Cybersecurity Career Kickstart+
Our flagship blue-team career-conversion programme, studied part-time and fully online around a full-time job. Beginner-friendly, hands-on and built around real outcomes, for adults with no IT background.
Hear from our trainers and graduates
What you will learn
The Cybersecurity Career Kickstart+ is our flagship blue-team programme: CFCI’s career-conversion training, refined over more than twenty cohorts and delivered in collaboration with Ngee Ann Polytechnic. It takes you from first principles to job-ready across five modules, building the skills of a defender who can detect, analyse and respond to attacks.
You start by exploring how a corporate network works and how it is attacked, then build practical strength in Linux and Python. From there you move into security operations and monitoring, network research, penetration testing, and Windows forensics and incident response, finishing with a portfolio, recognised certificates and a clear route into a first role. 80% of graduates who completed the full programme and career services secured cybersecurity employment (as of early 2026).
Learning outcomes
By the end of the programme you will be able to:
- Explore and analyse corporate networks using industry-standard tools, and understand common cyber-attack vectors and defences
- Operate confidently in Linux: command-line, system configuration, automation and scripting
- Write Python scripts for cybersecurity tasks, including file handling, automation and analysis
- Work in a Security Operations Centre environment: deploy and use a SIEM, monitor logs, identify threats and respond to incidents in real time
- Configure Windows Server, Active Directory, firewalls, IDS and IPS in a domain environment
- Conduct structured penetration tests: reconnaissance, enumeration, exploitation, privilege escalation and post-exploitation
- Perform Windows digital forensics: file system analysis, registry examination, memory forensics, network and malware analysis
- Present your skills through a portfolio, and navigate the cybersecurity job market with a CV, interview preparation and career coaching
Who it is for
Mid-career adults who want a real second act in a growing field. There are no formal qualifications and no age requirement; selection is based on how you perform in the free experiential workshop, not on your CV. Most of our graduates who secured cyber roles had no prior IT background.
Entry requirement
Attendance at and completion of the free Cybersecurity Experiential Workshop (CEW) is required before enrolment. The CEW is both a hands-on taster and the entry assessment — we evaluate aptitude and readiness, not qualifications or work history.
How you will learn
Apprenticeship-based training. Trainers demonstrate directly on a virtual or host machine — showing, not slide-reading — and bridge the gap between concept and practical application in real time.
Practice labs. After each demonstration you work through repeated hands-on lab sessions that reinforce the technique, followed by deeper practice questions and challenge questions that build critical thinking across interconnected topics.
Projects and simulated scenarios. You apply accumulated skills in realistic attack-and-defence scenarios, building a portfolio that reflects what you can actually do.
Career preparation. The final phase covers CV preparation, interview coaching and one-to-one career guidance, with ongoing support through to your first role.
Classes are kept to approximately 1 trainer per 30 learners, ensuring direct access to guidance throughout the programme.
Programme structure
The programme runs for approximately 22 weeks of active training (about 8 months part-time), covering 333 hours across five modules. Sessions are held online three times per week:
- Two weekday evenings — 7 pm to 11 pm
- One weekend afternoon — 1 pm to 5 pm
The schedule is designed for working adults: the majority of learners study alongside full-time employment.
Week-by-week overview
| Week | Topics covered |
|---|---|
| 1 | Basic networking, remote access, steganography, hash encodings |
| 2 | OSI model, anonymity on the network, basic cyber attacks, network protocols |
| 3 | Linux distributions, basic commands, permissions, text manipulation, Bash scripting (loops, if, functions, case) |
| 4 | Network configuring and troubleshooting, package management, Deb packages, APT |
| 5 | Intro to Linux (Ubuntu), text manipulation, services, network scanning |
| 6 | Brute force, Fail2Ban, Linux scripting recap |
| 7 | Linux scripting for scanning; Linux scripting to analyse files |
| 8 | Scripting — if conditions; functions; case; password strength checker; malicious hash probability |
| 9 | Wireshark deep dive, MitM attack, LLMNR attack, VPN/Proxy/TOR, intro to Trojans, vulnerabilities on systems |
| 10 | Windows Server and ADDS install and configure, domain protocols and policies, IP subnetting, Windows event log analysis |
| 11 | Wireshark analysis in SOC, IDS and IPS configuration, Snort installation and rules |
| 12 | Firewall monitoring and management, firewall packages, web gateway filtering, vulnerability assessment |
| 13 | ELK and Beats deployment, threat identification, data aggregation, real-time monitoring, pfSense configuration |
| 14 | Domain hardening, open-source SIEM setup, OSSIM deployment, network and host monitoring, SMB security |
| 15 | Backdoor with Netcat, domain attacks, monitoring, incident response |
| 16 | Python: variables, strings, integers, booleans, lists, dictionaries, tuples, loops, basic scripting |
| 17 | Python: conditional statements, while/for loops, functions, modules, reading and writing files |
| 18 | OSINT: blogs, employee info, email harvesting, Shodan, Nmap scanning, service versions |
| 19 | NSE scripts, DNS/SMB/FTP/SSH/MySQL enumeration, network traffic, vulnerability detection, automated scanning, brute-forcing, Metasploit, exploits, Meterpreter |
| 20 | Bind and reverse shells with Netcat, payloads, Msfvenom, payload delivery, privilege escalation |
| 21 | Post-exploit Linux, post-exploit Windows, cracking Windows passwords, automating Msfconsole with rc script |
| 22 | OSINT with Google and Shodan on Linux, bypassing with Windows ISO and Kali, social engineering, intro to web application hacking |
Career support
Learning the skills is one half of a career switch; getting hired is the other. Career support runs alongside the training and continues after you finish:
- Live career workshops — practical sessions on navigating the cybersecurity job market.
