Skip to main content
PECB Certified Trainer · ISO/IEC 27001:2022

ISO 27001
Certification
Taught by the
Trainer Who
Implements and
PenTests It

I'm Shenoy, Founder of reconn, an AI-first cybersecurity solutions and services company and a PECB Certified Trainer with 20+ years in cybersecurity and information security management. If you're serious about certifying in ISO 27001, you're in the right place.

Free 1-hour 1-on-1 session included with every self-study or eLearning package.

20+
Years Cybersecurity & Infosec
31
CPD Credits per Certification
$799
Self-Study — 2 Exam Attempts
1-on-1
Free 1-Hour Session with Every Package

About the Trainer

Credential
PECB Certified Trainer · ISO 27001 Senior Lead Implementer
Experience
20+ years cybersecurity · 10+ years ISMS, BCMS and Data Protection
Company
Founder, reconn, AI-first cybersecurity, Dubai
Delivery
Dubai, UAE · Middle East · Europe · UK · North America

I've held and delivered the ISO 27001 credential for years — first as a hands-on ISMS implementer in critical environments, then as a PECB Certified Trainer. ISO 27001 is the foundation of information security management, and I've applied it in real operational contexts alongside offensive security assessments, threat intelligence programs and penetration testing. When I guide you through this certification, it is based on actual implementation experience and field knowledge — not marketing copy.

Choose Your Certification

Two Certifications.
One Standard.

Both PECB credentials are globally recognized and delivered online. If you choose the self-study or eLearning option, a free 1-hour live 1-on-1 session directly with me is included to clear your doubts before the exam.

ISO 27001 · PECB Certified

Lead Implementer

ISMS Build GRC Infosec

You'll be able to build and run an Information Security Management System from initiation to certification — not just understand the standard.

Duration
5 days (4 training + 1 exam)
CPD Credits
31 on completion
Validity
3 yr certification valid
Exam Format
Open book, multiple-choice
  • IT security managers and GRC professionals
  • Compliance and information security officers
  • Consultants advising on ISMS implementation
  • Executives responsible for information security governance
Self-Study
2 exam attempts included
$799
eLearning
2 exam attempts · PECB pre-recorded videos via MyPECB portal
$899
Free 1-hour live 1-on-1 doubt-clearing session with me included in both formats
ISO 27001 · PECB Certified

Lead Auditor

Audit ISO 19011 Advisory

You'll be able to plan, manage and lead audits of Information Security Management Systems — not just participate in them.

Duration
5 days (4 training + 1 exam)
CPD Credits
31 on completion
Validity
3 yr certification valid
Exam Format
Open book, multiple-choice
  • Internal and external auditors
  • ISO 9001 or ISO 42001 auditors expanding into infosec
  • Certification body professionals
  • Independent information security advisors
Self-Study
2 exam attempts included
$799
eLearning
2 exam attempts · PECB pre-recorded videos via MyPECB portal
$899
Free 1-hour live 1-on-1 doubt-clearing session with me included in both formats

Decision Guide

Which Certification
Is Right for You?

ISO 27001 Lead Implementer versus Lead Auditor: certification comparison
Lead Implementer Lead Auditor
You want to… Build and manage an ISMS inside your organization Audit Information Security Management Systems independently
Best for… IT security managers, GRC professionals, compliance officers, consultants Auditors, certification body professionals, independent advisors
Start here if… You are new to ISO 27001 You already have hands-on ISMS implementation experience
Combine both? Most consultants and advisors hold both Significantly raises your market value

If you're unsure, Lead Implementer first is almost always the right call. Implementation knowledge makes you a considerably better auditor.

Bundle Offer
Going for Both? Save with the Bundle.

The Lead Implementer + Lead Auditor bundle is available directly via reconn.io. Many practitioners hold both credentials — it's the fastest way to cover every angle of ISO 27001 and maximize your market value.

Private Mentorship

Want 1-on-1 Guidance?
Work Directly With Me.

Not everyone learns best from self-paced materials alone. If you want structured, personal guidance through your ISO 27001 certification journey, I offer private live online sessions in the evenings (GST) that fit around your schedule, wherever you are in the world.

This is not a group class. It's a direct session with me, tailored to exactly where you are and what you need.

No slide reading. Ever.
Every session is driven by my 20+ years of hands-on experience, not a deck. Clause walkthroughs, Annex A controls in context, real risk assessment scenarios, actual audit situations — the kind of depth you simply don't get from a recorded lecture.
  • Live 1-on-1 online sessions in the evenings, scheduled around your timezone
  • ISO 27001 clause-by-clause walkthroughs with real-world ISMS implementation context
  • Annex A controls deep-dives — selection, applicability, evidence and implementation
  • Exam prep: risk assessment scenarios, gap analysis and study plan tailored to your pace
  • Career positioning for information security and GRC roles

Every self-study and eLearning purchase via reconn.io includes a complimentary 1-hour live session with me to clear your doubts on the standard before your exam.

Direct from the Trainer

Most people who reach out to me already know they need ISO 27001. What they want is clarity: which certification to start with, how to approach the risk assessment, which Annex A controls actually matter for their context, and what the exam is really testing.

My sessions are based on real ISMS implementations and security assessments in live environments. I'll draw directly from that experience to walk you through situations you'll face in your exam and in your work.

Whether you've already enrolled via reconn.io or you're still deciding, get in touch. I respond personally to every message.

Exam Prep Clause Walkthroughs Career Strategy Annex A Controls Evenings GST

Why This Trainer is Different

Every ISO 27001 Domain.
Taught from Actual Practice.

