MCSI CyZone Bootcamp

CyZone is a high-intensity cyber security bootcamp that prepares students for their first job. It addresses the talent shortage created by theoretical degrees and certifications.

Register now!

Are you missing practical cyber skills?

Employers seek candidates who can hit the ground running with dependable practical skills. Cyzone Bootcamp is innovative and equips you with the industry-standard practical skills. Preparedness is key to ensuring your confidence for your first position. This is how CyZone brings and leads you to deliver immediate high value in the field.

Traditional training methods only focus on the theory of information security. Traditional training does not include the practical hands-on skills required by the industry. CyZone Bootcamp covers all the angles, boosting skills to high performance for your 1st job.

What is CyZone?

CyZone is a high-intensity training bootcamp delivered online.

CyZone Bootcamp gives you a solid technical foundation in cyber security. This fundamental training prepares you to get your first job in the industry or the military.

CyZone uses the MCSI Method™. The MCSI Method develops critical-thinking skills. It teaches you how to also work on your own. The Method is 100% practical. It is effective in providing speedier, more comprehensive hands-on skills than any other.

Is CyZone for me?

  • You're a cyber student who realized that you must have higher practical skills. College/university education was theoretical.
  • You want to land your first job already strengthened with work experience.
  • You want to be ahead of the game with learning modern skills that are in demand by the industry.
  • You're looking for a cybersecurity mentor to help design a career path for you.
  • You're ready to dedicate a few months to gain a solid foundation cybersecurity career.

How long does it take?

If you go all in for it, it's possible to complete CyZone in 3 months. Part-time study of CyZone may take you up to 12 months to complete.

ic-clock 1 year, part-time
cpe-points 150 exercises
ic-money $450
100% practical. Taught by industry experts


“Employers put very little weight on industry certifications and solving pre-made lab exercises. They consider skills, responsibilities and work attitudes the most important. That's what CyZone teaches. The MCSI Method™ does it in a way that can be demonstrated to employers. Our students create work products that are what employers want them to develop in the field. Their exercises are peer reviewed by industry professionals. We impart work standards that set our students up for success. That's our unique value proposition. Our students can prove they can do the job.” - Benjamin Mossé, Founder of MCSI

How does CyZone work?

Workflow Overview

The following diagram explains how CyZone works at a high-level:

CyZone Workflow
Figure 1 - CyZone Workflow

Features and Benefits

Career Outcomes

The following diagram shows the benefits of completing the CyZone Bootcamp:

Before and After CyZone
Figure 2 - Before and after CyZone

Real-World Exercises

Our exercises simulate real-world engagements. Your will solve problems in the same manner that a professional would in the field. Building up professional skills involves doing your own research. It also includes seeking guidance from your peers, and developing your own solutions.

MCSI's motto: “Skill mastery wins!”

Professional Work Standards

You are to submit your solutions as code, videos, reports, or a combination of the three. We give you plenty of guidelines on how your work must look professionally drafted. Along with learning practical skills, you will also learn professional skills!

Certificates of Completion

You earn a Certificate of Completion for each exercise you pass in the CyZone Bootcamp program.

We urge you to include these certificates on your CV. You may also share them on social media to promote your profile.

Portfolio of Demonstrated Skills

Solving exercises requires you to produce artefacts such as:

  • Screen recordings
  • Source code and programs
  • Reports
  • Policies, procedures and checklists
  • Research papers

Together, these artefacts make up your Portfolio of Demonstrated Skills. Your Portfolio will showcase your abilities to prospective employers. Potential employers may ask you, 'What have you done?' or 'Can you show me what you can do?'. You will have hundreds of work examples to showcase your capabilities!

Letter of Recommendation

You get a signed Letter of Recommendation from Benjamin Mossé when you complete CyZone Bootcamp.