- CV preparation — one-to-one help shaping a CV around your new skills and portfolio.
- Interview preparation — mock interviews and coaching for both technical and behavioural rounds.
- Ad-hoc employer referrals — when organisations approach CFCI for hiring solutions, we may share your CV with them. This is done on an ad-hoc basis and is never guaranteed.
This is real, hands-on support to make you genuinely hireable. It is not a job guarantee, and we will never claim one.
How it works
Start with a free info session, then attend the free Cybersecurity Experiential Workshop, which is both a hands-on taster and the entry assessment. Enrol when you are sure.
Graduates can also be invited to the Accelerated Career Programme, run by CSA and TIG with CFCI and Ngee Ann Polytechnic, which offers selected learners six-month industry attachments with employers.
What you will cover
The programme is delivered as seven Ngee Ann Polytechnic modules, with hands-on labs throughout. We'll walk you through the module structure and the SkillsFuture funding you qualify for at the free info session.
Module 01 Cybersecurity Fundamentals
- Basic networking and the OSI model
- Network protocols and remote access
- Anonymity on the network and basic cyber attacks
- Steganography and hash encodings
- Linux distributions, commands and permissions
- Text manipulation and Bash scripting (for loops, if statements, functions, case)
- Network configuring and troubleshooting, package management
- Virtualisation, bridge versus NAT, Linux directories and users
- Python: variables, booleans, lists, dictionaries, tuples, loops
- Python conditional statements, while and for loops, functions
- Python file I/O, modules, reading and writing files
Module 02 Network Research
- TCP/IP, the OSI model and network routing basics
- Network and remote connection protocols
- Traffic capture and analysis with Wireshark
- Filtering, parsing and extracting objects from traffic
- Advanced Wireshark: OS fingerprinting and detecting suspicious traffic
- File carving and network scanning
- Man-in-the-middle and LLMNR attacks
- Offline and online password brute forcing, Fail2Ban
- Intro to Trojans; payloads: reverse versus bind
- Linux scripting for scanning and file analysis
- Vulnerabilities on systems
Module 03 Security Operations Centre (SOC) Analyst
- Windows Server and Active Directory (ADDS) installation and configuration
- Managing domain protocols, policies and IP address subnetting
- Analysing Windows event logs on the domain controller
- Wireshark analysis in a SOC environment
- IDS and IPS configuration, Snort installation and rules
- Firewall monitoring and management, pfSense configuration
- Web gateway filtering and vulnerability assessment
- SIEM with ELK and Beats: deployment, threat identification, data aggregation, real-time monitoring
- Open-source SIEM with OSSIM, network and host monitoring and logging
- Domain hardening; backdoor detection with Netcat; domain attacks and incident response
- SMB protocol and security issues
Module 04 Penetration Testing
- OSINT: monitoring blogs, harvesting employee and organisation emails, Shodan
- Nmap scanning, service versions, NSE scripting
- Enumeration of DNS, FTP, SSH, SMB and MySQL; network traffic analysis
- Vulnerability detection methods and automated scanning
- Brute-forcing services
- Exploitation with Metasploit, working with exploits and databases, Meterpreter
- Bind and reverse shells with Netcat; payloads, Msfvenom, payload delivery
- Privilege escalation
- Post-exploitation on Windows and Linux; cracking Windows passwords; automating Msfconsole with rc script
- Social engineering and tools; intro to web application hacking
- OSINT with Google and Shodan on Linux; bypassing with Windows ISO and Kali
Module 05 Windows Forensics and Incident Response
- Storage and file system forensics
- Files and disk analysis, file system analysis, automatic carving, metadata
- Steganography in forensic context
- System artefacts and registry analysis
- Windows event analysis
- Volatile memory forensics and memory analysis
- Network and malware analysis
Tools you will use
You train on the same tools real security teams run, on CFCI's own cyber simulation platform — with every workflow mapped to the MITRE ATT&CK framework. Meterpreter and Msfvenom are part of Metasploit; Beats ships data into the ELK stack.
