blend of live synchronous instruction, in-person residencies, guest lectures, and applied learning experiences. This format provides executives with the flexibility of remote participation while maintaining direct engagement with Carnegie Mellon faculty, industry experts, and peers. In-person residency sessions at Carnegie Mellon University provide opportunities for immersive learning, executive networking, collaboration, and participation in a formal graduation ceremony.

Designed for experienced cybersecurity, technology, and risk management professionals, the program brings together a cohort of accomplished leaders who typically possess significant management and leadership experience. The result is a highly interactive learning environment that fosters peer learning, professional networking, and the exchange of leading practices across industries and sectors.

Are you ready to lead as a CISO?


Through realistic scenarios and executive-level instruction, participants gain the experience needed to lead cybersecurity at the highest levels of government and industry.

The Carnegie Mellon CISO Program helped me expand my perspective beyond cybersecurity operations to the broader leadership, risk, and business challenges facing today's security executives. The combination of world-class faculty, experienced practitioners, and an exceptional network of peers makes it one of the most valuable professional development experiences available to current and aspiring CISOs. John Gift | SVP and Global CISO, PepsiCo and CMU CISO Program Alumnus

Chief information security officer CERTIFICATE PROGRAM INFORMATION

Program Costs

  • $19,500 for the entire program
  • $15,600 discounted rate for Carnegie Mellon alumni—including CIO, CRO, CDAIO, and CDigitalO programs—U.S. government employees, veterans, and employees of non-profit organizations
  • $1,000 discount for graduates of the Leading Enterprise Agentic AI Development (LEAAID) Certificate Program.
  • Program cost is a flat rate with no additional fees.

Please note: Due to the non-credit bearing nature of the CISO Certificate Program, students are unable to apply for tuition assistance, scholarship, or VA benefits. Program costs cannot be itemized.

Deadlines

  • Deadline for Cohort 27 is September 4, 2026. Please submit your application as soon as possible for consideration.

  • If space remains, we will continue to accept applications on a first-come, first-served basis.

Logistics

  • A non-refundable, non-transferable deposit of 1/6 of the total program cost is required to reserve a seat in the program. Get details about the cancellation policy.

  • Optional credit card installment payment plan is available.

Apply Now

CISO Calendar and Curriculum Details


Applications are currently being accepted for Cohort 27, which begins September 2026.

  • Virtual Orientation: 12:00 - 5:00 p.m. EDT
    September 9-10, 2026

    Virtual Modules: 4:00 - 9:00 p.m. EDT
    (Note: all virtual class dates are Thursdays)
    September 24 (2026)
    October 8, 15, 22, 29 (2026)

    Program Mid-Session: 9:00 a.m. - 5:00 p.m. EDT (Pittsburgh, PA; virtual option available)
    November 3-4, 2026

    Virtual Modules: 4:00 - 9:00 p.m. EST
    (Note: all virtual class dates are Thursdays)
    November 12, 19 (2026)
    December 3, 10, 17 (2026)
    January 7, 14, 21, 28 (2027)

    Practicum: 9:00 a.m.- 5:00 p.m. EST (Pittsburgh, PA; virtual option available)
    February 24-25, 2027

The most effective CISOs are those who can bridge cybersecurity, business strategy, and executive decision-making. The practicum provides participants with a unique opportunity to apply what they learn to real-world challenges while receiving guidance from experienced security leaders who have spent decades managing risk, leading organizations, and advising executives and boards. Darrell Keeling | Executive Coach and CISO Program Alumnus

Chief Information Security Officer Curriculum


To further enrich the CISO Program, participants will have the opportunity to engage with industry experts, thought leaders, and practitioners through a series of robust guest lectures. These sessions will provide cutting-edge insights on critical and emerging topics, including:

Cyber Insurance Landscape — this guest lecture provides an executive-level overview of the evolving cyber insurance market and its role in enterprise risk management. Participants will explore underwriting trends, coverage considerations, claims experiences, and how cybersecurity maturity influences insurability, pricing, and organizational resilience.

