Cybersecurity Strategy Online Certificate
Boston College Continuing Education, in collaboration with Kevin Powers, Director of the M.S. in Cybersecurity Policy and Governance Program at Boston College, is launching a new, online, non-credit certificate program.
The Cybersecurity Strategy Certificate provides you with advanced knowledge in cyber threats and vulnerabilities, cybersecurity policy and law, incident response development and implementation, cyber risk management and resiliency, and cloud security.
The certificate consists of five online courses (approximately 90 minutes each in length). You may complete the courses in any order you choose and at your own pace. There is no obligation to complete the certificate; you may take any course(s) without committing to completing the certificate.
Some courses are approved for CLE credit in CA, CT, FL, NJ, and NY. Reporting requirements vary by state and we recommend that you check with your state's bar association for their guidelines on reporting requirements.
Target Audience: Attorneys, paralegals, accountants, business and government executives, managers and employees, human resources professionals, compliance and privacy officers, IT and project managers, and individuals seeking knowledge of cybersecurity.
To maximize learning and build on information in previous courses, courses should ideally be taken in the order they are listed below.
Courses
Course Details
Cyber Threats and Vulnerabilities
Course Fee: $300
Course Description:
This course offers an overview of cyberspace and the ever-changing threat landscape. It provides an understanding of the evolving threats from bad actors, including phishing, ransomware, cryptojacking, and the use of social engineering tactics. The course briefly reviews the history of cyber crime and recent major breaches, and addresses key changes and trends in cyberspace today. The course covers corporate, government, and consumer responses to growing challenges.
Learning Objectives:
- You will understand the application of cybersecurity in a corporate (and government) culture and the varying risks in the cyber ecosystem.
- You will understand cloud computing, mobility, and the Internet of Things (IOT), and the security implications and challenges involved with these important trends.
- You will understand effective technologies and responses necessary to secure data and connected devices.

Bill Oates is the founder and principal of TCM Global Services, LLC. TCM Global is a consulting and management practice focused on technology leadership in government, higher education and hospitality. Bill is also a member of the faculty at Boston College, teaching in BC’s Master of Science Program in Cybersecurity Policy & Governance.
Bill served as the Chief Information Officer (CIO) for the Commonwealth of Massachusetts and prior to that he served as the City of Boston’s first cabinet level CIO. As Boston's CIO, he was charged with spearheading the City's technology initiatives and was responsible for the delivery of IT services in support of the various city functions.
Before his work in government, Oates served as the Senior VP & CIO for Starwood Hotels & Resorts Worldwide, one of the world's leading hotel and leisure companies. His previous IT experience included more than 20 years in the travel/hospitality industry with Starwood and the ITT Sheraton Corporation.
A graduate of Boston College, Oates is also an attorney and member of the Massachusetts Bar. He received his J.D. from Suffolk University Law School in Boston and was also awarded an LL.M in Global Technology Law.

John Merto is the Chief Information Security Officer for the Commonwealth of Massachusetts. In this role, he is responsible for the enterprise cybersecurity strategy and policies that protect the Commonwealth’s systems, networks, and data. He has been with the Commonwealth since 2014, previously serving as Deputy CTO and Director of Engineering. John started his career in Information Technology over 20 years ago doing phone support before working his way into email and systems administration and then IT management. John received his BA degree from the University of Hartford.

