AP Cybersecurity Curriculum
AP Cybersecurity Course Hub › Curriculum Guide
AP Cybersecurity Curriculum (2026–27): All 5 Units, Skills & Pacing
The complete AP Cybersecurity curriculum breakdown — unit topics, the 4 skill categories, 36-week pacing, and direct links to every live lesson at APCSExamPrep.com.
Units 1, 2, and 3 are fully live — all lessons, exercises, labs, and quizzes. Units 4–5 launch April 2026. Go to the Course Hub →
◉Course Overview
AP Cybersecurity is a College Board AP course that launches nationally in the 2026–27 school year as part of the AP Career Kickstart™ program. The first official AP Cybersecurity Exam will be administered in May 2027.
The curriculum is organized into 5 units and spirals three core skills throughout: Analyze Risk, Mitigate Risk, and Detect Attacks. Students learn to think like defenders — identifying vulnerabilities, selecting controls, and analyzing evidence across physical spaces, networks, devices, and applications.
- No prior coding or computer science experience required
- Aligned with the NICE Workforce Framework for cybersecurity careers
- Qualifying exam scores earn the AP Cybersecurity Credential and CompTIA Security+ prep voucher
- Exam format: 60 MCQ (80 min, 70%) + 1 FRQ device security analysis (50 min, 30%)
This page is the curriculum reference. To actually take the course, go to the AP Cybersecurity Course Hub — every lesson, exercise, lab, and quiz is organized there by unit.
≡All 5 Units: Topics, Skills & Live Lessons
Unit 1: Introduction to Security
Social engineering · Password attacks · AI-based threats · Public Wi-Fi dangers · AI in cyber defense
Students analyze how attackers manipulate people and systems — from phishing and pretexting to AI-personalized spear phishing. This unit builds the foundational defender mindset used throughout the course.
Key topics: Social engineering, phishing vs. spear phishing vs. whaling, vishing, smishing, OSINT, password vulnerabilities, brute force, credential stuffing, AI-driven attacks, public Wi-Fi interception, AI in defensive security.
Unit 2: Securing Spaces
Physical security · Environmental controls · Surveillance · Insider threats · Access control
Many attacks bypass digital controls entirely through physical access. Students learn how organizations protect physical spaces, manage insider risk, and layer controls to prevent unauthorized access.
Key topics: Physical access controls, badge systems, surveillance systems, tailgating, environmental threats, clean desk policy, insider threat indicators, defense-in-depth for physical spaces.
Unit 3: Securing Networks
Network architecture · Firewalls · Segmentation · Intrusion detection · Data in transit
Students learn how data flows across networks, where it can be intercepted, and how network design decisions determine how far an attacker can move once inside.
Key topics: Network topology, TCP/IP fundamentals, segmentation and VLANs, firewalls and firewall rules, IDS/IPS, DNS attacks, man-in-the-middle, packet capture, network hardening.
Unit 4: Securing Devices
Malware · Authentication · Device hardening · Patch management · IoT security
Students analyze endpoint security: how malware operates, how authentication models protect devices, and how organizations harden endpoints and manage the expanding IoT attack surface.
Key topics: Malware taxonomy (ransomware, spyware, rootkits), MFA, least privilege, patch management, hardening configurations, IoT vulnerabilities, mobile device management.
Unit 5: Securing Applications & Data
Cryptography · PKI · Hashing · Application security · Data protection
Students explore cryptographic principles, how certificates establish trust, and how applications and data can be protected or compromised. This unit directly supports the FRQ firewall/log analysis task on the exam.
Key topics: Symmetric vs. asymmetric encryption (AES, RSA), hashing for integrity, digital signatures, PKI and certificate authorities, HTTPS, application vulnerabilities (injection, broken auth), data classification.
▲The 4 Skills Tested on the AP Exam
The College Board CED organizes the AP Cybersecurity Exam around four skill categories that spiral through every unit. The first three are the core skills weighted most heavily:
Identify vulnerabilities and threats; assess likelihood and severity; determine how adversaries exploit weaknesses.
Configure and implement security controls; assess effectiveness; plan layered defense strategies.
Monitor systems; identify indicators of compromise; recognize attack patterns in logs and network data.
Work with others and AI tools; document findings; communicate decisions to technical and non-technical audiences.
📅36-Week Pacing Guide
The College Board designs AP Cybersecurity for a full academic year of 32–36 weeks. Here is a practical pacing calendar aligned to the CED:
| Weeks | Unit | Focus |
|---|---|---|
| 1–7 | Unit 1 ✓ Live | Security foundations, social engineering, AI threats, password attacks |
| 8–13 | Unit 2 ✓ Live | Physical security, access control, environmental controls, insider threat |
| 14–20 | Unit 3 ✓ Live | Network architecture, firewalls, segmentation, intrusion detection |
| 21–27 | Unit 4 → April 2026 | Malware, device hardening, authentication, IoT, patch management |
| 28–34 | Unit 5 → April 2026 | Cryptography, PKI, hashing, application security, data protection |
| 35–36 | Review | Full practice exam, FRQ document analysis, cumulative case studies |
For a 16–18 week semester course: cover Units 1–3 in full depth, then provide abbreviated coverage of Units 4–5 focusing on the highest-weight exam topics. All three units are live now.
🔗More AP Cybersecurity Resources
Use these pages to go deeper on any area of the curriculum:
?Frequently Asked Questions
5 units. Unit 1: Introduction to Security, Unit 2: Securing Spaces, Unit 3: Securing Networks, Unit 4: Securing Devices, Unit 5: Securing Applications & Data. Units 1–3 are fully live at APCSExamPrep.com.
Analyze Risk, Mitigate Risk, and Detect Attacks. These three skills spiral through all 5 units and are the primary skills assessed on the AP Cybersecurity Exam. A fourth skill, Collaborate, is also assessed.
No. The AP Cybersecurity curriculum has no prerequisites. It is designed as a foundational introduction accessible to students from any background, including those without prior computer science coursework.
The curriculum is designed for a full academic year of 32–36 weeks, meeting 5 days per week. A 45-minute class period model is used in the College Board CED.
All lessons at APCSExamPrep.com are 100% free with no account required. Go to the AP Cybersecurity Course Hub to access Units 1–3 now.
Ready to Start the Course?
Units 1–3 are live now — all lessons, exercises, labs, and quizzes. 100% free, no account required.
Get in Touch
Whether you're a student, parent, or teacher — I'd love to hear from you.
Just want free AP CS resources?
Enter your email below and check the subscribe box — no message needed. Students get daily practice questions and study tips. Teachers get curriculum resources and teaching strategies.
Message Sent!
Thanks for reaching out. I'll get back to you within 24 hours.
Prefer email? Reach me directly at [email protected]