Effective Executive Presentations and Influence — this guest lecture focuses on the communication skills required to effectively engage executives, boards, and other senior stakeholders. Participants will learn how to craft compelling messages, communicate complex topics with clarity, influence decision-making, and deliver impactful presentations that drive alignment, action, and organizational outcomes.

Vendor Management/Contract Negotiations — this guest lecture examines leading practices for managing strategic vendor relationships and negotiating contracts that align with organizational objectives. Participants will explore approaches for evaluating vendors, managing performance, mitigating risk, and negotiating commercial, operational, and security requirements to achieve successful long-term partnerships and business outcomes.

Cyber Defense Matrix — this guest lecture introduces the Cyber Defense Matrix, developed by Dr. Sounil Yu, as a practical framework for organizing, assessing, and communicating cybersecurity capabilities across the enterprise. Participants will learn how the framework can be used to align security investments with business objectives, identify capability gaps, prioritize strategic initiatives, and enhance executive and board-level discussions around cybersecurity risk and resilience.

These guest lectures will complement the core curriculum, ensuring that participants receive real-world perspectives, actionable strategies, and executive-level insights from those shaping the future of cybersecurity leadership.

Benefits, Discounts, and the Fine Print

FUTURE MODULES BENEFIT

Graduates of the Chief Information Security Officer Certificate Program will have access to new CISO Program modules created in the future, providing you with continuing education after the program ends. Approval is required.

Please note: This benefit does not extend to future CIO, CRO, CDAIO, or CDigitalO program modules, unless the student is also a graduate of those programs.

MSIT PROGRAM DISCOUNT

Students who complete the Chief Information Security Officer Certificate Program and who subsequently apply for and are admitted into the Heinz College MSIT Degree Program are eligible for a tuition discount scholarship. Program costs that have been paid for completing any or all of the Heinz College Executive Education certificate programs (up to $40,000) by the individual student or their sponsor/employer will be matched with a tuition discount from the MSIT program—reducing the cost to complete the MSIT degree by up to $40,000.

In order to be considered, applicants to the MSIT program should indicate their enrollment status with the CIO, CISO, CRO, CDAIO, and/or CDigitalO program(s) on the Application for Admission.

Please note: The tuition discount is only available once a student has completed all of the certificate program’s requirements. Completion of a certificate program does not guarantee admission to the MSIT program.

Cancellation/Refund Policy

A non-refundable, non-transferable deposit of 1/6 of the total program cost is required to reserve a seat in the program.

Should a student withdraw from the program after the deposit has been paid but prior to the program start date, students may have 5/6 of the program costs either refunded to them or transferred to the following cohort of the program.

After the program start date, no refunds will be issued. However, under extenuating circumstances and with program director approval, students may petition to postpone their attendance to a future cohort and have 5/6 of the program costs applied accordingly.

Hear From our program alumni

Find out how earning the CISO certificate can help your career.

My Story: Joe


Earning a Chief Information Security Officer certificate from Heinz College helped Joe Lewis become the CISO of the Centers for Disease Control and Prevention.

"This was the right direction to go."


CISOs Patrick Forbes of S&P Global and Corey T. Jackson of the Travelers Companies talk about what they gained from the program, and what executive training from CMU has meant to their careers.

Frequently Asked Questions

Q: What is a Chief Information Security Officer (CISO) certificate program?

A: Chief Information Security Officer (CISO) certificate programs are designed to prepare cybersecurity leaders to manage enterprise security strategy, governance, and risk. These programs are geared toward senior leaders and typically focus on leadership skills, cybersecurity strategy, incident response, and communication with executive leadership and boards.

The CISO Certificate Program at Carnegie Mellon University’s Heinz College combines practical cybersecurity frameworks with leadership training to help experienced professionals strengthen their ability to lead enterprise security programs.

Q: What skills does a Chief Information Security Officer need today?

