Information Security Leadership Academy

Information Security Leadership Academy Boot Camp Logo

Application Deadline: June 8, 2026

Program Dates: July 29 – October 7, 2026

What Is ISLA?

The Information Security Leadership Academy (ISLA) is a unique and rigorous 11-week program aimed at preparing the state’s security workforce for the critical roles of Information Security Officer (ISO), Agency Information Security Officer (AISO), or an expanded role within their department’s security office. The academy incorporates security best practices, National Institute of Standards and Technology (NIST) risk and security control frameworks, California-specific policy, standards, and compliance, and Information Security program management skills. Participants will have the opportunity to interact with the state’s security leaders and take part in a dynamic simulation experience, as well as complete the Certified Information Security Manager (CISM) training and exam in preparation for the CISM certification.

ISLA registration is open to public sector IT Security personnel (e.g., state, county, and city agencies), tech-savvy IT, and aspiring ISOs/AISOs passionate about security. Ideal candidates are currently working in an IT security management or supervisory position.

Those who are newer to a supervisory or managerial role are especially encouraged to apply due to the strong programmatic focus on leadership best practices in addition to the technical curriculum.

Interested candidates should note that there is considerable curriculum overlap within ISLA and our Cybersecurity Boot Camp (the boot camp is not designed to be a pre-requisite program for ISLA). Before applying, candidates should review the Cyber Security Boot Camp webpage to determine which program is most suitable.

Important Note: The Cybersecurity Boot Camp will not be offered in 2026 to accommodate the inclusion of a new boot camp effort focused on GenAI. If ISLA is not the appropriate program fit, consult the Department of Technology’s Course Schedule for upcoming training opportunities focused on security.

Cost

The total program cost is $5,800 per participant.

This cost does not include a 22% cost distribution fee charged by the Department of Technology (CDT) which is our standard practice and will be included in the direct billing. For more information, please see CDT’s Service Rates webpage.

Billing will take place in Fiscal Year 2026 – 2027

How it works

ISLA participants will develop and enhance their security skills through both formal training and the Certified Information Security Manager (CISM) exam at the end of their program experience. Students will receive advanced training on state-specific security requirements and compliance as well as expand their leadership skills in a variety of areas.

Program participants learn from security experts, participate in practical workshops, and complete a cyber-response simulation and exercise. To ensure their experience within the academy is meaningful and valuable, the ISLA Program Coach(es), and Program Advisor(s) mentor participants throughout the program.

Delivery model

Due to continued student interest in completing our training academies using both remote and in-person course offerings, the 2026 ISLA will offer a mix of platform delivery methods. Remote sessions will be conducted via Zoom, and in-person sessions will take place at the CDT’s Training and Education Center (TEC), located in Rancho Cordova, CA. Classes scheduled to be delivered in-person are listed below within the Frequently Asked Questions (FAQs) and are subject to change, if needed.

It is important to note that while CDT always encourages non-local (outside the Sacramento area) students to apply for ISLA, the expectation is that all students should make arrangements to attend in-person classes regardless of location. In-person sessions are not offered via hybrid, there are no make-up sessions for missed classes, and sessions are not recorded, regardless of delivery format.

To assist with planning, the ISLA 2026 Program Schedule and Calendar will be provided to all students accepted into this year’s program for careful review before formally committing to the program and will identify which sessions will be conducted online versus in-person only so appropriate arrangements can be made.

Professional development

Participants will complete the Certified Information Security Manager (CISM) training and exam in preparation for certification. Participants will acquire formal training on FIPS 199/200 and the Risk Management Framework (RMF). The state-of-the-art training program also includes critical coursework for the state’s security workforce, including Ransomware Response and Detection, Conflict and Negotiation, Strategic Planning, Communication and Effective Presentations, and How to Be a Trusted Advisor, to name a few.

Throughout the academy, participants will network with their peers, Program Coaches, Program Advisors, security professionals, and other executives who are at the forefront of the state’s security efforts.

