Sign In

Security Training and Documentation That Produces What You Deploy

Courses that end with detection rules in Sentinel, architecture decisions in ADRs, and investigation playbooks tested against real attack chains. Documentation toolkits your auditor recognizes as professional work. All built by practicing security engineers.

Explore Courses Browse Documentation
20 courses · Free modules on every course · No account required to start · From $179/year
Who This Is For

You Recognize One of These.

“I just got handed security for our M365 tenant.” You need to design Conditional Access, configure Defender, and present a defensible architecture to leadership.

“I’m a SOC analyst and AI is doing my L1 job.” Detection engineering, threat hunting, and DFIR are the path forward. You need structured depth that gets you there.

“Our security program needs to survive an audit.” Policies, risk registers, and evidence trackers built by practitioners who have sat across from auditors.

“I’m transitioning into security from IT.” Start with the free Admin to Defender course. Progress into any specialization. Every course is self-contained.

“I need to upskill my team without the SANS price tag.” Business plan gives your team courses plus documentation toolkits. One investment, both capability and governance.

“I need to prove capability, not just knowledge.” Every course ends with a scenario-based exam and a verifiable credential. The artifacts you built are the proof.

Training

Courses That Build Security Engineers

Every course ends with artifacts running in your environment. You write detection rules that fire on real attack chains. You produce architecture decisions documented well enough for an auditor to read and move on. You investigate incidents using the same evidence and tooling you will use on the job. The courses do not describe what good looks like. They make you build it. From $179/year. See pricing →

Premium
Endpoint Security Engineering
What you'll deployEndpoint hardening baselines, ASR rules, and Defender for Endpoint detection configs you can push today
See What You'll Deploy →
Specialist
Microsoft 365 Security Architecture
What you'll deploy30+ ADRs, decision matrices, risk register, architecture diagrams, and an executive summary — a complete, portfolio-grade architecture package
See What You'll Deploy →
Premium
Identity Security Engineering
What you'll deployProduction-ready Conditional Access policies + identity threat detection rules you can deploy immediately
See What You'll Deploy →
Specialist
Identity and Access Management
What you'll deployA governed identity program where every identity — human and machine — has an owner, a lifecycle, and compliance evidence
See What You'll Deploy →
Premium
Microsoft 365 Security Operations
What you'll deployFull M365 security operations playbook + live Sentinel + Defender XDR detections
See What You'll Deploy →
Premium
Threat Detection Engineering
What you'll deploy71 production KQL detection rules mapped to 6 attack chains, a detection-as-code pipeline, and the methodology to take any technique and ship a validated detection
See What You'll Deploy →
View all 20 courses →
Documentation

Governance Documentation That Closes Audit Findings

Your auditor opens the folder and finds policies that map to your actual controls, risk registers that reflect real decisions, and compliance evidence organized the way they expect to see it. Every toolkit is built by practitioners who have sat on both sides of the audit table. You are not editing a template with your logo on top. You are deploying a governance program that works. From $497. Customization from $1,997

34 Documents
Cyber Incident Response Toolkit
ISO 27001 · NIST CSF 2.0 · CIS v8 · NIST 800-61r3
Deploy a complete incident response capability in days — playbooks, classification engines, communications templates, and evidence management built from real incident response experience.
$797
View Details →
8 Documents
Vulnerability & Patch Management Toolkit
NIST CSF 2.0 · ISO 27001 · CIS v8
Build a vulnerability management program that tracks from discovery to remediation — with the operational workflows your team needs to run it.
$497
View Details →
Desktop App · 38 Documents
Zero Trust Implementation Toolkit
NIST 800-207 · CISA ZTMM · ISO 27001 · NIST CSF 2.0
Implement zero trust across all 5 CISA pillars — from board-level policy to platform-specific controls. Automation pipeline and operational tools included.
$797
View Details →
Desktop App · 26 Documents
Risk Management Toolkit
ISO 27001 · ISO 22301 · ISO 31000 · NIST CSF 2.0
Run your entire risk management program from one desktop application — AI-powered risk assessment, business impact analysis, vendor management, and board-ready reporting. No server, no subscription.
$997
View Details →
Desktop App · 100 Documents
Information Security Policy Suite
ISO 27001 · NIST CSF 2.0 · CIS v8 · SOC 2
Deploy a complete information security management system — 100 documents, 93-control compliance assessment, and a desktop application that manages policies, evidence, and board reporting in
$1,497
View Details →
138 Documents
NIST CSF Implementation & Operations Suite
NIST CSF 2.0 · ISO 27001 · CIS v8
Deploy NIST CSF 2.0 across all six functions with operational GRC tools — the complete framework implementation, not just a mapping exercise.
$1,497
View Details →
View all products →
Applications