Comparing Cyber Security Bootcamps

Here's how CyZone compares to other bootcamps:

CyZone Bootcamp University Bootcamp Certification Bootcamp
Cost $450 $12,000 - $15,000 $3,000 - $8,000
Duration 12 months, part-time 24 weeks 5 to 20 days
Practical Exercises 100% 0% 25%
Hours hands-on 400+ 0 10 to 40
Personalized Feedback Yes No No
Portfolio of Demonstrated Skills Yes No No
Letter of Recommendation Yes No No


Training Modules

  • Module 01: Situational Awareness

    You will learn to discover vulnerable ICT systems and data exposed to the Internet. This activity is called Situational Awareness. Cyber defenders use it to discover vulnerabilities. In some cases, it may even identify active cyber attacks. The following open-source intelligence (OSINT) techniques are covered:

    • Certificate Transparency Logs
    • DNS Brute Forcing
    • DNS Reverse Lookup
    • Email Harvesting
    • Passive DNS
    • Search Engine Dorking
    • Sensitive information leakage
    • TLD Brute Forcing
    • Typo Squatting
  • Module 02: System Administration

    In the field, you will be expected to know how to deploy, configure and manage your tools. This module teaches you fundamental system administration skills. The concepts and techniques covered will last you a lifetime.

    • Hardening user applications to prevent endpoint compromise
    • Isolating data using file system permissions to prevent information theft
    • Managing firewalls to block unauthorized network connections
    • Securing operating systems to adhere to best practices
    • Using Group Policy Objects (GPOs) to deploy security at scale
  • Module 03: Professional Communication

    Every cyber mission requires communication skills. In the field, you will interact with team members, stakeholders and third-parties. It is paramount to learn how to communicate effectively. You must also learn the etiquette that professionals follow in industry. This module teaches you important skills that you may very end-up using on a daily basis.

    • Action Plans
    • Change Requests
    • Checklists
    • Naming Conventions
    • Professional Templates
    • Request for Information (RFI)
  • Module 04: File Analysis

    This module introduces you to the very basics of malware reverse engineering. You will learn important concepts and techniques to decompose and analyse suspicious files. If your intentions are to become a penetration tester or Red Teamer, then this module will expose you to how bad actors create malware.

    • Analysis of malicious scripts
    • Decomposing executable containers
    • Extracting scripts from rich file formats
    • Extracting shellcode from malicious files
    • Portable Executable (PE) format
  • Module 05: Memory Forensics

    This module introduces you to memory forensics. You will learn how to acquire volatility memory and retrieve forensics artefacts. You will use the Volatility Framework against different operating system versions. In the end, you will investigate a malware infection using memory forensics.

    • Acquiring volatile memory
    • Executing and interpreting the results of Volatility plugins
    • Malware analysis from a memory dump
  • Module 06: Malware Analysis Fundamentals

    This module continues to build your malware analysis skills. The objective is for you to understand how real-world attacks are conducted. You will get a technical understanding of spear-phishing attacks. We also introduce you to behavioral malware analysis techniques.

    • Analyzing spear-phishing payloads
    • Decomposing PE files
    • Monitoring API calls
    • Writing basic Malware Analysis Reports (MARs)
  • Module 07: Introduction to YARA

    Industry professionals use YARA to detect cyber-attacks and track threat actors in cyberspace. Initially, it is a very simple tool that you can learn in an afternoon. In practice, it takes years to master. The use cases for this tool are endless. This module teaches you the basics of writing YARA rules.

    • Identifying heavily obfuscated executables
    • Tracking malware families based on unique strings and data points
    • Using the PE file format to discover malicious files
    • Writing professionally documented rules
  • Module 08: Threat Hunting with YARA

    This module teaches practical threat hunting techniques using YARA. Cyber defenders use these techniques to hunt for adversaries that have evaded protections. They also use them to monitor and defend networks against known threats.