How to apply

The ISLA application period is now open and closes at 5:00 p.m. on June 8, 2026. The following documents must be submitted for your application to be considered complete and scored:

Important Note: To ensure your application package is verified as being complete by the Office of Professional Development (OPD), applicants should submit their application responses and their CIO Authorization Form on the same date. Due to the high volume of applications received, candidates who submit these documents on different dates risk their package not being fully accounted for and included for scoring and selection.

In addition, it is the candidate’s responsibility to secure and submit his/her CIO Authorization Form from their department’s CIO. Forms must include the electronic signature of the CIO to be verified as complete and must be submitted on or before application deadline (June 8). As a result, candidates are strongly encouraged to work proactively with their management chain to ensure their CIO Authorization Form is secured timely.

Finally, candidates should keep in mind that acceptance is based on the quality of application responses. Therefore, responses to the application prompts should thoroughly address each question, should be carefully reviewed before final submission, and should represent their unique thoughts. Responses that use content generated by AI will be noted as such and will adversely impact the candidate’s application scores.

For further information and/or to address questions, please contact the Office of Professional Development (OPD) at ISLA@state.ca.gov.

FAQs
What is the cost for ISLA?

The cost for the 2026 academy is $5,800 per participant and is paid for by the student's department/agency.

This cost does not include a 22% cost distribution fee charged by the Department of Technology (CDT) which is our standard practice and will be included in the direct billing. For more information, please see CDT's Service Rates webpage.

Billing will take place in Fiscal Year 2026 – 2027

When does ISLA start and end?

The 2026 ISLA formally takes place from July 29 - October 7, 2026. This does not include a pre-program, virtual Administrative Review session developed to prepare students for the academy and to address questions.

What are the core hours for the training?

Core hours for ISLA are 9:00 a.m. – 4:00 p.m., whether remotely or in-person. To verify connectivity, remote class sessions will be open at 8:30 a.m. Students are encouraged to log in to sessions early to network and chat with one another. For the CISM bootcamp course, students may be requested to have some flexibility regarding the sessions' start and end times.

What is the time commitment required for this academy?

While the training schedule varies depending on the week, participants can generally expect to be engaged in training an average of 3-5 days a week. This does not include time needed outside of class to study for and complete the CISM exam, which is intended to serve as the culminating experience for the academy. Before applying, candidates should ensure they are able to commit to both completing a rigorous course schedule as well as prepare for and complete their CISM exam outside of scheduled class sessions.

How will class sessions be conducted, and what are the technical requirements for attending?

Due to continued student interest in completing our training academies using a combination of remote and in-person delivery models, the 2026 ISLA will include a thoughtful mixture of sessions using both formats. Dates for all class sessions will be provided if accepted into the program.

It is important to note that while CDT always encourages non-local students to apply for ISLA, the expectation is that all students should make arrangements to attend in-person classes regardless of location. In-person sessions are not offered via hybrid, there are no make-up sessions for missed classes, and sessions are not recorded, regardless of delivery format.

To assist with planning, the ISLA 2026 Program Schedule and Calendar will be provided to all students accepted into this year's program for careful review before formally committing to the program and will identify which sessions will be conducted online versus in person so appropriate arrangements can be made.

ISLA will be using Microsoft Teams to house all program-related documents and Zoom will be the delivery medium for all remote class sessions. Students must be able to access these platforms. In addition, students are expected to possess a fully functioning camera and microphone so they can actively participate in class sessions.

What specific topics are covered in the 2026 curriculum?

The course topics have been carefully selected to provide a combination of both technical and leadership skills critical for the state's Information Security workforce. Classes are a mix of half and full-day sessions depending on the subject matter. Below is a tentative course listing for the 2026 program. Please note that course topics may be subject to change and that circumstances beyond our control may require adjustments to the program schedule. In addition, it is important to note that refunds will not be provided after the onset of the program (see below for further details on our refund policy).

