Cyberange

Training catalogue · Five tracks

Hours on the range, not hours in a slide deck.

Retail and corporate cohorts across five tracks. Every curriculum runs against real telemetry and real engagement data — the same data the consulting practice works on Monday morning. Instructors are operators, not full-time faculty.

SOC DFIR CTI Pentest VA / CA

Track · Defensive operations

SOC

Tier 1 → Tier 3 analyst tracks. Real telemetry, real triage.

Cohorts work a live alert queue replayed from real engagement data, not a curated lab. Triage, escalation, investigation, and incident command — each a separate tier with its own assessment. Instructors are operators from the consulting practice.

  • Alert queue replayed from real customer telemetry
  • Tier-1 / Tier-2 / Tier-3 progression with formal sign-off
  • Mentor log + cohort chat for peer-learning bandwidth
Explore the SOC track See current cohorts

Track · Forensics & response

DFIR

Six forensic specialisms across fourteen weeks.

Disk, memory, network, log, mobile, and cloud forensics — each with its own case file, evidence intake, and chain-of-custody discipline. By week fourteen every cohort member has built and defended a multi-stream attack reconstruction.

  • Four-stream evidence intake (disk · memory · network · log) per case
  • Real tools — Autopsy · Volatility · Wireshark · plaso · KAPE · Velociraptor
  • Chain-of-custody discipline that survives a court / regulator pull
Explore the DFIR track Enrol in DFIR cohort

Track · Cyber Threat Intelligence

Threat Intelligence

Strategic, operational, and tactical CTI tradecraft.

CTI is taught the way the consulting practice does it — pivot-driven investigation, Diamond Model attribution, F3EAD intelligence cycle, and report-writing that survives a CISO debrief. Cohorts produce an actor dossier as their capstone.

  • Pivot graph investigation against a tracked APT
  • Diamond Model + F3EAD cycle as the operating framework
  • TLP discipline, peer-share via IB-CART, intel-product authoring
Explore the Threat Intelligence track Enrol in CTI cohort

Track · Offensive · Pentest

Pentest

Web, mobile, network, Active Directory, cloud.

Twelve weeks across the five attack surfaces. Each surface gets a phased curriculum (recon → enum → exploit → post → report) on a real range with real targets. The capstone is an end-to-end engagement on a small unfamiliar estate.

  • Five surfaces × five phases = a 25-cell curriculum matrix
  • Toolbelt mastery: Burp · sqlmap · nmap · BloodHound · metasploit · YARA
  • Capstone: a one-week black-box engagement against an unseen estate
Explore the Pentest track Enrol in Pentest cohort

Track · VA / CA

VA / CA

Vulnerability assessment and compliance audit, end to end.

The full pipeline: scope and discover, scan, configure-audit against CIS / STIG / PCI, validate findings through CVSS / EPSS / KEV, write the report. Cohorts ship a real assessment against a sample estate as the capstone.

  • Tooling: Nessus · OpenVAS · Qualys · CIS-CAT · OpenSCAP · Tenable
  • Prioritisation: CVSS v3.1 · EPSS · CISA KEV · manual triage
  • Final deliverable: an exec + technical report with a remediation guide
Explore the VA / CA track Enrol in VA / CA cohort

For organisations

Run any of the five tracks as a corporate cohort.

Tailored to your stack, your regulators, and your team's current capability. Outcomes mapped to a skill matrix you can put in front of your CHRO and your CISO together.

Scope a corporate cohort

For students

Apply for a sponsored seat via the ISAC Foundation.

Seats funded by CSR partners for students from under-represented backgrounds. Application is open year-round; selection is based on demonstrable interest, not pedigree.

ISAC Foundation