Employers seek candidates who can hit the ground running with dependable practical skills. Cyzone Bootcamp is innovative and equips you with the industry-standard practical skills. Preparedness is key to ensuring your confidence for your first position. This is how CyZone brings and leads you to deliver immediate high value in the field.
Traditional training methods only focus on the theory of information security. Traditional training does not include the practical hands-on skills required by the industry. CyZone Bootcamp covers all the angles, boosting skills to high performance for your 1st job.
What is CyZone?
CyZone is a high-intensity training bootcamp delivered online.
CyZone Bootcamp gives you a solid technical foundation in cyber security. This fundamental training prepares you to get your first job in the industry or the military.
CyZone uses the MCSI Method™. The MCSI Method develops critical-thinking skills. It teaches you how to also work on your own. The Method is 100% practical. It is effective in providing speedier, more comprehensive hands-on skills than any other.
Is CyZone for me?
You're a cyber student who realized that you must have higher practical skills. College/university education was theoretical.
You want to land your first job already strengthened with work experience.
You want to be ahead of the game with learning modern skills that are in demand by the industry.
You're looking for a cybersecurity mentor to help design a career path for you.
You're ready to dedicate a few months to gain a solid foundation cybersecurity career.
How long does it take?
If you go all in for it, it's possible to complete CyZone in 3 months. Part-time study of CyZone may take you up to 12 months to complete.
“Employers put very little weight on industry certifications and solving pre-made lab exercises. They consider skills, responsibilities and work attitudes the most important. That's what CyZone teaches. The MCSI Method™ does it in a way that can be demonstrated to employers. Our students create work products that are what employers want them to develop in the field. Their exercises are peer reviewed by industry professionals. We impart work standards that set our students up for success. That's our unique value proposition. Our students can prove they can do the job.” - Benjamin Mossé, Founder of MCSI
How does CyZone work?
The following diagram explains how CyZone works at a high-level:
Figure 1 - CyZone Workflow
Features and Benefits
The following diagram shows the benefits of completing the CyZone Bootcamp:
Figure 2 - Before and after CyZone
Our exercises simulate real-world engagements. Your will solve problems in the same manner that a professional would in the field. Building up professional skills involves doing your own research. It also includes seeking guidance from your peers, and developing your own solutions.
MCSI's motto: “Skill mastery wins!”
Professional Work Standards
You are to submit your solutions as code, videos, reports, or a combination of the three. We give you plenty of guidelines on how your work must look professionally drafted. Along with learning practical skills, you will also learn professional skills!
Certificates of Completion
You earn a Certificate of Completion for each exercise you pass in the CyZone Bootcamp program.
We urge you to include these certificates on your CV. You may also share them on social media to promote your profile.
Portfolio of Demonstrated Skills
Solving exercises requires you to produce artefacts such as:
Source code and programs
Policies, procedures and checklists
Together, these artefacts make up your Portfolio of Demonstrated Skills. Your Portfolio will showcase your abilities to prospective employers. Potential employers may ask you, 'What have you done?' or 'Can you show me what you can do?'. You will have hundreds of work examples to showcase your capabilities!
Letter of Recommendation
You get a signed Letter of Recommendation from Benjamin Mossé when you complete CyZone Bootcamp.
Comparing Cyber Security Bootcamps
Here's how CyZone compares to other bootcamps:
$12,000 - $15,000
$3,000 - $8,000
12 months, part-time
5 to 20 days
10 to 40
Portfolio of Demonstrated Skills
Letter of Recommendation
Module 01: Situational Awareness
You will learn to discover vulnerable ICT systems and data exposed to the Internet. This activity is called Situational Awareness. Cyber defenders use it to discover vulnerabilities. In some cases, it may even identify active cyber attacks. The following open-source intelligence (OSINT) techniques are covered:
Certificate Transparency Logs
DNS Brute Forcing
DNS Reverse Lookup
Search Engine Dorking
Sensitive information leakage
TLD Brute Forcing
Module 02: System Administration
In the field, you will be expected to know how to deploy, configure and manage your tools. This module teaches you fundamental system administration skills. The concepts and techniques covered will last you a lifetime.
Hardening user applications to prevent endpoint compromise
Isolating data using file system permissions to prevent information theft
Managing firewalls to block unauthorized network connections
Securing operating systems to adhere to best practices
Using Group Policy Objects (GPOs) to deploy security at scale
Module 03: Professional Communication
Every cyber mission requires communication skills. In the field, you will interact with team members, stakeholders and third-parties. It is paramount to learn how to communicate effectively. You must also learn the etiquette that professionals follow in industry. This module teaches you important skills that you may very end-up using on a daily basis.
