In today's complex environments, safeguarding organizations’ information assets is difficult and requires more than solely technical skills. In order to meet the need for future information security specialists, in 2018 the Informatics department at Örebro University launched an International Master’s Program in Information Security Management. The program content was developed in collaboration with industry and governmental partners. One of the challenges with this co-design effort was to elicit the requirements of the courses in the program from a diverse set of actors. Also, an educational program has a finite number of teaching hours, which means that a limited number of requirements, or topics on information security, can be covered. Consequently, there was a need to prioritize between the elicited requirements and make the partners prioritize. To both these ends, we employed the Delphi method. In this chapter, we give an account of the process of eliciting and prioritizing course requirements using an adapted Delphi method. The adopted process included three iterations, for which workshops and surveys were used to collect the necessary data. The implementation has been far from instrumental, and in this chapter we discuss the details related to design choices made and the rationale behind these choices.