    • Combining YARA with memory forensics to discover memory-only backdoors
    • Discovering files that import suspicious Windows APIs
    • Tracking threat actors based on the defense evasion techniques they employ
  • Module 09: Windows Hardening
  • Module 10: Cyber Protection

    This module introduces the fundamental concepts and techniques to protect large-scale networks. This module combines threat hunting, OS hardening, vulnerability scanning and automation.

    • Periodically scanning computers with proprietary detection rules
    • Identifying vulnerabilities in network services and operating systems
    • Protecting user applications using security features provided by Windows
    • Leveraging PowerShell to automate the deployment of hardening configuration settings
  • Module 11: Infrastructure Penetration Testing

    This module focuses on post-exploitation techniques for penetration testing and Red Teaming. You will learn to use industry-standard tools as well as develop custom malware. Upon completion, you will have a deeper understanding of the cyber kill chain. This knowledge will serve you both as a cyber defender and as an ethical hacker.

    • Creating custom credential stealing software
    • Employing Mimikatz to steal Windows credentials and move laterally on a network
    • Leveraging binary obfuscation tools to bypass anti-virus software
    • Using Metasploit's post-exploitation modules
  • Module 12: Web Application Penetration Testing - Part 1

    This module focuses on web application vulnerabilities. You will create vulnerable applications and exploit them. This practice will deepen your understanding of what insecure code is. Once you have integrated that knowledge, you will know how to find vulnerabilities in any application.

    • Arbitrary Command Execution
    • Cross-Site Request Forgery
    • File Inclusion
    • Insecure Direct Object References
    • Malicious File Upload
  • Module 13: Complementary Security Tools

    This module imparts additional security tools you must know. They will be part of your arsenal for both defensive and offensive cyber operations.

    • Password crackers
    • Network tunnelling
    • Remote administration
    • Web application vulnerability scanners
  • Module 14: Red Teaming - Persistence

    This module teaches a range of persistence techniques for Red Team engagements. Students interested in cyber defense will benefit from the exercises too. Offense informs defense. In this case, you will learn what it takes to remove an attacker that has compromised a machine.

    • Abusing Windows auto-run features
    • Compromised and/or malicious user accounts
    • Editing the configuration settings of the operating system to run malicious code
    • Taking advantage of code that automatically runs when a utility starts
  • Module 15: Red Teaming - Discovery & Credential Access

    This modules focused on Red Team techniques to steal credentials. It also teaches reconnaissance techniques to locate key cyber terrain that should be targeted later in the operation. Students wanting a career in cyber defense will greatly benefit from completing these exercises too. Cyber adversaries compromise and reuse stolen credentials. In fact, this is one of the most common attack vector. Learning how these attacks are conducted will deepen your understanding of how computer networks should be defended.

    • Identifying usernames and passwords in files using automation
    • Performing host reconnaissance to identify target information and build a network map
    • Stealing credentials from password managers
    • Writing keyloggers to steal passwords entered in applications
  • Module 16: Red Teaming - Initial Access

    This modules teaches techniques adversaries use to gain a foothold into computer networks. As a Red Teamer, you will learn key offensive security tradecraft for ethical hacking engagements. Cyber defenders will be develop an understanding and appreciation of how cyber attacks are conducted. Preventing adversaries from entering the network perimeter is a crucial mission objective in cyber defense.

    • Creating, testing and deploying spear-phishing frameworks to compromise endpoints
    • Developing phishing websites to steal user credentials
    • Writing first-stage malware to evade anti-virus software and perform initial reconnaissance activities
  • Module 17: Threat Hunting with Python Pandas

    By now, you will have a good understanding of how cyber attacks work and the forensics traces their create. This module integrates everything you have learnt so far. You will learn to develop and test threat hunting hypotheses. This skill will allow you to uncover adversaries that have evaded cyber protections.