Etay Maor is Chief Security Officer at IntSights, the threat intelligence company, where he leads the company security advisory practice. Previously, he was an executive security advisor at IBM Security, where he led security and fraud fighting awareness and research. Before that, he was the Head of RSA's Cyber Threats Research Labs, where he managed malware research and intelligence teams and was part of cutting edge security research. A security evangelist, Etay regularly presents at industry events and academic master classes as well as volunteers for educational security awareness programs.
Etay holds a BA in Computer Science and a MA in Counter Terrorism and Cyber Terrorism, he was a teaching assistant at an Introduction to Cyber Security course and contributed to the ICT (International Institute for Counterterrorism) in cybersecurity and cyberterrorism topics.
Sample of conferences where Etay presented: 2015 Infosec World, 2014 Singapore GovWare, 2014 ISCD Hungary, 2014 RSA Asia, 2014 Disruptive Innovation in Security Technology (URJC Summer University Course, Madrid), 2014 RSA USA, 2014 DCOI (Defensive Cyberspace Operations & Intelligence), 2014 IBM Pulse, 2014 IBM Impact, 2013 RSA Europe, 2013 UK Payment Council, 2013 INSS (Institute for National Security Studies), 2012 APWG, 2012 Technion TCE, 2011 FST Singapore, 2010 ITWeb (S. Africa), and many more.

As Cisco’s Global Director for Smart Cities and Transportation, TJ Costello brings a breadth of experience in market strategies and strategic alliances to the role. TJ helps city and transportation leaders identify strategies and solutions to address the challenges of the Digital Era by leveraging data effectively and securely using the power of integrated networking technologies. He is focused on helping these cities and transportation agencies to become smarter, more sustainable, and more responsive to their citizens.
TJ is passionate about helping customers improve their communities and the lives of the citizens in them. He regularly collaborates with government leaders—from Los Angeles to Washington, DC; from Melborne to Mexico City—on the ways in which technology can help boost economic development, reduce environmental impact, and improve the delivery of citizen services. Prior to joining the Smart+Connected Communities team, TJ held leadership positions at Cisco in cybersecurity, cloud, and enterprise networks.
TJ is a sought-after panelist and media spokesman on smart city topics at events across the Americas and abroad; he has been a featured speaker at CES, Cisco Live, Collison, Web Summit and a variety of other top-tier technology events during his career. TJ is a graduate of St. Michael’s College and resides in Manchester, Mass., with his wife and son.
Data Protection: Cybersecurity Policy, Law, and Strategy
Course Fee: $300
Course Description:
This course broadly examines the key laws, regulations, and Executive Orders concerning data protection and privacy. The course focuses on the roles of Federal, state, and local regulators and law enforcement officials in cybersecurity and examines data protection and national security issues governed by various Federal agencies (e.g., SEC, FTC, DOJ, DHS, NSA). Additionally, the course addresses intellectual property protection, best practices (e.g., NIST Cybersecurity Framework), the role of an attorney (in-house and outside counsel) in cybersecurity, and the development of a proactive security strategy.
Learning Objectives:
- You will understand the major legal concepts and laws relative to cybersecurity, including privacy, financial services, business concerns, national security and law enforcement concerns, and international law.
- You will understand the legal and regulatory requirements pertaining to cybersecurity and will be able to identify the varying Federal regulatory bodies overseeing same.
- You will be able to identify legal issues pertaining to cybersecurity and understand the role of the attorney in cybersecurity, including the varying types of litigation and liability for data breaches.

Kevin Powers is the founding Director for the M.S. in Cybersecurity Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. With a combined 20 years of law enforcement, military, national security, business, higher education, and teaching experience, he has worked as an analyst and an attorney for the U.S. Department of Justice, U.S. Navy, U.S. Department of Defense, law firms in Boston and Washington, D.C., and as the General Counsel for an international software company based in Seattle, Washington. Along with his teaching at Boston College, Kevin is a Research Affiliate at the MIT Sloan School of Management and he has taught courses at the U.S. Naval Justice School and the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. From 2016-2017, he was the Panel Lead for the Collegiate Working Group for the U.S. Department of Homeland Security's National Initiative for Cybersecurity Education (NICE). Kevin also serves as a Board Member for the Boston College Law School Business Advisory Council, a regional bank, and an international software company. Kevin regularly provides expert commentary regarding cybersecurity and national security issues for varying local, national, and international media outlets.

