DVMS Cyber Resilience Professional Practitioner Certification

The DVMS Cyber Resilience Professional Practitioner course builds on the Foundation course and teaches participants the skills to transform any best-practice programs into an integrated, adaptive, and culture-driven Digital Value Management Governance and Assurance System®(DVMS) capable of transforming systemic cyber risk into operational resilience.

The course develops practitioner-level competencies to transform systemic cyber risk into operational resilience by uniting Fragmented Frameworks and Standards.

This course is accredited by APMG Internationals and leads to the DVMS Cyber Resilience Professional Practitioner Certification. 

This course is delivered by our expert facilitator over 5-day in our virtual classroom, or we can come onsite to your organisation. Request a quote for your team. 

Course Overview & Learning Outcomes

This course develops practitioner-level competencies in building a Digital Value Management System® (DVMS) to transform systemic cyber risk into operational resilience by uniting Fragmented Frameworks and Standards—such as NIST, ITSM, GRC, and ISO—into a single, adaptive Governance, Resilience, and Assurance (GRA) operating system that keeps your digital business running, no matter the disruption.

It builds progressively from mindset and models to systems thinking, governance integration, and continuous improvement, culminating in a capstone synthesis project.

Learners synthesise course concepts—DVMS overlay, CPD, MVC, 3D Knowledge Model, DVCMM, and governance frameworks—into a strategic practitioner plan demonstrating cyber-resilience maturity, cultural awareness, and measurable improvement.

Course Modules 

Module 1 – Practitioner Foundations

1.1 Transitioning to a Practitioner’s Mindset

• Differentiate between compliance-driven and practitioner (strategy-risk-aligned) mindsets.
• Understand adaptive, proactive decision-making in cybersecurity operations.
• Identify behaviours and mindsets that enable value creation.

1.2 The 3D Knowledge Model

• Describe X and Y axes of the model for mapping knowledge and dependencies.
• Apply both axes to enhance decision-making and resilience.
  

1.3 3D Knowledge Model: Z-Axis 

• Explore culture and leadership as drivers of practitioner effectiveness.
• Evaluate how culture influences resilience and governance.
• Develop strategies for building generative culture.
  

1.4 The Role of Questions

• Formulate practitioner-level diagnostic and strategic questions.
• Use inquiry to uncover hidden risks, dependencies, and assumptions.
• Embed questioning as a foundation for proactive cybersecurity.

1.5 Strategy-Risk

• Explain the unity of strategy and risk.
• Apply the space-time analogy to decision-making.
• Evaluate the consequences of siloed strategy and risk management.
  

Module 2 – Systems Thinking and Operational Integration

2.1 Systems Thinking Fundamentals

• Understand system structure, behaviour, and culture in cybersecurity.
• Apply systems tools (causal loops, iceberg, BOT graphs).
• Identify feedback loops and leverage points for resilience.

2.2 Strategy-Risk: Reinforce & Operationalise

• Integrate strategy-risk thinking into daily cybersecurity practices.
• Design cross-functional collaboration processes for alignment.
  

2.3 Deep Dive into the CPD Model

• Analyse workflows through the CPD (Create-Protect-Deliver) Model.
• Map assurance loops and feedback mechanisms.

2.4 MVC Operationalised by CPD

• Describe how CPD loops enable Minimum Viable Capabilities (MVC).
• Map NIST CSF core functions to CPD and MVC for execution alignment.
  

2.5 Be the Menace

• Apply use and misuse cases to anticipate threats.
• Integrate adversarial modeling into assurance and measurement planning.

Module 3 – Governance, Capabilities, and Measurement

3.1 DVMS as a Governance Overlay

• Understand DVMS as a system overlay linking governance, strategy, and execution.
• Map workflows to MVCs and assess governance loops.

3.2 Minimum Viable Capabilities (MVC)

• Explain and apply the seven MVCs across workflows.
• Use the 3D Knowledge Model (Z-axis) to identify cultural barriers.