  • Certified Information Security Manager (CISM) training and exam
  • FIPS 199/200
  • Risk Management Framework
  • Communication and Effective Presentation Skills
  • How to Be a Trusted Advisor
  • Conflict and Negotiation
  • Contract and Vendor Management
  • Strategic Planning*
  • Ransomware Response and Detection
  • Transformation Through Conflict and Negotiation
  • Budget Change Proposal (BCP) Workshop
  • Critical Infrastructure*
  • Insider Threats*
  • ISO: The First Six Months*
  • Leadership Foundations*
  • Organizational Change Management*
  • Organizational Behavior
  • Business Chemistry*
  • Executive Guest Speakers
  • California Department of Technology Security Operation Center (SOC) Tour*
  • California Cyber Security Integration Center (Cal-CSIC) Tour*
  • ISLA Graduation*

*These sessions will be conducted in-person only, will not be recorded, and will not be offered via hybrid (with the exception of the ISLA graduation event); therefore, students are expected to make arrangements to attend.

What are some additional details regarding the CISM exam?

As the culminating experience for ISLA, the CISM exam preparation requires students to dedicate considerable time outside of class to study for and complete the exam. To assist with this, students will attend and actively participate in a 5-day boot camp training session towards the end of the academy. On or before the academy start date, students will have access to electronic versions of CISM course materials, practice exams, and labs for up 90 days post-graduation. Upon completion of the boot camp, students will receive a voucher to take the CISM exam (which also includes one free retake if needed). Students will also be granted access to ISACA's Q&A database one week prior to, and during the scheduled boot camp sessions.

Should a student not pass the exam on their first attempt, s/he will continue to have full access to an unlimited number of practice exam attempts, access to recorded boot camp sessions, and the full curriculum.

Note that the cost for the CISM exam and access to all course materials are included in the program cost; however, students are responsible for ISACA’s registration fees (approximately $50).

What level of expertise and experience are you seeking from a candidate?

The ISLA welcomes applications from Information Security personnel, tech-savvy IT, and aspiring ISOs and AISOs who are passionate about security. Ideal candidates are currently working in an IT security management or supervisory position. Participants in the academy are selected from the public sector (e.g., state, county, and city agencies and departments).

How are candidates selected?

With a limited number of spots in the academy, the application process is highly competitive. Participants are selected based on the quality and thoughtfulness of their application responses. To provide additional context, the OPD advises candidates to respond to questions similar to how they would for a Statement of Qualifications (SOQ) submission. Finally, before submitting their application, students should carefully craft and review their answers to ensure they thoroughly address each question.

Do I have to attend all the training sessions to remain in the academy?

ISLA covers a great deal of curriculum in its 11-week period. While some absences are unavoidable (e.g., illness), the maximum allowable absences is three (3). There are no make-up sessions for courses missed, and classes are not recorded (with the exception of the CISM boot camp sessions). Students who exceed this limit will be withdrawn from the academy. Therefore, if you have vacation or other planned time off during the academy that will significantly interfere with your participation, you are encouraged to apply for a future cohort that will not have conflicting dates.

While ISLA is extremely rewarding, it is also a rigorous academy effort that requires students to attend class sessions 3-5 days per week in addition to preparing for and completing the CISM exam outside of class. Therefore, before applying, interested candidates should have a frank conversation with their immediate supervisor about the commitment level associated with this academy and the strong probability that their workload will need to be redistributed if accepted.

What is the drop policy for ISLA?

After your formal acceptance, students who wish to drop from ISLA do so with the understanding that their home department will incur up to 100% of the program’s charge. Requests for removal from the program must be in writing.

Below is an overview of the charges that will be incurred depending on the date of the drop request:

Date of Request Charges Incurred to Home Department
10+ business days before July 29 50% charge of program amount ($2,900)
Less than ten (10) business days before July 29 100% program cost ($5,800)

As a result, candidates who are offered a spot to join this year’s cohort should carefully and thoroughly review the program schedule and calendar that will be provided upon acceptance before formally confirming and/or contact the OPD for clarification or resolution of specific questions or concerns regarding their ability to fully engage.

What if I need a reasonable accommodation?

The OPD is dedicated to providing an inclusive, welcoming environment for all academy and boot camp students. If a student accepted into the program needs a reasonable accommodation, s/he should make this request as soon as possible to allow our team sufficient time for planning and preparation before the start of the program.

Where do I direct my questions?

Please contact the Office of Professional Development for questions and further information at ISLA@state.ca.gov.

Our department

Communities of practice

State campaigns

Website Accessibility Certification