Michael Crones joined Draper Laboratory as the Chief Information Officer in September 2015. In his role as CIO, he addresses people, process, and technology aspects of IT as it relates to the overall corporate vision for change and innovation. Operational excellence, compliance, security, and transformation were key themes in building out this new organization. This has enabled Mike to build a clear vision for Draper’s IT future, ensuring that it is closely tied to business outcomes and program operations.
Prior to Draper, Mike was with MIT Lincoln Laboratory (MITLL), where he helped run the Laboratory’s central IT services and was intimately involved in supporting research, with a heavy focus on cyber security. He holds his bachelor’s from Merrimack College and a master’s from Brandeis University.

Kevin Swindon is recently retired after over 20 years as a Special Agent with the FBI, and is currently the Corporate Vice President of Global Security for Charles River Labs. Charles River provides essential products and services to assist pharmaceutical and biotechnology companies, government agencies, and leading academic institutions around the globe in accelerating their research and drug development efforts, and has over 16,000 employees with over 90 facilities worldwide.
During his FBI career, Kevin was assigned as the Supervisor and Program Coordinator for the Boston Division’s CYBER Criminal and National Security Intrusion Programs, and was the first Laboratory Director of the newly formed New England Regional Computer Forensic Laboratory. He has traveled extensively overseas in support of both significant criminal and national security investigations, and was first assigned to the Newark, NJ office of the FBI. He testified as the government’s computer forensic expert in the Boston Marathon Bombing trial. He obtained his BS in Industrial Management from the University of Massachusetts at Lowell, an MBA from Northeastern University, and a MS in Finance from the Carroll School of Management at Boston College.

Cynthia LaRose is a Member at Mintz and a highly regarded authority in the privacy and security field. She handles the full range of data security issues for companies of all sizes, from start-ups to major corporations. Cynthia is masterful at conducting privacy audits; crafting procedures to protect data; advising clients on state, federal, and international laws and regulations on information use and data security; helping organizations respond to breaches; and planning data transfers associated with corporate transactions. She is an in-demand media commentator and speaker on privacy and cybersecurity issues. Cynthia is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E).
Cynthia has extensive experience in privacy, data security, and information management matters, including state, federal, and international laws and regulations on the use and transfer of information, behavioral advertising, data security breach compliance and incident response, data breach incident response planning, as well as data transfers in the context of mergers and acquisitions and technology transactions. She conducts privacy audits and risk assessments to determine data and transaction flow and to assess privacy practices, and assists with drafting and implementation of privacy policies and information security policies and procedures and monitoring of privacy “best practices” across all levels of the enterprise. She has a BA from the University of Massachusetts, an MS from Boston University, and a JD from Boston University School of Law.
Incident Response and Planning
Course Fee: $300
Course Description:
This course provides an overview of requirements and best practices governing incident response and incident response planning that can help companies mitigate downstream enterprise risk. The course will explain the potential consequences of a significant cybersecurity incident, which effective incident response and incident response planning are designed to reduce. The course will examine the obligations a company has or may have when it discovers a potential incident, including an overview of potential notification obligations and considerations on whether to involve law enforcement. The course also will address the need to develop, in advance of an incident, an incident response plan and discuss legal criteria and best practices in developing a plan that facilitates effective incident response.
Learning Objectives:
- You will understand the major legal risks presented by significant cyberattacks.
- You will understand the current legal requirements governing response to cybersecurity incidents.
- You will understand incident response plan requirements and best practices in developing and implementing such plans that can help mitigate enterprise risk.

Lisa Ropple, Esq. is a partner in Jones Day’s Cybersecurity, Privacy & Data Protection group and serves as Head of Litigation for Jones Day’s Boston Office. She focuses her practice on helping companies respond to cyber incidents and defending them in ensuing regulatory investigations and litigation. Prior to joining Jones Day, Lisa served as global head of litigation and government investigations at a Fortune 125 company. She also spent over 22 years in private practice at Ropes & Gray, where she handled complex civil litigation, government enforcement, and high profile data breach matters and served as co-Chair of the Litigation Department. Lisa graduated from Boston College Law School and received her undergraduate degree from the College of the Holy Cross.