    • Detecting adversaries that abuse OS utilities for persistence
    • Detecting malicious commands that indicate live compromises
    • Detecting malware that uses `living off-the-land` techniques
    • Generating and testing threat hunting hypotheses using a systematic process
    • Professionally documenting threat hunting searches
    • Writing reports that demonstrate the ROI on threat hunting
  • Module 18: Malware Reverse Engineering - Behavioral Analysis

    This module teaches behavioral analysis techniques to reverse engineer malware. These techniques will prove invaluable when discovering suspicious binaries. If you intend to work as a Red Teamer, this module will illuminate how defenders analyse malware. Later in your career, this knowledge will enable you to development evasion techniques.

    • Sandbox analysis using the Cuckoo Sandbox
    • Creating your own malware sandbox to defeat anti-analysis techniques
    • Simulating a network environment to trick malware into revealing network indicators of compromise
  • Module 19: Incident Response Challenges

    This module challenges you with incident response exercises. You will learn an investigative approach. Then, we will provide you with digital forensics artefacts. Your job will consist in recovering the timeline of the incident and the key events. Finally, you will write a professional report!

    • Creating Incident Statements
    • Dimensioning incidents
    • Generating and testing hypotheses
    • Recovering key cyber events
    • Restoring incident timelines
    • Writing DFIR reports
  • Module 20: Web Application Penetration Testing - Part 2

    This module dives into more sophisticated application vulnerabilities.

    • Blind SQL injection
    • Bypassing weak input filters
    • Command execution at the database layer
    • Object injection
    • xPath injection
  • Module 21: Playbooks, Checklists and Templates

    Good cyber operators use systematic approaches to solve problems. In this module, you will learn how to create procedures, playbooks, checklists and other templates. The ability to create this documentation will prove helpful throughout your career.

    • Deployment procedures
    • Incident response playbooks
    • Penetration testing checklists
    • Report templates
    • User guides


Proficiency in the English language

Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).

Note: You can register for CyZone without having undertaken an English test.

Note: This requirement is only relevant if English is not your first language.

Proficiency in Information Technology (IT)


Below is a list of knowledge required to successfully take part in CyZone:

  • Knowledge of fundamental networking concepts (e.g. TCP/IP, ingress, egress, port forwarding, network services etc.)
  • Knowledge of fundamental programming concepts (e.g. variables, functions, algorithms etc.)
  • Knowledge of fundamental cyber security concepts (e.g. penetration testing, digital forensics, spear-phishing etc.)
  • Knowledge of web application controls (e.g. authorization, authentication, session management etc.)


Below is a list of technical abilities required to successfully take part in CyZone:

  • Ability to use a word editor such as Microsoft Word
  • Ability to proficiently use search engines to search for IT materials and troubleshoot software faults
  • Ability to configure and operate virtual machines on your local machine and in the cloud
  • Ability to install and configure software on Windows and Linux
  • Ability to write small programs in a scripting language (e.g. Python, Ruby)
  • Ability to write basic web applications (ideally in PHP, but another language is also suitable)
  • Ability to troubleshoot IT issues

Frequently Asked Questions

What is the MCSI Method™?

Common Questions

  • Are there overlaps between CyZone and the free version of the Online Learning Platform?
    • No. Exercises in CyZone's core curriculum are not available in the free version.
    • Some modules in the code curriculum come with extra exercises that we urge you complete as well. Some of these optional exercises may be available in the free version. Completing them will round-up your skills.
  • What are the benefits of CyZone?
    • Organizations prefer to hire skilled employees who can perform field work. CyZone prepares you exactly for that.
    • Having access to a community of students and instructors, helps you evaluate the trajectory of your career regularly.
    • Every professional is accountable for their career. The teaching style adopted by CyZone boosts students to think independently.
  • Why should I consider participating in CyZone?
    • Traditional methods of training claim to provide entry-level skills, but do not help you land your first job.
    • You've received career advice that did not work. MCSI teaches up-to-date content and we provide timely career advice. Our insights come from work done in the field, for our customers.
    • The industry claims to have a talent shortage, but a majority of job applications get rejected due to a skill gap.
  • Will I get a trial version of CyZone?
    • You can access 200+ free exercises in MCSI's Online Learning Platform. This version is self-paced, with very limited instructor involvement. You are expected to study independently.
  • What should I do after completing CyZone?
    • We invite you to remain a student of MCSI
    • Our Institute offers multiple certification programmes across various domains in cybersecurity, to help you advance in your career.

