The Information Security Leadership Academy (ISLA) is a unique and rigorous 9-week program aimed at preparing the state’s security workforce for the critical roles of Information Security Officer (ISO), Agency Information Security Officer (AISO), or an expanded role within their department’s security office. The academy incorporates security best practices, National Institute of Standards and Technology (NIST) risk and security control frameworks, California-specific policy, standards, and compliance, and Information Security program management skills. Participants will have the opportunity to interact with the state’s security leaders and take part in a dynamic simulation experience, as well as complete the Certified Information Security Manager (CISM) training and exam in preparation for the CISM certification.

ISLA registration is open to public sector IT Security personnel (e.g., state, county, and city agencies), tech-savvy IT, and aspiring ISOs/AISOs passionate about security. Ideal candidates are currently working in an IT security management or supervisory position.

Interested candidates should note that there is considerable curriculum overlap within ISLA and our Cybersecurity Boot Camp (the boot camp is not designed to be a pre-requisite program for ISLA). Before applying, candidates should review the Cyber Security Boot Camp webpage to determine which program is most suitable.

The total program cost is $5,200 per participant.

This cost does not include a 17% cost distribution fee charged by the Department of Technology (CDT) which is our standard practice and will be included in the direct billing. For more information, please see CDT’s Service Rates webpage.

ISLA participants will develop and enhance their security skills through both formal training and the Certified Information Security Manager (CISM) exam at the end of their program experience. Students will receive advanced training on state-specific security requirements and compliance as well as expand their leadership skills in a variety of areas. Program participants learn from security experts, participate in practical workshops, and complete a cyber-response simulation and exercise. To ensure their experience within the academy is meaningful and valuable, the ISLA Program Coach(es), and Program Advisor(s) mentor participants throughout the program.

Due to continued student interest in completing our training academies primarily using a remote platform, most class sessions for the 2023 program will be conducted online using Zoom. However, due to the high value associated with completing certain courses in-person, students should anticipate attending a few sessions in-person within the greater Rancho Cordova area.  Classes scheduled to be in-person are Leadership Foundations, a tour of the Department of Technology’s Security Operations Center (SOC), a tour of the Department of Emergency Services’ (CalOES) Cal-CSIC, and the ISLA graduation. In-person sessions are subject to change, if needed.

It is important to note that while CDT always encourages non-local (outside the Sacramento area) students to apply for ISLA, the expectation is that all students should make arrangements to attend in-person classes regardless of location. To assist with planning, the ISLA 2023 Program Schedule and Calendar will be provided to all students accepted into this year’s program for careful review before formally committing to the program and will identify which sessions will be conducted online versus in-person only so appropriate arrangements can be made.

Participants will complete the Certified Information Security Manager (CISM) training and exam in preparation for certification. Participants will acquire formal training on FIPS 199/200 and the Risk Management Framework (RMF). The state-of-the-art training program also includes critical coursework for the state’s security workforce, including Information Security Leadership Foundations, Emotional Intelligence, Cyber First Responder, Threat Hunting, Conflict and Negotiation, Communication and Effective Presentations, and How to Be a Trusted Advisor, to name a few.

Throughout the academy, participants will network with their peers, Program Coaches, Program Advisors, security professionals, and other executives who are at the forefront of the state’s security efforts.

The ISLA application period is now closed.

Please contact the Office of Professional Development for questions and further information at OPD@state.ca.gov.

What is the cost for ISLA?

The cost for the 2023 academy is $5,200 per participant and is paid for by the student’s department/agency.

This cost does not include a 17% cost distribution fee charged by the Department of Technology (CDT) which is our standard practice and will be included in the direct billing. For more information, please see CDT’s Service Rates webpage.

When does ISLA start and end?

The 2023 ISLA will take place from July 31 – September 28, 2023.

What are the core hours for the training? 

Core hours for ISLA are 9 a.m. – 4:00 p.m., whether remotely or in-person. To verify connectivity, remote class sessions will be open at 8:30 a.m. Students are encouraged to log in to sessions early to network and chat with one another.

What is the time commitment required for this academy?

While the training schedule varies depending on the week, participants can generally expect to be engaged in training an average of 3-5 days a week. This does not include time needed outside of class to study for and complete the CISM exam, which is intended to serve as the culminating experience for the academy. Before applying, candidates should ensure they are able to commit to both completing a rigorous course schedule as well as prepare for and complete their CISM exam.  

A program schedule which outlines all scheduled courses and dates will be provided by the Office of Professional Development (OPD) staff upon acceptance into the academy.

How will class sessions be conducted, and what are the technical requirements for attending?