Samir Jain has more than 20 years of experience at high levels of government and in private practice working on legal and policy issues involving cybersecurity, data privacy, national security, communications, and internet law. He previously served in the Obama Administration as Senior Director for Cybersecurity Policy for the National Security Council at The White House and as Associate Deputy Attorney General at the Department of Justice. Samir’s areas of expertise include cyber incident response and cybercrime, cybersecurity risk management for critical infrastructure sectors, electronic communications privacy, consumer privacy, government regulatory proceedings and investigations, and international cyber negotiations.

Diana Kelley is the Cybersecurity Field CTO for Microsoft and a cybersecurity architect, executive advisor, and author. At Microsoft she leverages her 25+ years of cyber-risk and security experience to provide advice and guidance to CSOs, CIOs, and CISOs at some of the world’s largest companies and is a contributor to the Microsoft Security Intelligence Report (SIR). In addition to her work at Microsoft, she serves on the ACM Ethics & Plagiarism Committee, is an Industry Mentor at CyberSecurity Factory, and guest lecturer at Boston College’s Master of Science in Cybersecurity program. Diana is CTO and Director of the non-profit Sightline Security, a member of the RSA U.S. Program Committee for 2018 and 2019, was an IEEE “Rock Star of Risk” in 2016, keynotes frequently at major conferences, and co-authored the book, Cryptographic Libraries for Developers. She worked at IBM where she built and managed the IBM Security Research publication process.

Kevin Burns, Draper’s Chief Information Security Officer, is currently responsible for information security throughout the enterprise, as well as compliance, incident response, and security architecture. Mr. Burns previously worked for the Commonwealth of Massachusetts for 22 years, and from 2012 through 2016 held the position of CISO within the Executive Office of Administration and Finance. During his tenure at the Commonwealth, Mr. Burns was responsible for ensuring the security and confidentiality of the Commonwealth’s constituents’ data and private information, as well as ensuring that the executive branch agencies adhered to federal, state, and local compliance drivers.
Mr. Burns is an adjunct professor at Boston College and was previously a guest lecturer at Northeastern University. He has been a lecturer and panelist for many cyber-related events, and has been involved in developing and consulting regarding cyber-related course materials for the Commonwealth’s Community Colleges. He is also a published author relative to recruiting cyber personnel.

Ms. Amy Burkart is the Chief of the Cybercrime Unit and an Assistant U.S. Attorney in the United States Attorney’s Office in Boston. She joined the office in 2010. She prosecutes financial frauds involving computers, internet intrusions, data breaches, and other cyber-based crimes, as well as intellectual property crimes. She also serves on the office’s Civil Rights Enforcement Team (a cross-office team that prosecutes human trafficking and other civil rights actions) and previously served as the team’s Co-Director.
Prior to her tenure at the U.S. Attorney’s Office, Ms. Burkart was an Associate in the Litigation Departments of Davis Polk and Wardwell in New York and Goodwin Procter LLP in Boston, where she worked on civil and criminal litigation matters, with a focus on white collar crime. In addition to private practice, Ms. Burkart spent two years teaching criminal procedure at Vermont Law School as an adjunct faculty member.
Ms. Burkart served as a law clerk in the Southern District of New York to United States District Judge Colleen McMahon. She earned her J.D. at New York University School of Law cum laude and her B.A. at Dartmouth College. Ms. Burkart is a member of the bar of the United States Court of Appeals for the First Circuit, the District of Massachusetts, and the Southern District of New York.
Managing Cyber Risk
Course Fee: $300
Course Description:
This course provides a broad understanding of the fundamentals of risk management and applies them to the cybersecurity and digital risk management environments. It addresses methodologies for comparing digital risks and deciding between acceptance, mitigation, risk transfer, and avoidance. The course compares popular methodologies for quantifying, comparing, and categorizing digital risks, including Risk and Control Self-Assessment (RCSA), Risk Appetite Statement (RAS), Risk Tolerance metrics, Three Line Defense Model, Risk Register, Third-Party Risk Management, and quantitative methodologies for evaluating cost-benefit associated with mitigative investments.
Learning Objectives:
- You will understand cybersecurity threats, risk assessment methodologies, sufficiency standards, and risk management options.
- You will understand corporate risk management functions, best practice organizational models, and management tools in common use.
- You will understand the importance of cybersecurity and risk management practices and why each must be integrated with data protection processes.

