FAIR Training and Certification

For Cybersecurity and Risk Management Professionals

FAIR Institute Certification Program

The FAIR Institute has trained over 10,000 professionals globally since 2017. Choose from the FAIR Institute's Cyber Risk Certification Program, a FAIR Third-Party Risk Management specialization, and Cyber Risk Management for Executives, a complementary online course designed for executives and senior leaders.

The FAIR Institute Certification Program is designed to build and validate the knowledge, skills, and leadership capabilities needed to apply FAIR and assess, quantify, manage, and communicate cyber risk. Professionals at all levels can gain a practical, defensible understanding of measuring, managing, and communicating risk in financial terms through a structured learning path that spans foundational concepts to advanced applications.

The program includes role-based training and tiered certifications for Professionals, Leaders, and Executives, each aligned to key responsibilities in a modern cyber risk management function. By combining hands-on learning, real-world scenarios, and rigorous assessment, the FAIR Institute empowers individuals and organizations to make smarter, risk-informed decisions, improve program maturity, and align cybersecurity with business outcomes.

Download Program Guide

In-Person Classes at FAIRCON25

November 2-3, 2025 in New York City

The following classes are being offered at the the 10th Annual FAIR Conference in New York City:

- FAIR Foundations
- FAIR Cyber Risk Analysis
- FAIR Third-Party Risk Management Specialization
- AI Red Teaming and Risk Analysis

The button below will take you to the FAIRCON25 regsitration page to learn more and sign up.

Upcoming Virtual, Instructor-Led Classes

FAIR Foundations

Upcoming Virtual Classes:
- October 13-17, 2025
- November 10-14, 2025 (APAC Time Zone)
- December 1-5, 2025

This virtual, instructor-led course is delivered two hours per day for five days. This curriculum provides a comprehensive introduction to Factor Analysis of Information Risk (FAIR), the leading quantitative model for managing cyber and operational risk. Participants will explore the limitations of traditional risk management approaches and gain an understanding of how FAIR provides a structured, data-driven methodology for assessing and communicating risk.

FAIR Cyber Risk Analysis Certification

Upcoming Virtual Classes:
- October 20-24, 2025
- December 1-5, 2025 (APAC Time Zones)
- December 15-19, 2025

This virtual, instructor-led course is delivered two hours per day for five days. The curriculum develops the core competencies required to perform quantitative cyber risk analysis using the FAIR model. This course provides participants with a step-by-step approach to analyzing cybersecurity risk scenarios in financial terms—enabling more informed business decisions.

FAIR Third-Party Risk Management Specialization

Upcoming Virtual Classes:
- October 6-10, 2025
- November 17-21, 2025
- December 8-12, 2025

This virtual, instructor-led course is delivered two hours per day for five days. The curriculum is designed for professionals who support or manage Third-Party Risk Management (TPRM) programs and want to shift from a traditional compliance-based approach to a risk-based strategy using the FAIR™ (Factor Analysis of Information Risk) methodology.

Enroll on FAIR Academy

FAIR Institute Course Catalog

Access the Course Catalog

For Cybersecurity and Third-Party Risk Management Professionals

FAIR Third-Party Risk Management Specialization

This five-day virtual course is designed to equip professionals in Third-Party Risk Management (TPRM) with the skills and knowledge needed to evolve from a compliance-focused mindset to a risk-informed strategy based on FAIR. Through instructor-led sessions and practical scenario analysis, participants will learn to quantify third-party cyber risk using FAIR’s core constructs — loss event frequency and loss magnitude — allowing for more accurate, transparent, and defensible risk assessments.

By embedding FAIR across the TPRM lifecycle from initial vendor intake through to assessment, risk analysis, and treatment, attendees will be empowered to drive meaningful risk-based decisions. The course places a strong emphasis on scenario modeling, control analysis using FAIR-CAM™, and prioritization based on business impact, rather than checklists or static scores. It is ideal for TPRM professionals, cybersecurity and GRC teams, procurement leaders, and anyone seeking to elevate third-party risk decisions through quantitative, business-aligned methods.

Enroll on FAIR Academy

For Business, IT and Cybersecurity Leaders

Cyber Risk Management for Executives

Taught by cybersecurity and risk management thought leaders, this complementary course is designed for executives to master cyber risk management using the FAIR (Factor Analysis of Information Risk) Model. Through five in-depth courses, learners will understand key concepts, practical applications, and governance strategies, enhancing their ability to make informed decisions and build resilient cyber risk management programs. Industry partners and real-world case studies are integrated to provide actionable insights and hands-on experience.

Learners engage in hands-on exercises that involve conducting FAIR analyses, utilizing risk modeling tools, and developing comprehensive risk management plans. These projects are designed to solve authentic problems, enabling learners to apply risk quantification techniques to real-world scenarios.

For Analysts and Risk Leaders

FAIR Analysis Fundamentals

FAIR Analysis Fundamentals provides a foundational understanding of the FAIR model and the underlying concepts of FAIR analysis. In this course, you’ll learn the FAIR™ methodology for risk analysis, including basic risk concepts, terminology, measurement, and interpreting results. The course includes 16 CPEs, a study guide, and an exam to earn a FAIR Fundamentals certificate from the FAIR Institute.

Enroll on FAIR Academy