Sign Out

Dashboard

Track your progress and navigate your learning.

0 CPE
Earned This Year
0 / 40
Lessons Completed
0
Workshops Booked
Access Your Lessons
40 Lessons across 6 Tiers
Book Your Workshops
Plan up to 12 workshops to fit your schedule
Track Your CPE
Earn as you learn and download your certificates in real time

My Schedule

Your confirmed upcoming workshops
No workshops booked yet. Browse available dates →

Latest from X-Core

Programme updates and what's new
New
Tier 1 – Profiling Risk is now live
All 7 lessons are now available on demand. Start with Lesson 1.1 – Why Profiling Risk Matters, and begin building the foundation that every other tier of the programme depends on.
Read more →
Coming
Tier 2 – Decision Influence
Coming Q2 2026. 6 lessons covering loss calculation, biases, FACTR and pushback.
Coming
Profiling Risk Workshop A
First live workshop opens for booking in April. Check the Workshop Bookings page.
Update
CPE certificates now ISACA-compliant
Validated and ready for direct submission to ISACA's CPE tracking system.
Need support? Questions about your membership, CPE or workshop booking – we're here.
Contact us →

Next Generation Security Practitioner Video Lessons

40 powerful lessons across 6 tiers. Watch at your pace and earn Continuing Professional Education Credits (CPE) as you go.

How Your Video Lessons Work

1
Watch
Stream any of your 40 on-demand lessons. Watch at your own pace, on any device, as many times as you like.
2
Reflect
Complete the Applied Learning Assignment — four practitioner questions that turn what you watched into what you know.
3
Claim
Your ISACA-compliant CPE certificate generates automatically. Download it and submit directly to ISACA.

Workshop Bookings

Plan your live workshop sessions across your Elite allowance. Lock in your selection to receive your Teams joining link.

0 / 12

Workshops booked of your allowance

0 workshops remaining

Available

CPE Tracker

Every lesson and workshop tracked automatically. Each completed lesson issues a CPE certificate you can download and submit to ISACA.

0
Total CPE Earned
0
From Lessons
0
From Workshops

Progress to Annual Requirement

Target: 42 CPE per year

0 earned 42 remaining

Your Learning Record

Next Generation Security Practitioner Live Workshops

Your X-Core workshop experiences — overview, session structure, and CPE submission in one place.

How Your Workshops Work

1
Book
Reserve your place on a live 3.5-hour workshop. You'll receive a Teams joining link and pre-workshop briefing ahead of the session.
2
Attend
Experience expert-led learning, live simulation, and peer discussion. Your attendance is confirmed by GRC-X after the session.
3
Apply
Complete your Applied Learning Assignment — a short post-workshop reflection that earns your 4.0 CPE certificate and locks in your learning.

Loading workshops…

Welcome to the NGSP Events

One-hour live seminars — one per NGSP tier. Attend, earn 1.0 CPE, and discover what X-Core can do for your practice.

How Our Events Work

1
Enrol
Reserve your place at a live Event. Free members receive 3 lifetime credits — paid members have unlimited access.
2
Share
Join a live online session with like-minded GRC practitioners and security leaders. Engage, challenge, and learn from people who understand your world.
3
Receive
Earn 1.0 CPE for free. Your ISACA-compliant certificate of attendance is generated automatically the moment attendance is confirmed.

Loading…

← Back to My Events

Tier 1 · Event

1 hour · +1.0 CPE on attendance

In this Event, you will:

  • Hear a sharp, practitioner-focused perspective on a real GRC challenge
  • Engage with peers facing the same pressures in their organisations
  • Leave with at least one idea you can act on immediately
Live online session · Teams Webinar

Who this is for

GRC and security practitioners who want a sharp, peer-led perspective on one of the six core challenges in the NGSP framework — and 1.0 CPE to show for it.

← Back to My Video Lessons

Tier 1 — Profiling Risk · Lesson 1.6

The THOR Risk Lens

17 min · +0.5 CPE on completion

By the end of this lesson, you will learn:

    X-Lens Cover · placeholder
    0.5 CPE You will earn 30 minutes of CPE for this lesson
    • Video 1 — coming soon
    • Video 2 — coming soon
    • Video 3 — coming soon
    Up next
    Watch the lesson video
    A walkthrough of the four THOR lenses with worked examples.
    Watching…
    0%
    Up next
    Apply your learning
    Watch 90% of the video to unlock the applied learning task.
    Battlecard 1.6 — The THOR Risk Lens Click the card to expand · part of your X-Core Collection
    BC-1.6
    Battle Card
    NGSP · Tier 1 · Lesson 1.6

    Profiling Risk · Tier 1

    The THOR Risk Lens

    Four lenses applied in sequence — together they describe the real risk surface of any system, change or decision.