David A. Wilkinson has over 30 years of experience in cybersecurity, risk management, strategy development, and operations. He is currently Senior Managing Partner at the Bellwether Group and, more recently, Senior Director at Gartner heading up Security and Risk Management for the Financial Services Industry. His experience includes direct profit and loss responsibility as chief executive. In these areas, David has worked with over 85 major corporations in more than 17 industries.
David spent 8 years at City Investing, a $6B NYSE company where he was appointed chief executive at three of its operating businesses. Previously, he worked at The Boston Consulting Group (BCG) and Unilever, Ltd. David is also an adjunct professor in Boston College’s Master’s in Cybersecurity Policy and Governance program.
David holds an M.Sc from the London Business School and a B.Sc from the University of East Anglia.

Adam Glick is currently the Vice President of Enterprise Cyber Risk at the Boston office of Brown Brothers Harriman, a global financial institution, where he focuses on program, policy, controls, threat intelligence, and incident response. Prior to this role, he was the Vice President of Information Technology and Information Security Officer for Century Bank for five years. His responsibilities included operationally managing all IT systems and all matters pertaining to information security. He was responsible for risk and compliance, and managing implementation, adherence, and establishment of security policies and procedures. Adam is currently an adjunct professor at Boston College in the Cybersecurity Policy and Governance program, and an adjunct professor of IT in the MBA program at the School of Business at Providence College. Prior to his current role he worked as a Security Engineer at Brown University and a Security Analyst at Providence College. He received both his undergraduate degree in education and his MBA from Providence College. Outside of the office, he is a car and technology enthusiast as well as with an avid reader, cyclist, and Brazilian Jiu-Jitsu white belt.

Phil Aldrich is an adjunct in the M.S. Cybersecurity Policy and Governance program at Boston College’s Woods College, teaching the Organizational Effectiveness and Building a Business Case program courses. Currently, he works at Dell Technologies as the Director of Enterprise Governance, Risk, and Compliance. Phil served as a U.S. Army active duty officer and he holds CISSP, CISA, CISM, and CRISC industry certifications.

Mr. Timothy Russell entered on duty with the FBI as a computer specialist in the Miami Field Office in 1999, and as a Special Agent assigned to the Boston Field office in 2002. Since reporting to Boston, Mr. Russell has investigated internet fraud, intellectual property crimes, and complex criminal and national security computer intrusion matters. In 2013 Mr. Russell reported as the acting Cyber Assistant Legal Attaché (ALAT) for the FBI’s London office. In 2014 Mr. Russell served as a Supervisory Special Agent (SSA) in the Asia Cyber Operations Unit at FBI Headquarters, Cyber Division. In 2016 Mr. Russell was appointed as the SSA for the Boston Criminal Cyber Squad, with responsibilities for criminal cyber matters in Rhode Island, Massachusetts, New Hampshire, and Maine. Mr. Russell obtained his B.S. in Information Systems from Bethune-Cookman University, and his M.B.A. from Nova Southeastern University.
Cloud Policy and Security
Course Fee: $300
Course Description:
This course provides a broad understanding of basic cloud development models, including private, public, hybrid, and community, and the various service platforms (e.g., SaaS, PaaS, IaaS). Security topics include traffic hijacking, data isolation/storage segregation, identity management, virtualization security, continuity, data recovery, logging, notification, and auditing. The course addresses governance control and responsibility for cloud security and current best practices utilized by private industry and governments.
Learning Objectives:
- You will understand the basic cloud service platforms (e.g., SaaS, PaaS, IaaS) and security topics and terms pertaining to cloud security.
- You will be able to identify applicable service provider standards and cloud adoption models and understand the current best practices utilized by private industry and governments for cloud security.
- You will understand which policy and contract measures to consider in a cloud adoption strategy.

