DVMS Cyber Resilience Professional Practitioner Course & Examination

Develop practitioner-level competencies in building and operating a Digital Value Management System® (DVMS)

Transform systemic cyber risk into operational resilience through an integrated Governance, Resilience, and Assurance (GRA) operating system

Unify fragmented frameworks - NIST, ITSM, GRC, ISO and others into a cohesive, adaptive system of governance and assurance

Demonstrate the ability to align strategy, risk and performance for sustained cyber operational resilience

Apply systems thinking tools - causal loops, iceberg models, behaviour-over-time graphs to identify feedback loops and leverage points

Design and assess cross-functional governance structures, risk teams and measurement systems

Evaluate organisational maturity using the DVCMM and develop capability deployment strategies aligned to culture and readiness

Apply the capstone synthesis methodology to a real-world cybersecurity challenge and produce an actionable improvement plan

1.1 Transitioning to a Practitioner's Mindset — Differentiating compliance-driven and strategy-risk-aligned mindsets; proactive, adaptive decision-making in cybersecurity operations.

1.2 The 3D Knowledge Model — The X and Y axes of the model for mapping knowledge and dependencies; applying both axes to decision-making and resilience.

1.3 3D Knowledge Model: Z-Axis — Culture and leadership as drivers of practitioner effectiveness; how culture influences resilience and governance; strategies for building generative culture.

1.4 The Role of Questions — Practitioner-level diagnostic and strategic questioning; using inquiry to uncover hidden risks, dependencies and assumptions.

1.5 Strategy-Risk — The unity of strategy and risk; the space-time analogy applied to decision-making; consequences of siloed strategy and risk management.

2.1 Systems Thinking Fundamentals — System structure, behaviour and culture in cybersecurity; applying systems tools; identifying feedback loops and leverage points.

2.2 Strategy-Risk: Reinforce & Operationalise — Integrating strategy-risk thinking into daily cybersecurity practices; designing cross-functional collaboration for alignment.

2.3 Deep Dive into the CPD Model — Analysing workflows through the Create-Protect-Deliver (CPD) Model; mapping assurance loops and feedback mechanisms.

2.4 MVC Operationalised by CPD — How CPD loops enable Minimum Viable Capabilities; mapping NIST CSF core functions to CPD and MVC for execution alignment.

2.5 Be the Menace — Applying use and misuse cases to anticipate threats; integrating adversarial modelling into assurance and measurement planning.

3.1 DVMS as a Governance Overlay — DVMS as a system overlay linking governance, strategy and execution; mapping workflows to MVCs and assessing governance loops.

3.2 Minimum Viable Capabilities (MVC) — Explaining and applying the seven MVCs across workflows; using the 3D Knowledge Model Z-axis to identify cultural barriers.

3.3 QO–QM Validation & Metrics — Applying GQM (Goal-Question-Metric) and QO-QM frameworks; aligning metrics with strategic outcomes and continuous improvement.

3.4 FastTrack™ Approach — Sequencing capability deployment based on maturity and culture; using governance feedback and cultural diagnostics for dynamic adaptation.

3.5 Risk Team Structure & Collaboration — Designing and assessing cross-functional risk teams; integrating DVMS, MVC and QO-QM in governance and decision-making.

4.1 The Four Aspects of Innovation — Distinguishing incremental, sustaining, adaptive and disruptive innovation; applying systems thinking to identify innovation leverage points.

4.2 Nonlinear Adoption — Revisiting Phases — Contrasting linear and nonlinear adoption models; mapping feedback loops that drive adaptation and cultural learning.

4.3 DVCMM (Digital Value Capability Maturity Model) — Defining DVCMM levels (0–3) across MVCs; benchmarking maturity and linking Govern/Assure to capability deployment.

4.4 Bridge to Day 5 — Synthesis Preparation — Integrating systems thinking, governance, culture and measurement; formulating a capstone action plan for cyber resilience improvement.

5.1 Continual Improvement & Innovation Loops — Designing feedback mechanisms for single- and double-loop learning; embedding continuous improvement into operations and culture.

5.2 Integrating Governance, Measurement, and Culture — Unifying DVMS governance, GQM/QO-QM measurement and cultural diagnostics; designing feedback loops for adaptive improvement.

5.3 Capstone Synthesis & Practitioner Reflection — Applying all course models to a real-world cybersecurity challenge; developing an actionable improvement plan aligned with strategy-risk priorities; reflection on practitioner growth and continuous learning.

Cybersecurity managers and practitioners responsible for operationalising a resilience framework

GRC professionals building integrated governance and assurance systems

IT Service Managers and architects responsible for the governance of digital services

Risk and compliance leaders who need to demonstrate measurable, framework-aligned outcomes to executive leadership and regulators

Professionals pursuing career advancement to senior cybersecurity, governance or advisory roles

One year of access to digital courseware

Fundamentals of Adopting the NIST Cybersecurity Framework (2nd Edition) — the official Foundation course text, provided as contextual background

A Practitioner's Guide to Adapting the NIST Cybersecurity Framework — the official Practitioner reference text, permitted as open-book reference in the examination

DVMS Cyber Resilience Professional Practitioner exam voucher (Implementer or Auditor pathway) from APMG International

Digital badge upon passing, shareable with your professional network

DVMS Cyber Resilience Professional Awareness

DVMS Cyber Resilience Professional Foundation Certification

DVMS Cybersecurity Culture Assessment