- Wireshark
- Nmap
- Metasploit
- Netcat
- Snort
- OSSIM
- Elasticsearch
- Logstash
- Kibana
- pfSense
- Burp Suite
- Shodan
- YARA
- Python
- Bash
Fees and funding
| SG Citizen 40 and above | SG Citizen 21–39 or PR | Self-funded / Standard | |
|---|---|---|---|
| Course fee, before funding | S$19,500 | S$19,500 | S$19,500 |
| SkillsFuture funding | Up to 90% | Up to 70% | — |
| Nett fee, before GST | S$1,950 | S$5,850 | S$19,500 |
| 9% GST | S$175.50 | S$526.50 | S$1,755 |
| Total payable | S$2,125.50 | S$6,376.50 | S$21,255 |
Singapore citizens aged 40 and above receive up to 90% SkillsFuture funding; citizens aged 21 to 39 and permanent residents receive up to 70%. 9% GST applies on the nett fee. SkillsFuture Credit (up to S$500), UTAP (S$200 to S$500) and PSEA may reduce the nett fee further. Figures are indicative — confirm your eligibility and the latest fees at the free info session.
Frequently asked questions
Do I need an IT or programming background to enrol?
No. The programme is built for adults from any background, and most of our graduates who secured cyber roles had no prior IT experience. We start from first principles, including the basics of networking, Linux and Python. The entry requirement is to attend the free Cybersecurity Experiential Workshop first, where we assess aptitude rather than qualifications.
How long is the programme, and what is the schedule?
333 training hours in total, delivered online and part-time over about eight months. Sessions run three times a week: two weekday evenings, 7 pm to 11 pm, and one weekend afternoon, 1 pm to 5 pm. Classes are kept to a ratio of about one trainer to thirty learners. The structure is built around working adults, so most learners study alongside a full-time job.
What funding is available?
Singapore citizens aged 40 and above receive up to 90% SkillsFuture funding, bringing the nett fee to S$1,950 (plus 9% GST), and citizens aged 21 to 39 and permanent residents receive up to 70%, bringing the nett fee to S$5,850 (plus 9% GST). All Singaporeans aged 25 and above can also apply up to S$500 in SkillsFuture Credit, and NTUC members may use UTAP (S$200 to S$500). PSEA may also be used. We work out your eligibility with you at the free info session.
What certifications will I earn?
On completing the programme you receive a Cybersecurity Career Kickstart+ certificate and seven modular skills certificates from Ngee Ann Polytechnic, plus a CFCI certificate of completion in Windows Forensics and Incident Response. Meet the higher performance criteria and you also qualify for a complimentary GIAC Certified Incident Handler (GCIH) examination voucher.
What happens if I fall behind?
You are supported, not pushed out. Trainers run repeat practice sessions and challenge questions, and you can revisit material and reassessments. Learners often take planned breaks around life events, and we work with you to keep you on track to completion.
What career support will I get?
Career support runs alongside the training and continues after it: live career workshops, one-to-one CV preparation, and interview preparation including mock interviews. When organisations approach CFCI for hiring solutions, we may also share your CV with them — this is done on an ad-hoc basis and is never guaranteed. We assist you towards employment; we do not guarantee a job.
Is a job guaranteed?
No. We do not guarantee a job, and we will never claim to. The programme is built to give you the skills, portfolio and certifications that make you genuinely hireable, backed by live career workshops, CV and interview preparation, and ad-hoc referrals when organisations approach us for hiring solutions.
What computer do I need?
A laptop or desktop that can run virtualisation comfortably: a minimum 6-core Intel i5 (7th generation or newer) or AMD Ryzen 5 (equivalent or newer) processor running at 2.0 GHz or higher, at least 16 GB of RAM, and around 512 GB of storage. The machine must support a hypervisor for the labs. Tablets and Surface Pros are not suitable. A built-in or external webcam is required. Recommended internet bandwidth: 20 Mbps download, 10 Mbps upload.
Ready to secure your future?
Join a free info session to meet the team, walk through the curriculum and find the right path for you. No IT background needed.