The ACT Program has two levels of instruction: the Fundamentals Learning Track and the Advanced Learning Track.

The Fundamentals Learning Track provides a baseline of automotive cybersecurity knowledge. This audience should be comprised of new hires, interns or co-op students, and employees transferring into an area where cybersecurity knowledge is necessary. ACT also helps increase the speed at which the industry can onboard new employees. These courses are all online and on demand. Anyone interested in building their knowledge of essential cybersecurity for the automobile industry can take the courses at anytime and anywhere globally.

The Advanced Learning Track is geared toward advanced hands-on training on the components, software, hardware, and communications unique to the automotive industry. More information on the newly-designed Advanced courses will be available in 2025.

The ACT Program has something for almost everyone. The Fundamentals courses are designed for learners with little to no experience. The Basic Cybersecurity course is recommended first. Then it’s up to the learner whether Secure Engineering or Secure Operations Management is needed. Completing the entire Learning Track is suggested before moving onto the Advanced courses.

If you have intermediate experience in the automotive cybersecurity space, you may choose to take the ACT Fundamentals Test Out. This is a comprehensive assessment that includes all of the main topics covered in the Fundamentals courses. A successful Test Out qualifies you for the Advanced Learning Track.

If you are an experienced Automotive and/or Cybersecurity Engineer/Manager, you may choose to take some or all four of the Advanced Learning Track courses to supplement your existing knowledge.

The Fundamentals Learning Track is online/on-demand. All three courses: Basic Cybersecurity, Secure Engineering, and Security Operations / Management, are located on our new Auto-ISAC Learning Management System (LMS). The courses range in length from 25-32 hours. Visit our registration page for more information.

Watch for updates in 2025 on the Advanced Learning Track. This includes: Advanced Engineering, Advanced Wireless, Advanced EV/EV Infrastructure, and Advanced Guided Attacks.

You can register on the ACT Registration page by clicking here.

Upon successful completion of each course, learners will receive a badge and a Certificate of Completion. The badge may be downloaded and added to your social media.

The courses taken in a certificate program help you prepare to earn a professional field-specific certification, but earning a certificate is not the same as becoming certified.

Earning a certificate is a way for you to earn credits in a structured, discipline-specific way. A Certificate of Completion is a result of training or education, while a Certification is the result of an assessment process that indicates mastery/competency measured against a standard which is normally an exam. Typically, when you receive a Certification, it results in a designation to use after one’s name (CISSP, PMP, and Auto-ISAC’s CASE). View the FAQs below to learn more about becoming a Certified Automotive CyberSecurity Engineer.

The Capability Exam is a scenario-based online exercise developed to test the knowledge, skills, and abilities of the ACT program learners. The CAPEX includes best practices to ensure vehicular system development, operation, and maintenance integrity and security. This applies to every phase of the vehicle lifecycle.

By passing the CAPEX, learners earn the designation of Certified Automotive Cybersecurity Engineer (CASE).

Anyone may sit for the CAPEX by paying $1000. The fee is waived for

completing the ACT Fundamentals Learning Track and the ACT Advanced Learning Track, or
completing the Fundamentals Test Out and the ACT Advanced Learning Track.

The Capability Exam (CAPEX) is a scenario-based online assessment developed to test the knowledge, skills, and abilities of the ACT Program learners. The CAPEX includes best practices to ensure vehicular system development, operation, and maintenance integrity and security. This applies to every phase of the vehicle lifecycle.

By passing the CAPEX, learners earn the designation of Certified Automotive CyberSecurity Engineer (CASE). CASE recipients must actively advance their knowledge by completing 16 hours of continuing education and training each year. This 3-year certification expires unless a total of 48 Continuing Professional Education (CPE) credits are maintained within 3 years of certification. The CPEs can be obtained industry-wide and not limited to Auto-ISAC.

The Certified Automotive CyberSecurity Engineer (CASE) attests to the recipient's professional mastery of the field of automotive cybersecurity. The CASE certifies the recipient's ability to develop and implement a comprehensive and practical response to cybersecurity threats and risks. The Automotive Information Sharing and Analysis Center (Auto-ISAC), in cooperation with the National Highway Transportation Safety Administration (NHTSA), underwrite this capability. In addition, the CASE endorses the recipient’s ability to adapt and sustain a coherent set of systematic best practices acquired through the applied training sequences of the Automotive Cybersecurity Training (ACT) Program and completing the Capability Exam (CAPEX). These practices ensure vehicular system development, operation, and maintenance integrity and security. This applies to every phase in the vehicle lifecycle. The ACT Program will serve as an officially sanctioned certification authority for the Certified Automotive Cybersecurity Engineer (CASE). Auto-ISAC maintains a certification database of all individual submissions for Continuing Professional Education (CPE) credits.

To see the detailed criteria for CPEs, click here.

To receive CPE credits for various industry events, please visit the Auto-ISAC LMS. Under the drop down menu, click on CPE Forms. Enter your event information and include a file that proves attendance, and then click the Submit button. Within 3 business days, the ACT Program team will evaluate your submission and document your credits in the Transcripts section. If you need assistance or have additional questions, email the team at ACT@automotiveisac.com.

Reminder: This certification expires unless a total of 48 Continuing Professional Education (CPE) credits are maintained within 3 years of certification.

Auto-ISAC is seeking the best automotive cybersecurity trainers in the industry. You can send your inquiries to ACT@automotiveisac.com and we will reach out to you.

ACT FAQ

Who is the intended audience for the ACT Program?

How are the courses structured? Are there any prerequisites?

Is there a training schedule?

Where can I register?

Certificate of Completion vs. Certification

Capability Exam (CAPEX)

What are CAPEX and CASE?

May I have more information on CASE?

How do I become a trainer for the ACT Advanced lab courses?