    Framework

    T·H·O·R

    Technical · Human · Operational · Regulatory

    TTechnical

    Examine the systems, tools, architecture and technical controls that underpin your risk posture.

    Scrutinise

    • Systems, integrations and data flows in scope
    • Trust boundaries and how they're enforced
    • Attack surface, hardening posture, exposure
    • Inherited dependencies you don't control

    Watch for

    • Shadow IT and undocumented integrations
    • Legacy systems with no clear owner
    • Vendor changes that quietly shift the risk profile
    HHuman

    Assess the people, behaviours, culture and capability that shape how risk is created and managed.

    Scrutinise

    • Who has access — and whether they understand why
    • Behaviours that create risk, behaviours that reduce it
    • Where culture supports secure decisions, where it doesn't
    • Risk ownership — assigned, accepted, evidenced

    Watch for

    • "Not my job" gaps between teams
    • Privileged users with stale or unreviewed access
    • Pressure to ship overriding security as a default
    OOperational

    Review the processes, procedures, workflows and day-to-day practices that govern execution.

    Scrutinise

    • Processes that assume security — and the ones that bypass it
    • Handoffs between teams, systems and shifts
    • What this looks like at 3am with one person on call
    • Recovery and detection capability that's real, not theoretical

    Watch for

    • Single points of failure: one person, one tool, one process
    • Manual workarounds that quietly became permanent
    • Change windows where controls relax "just for now"
    RRegulatory

    Scrutinise the compliance obligations, legal exposure and regulatory landscape that frame your risk.

    Scrutinise

    • Laws, standards and contractual obligations in play
    • Where you're audited — and where you could be
    • Evidence you're required to produce, and whether you can
    • Upstream change (DORA, NIS2, sector rules) on the horizon

    Watch for

    • Cross-border data flows triggering jurisdictional questions
    • Obligations buried in client master agreements
    • Compliance treated as the goal, not the floor
    GRC-X · X-Core · Next Generation Security Practitioner BC-1.6-THOR-RISK-LENS-V2.0

    Battle Cards stay in your X-Core Collection — view any time, no download. Earn cards as you complete each lesson.

    CPE WorksheetLocked +0.5 CPE

    Reflect on this lesson. Your responses become the supporting evidence on your CPE certificate. Every field has a guideline word count — write enough to demonstrate your professional judgement.

    0 WORDS
    0 WORDS
    0 WORDS
    0 WORDS

    Watch 90% of the video to unlock the worksheet.

    CPE awarded — your certificate is ready
    +0.5 CPE added to your annual total. Reference: NGSP-2026-04-00001
    ← Back to My Workshops

    Tier 1 — Profiling Risk

    Workshop

    3.5 hours · +3.0 CPE on completion

    A hands-on practitioner workshop combining expert-led learning with live simulation. Designed to build real-world capability you can apply from the moment you leave.

    In this workshop, you will:

    • Apply core frameworks in a live simulation environment
    • Work through real-world risk scenarios with practitioner peers
    • Leave with a concrete action for your organisation

    Workshop Flow

    01
    Introduction
    Context setting & objectives
    02
    Core Learning
    Framework & practitioner insight
    03
    Simulation
    Live scenario exercise
    04
    Debrief
    Group reflection & actions
    Pre-Workshop Activity
    Complete the pre-work before your workshop date.
    Workshop CPE SubmissionLocked +3.0 CPE

    Reflect on your workshop experience. Your responses form the supporting evidence on your CPE certificate.

    0 WORDS
    0 WORDS
    0 WORDS
    0 WORDS

    Complete all four questions to submit.

    CPE awarded — your certificate is ready
    +3.0 CPE added to your annual total. Reference:

    My Battlecards

    Your library of practitioner battlecards.

    Coming soon

    Your battlecard library is on its way

    As you complete lessons across the six NGSP tiers, your earned battlecards will appear here — ready to reference, search, and apply directly to your practice. Battlecards earned to date are accessible from inside their parent lessons.

    My Account

    Your X-Core profile and preferences.

    Coming soon

    Account management is being built

    Profile editing, preferences, and notification settings will live here. For now, contact support if you need to update your account details.

    Billing

    Your payment history and subscription details.