Julie Fitton is a highly motivated and experienced leader with expert proficiency in product and corporate security, delivering comprehensive and efficient cyber protection strategies. Julie combines security industry expertise with business strategic thinking to assist in the development of security features that serve as differentiators in product positioning. Julie is currently a Vice President of Digital Product Security for Stanley Black & Decker, she serves as Trustee and Audit Committee Chair for a Massachusetts community savings bank, and she is an adjunct professor at Boston College.

Jason Garbis is Vice President of Cybersecurity Products at Cyxtera Technologies, a secure hybrid infrastructure company. He is responsible for the company's security product strategy and product management, and works directly with numerous enterprise customers, helping them solve their security challenges. He has over 25 years of product management, engineering, and consulting experience at security and technology firms including RSA, HPE, BMC, and Iona Technologies, as well as at several smaller firms.
Garbis is co-chair of the Software-Defined Perimeter (SDP) Working Group at CSA, where he led research initiatives applying Software-Defined Perimeter to Infrastructure-as-a-Service environments, and the forthcoming Software-Defined Perimeter Architecture Guide. He leads the Boston Cloud Security Alliance chapter, holds a CISSP certification, has a BS in Computer Science from Cornell and an MBA from Northeastern, and is also a published author.

Mark Maybury is Stanley Black & Decker’s first-ever Chief Technology Officer. In this position, Mark manages a team across the company's businesses and functions, advises on technological threats and opportunities, and provides access to all elements of the global technology ecosystem.
Prior to joining Stanley Black & Decker, Mark spent 27 years at The MITRE Corporation, where he held a variety of strategic technology roles. Most recently he served as Vice President of Intelligence Portfolios and prior to that was MITRE's Vice President and Chief Security Officer and Director of the National Cybersecurity Federally Funded Research and Development Center (FFRDC). Before joining MITRE, Mark served as a U.S. Air Force officer. He later returned to the Air Force as Chief Scientist from 2010 to 2013 where he advised the Chief of Staff and Secretary of the Air Force on a wide range of scientific and technical issues.
He is currently a member of the Defense Science Board and recently completed multiple years of service on the Air Force Scientific Advisory Board and the Homeland Security Science and Technology Advisory committee. He is a fellow in both the IEEE and the Association for the Advancement of Artificial Intelligence.

Sudhi Bangalore is Stanley Black & Decker’s Vice President of Industry 4.0. In this position, Sudhi manages the company’s Advanced Manufacturing Center of Excellence and leads automation efforts with technologies such as the Internet of Things, cloud computing, artificial intelligence, 3-D printing, robotics, and advanced materials.
Prior to joining the company in 2017, Sudhi was the Global Head of Smart Manufacturing and Industry 4.0 Solutions with WIPRO, and before that was the Global Practice Head for Industrial Automation. Sudhi also held leadership roles with technology companies such as Danaher Corporation, Siemens, and Rockwell Automation.
Certificate Pricing
General Admission
General Admission for each online course is $300.
Active duty military, veterans, and law enforcement government agencies may contact continuinged@bc.edu for discounted pricing.
Organizations that plan to have 10+ employees complete the certificate program may contact continuinged@bc.edu for discounted pricing.
General Information:
You must be 18 years old to participate in the Cybersecurity Strategy courses. All sales are final; we are not able to offer refunds. Registrations may not be transferred to another person or to another course, workshop, or program.
Online registration is required to participate in a course. Tuition for each certificate course is $300 to be paid by debit or credit card. Registrations will be processed upon receipt of payment. Payment is due in full in order to enroll.
With the exception of Managing Cyber Risk, these courses are approved for continuing legal education (CLE) credit in CA, CT, FL, NJ, and NY. See specific details on the number of CLE credits in the description for each course. Reporting requirements vary by state and we recommend that you check with your state's bar association for their guidelines on reporting requirements.