Request for Information (RFI)
Module 04: File Analysis
This module introduces you to the very basics of malware reverse engineering. You will learn important concepts and techniques to decompose and analyse suspicious files. If your intentions are to become a penetration tester or Red Teamer, then this module will expose you to how bad actors create malware.
Analysis of malicious scripts
Decomposing executable containers
Extracting scripts from rich file formats
Extracting shellcode from malicious files
Portable Executable (PE) format
Module 05: Memory Forensics
This module introduces you to memory forensics. You will learn how to acquire volatility memory and retrieve forensics artefacts. You will use the Volatility Framework against different operating system versions. In the end, you will investigate a malware infection using memory forensics.
Acquiring volatile memory
Executing and interpreting the results of Volatility plugins
Malware analysis from a memory dump
Module 06: Malware Analysis Fundamentals
This module continues to build your malware analysis skills. The objective is for you to understand how real-world attacks are conducted. You will get a technical understanding of spear-phishing attacks. We also introduce you to behavioral malware analysis techniques.
Analyzing spear-phishing payloads
Decomposing PE files
Monitoring API calls
Writing basic Malware Analysis Reports (MARs)
Module 07: Introduction to YARA
Industry professionals use YARA to detect cyber-attacks and track threat actors in cyberspace. Initially, it is a very simple tool that you can learn in an afternoon. In practice, it takes years to master. The use cases for this tool are endless. This module teaches you the basics of writing YARA rules.
Identifying heavily obfuscated executables
Tracking malware families based on unique strings and data points
Using the PE file format to discover malicious files
Writing professionally documented rules
Module 08: Threat Hunting with YARA
This module teaches practical threat hunting techniques using YARA. Cyber defenders use these techniques to hunt for adversaries that have evaded protections. They also use them to monitor and defend networks against known threats.
Combining YARA with memory forensics to discover memory-only backdoors
Discovering files that import suspicious Windows APIs
Tracking threat actors based on the defense evasion techniques they employ
Module 09: Windows Hardening
Module 10: Cyber Protection
This module introduces the fundamental concepts and techniques to protect large-scale networks. This module combines threat hunting, OS hardening, vulnerability scanning and automation.
Periodically scanning computers with proprietary detection rules
Identifying vulnerabilities in network services and operating systems
Protecting user applications using security features provided by Windows
Leveraging PowerShell to automate the deployment of hardening configuration settings
Module 11: Infrastructure Penetration Testing
This module focuses on post-exploitation techniques for penetration testing and Red Teaming. You will learn to use industry-standard tools as well as develop custom malware. Upon completion, you will have a deeper understanding of the cyber kill chain. This knowledge will serve you both as a cyber defender and as an ethical hacker.
Creating custom credential stealing software
Employing Mimikatz to steal Windows credentials and move laterally on a network
Leveraging binary obfuscation tools to bypass anti-virus software
Using Metasploit's post-exploitation modules
Module 12: Web Application Penetration Testing - Part 1
This module focuses on web application vulnerabilities. You will create vulnerable applications and exploit them. This practice will deepen your understanding of what insecure code is. Once you have integrated that knowledge, you will know how to find vulnerabilities in any application.
Arbitrary Command Execution
Cross-Site Request Forgery
Insecure Direct Object References
Malicious File Upload
Module 13: Complementary Security Tools
This module imparts additional security tools you must know. They will be part of your arsenal for both defensive and offensive cyber operations.
Web application vulnerability scanners
Module 14: Red Teaming - Persistence
This module teaches a range of persistence techniques for Red Team engagements. Students interested in cyber defense will benefit from the exercises too. Offense informs defense. In this case, you will learn what it takes to remove an attacker that has compromised a machine.
Abusing Windows auto-run features
Compromised and/or malicious user accounts
Editing the configuration settings of the operating system to run malicious code
Taking advantage of code that automatically runs when a utility starts
Module 15: Red Teaming - Discovery & Credential Access
This modules focused on Red Team techniques to steal credentials. It also teaches reconnaissance techniques to locate key cyber terrain that should be targeted later in the operation. Students wanting a career in cyber defense will greatly benefit from completing these exercises too. Cyber adversaries compromise and reuse stolen credentials. In fact, this is one of the most common attack vector. Learning how these attacks are conducted will deepen your understanding of how computer networks should be defended.