    Coming soon

    Billing details will appear here shortly

    Payment method on file, billing history, invoice downloads, and any sponsoring organisation will appear here once we've finished the secure billing experience. In the meantime, all subscription enquiries can be sent to support.

    X-Core Navigator

    The intelligent companion for your practitioner journey.

    Coming soon — limited preview

    A new way to navigate your practice

    X-Core Navigator is being designed to surface the right lessons, workshops, and battlecards at the right moment in your career — based on what you've learned, what you're working on, and where your practice is heading. Early preview opens to subscribers before public release.

    Upgrade complete
    Your subscription has been updated.
    Battlecard 1.6 — The THOR Risk Lens BC-1.6
    Battle Card
    NGSP · Tier 1 · Lesson 1.6

    Profiling Risk · Tier 1

    The THOR Risk Lens

    Four lenses applied in sequence — together they describe the real risk surface of any system, change or decision.

    Framework

    T·H·O·R

    Technical · Human · Operational · Regulatory

    TTechnical

    Examine the systems, tools, architecture and technical controls that underpin your risk posture.

    Scrutinise

    • Systems, integrations and data flows in scope
    • Trust boundaries and how they're enforced
    • Attack surface, hardening posture, exposure
    • Inherited dependencies you don't control

    Watch for

    • Shadow IT and undocumented integrations
    • Legacy systems with no clear owner
    • Vendor changes that quietly shift the risk profile
    HHuman

    Assess the people, behaviours, culture and capability that shape how risk is created and managed.

    Scrutinise

    • Who has access — and whether they understand why
    • Behaviours that create risk, behaviours that reduce it
    • Where culture supports secure decisions, where it doesn't
    • Risk ownership — assigned, accepted, evidenced

    Watch for

    • "Not my job" gaps between teams
    • Privileged users with stale or unreviewed access
    • Pressure to ship overriding security as a default
    OOperational

    Review the processes, procedures, workflows and day-to-day practices that govern execution.

    Scrutinise

    • Processes that assume security — and the ones that bypass it
    • Handoffs between teams, systems and shifts
    • What this looks like at 3am with one person on call
    • Recovery and detection capability that's real, not theoretical

    Watch for

    • Single points of failure: one person, one tool, one process
    • Manual workarounds that quietly became permanent
    • Change windows where controls relax "just for now"
    RRegulatory

    Scrutinise the compliance obligations, legal exposure and regulatory landscape that frame your risk.

    Scrutinise

    • Laws, standards and contractual obligations in play
    • Where you're audited — and where you could be
    • Evidence you're required to produce, and whether you can
    • Upstream change (DORA, NIS2, sector rules) on the horizon

    Watch for

    • Cross-border data flows triggering jurisdictional questions
    • Obligations buried in client master agreements
    • Compliance treated as the goal, not the floor
    GRC-X · X-Core · Next Generation Security Practitioner BC-1.6-THOR-RISK-LENS-V2.0
    Battle Card · Page 2
    Apply THOR in Practice

    Worked Example

    Running a new SaaS vendor through THOR

    How to use THOR

    Apply each lens in sequence. Skipping a lens leaves blind spots. Walking all four builds a coherent risk picture you can defend in a stakeholder conversation.

    The example to the right shows a single decision — onboarding a new SaaS vendor — surfacing materially different risks at each lens.

    Step 1T

    "How does the vendor's system connect to ours, what does it touch, and what does that expose?"

    Example findingSSO via SAML, but the vendor also requests an API key with broad read access to the customer database.
    Step 2H

    "Who in our business and theirs will have access — and is that access proportionate?"

    Example findingTheir support engineers can view customer records during incidents — undocumented in their data sheet, surfaced only on questioning.
    Step 3O

    "What happens to our operations if this vendor goes down, gets breached, or is acquired?"

    Example findingNo documented exit plan, no data export tooling, contract auto-renews. Switching cost is high and silent.
    Step 4R

    "What regulatory obligations follow our data into their environment?"

    Example findingVendor hosts data in a US region; current contract doesn't mention SCCs. GDPR transfer mechanism unclear.
    Takeaway Each lens surfaced a material risk the others would have missed. THOR isn't four boxes to tick — it's four perspectives that together describe the real risk surface.
    Premium Feature
    Unlock Your Learning Diary
    Your Learning Diary gives you a downloadable record of every reflective response you've submitted — lesson by lesson. It's part of your professional development record and available on Premium and Elite subscriptions.
    View Upgrade Options