Frequently asked questions.

modularCISO is a structured training platform for information security professionals pursuing or holding CISO-level roles. We offer 12 training modules covering everything from security foundations to AI governance, plus hands-on security tools you can use immediately in your work.

• Aspiring CISOs — security professionals preparing for executive security leadership
• Current CISOs — leaders looking to sharpen skills or fill knowledge gaps
• Security managers & architects — professionals building toward a CISO role
• IT directors — leaders expanding into security governance

Three ways: (1) we don't sell promises — every module listed as "Available" is fully complete and accessible; (2) the curriculum is practical, not academic — it mirrors how CISOs actually operate; (3) you get real tools, not just theory. Our policy generator, risk engine, and compliance mapper are working applications, not slideware.

modularCISO is built by an information security professional with over 30 years of hands-on experience in the field. The platform reflects real operational knowledge — not academic theory. We focus on the product, not personal branding. Learn more on our About page.

Currently 2 of 12 core modules are live (CISO Foundations and Security Architecture), plus 6 industry verticals in development. Modules are released as they're completed — we never list incomplete content as available. Check the curriculum page for current status.

Each module contains structured lessons with text content, presentations, practical exercises, and quiz assessments. Lessons are designed to be completed in focused sessions. All content is browser-based — no applications to install.

Yes. All training is self-paced with no deadlines or cohort schedules. Your progress is saved automatically. Pick up where you left off at any time.

Yes — two certification tracks are planned: mCISO (modularCISO Certified) for core competency validation, and mCISO-X (Expert) for industry vertical specialization. Both will include proctored assessments and will be free when available.

Currently live: the AI-powered Policy Generator — generates professional information security policies based on your organization's context. Coming soon: Risk Assessment Engine, Compliance Mapper, AI Risk Assessor, DLP Simulator, and Tabletop Exercise Generator.

Yes. The Policy Generator processes your inputs on Cloudflare's edge infrastructure. Generated policies can be saved to your account or exported as PDF/DOCX. We don't share, sell, or train AI models on your data. See our Privacy Policy for detailed data handling practices.

Yes. All generated documents can be exported as PDF or DOCX files. You can also save them to your account for later editing. The filenames and all content are fully editable before export.

Yes — completely free, forever. All training modules, all tools, all quizzes, all industry verticals. No credit card required, no hidden upsells, no "premium" tier. Create a free account and you get everything.

This platform was created for learning and knowledge sharing — not profit. The training content is AI-generated and reviewed by an experienced practitioner with 30+ years in IT and security. Charging for AI-assisted content would create a conflict of interest and invite legitimate concerns about fraudulent training, fake content, or credential harvesting.

By keeping everything free, there is no argument to be made. No conflict of interest. The content stands on its own merit. If it helps you learn, use it. If it doesn't, you've lost nothing.

There is no catch. No ads, no tracking, no data selling, no upsells. The platform runs on Cloudflare infrastructure (low cost). The creator built this to organize their own knowledge and share it — running costs are minimal and covered personally.

Only what's necessary: email, name, and optionally company/role for personalization. Passwords are PBKDF2-SHA256 hashed with unique salts. We don't use analytics trackers, advertising pixels, or any third-party tracking. Full details in our Privacy Policy.

All data is stored on Cloudflare's infrastructure with EU data processing configured. Data is encrypted at rest (AES-256) and in transit (TLS 1.3). We use Cloudflare D1 (database), KV (session store), and Workers (compute) — no third-party databases or cloud providers.

• Content Security Policy (CSP) with no unsafe-eval
• HSTS with preload, includeSubDomains, 1-year max-age
• X-Frame-Options, X-Content-Type-Options, Referrer-Policy
• Rate limiting on all authentication endpoints
• Account lockout after failed login attempts
• Session management with automatic expiry
• CORS restricted to modularciso.com origins only
• Automated OWASP ZAP security scanning in CI pipeline
• Disposable email blocking (5,300+ temporary email domains)

Yes. We provide full data export, account deletion, and data portability. We don't use third-party tracking, don't sell data, and process all data within Cloudflare's infrastructure with EU data processing options. Our Privacy Policy details all data handling practices.

Go to Sign Up and register with email + password, or use Google, GitHub, or LinkedIn single sign-on. No credit card required for the Free tier.

Yes. You can delete your account from your profile settings. This permanently removes all your data including progress, saved policies, and session data. You can also export all your data before deletion.

Yes. From your profile, you can view all active sessions (with IP and device info) and revoke any session individually. Maximum 5 concurrent sessions are allowed. The oldest session is automatically removed when you exceed the limit.