Career Outcomes

CyZone successfully prepares you for the following roles:

  • Junior Penetration Tester
  • Junior Red Teamer
  • Junior Incident Responder
  • Level 1 SOC Analyst
Certification Detail

Upon completing CyZone, you will be capable of performing the following:

  • Plan and deliver web application and infrastructure penetration tests
    • Use open-source intelligence (OSINT) tools to enumerate the attack surface of a target
    • Test applications against the OWASP Top 10
    • Obtain a code-level understanding of how web application vulnerabilities are created
    • Use automated scanners to identify vulnerabilities in software and infrastructure
    • Crack password hashes to break into user accounts
  • Defend and secure computer networks
    • Use open-source intelligence (OSINT) tools to perform situational awareness assessments
    • Use YARA to identify suspicious Windows binaries
    • Use Pandas to detect indicators of compromise (IOCs)
    • Scan operating systems and network services for common vulnerabilities
    • Harden Windows machines against common attacks using PowerShell
  • Identify and respond to cyber intrusions
    • Adopt a structured approach to investigating cyber incidents
    • Use file system forensics, memory forensics and OS forensics to reconstruct an incident
    • Recover the timeline and key events of a cyber incident
    • Develop reusable incident response playbooks
    • Produce Digital Forensics and Incident Response (DFIR) Reports
  • Analyse malicious files and retrieve indicators of compromise
    • Discover, decompose and analyse malware deployed in native Windows files (e.g. RTF, MSI and LNK)
    • Analyse malicious code deployed in Adobe PDF and Microsoft Office documents
    • Perform behavioral malware analysis using OS monitoring tools
    • Deploy, configure and use virtual machines and virtual networks to retrieve indicators of compromise
    • Produce Malware Analysis Reports (MARs)
  • Plan and deliver Red Team Operations
    • Steal credentials stored in the memory of Windows computers
    • Perform Pass-the-Hash attacks and move laterally across a network environment
    • Obfuscate penetration testing tools to bypass anti-virus software
    • Write malware code that persist on Windows machines
    • Develop a spear-phishing attack framework to steal user credentials
    • Clone login interfaces and deploy phishing websites


Why MCSI's CyZone is World Class

why MCSI

Comprehensive, Effective, Exceeds Standards

CyZone offers 150 uniquely-designed practical exercises. You will get hands-on skills in 10 cyber domains. Towards the end of the curriculum, MCSI trains you step-by-step through simulated engagements. Your tasks will simulate work that you'll one day perform in the field. This pre-deployment experience goes above and beyond any other alternative methods of studying.

why MCSI

Accelerated pace to market

CyZone accelerates your speed to market. In only 12 months, part-time, you will produce a portfolio of demonstrated skills. Your portfolio will have hundreds of artefacts showcasing your capabilities. You will also get Certificates of Completion to promote your profile on social media. Employers will immediately see the value that you can bring to their team. Benjamin Mossé's Letter of Reference will differentiate your profile against other candidates.

why MCSI

Personalized Feedback

Instructors with real-world experience review your submissions. They will provide you with personalized feedback on all your tasks. This unique approach will fast-forward your progress. You will learn practical skills, and you will also learn to meet industry work standards and expectations. Our personalized approach will set you up for long-term success.


We'll respond within 24 hours

Visit our Frequently Asked Questions (FAQ) page for answers to the most common questions we receive.

Ready to acquire practical cyber security skills?

Apply now!