A: Modern CISOs must combine technical cybersecurity expertise with strategic leadership skills.

Key capabilities include:

  • Creating and implementing enterprise cybersecurity strategy
  • Risk management and governance
  • Incident response leadership
  • Communication with executive leadership and boards
  • Regulatory and compliance awareness

Carnegie Mellon’s CISO Certificate program helps experienced professionals develop these leadership capabilities while strengthening their technical security perspective.

Q: What's the difference between a CISO and a CIO?

A: While both roles require leadership and strategic thinking, the CISO role is more specialized in cybersecurity, whereas the CIO or CIDO role has a broader organizational technology focus.

Q: Who should attend a CISO executive education program?

A: CISO executive education programs are designed for experienced cybersecurity and technology professionals who want to strengthen their ability to lead security programs at the enterprise level.

Participants often include:

  • Current or aspiring Chief Information Security Officers
  • Cybersecurity directors and security architects
  • Senior IT or risk leaders responsible for enterprise security
  • Government or defense cybersecurity professionals

These programs help leaders expand their strategic, governance, and communication capabilities beyond technical security expertise.

Q: How long does the Carnegie Mellon CISO Certificate Program take to complete?

A: The CISO Certificate Program at Carnegie Mellon University is a six-month executive education program that combines synchronous virtual learning with in-person sessions. The format allows working professionals to develop advanced cybersecurity leadership skills while continuing in their current roles.

Q: What makes the Carnegie Mellon CISO program unique?

A: Carnegie Mellon’s CISO Certificate Program combines executive leadership training with deep cybersecurity expertise from Heinz College and the CERT Division of the Software Engineering Institute.

Participants benefit from:

  • Instruction from faculty and industry leaders with real-world cybersecurity experience
  • Practical case studies and applied frameworks
  • A cohort of experienced cybersecurity professionals from multiple sectors

This interdisciplinary approach helps leaders translate technical cybersecurity knowledge into enterprise strategy.

Q: How does this program help professionals advance to a CISO role?

A: CMU's CISO program helps professionals transition from technical security roles to executive cybersecurity leadership by strengthening skills in governance, risk management, communication, and organizational strategy.

Participants learn how to:

  • Align cybersecurity initiatives with business objectives
  • Communicate cyber risk to executives and boards
  • Lead cross-functional security programs
  • Build resilient cybersecurity strategies across complex organizations

Not sure the CISO program is right for you? 

Explore our suite of executive education programs to find the one that best fits you:

More Tech Leadership Programs for Executives

LEAAID

Leading Enterprise Agentic Artificial Intelligence Development Certificate

The Leading Enterprise Agentic Artificial Intelligence Development (LEAAID) Certificate program equips professionals to design, deploy, and manage agentic AI systems for real-world enterprise use.

Learn More

CDAIO

Chief Data & AI Officer Certificate

The Chief Data & AI Officer (CDAIO) Certificate program provides you with emerging AI knowledge that you need to set up a 21st century data utilization and responsible AI program.

Learn More

CIDO

Chief Information and Digital Officer Certificate

The Chief Information & Digital Officer (CIDO) Certificate program takes an interdisciplinary approach to information and technology management for executives with IT oversight responsibilities.

Learn More

CRO

Chief Risk Officer Certificate

The Chief Risk Officer (CRO) Certificate program provides the latest skills and best practices impacting risk management, as well as effective strategies for addressing and analyzing enterprise risks.

Learn More

MSIT

Master of Science in Information Technology (Online)

The Master of Science in Information Technology (MSIT) is our part-time online program for professionals seeking graduate degrees in IT; Heinz certificate program graduates are eligible for a MSIT tuition discount.

Learn More

What's Next?

Have questions? Reach out to us to find out more:

  • Email: heinzexeced@cmu.edu
  • Phone: David Ulicne, Executive Director - (412) 268-5543
  • Phone: Emily Brown, Director -  (412) 268-6730

Check out our detailed program guide.

Ready to apply?

Apply Now


tiktok