Curriculum · Technical + Cyber Awareness
Two tracks. One cyber-ready organisation.
Seven Technicalmodules take analysts from baseline to digital forensics — aligned to NICE Framework and MITRE ATT&CK, refreshed continuously from NIST NVD and CISA KEV. Three new Cyber Awarenessmodules uplift the wider workforce, IT & OT vendors, and AI rollouts.
Technical track · Three tiers
From baseline to specialisation.
Tier 1 builds the analyst's habits of mind. Tier 2 is the daily work of a Security Operations Centre. Tier 3 splits into offensive security and forensic reconstruction. (Cyber Awareness modules below sit outside the tier structure — they have no prerequisites.)
The analyst baseline. Two foundation modules every later track depends on.
Infrastructure, identity, and the language of defensive security automation.
Specialisation: offensive testing, security operations, and forensic reconstruction.
- Penetration Testing70h
- Security Operations and Incident Response60h
- Windows Digital Forensics and Incident Response50h
Track A · Technical · 7 modules · 310 hours
Producing employable cyber practitioners.
From analyst-baseline through penetration testing and Windows digital forensics. Each module is a complete, self-contained course. Click a card to see prerequisites, topics, and the career tracks it feeds.
NewTrack B · Cyber Awareness · 3 modules
Uplift the wider workforce.
Short-form, workshop-format programmes for general staff, IT & OT vendors in critical-infrastructure environments, and organisations rolling out AI. No prerequisites; sold standalone or stacked. Aligned to PDPA and the Malaysia Cyber Security Act 2024 (Act 854).
Total awareness runtime: 11.25hours across 3 modules. CYA102 was originally co-developed with AWS for PETRONAS's vendor uplift; CYA103 was co-designed with AWS Malaysia. Pricing for awareness training sits in the corporate book — talk to us.
Methodology
Learn → Practice → Simulate → Assess.
Every module runs through the same four-stage cycle, refined across years of cohorts and supported end-to-end by the platform.
Theory with industry context
Structured theory, never divorced from practice. For every concept, the platform shows why it matters in a real SOC, what practitioners use, and how it connects to the regional threat landscape. Content is written by working security professionals.
Real tools, real environments
Hands-on labs using the exact tools learners will use in industry, inside isolated cloud environments spun up on demand. Configure, attack, and defend — no click-through simulations.
Scenario-based exercises that mirror real incidents
Full mission-based exercises with time pressure, incomplete information, and team coordination. Where isolated skills fuse into professional judgement.
Competency, not multiple choice
Every assessment is mapped to NICE Framework and MITRE ATT&CK competency standards. Rubric-based evaluation on real tasks. Graduates leave with evidence of demonstrated capability that employers and certification bodies recognise.
7 named tracks, mapped to NICE.
- SOC Analyst
- Penetration Tester
- Digital Forensics Analyst
- Network Security Engineer
- Cloud Security Analyst
- Security Engineer
- Cybersecurity Consultant
Enterprise tools, not toy sandboxes.
- Nmap
- Wireshark
- Burp Suite
- Metasploit
- Meterpreter
- FTK
- Volatility
- ELK
- Beats
- pfSense
- OSSIM
Live cloud labs spin up on demand. Continuous content updates from NIST NVD, CISA KEV, and MITRE ATT&CK.
6 languages across Southeast Asia.
- enEnglish
- idBahasa Indonesia
- msBahasa Malaysia
- viVietnamese
- thThai
- kmKhmer
A 125-term cybersecurity glossary woven into the coursework so graduates can write incident reports and brief stakeholders in English from day one.
Match the curriculum to a Pathway.
For the technical track: Foundation covers Tier 1, Electives adds Tier 2, Institution and Institution+ deploy all 7 modules. For cyber awareness training across a workforce, vendor ecosystem, or AI rollout — that's a corporate conversation.