Identifying usernames and passwords in files using automation
Performing host reconnaissance to identify target information and build a network map
Stealing credentials from password managers
Writing keyloggers to steal passwords entered in applications
Module 16: Red Teaming - Initial Access
This modules teaches techniques adversaries use to gain a foothold into computer networks. As a Red Teamer, you will learn key offensive security tradecraft for ethical hacking engagements. Cyber defenders will be develop an understanding and appreciation of how cyber attacks are conducted. Preventing adversaries from entering the network perimeter is a crucial mission objective in cyber defense.
Creating, testing and deploying spear-phishing frameworks to compromise endpoints
Developing phishing websites to steal user credentials
Writing first-stage malware to evade anti-virus software and perform initial reconnaissance activities
Module 17: Threat Hunting with Python Pandas
By now, you will have a good understanding of how cyber attacks work and the forensics traces their create. This module integrates everything you have learnt so far. You will learn to develop and test threat hunting hypotheses. This skill will allow you to uncover adversaries that have evaded cyber protections.
Detecting adversaries that abuse OS utilities for persistence
Detecting malicious commands that indicate live compromises
Detecting malware that uses `living off-the-land` techniques
Generating and testing threat hunting hypotheses using a systematic process
This module teaches behavioral analysis techniques to reverse engineer malware. These techniques will prove invaluable when discovering suspicious binaries. If you intend to work as a Red Teamer, this module will illuminate how defenders analyse malware. Later in your career, this knowledge will enable you to development evasion techniques.
Sandbox analysis using the Cuckoo Sandbox
Creating your own malware sandbox to defeat anti-analysis techniques
Simulating a network environment to trick malware into revealing network indicators of compromise
Module 19: Incident Response Challenges
This module challenges you with incident response exercises. You will learn an investigative approach. Then, we will provide you with digital forensics artefacts. Your job will consist in recovering the timeline of the incident and the key events. Finally, you will write a professional report!
Creating Incident Statements
Generating and testing hypotheses
Recovering key cyber events
Restoring incident timelines
Writing DFIR reports
Module 20: Web Application Penetration Testing - Part 2
This module dives into more sophisticated application vulnerabilities.
Blind SQL injection
Bypassing weak input filters
Command execution at the database layer
Module 21: Playbooks, Checklists and Templates
Good cyber operators use systematic approaches to solve problems. In this module, you will learn how to create procedures, playbooks, checklists and other templates. The ability to create this documentation will prove helpful throughout your career.
Incident response playbooks
Penetration testing checklists
Enrollment and Fees
Unlock all the MCSI bootcamps with a single purchase:
Ability to comfortably read and understand IT documentation written in English. Ideally, an IELTS score of 6.5 with no band less than 6 (or equivalent).
Note: You can register for CyZone without having undertaken an English test.
Note: This requirement is only relevant if English is not your first language.
Proficiency in Information Technology (IT)
Below is a list of knowledge required to successfully take part in CyZone:
Knowledge of fundamental networking concepts (e.g. TCP/IP, ingress, egress, port forwarding, network services etc.)
Knowledge of fundamental programming concepts (e.g. variables, functions, algorithms etc.)
Knowledge of fundamental cyber security concepts (e.g. penetration testing, digital forensics, spear-phishing etc.)
Knowledge of web application controls (e.g. authorization, authentication, session management etc.)
Below is a list of technical abilities required to successfully take part in CyZone:
Ability to use a word editor such as Microsoft Word
Ability to proficiently use search engines to search for IT materials and troubleshoot software faults
Ability to configure and operate virtual machines on your local machine and in the cloud
Ability to install and configure software on Windows and Linux
Ability to write small programs in a scripting language (e.g. Python, Ruby)
Ability to write basic web applications (ideally in PHP, but another language is also suitable)
Ability to troubleshoot IT issues
Frequently Asked Questions
What is the MCSI Method™?
Are there overlaps between CyZone and the free version of the Online Learning Platform?
No. Exercises in CyZone's core curriculum are not available in the free version.
Some modules in the code curriculum come with extra exercises that we urge you complete as well. Some of these optional exercises may be available in the free version. Completing them will round-up your skills.
What are the benefits of CyZone?
Organizations prefer to hire skilled employees who can perform field work. CyZone prepares you exactly for that.
Having access to a community of students and instructors, helps you evaluate the trajectory of your career regularly.
Every professional is accountable for their career. The teaching style adopted by CyZone boosts students to think independently.
Why should I consider participating in CyZone?
Traditional methods of training claim to provide entry-level skills, but do not help you land your first job.
You've received career advice that did not work. MCSI teaches up-to-date content and we provide timely career advice. Our insights come from work done in the field, for our customers.
The industry claims to have a talent shortage, but a majority of job applications get rejected due to a skill gap.