3.3 QO–QM Validation & Metrics

• Apply GQM (Goal–Question–Metric) and QO–QM frameworks.
• Align metrics with strategic outcomes and continuous improvement.

3.4 FastTrack™ Approach

• Sequence capability deployment based on maturity and culture.
• Use governance feedback and cultural diagnostics for dynamic adaptation.

3.5 Risk Team Structure & Collaboration

• Design and assess cross-functional risk teams.
• Integrate DVMS, MVC, and QO–QM in governance and decision-making.

Module 4 – Innovation, Maturity, & Adaptation

4.1 The Four Aspects of Innovation

• Distinguish incremental, sustaining, adaptive, and disruptive innovation.
• Apply systems thinking to identify innovation leverage points.

4.2 Nonlinear Adoption – Revisiting Phases

• Contrast linear and nonlinear adoption models.
• Map feedback loops that drive adaptation and cultural learning.

4.3 DVCMM (Digital Value Capability Maturity Model)

• Define DVCMM levels (0–3) across MVCs.
• Benchmark maturity and link Govern/Assure to capability deployment.

4.4 Bridge to Day 5 – Synthesis Preparation

• Integrate systems thinking, governance, culture, and measurement.
• Formulate a capstone action plan for cyber resilience improvement.

Module 5 – Integration, Improvement, and Mastery

5.1 Continual Improvement & Innovation Loops

• Design feedback mechanisms for single- and double-loop learning.
• Embed continuous improvement into operations and culture.

5.2 Integrating Governance, Measurement, & Culture

• Unify DVMS governance, GQM/QO–QM measurement, and cultural diagnostics.
• Design feedback loops for adaptive improvement and resilience.

5.3 Capstone Synthesis & Practitioner Reflection

• Apply all course models to a real-world cybersecurity challenge.
• Develop an actionable improvement plan aligned with strategy-risk priorities.
• Reflect on practitioner growth and continuous learning.
  

Who should attend

The DVMS Practitioner course is designed for ITSM, GRC, Cybersecurity, and Business professionals responsible for designing, implementing, operating, and continually innovating an integrated, adaptive, and culture-driven Digital Value Management Governance and Assurance System capable of delivering the resilient, compliant, and trusted outcomes government regulators expect.

Prerequisites

Students must have attended and completed the DVMS Cyber Resilience Professional Foundation Certificate, which is a pre-requisite for acceptance on the Practitioner level course.

Exam & Certification

This course prepares you for the open-book exam leading to the DVMS Cyber Resilience Professional Practitioner Certification. Students can choose between the Implementer or Auditor exam pathway and the relevant exam voucher will be provided. This exam is administered by APMG International. 

Questions test your ability to apply concepts, analyse scenarios, and evaluate information rather than memorise content. 

• Implementer - evaluates one’s knowledge of operationalising a DVMS Cyber Resilience Professional program that is fit for use within an organisation and is in alignment with organisational strategic policies.
• Auditor - evaluates one’s knowledge of ensuring that a DVMS Cyber Resilience Professional program delivers the desired business and regulatory outcomes expected by executive leadership and government regulators.

Exam Format:

• • Online, proctored
  • Duration 150-minute (2.5 hours)
  • 65 multiple choice questions per exam
    
  • Pass Mark – 62% (39 marks)
  • Open book: Course book, slides, and case study materials (unaltered).
    

The open-book format reflects the real-world nature of professional practice, where information access is available, but critical thinking and application skills are essential for success.

Course Material & Inclusions

Material for this course will only be provided by TSO (The Stationary Office) and can be viewed on a variety of devices.  

• One year of access to digital courseware
• Access to The Fundamentals of Adopting the NIST Cybersecurity Framework Body of Knowledge Publication
• Access to A Practitioner’s Guide to Adapting the NIST Cybersecurity Framework Body of Knowledge Publication
• DVMS Cyber Resilience Professional Practitioner Exam Voucher (implementer or auditor) from APMG International.

A digital badge you can share with your network of your course achievement will be provided via email upon passing your certification exam.