Most class sessions will be conducted remotely via Zoom. Therefore, students are expected to have a functioning camera and microphone to fully participate in all remote class sessions. In-person class sessions will be delivered at the Department of Technology’s Training and Education Center (TEC) or at locations within the greater Rancho Cordova area.

ISLA will be using Microsoft Teams to house all program-related documents; therefore, students must be able to access this platform.

What specific topics are covered in the 2023 curriculum?

The course topics have been carefully selected by the Executive Sponsor, Program Coaches, Program Advisors, and OPD management to provide a combination of both technical and leadership skills critical for the state’s Information Security workforce. Below is a tentative course listing for the 2023 program. Please note that course topics may be subject to change and that circumstances beyond our control may require adjustments to the program schedule. In addition, it is important to note that refunds will not be provided after the onset of the program (see below for further details on our refund policy).

• Certified Information Security Manager (CISM) training and exam
• FIPS 199/200 and Risk Management Framework
• Introduction to Cyber Threat Intelligence
• Creating a Ransomware Response Plan
• Communication and Effective Presentation Skills
• Information Security Leadership Foundations with AISO and AIO Panel
• Emotional Intelligence
• Organizational Change Management
• How to Be a Trusted Advisor
• Cyber First Responder
• Transformation Through Conflict and Negotiation
• Diversity and Inclusion
• Leadership Foundations*
• California Department of Technology Security Operation Center (SOC) Tour*
• California Cyber Security Integration Center (Cal-CSIC) Tour*
• ISLA Graduation*

*These sessions will be conducted in-person only; students are expected to make arrangements to attend.

What are some additional details regarding the CISM exam?

As the culminating experience for ISLA, the CISM exam preparation requires students to dedicate considerable time outside of class to study for and complete the exam. To assist with this, students will attend and actively participate in a 5-day boot camp training session towards the end of the academy. On or before the academy start date, students will have access to electronic versions of CISM course materials, practice exams, and labs for up 90 days post-graduation. Upon completion of the boot camp, students will receive a voucher to take the CISM exam (which also includes one free retake if needed). Students will also be granted access to ISACA’s Q&A database one week prior to, and during the scheduled boot camp sessions.   

Should a student not pass the exam on their first attempt, s/he will continue to have full access to an unlimited number of practice exam attempts, access to recorded boot camp sessions, and the full curriculum.

What level of expertise and experience are you seeking from a candidate?

The ISLA welcomes applications from Information Security personnel, tech-savvy IT, and aspiring ISOs and AISOs who are passionate about security. Ideal candidates are currently working in an IT security management or supervisory position. Participants in the academy are selected from the public sector (e.g., state, county, and city agencies and departments).

How are candidates selected?

With a limited number of spots in the academy, the application process is highly competitive. Participants are selected based on the quality and thoughtfulness of their application responses. Therefore, before submitting their application, students should carefully craft and review their answers to ensure they thoroughly address each question.

Do I have to attend all the training sessions to remain in the academy?

ISLA covers a great deal of curriculum in its 9-week period. While some absences are unavoidable (e.g., illness), the maximum allowable absences is three (3). There are no make-up sessions for courses missed, and classes are not recorded (with the exception of the CISM boot camp sessions). Students who exceed this limit will be withdrawn from the academy. Therefore, if you have vacation or other planned time off during the academy that will significantly interfere with your participation, you are encouraged to apply for a future cohort that will not have conflicting dates.

While ISLA is extremely rewarding, it is also a rigorous academy effort which requires students attend class sessions 3-5 days per week in addition to preparing for and completing the CISM exam. Therefore, before applying, it is strongly recommended that interested candidates have a frank conversation with their immediate supervisor about the commitment level associated with this academy and the possibility that their workload may need to be redistributed if accepted.

Interested candidates who do not have the time to commit to this program or need a more economical alternative for training are strongly encouraged to consider registering for our Cybersecurity Boot Camp. This program is also geared for supervisory or managerial Information Security professionals who wish to expand or refresh their foundational skills in cybersecurity methodology and best practices but is only four weeks long and does not include the CISM certification component. To learn more, please visit our Cybersecurity Boot Camp webpage, which describes the program in greater detail.

If I drop out of the academy after it starts or if I am withdrawn due to excessive absences, will my department receive a refund?

Students who wish to drop out must do so no later than ten business days before the academy’s start date or your department will be charged the full program amount. Those who drop from the academy less than ten days from the program start date, or who are withdrawn due to excessive absences, will also incur charges to their department for the full amount of the program.

Where do I direct my questions?

Please contact the Office of Professional Development for questions and further information at OPD@state.ca.gov.