Will I get a trial version of CyZone?
You can access 200+ free exercises in MCSI's Online Learning Platform. This version is self-paced, with very limited instructor involvement. You are expected to study independently.
What should I do after completing CyZone?
We invite you to remain a student of MCSI
Our Institute offers multiple certification programmes across various domains in cybersecurity, to help you advance in your career.
CyZone successfully prepares you for the following
Junior Penetration Tester
Junior Red Teamer
Junior Incident Responder
Level 1 SOC Analyst
Upon completing CyZone, you will be capable of performing the following:
Plan and deliver web application and infrastructure penetration tests
Use open-source intelligence (OSINT) tools to enumerate the attack surface of a target
Test applications against the OWASP Top 10
Obtain a code-level understanding of how web application vulnerabilities are created
Use automated scanners to identify vulnerabilities in software and infrastructure
Crack password hashes to break into user accounts
Defend and secure computer networks
Use open-source intelligence (OSINT) tools to perform situational awareness assessments
Use YARA to identify suspicious Windows binaries
Use Pandas to detect indicators of compromise (IOCs)
Scan operating systems and network services for common vulnerabilities
Harden Windows machines against common attacks using PowerShell
Identify and respond to cyber intrusions
Adopt a structured approach to investigating cyber incidents
Use file system forensics, memory forensics and OS forensics to reconstruct an incident
Recover the timeline and key events of a cyber incident
Develop reusable incident response playbooks
Produce Digital Forensics and Incident Response (DFIR) Reports
Analyse malicious files and retrieve indicators of compromise
Discover, decompose and analyse malware deployed in native Windows files (e.g. RTF, MSI and LNK)
Analyse malicious code deployed in Adobe PDF and Microsoft Office documents
Perform behavioral malware analysis using OS monitoring tools
Deploy, configure and use virtual machines and virtual networks to retrieve indicators of compromise
Produce Malware Analysis Reports (MARs)
Plan and deliver Red Team Operations
Steal credentials stored in the memory of Windows computers
Perform Pass-the-Hash attacks and move laterally across a network environment
Obfuscate penetration testing tools to bypass anti-virus software
Write malware code that persist on Windows machines
Develop a spear-phishing attack framework to steal user credentials
Clone login interfaces and deploy phishing websites
A graduate we hired as an L1 SOC analyst missed a major indicator of attack. The delay in responding to the intrusion quickly costed our bank 2M in damages. Whilst not the grad's fault, this event caused a major dent in our appetite for hiring uni grads. We support CyZone because it gives us candidates that have more practical experience.
CISO, Major Bank
We spend 150K over 3 years to train a single person on cyber. We put people through an 8-week bootcamp, delivered in person at our facilities. Folks come to us with degrees and certs that don't teach real skills. 99% of candidates get turned down because they've got no skills to begin with. There has to be a better way.
Head of Cyber Defense, Defense Contractor
Despite the talent shortage being a known issue, funding goes towards courses that don't teach in-demand skills. Educational institutions then come to us, presenting profiles of people we can't say yes to. These students have spent 3 to 5 years learning things that are irrelevant to us. The piece of paper doesn't mean anything in this field.
CISO, Critical Infrastructure
The reason why I landed a job was because of my practical skills trained with a "try harder" mentality at Mossé Cyber Security Institute coupled with my degree in Forensics (Computer Crime Option). :) Thanks Benjamin Mossé for this and for the great work references. I would highly recommend CyZone or the programs offered at MCSI!
Nathan Chan, Cyber Security, MNP
Why MCSI's CyZone is World Class
Comprehensive, Effective, Exceeds Standards
CyZone offers 150 uniquely-designed practical exercises. You will get hands-on skills in 10 cyber domains. Towards the end of the curriculum, MCSI trains you step-by-step through simulated engagements. Your tasks will simulate work that you'll one day perform in the field. This pre-deployment experience goes above and beyond any other alternative methods of studying.
Accelerated pace to market
CyZone accelerates your speed to market. In only 12 months, part-time, you will produce a portfolio of demonstrated skills. Your portfolio will have hundreds of artefacts showcasing your capabilities. You will also get Certificates of Completion to promote your profile on social media. Employers will immediately see the value that you can bring to their team. Benjamin Mossé's Letter of Reference will differentiate your profile against other candidates.
Instructors with real-world experience review your submissions. They will provide you with personalized feedback on all your tasks. This unique approach will fast-forward your progress. You will learn practical skills, and you will also learn to meet industry work standards and expectations. Our personalized approach will set you up for long-term success.