Most ISO 27001 trainers teach the standard as a document. I teach it as a working system — because I've built, operated and tested the controls that sit behind every clause. I come from offensive security, threat intelligence and 20+ years of hands-on security operations, and I apply all of that directly to every domain covered by ISO 27001.

When we work through Annex A controls in our sessions, I don't just explain what each control requires. I walk you through how it is actually implemented in a real organization, what tools and services are used to enforce it, how it is monitored on an ongoing basis, and what a failure looks like from an attacker's perspective. That combination of implementation depth and offensive knowledge is what separates this training from a policy walkthrough.

Every domain below is an area I work in operationally — not just certify against. That is what you get when you prepare for ISO 27001 with me.

20+
Years Security Operations
ISO
27001 Senior Lead Implementer
25+
Vendors Scaled via reconn
Offensive Security & Penetration Testing
I run penetration tests and red team engagements against enterprise environments. I know which Annex A controls actually stop attacks and which ones exist primarily for audit compliance. When we cover vulnerability management, incident response and supplier security in your exam prep, you get the practitioner's view — not the policy writer's.
Threat Intelligence & Attack Surface Management
I've built and run threat intelligence programs including dark web monitoring, digital risk protection and attack surface management. That intelligence mindset shapes how I teach ISO 27001 risk assessments — as a reflection of real, active threats rather than a theoretical scoring exercise.
Identity & Access Governance
Access control is one of the most commonly failed areas in ISO 27001 audits. I cover how identity and access management is actually implemented — from privileged access management and role-based controls to directory services, MFA enforcement and access review cycles — and what auditors look for as evidence of effective operation.
Network Security & Systems Hardening
I cover network security architecture, segmentation, firewall policy management and intrusion detection in the context of ISO 27001 Annex A requirements. Systems hardening — including CIS benchmark application, patch management workflows and secure configuration baselines — is covered with the tools and processes organizations actually use to maintain and evidence compliance.
Cloud Security
Most ISMS implementations today span hybrid and multi-cloud environments. I cover how ISO 27001 controls apply in cloud contexts — shared responsibility, cloud security posture management (CSPM), data classification in cloud storage, and how to scope and evidence controls when infrastructure is not on-premise. This is an area most trainers skip entirely.
Encryption & IT Asset Management
I cover cryptography and encryption controls not as abstract requirements but as implemented solutions — key management, encryption at rest and in transit, certificate lifecycle management and the tooling that organizations deploy to maintain compliance. IT asset management is covered end-to-end: discovery, classification, ownership, lifecycle and disposal — the areas where auditors routinely find non-conformities.

Frequently Asked Questions

Common Questions
About ISO 27001 Certification

Questions I get asked regularly, answered directly. If yours isn't here, WhatsApp or email me.

What is ISO 27001 and who needs it?

ISO/IEC 27001:2022 is the world's leading international standard for Information Security Management Systems (ISMS). It provides a systematic framework for managing the security of information assets through risk assessment, Annex A controls implementation, and continual improvement. Any organization that handles sensitive data — regardless of size or sector — benefits from it. Those responsible for information security, GRC, compliance or IT security typically lead its implementation and audit.

What's the difference between Lead Implementer and Lead Auditor?

Lead Implementer is about building and running an ISMS inside your organization — scoping, risk assessment, controls selection and management system operation. Lead Auditor is about independently assessing and auditing ISMS in any organization using ISO 19011 methodology. If you work in IT security, GRC or compliance inside an organization, start with Lead Implementer. If you're an auditor or external consultant, Lead Auditor may be your primary goal — though most experienced practitioners hold both.

How much does ISO 27001 certification cost?

Via reconn.io, self-study starts at $799 with 2 exam attempts included. eLearning, which includes PECB pre-recorded video content via the MyPECB portal, is $899. Both formats include a complimentary free 1-hour live 1-on-1 session with me before your exam. If you're doing both certifications, the bundle offer is available directly at reconn.io.

Is the ISO 27001 exam open book?

Yes. Both the Lead Implementer and Lead Auditor exams are open-book and multiple-choice. You can use the standard itself, your notes and a dictionary. The exam is scenario-based, so you need to apply your knowledge to practical situations rather than recall definitions. That's why the 1-on-1 prep session matters: we work through actual scenarios, not flashcards.

How long does it take to get ISO 27001 certified?

The course is structured as 4 training days plus 1 exam day. With self-study, candidates typically take 4 to 6 weeks to work through the material before sitting the exam, depending on how much prior GRC or information security experience they have. The free 1-hour 1-on-1 session helps you identify exactly what to focus on in the final preparation period.

What does the free 1-on-1 session include?

It's a 1-hour live online session with me, scheduled around your timezone in the evenings (Gulf Standard Time). We use it however you need: clause clarification, Annex A controls in context, exam strategy, risk assessment scenarios, gap analysis or a direct conversation about how to apply the standard in your specific organization. It's not a slide walkthrough — it's based on what you actually need.

Should I do Lead Implementer or Lead Auditor first?

Lead Implementer first, almost always. Implementation knowledge gives you context that makes you a significantly better auditor. You'll understand what a well-run ISMS actually looks like from the inside — which is precisely what Lead Auditor exam scenarios test. The exception is if you already have hands-on ISMS implementation experience from real projects. Message me if you're unsure and I'll give you a straight answer based on your background.

Is there a bundle offer for both certifications?

Yes. The ISO 27001 Lead Implementer + Lead Auditor bundle is available directly via reconn.io. Many consultants, GRC professionals and security advisors hold both credentials — it's the most complete way to cover ISO 27001 from both the implementation and audit perspective. The bundle link is on the reconn.io product page. WhatsApp or email me if you have any questions before enrolling.

Still have a question? WhatsApp me directly or email [email protected]. I respond personally.