Derek Fisher

Derek Fisher has over twenty-seven years of technical experience in both hardware and software engineering while working in various companies and industries. Through his work in security as a developer, architect, and leader, he has provided his insights at development organizations attempting to create more secure code. Today, he performs many roles, including security evangelist, architect, mentor, speaker, and instructor, where he attempts to bring more secure development to the organizations he works with.

books & videos by Derek Fisher

GRC Fundamentals: Learn Governance, Risk, and Compliance

  • Course duration: 3h 12m
    30 exercises

GRC Fundamentals is your comprehensive guide to mastering governance, risk management, and compliance in today’s high-stakes business environment.

In an era where cyber threats, regulatory scrutiny, and operational risks evolve at lightning speed, organizations can't afford to treat governance, risk, and compliance as separate silos. This course shows you how to integrate GRC into a single powerful framework that not only safeguards your organization but also drives smarter decisions, efficiency, and business alignment.

Whether you're a cybersecurity professional, IT leader, compliance officer, or business executive, this course will give you the practical skills and knowledge to build a GRC program that is strategic, scalable, and sustainable. You’ll learn how to move from reactive compliance to proactive risk management—transforming GRC from a burden into a competitive advantage.

With expert guidance, you'll gain the tools to transform GRC from a checkbox activity into a strategic pillar of your organization.


Distributed by Manning Publications

This course was created independently by Derek Fisher and is distributed by Manning through our exclusive liveVideo platform.

A Guide for Developing Secure Applications

  • Course duration: 11h 14m

Every company uses software to function. From Fortune 500 technology companies to sole-proprietor landscaping firms, software is integral to businesses large and small. The right software, properly secured, can help organizations to move quickly and stay ahead of their competition.

Business software provides a means to track employees, customers, inventory, and scheduling. Data moves from a myriad of systems, networks, and software applications, providing insights to businesses looking to stay competitive. Depending on the needs and resources of a company, it may develop and build its own software, or it may purchase ready-made software and integrate it into the business operations. What this means is that every organization, regardless of size and industry, has a software need.

That is why there is an urgent need for people to develop and implement secure software. That’s where this course comes in: it is designed to help you become one of those crucial people.

This course will familiarize you with the common vulnerabilities that plague developed code, as outlined by the publications that set the industry standards, such as the OWASP Top 10 list of critical risks and the SANS Top 25 list of most dangerous flaws in software. You will understand what type of development behaviors lead to vulnerabilities and how to avoid those behaviors when creating secure code. You will learn how to perform a threat model on development features to understand what threats could impact your code, where they come from, and how to mitigate them. You will also learn to review and operate developer analysis tools to discover vulnerabilities, allowing you to correct them early in the development life cycle. Finally, you will understand how application security fits in an overall cyber security program.


Distributed by Manning Publications

This course was created independently by Derek Fisher and is distributed by Manning through our exclusive liveVideo platform.

Ultimate Cybersecurity Course and CISSP Exam Prep

  • Course duration: 7h 42m

In this course you will learn everything you need to know to take your cyber-security career to the next level. Whether you are already in cyber security and want to prepare for the CISSP exam, or you are working in technology and are curious about what cybersecurity is, this course is for you.

The course covers the range of topics that professionals in the field need to know about security and risk management in organizations, including best practices for security in architecture, networking, and physical locations. You’ll learn how organizations test and monitor for security, and how they use asset management to discover the data and systems that exist in their organization so they can protect them. And you'll see how security fits into the software development lifecycle

We will delve into the importance of security concepts such as confidentiality, integrity, and availability. How to use authentication and authorization to manage user and system access. How organizations prepare for disasters and ready themselves to resume operations. How to use risk management to define your company’s approach to security. Supply chain risks. Threat modeling. Security models. Cryptoanalysis. And so much more!

We cover a lot of topics here, and when you’ve finished the course you will have a thorough understanding of how security fits into an organization, and all the areas that need to be secured. Grab a comfy chair and get ready to learn.


Distributed by Manning Publications

This course was created independently by Derek Fisher and is distributed by Manning through our exclusive liveVideo platform.

Implementing an Application Security Program

  • Course duration: 4h 51m

This course delivers effective guidance on establishing and maturing a comprehensive software security plan. In it, you’ll master techniques for assessing your current application security, determining whether vendor tools are delivering what you need, and modeling risks and threats. As you go, you’ll learn both how to secure a software application end to end and also how to build a rock-solid process to keep it safe.

Application Security Program Handbook

  • November 2022
  • ISBN 9781633439818
  • 296 pages
  • printed in black & white
  • Available translations: Russian

The Application Security Program Handbook delivers effective guidance on establishing and maturing a comprehensive software security plan. In it, you’ll master techniques for assessing your current application security, determining whether vendor tools are delivering what you need, and modeling risks and threats. As you go, you’ll learn both how to secure a software application end to end and also how to build a rock-solid process to keep it safe.