Prove You Are Running the Program

Documentation defines what your security program is. Applications prove you are operating it. Ridgeguard answers questionnaires, assesses vendors, governs policies, measures gaps, and publishes your security posture to prospects. It runs on your machine. Your data never leaves your network. No SaaS subscription, no cloud dependency, no $30,000 platform.

Questionnaire Response

Import a 200-question spreadsheet. 790 pre-written answers auto-match 60–80%. AI fills the gaps using your company profile. Export in the original format.

Vendor Risk & Policy Governance

Risk-tiered vendor register with assessment history and certification tracking. Policy lifecycle from draft to retirement with evidence linking and staff acknowledgements.

Gap Assessment & Trust Center

80-question gap assessment with a prioritized remediation plan. Publish a Trust Center so prospects check your posture before they send the questionnaire.

Start Free 30-Day Trial See All Applications → $299/year · Windows 10/11 · No credit card required
Results

What Students Deploy

Design and Deploy Production-Ready Capabilities

Students design and implement production-ready capabilities; for example, in the Threat Detection Engineering course, you will build and deploy high-quality detection rules mapped to ATT&CK techniques across attack chains.

Architecture Decision Records

MSA students produce a portfolio-grade architecture package with ADRs, risk registers, and executive summaries.

Free Learning Resources

All our courses include free modules with actionable deliverables designed to enhance the learning experience and teaching quality. Try the exercises, then decide.

KQL — Inbox Rule Forwarding Detection
// Detect inbox rules that forward mail externally
// Maps to MITRE T1114.003 - Email Collection
OfficeActivity
| where Operation in ("New-InboxRule", "Set-InboxRule")
| where Parameters has_any ("ForwardTo", "ForwardAsAttachmentTo",
    "RedirectTo")
| extend ForwardTarget = tostring(Parameters)
| where ForwardTarget !has "@northgate-eng.com"
| project TimeGenerated, UserId, Operation,
    ForwardTarget, ClientIP
Architecture Decision Record

ADR-007: Require Phishing-Resistant MFA for Privileged Roles

Status: Accepted

Context: 23 Global Admins use SMS/phone MFA. AiTM attacks bypass these methods. Two confirmed attempts in Q1.

Decision: Deploy FIDO2 security keys for all privileged roles. Block legacy MFA methods via Conditional Access.

Consequence: Hardware cost ~$1,840. Eliminates AiTM credential theft for admin accounts.

These are real course artifacts. The detection rule is from Threat Detection Engineering. The ADR is from M365 Security Architecture.

The Shift

Before and After

You Google KQL queries during incidents and hope the syntax is right.

Your team has detection rules running in production that they wrote, tested, and tuned.

Architecture decisions are verbal. When the auditor asks why, you reconstruct from memory.

Every architecture decision is documented in an ADR. The auditor reads it and moves on.

Your security policies are templates from the internet with your logo on top.

Your governance documentation was built by practitioners who understand your controls.

Start with the Free Modules.

Every course includes free modules you can read right now. No account, no card, no trial timer. See the teaching quality, try the exercises, then decide.

Browse Courses Free Document Samples
From $179/year for training · From $497 for documentation · See full pricing →