Cybersecurity Bootcamp Curriculum: 360 Hours, 12 Modules, Real Tools

How the curriculum is structured

The Unihackers Cybersecurity Bootcamp is 360 scheduled hours of training delivered over six months. The structure is deliberate: each module builds on the previous one, the labs scale in difficulty in lockstep with the theory, and the final modules pull everything together into job-ready capability. Twelve modules total, organized in four phases.

The total adds up to 360 hours of structured curriculum plus self-study and lab practice between sessions.

Phase 1: Foundation (90 hours)

Module 1: Cybersecurity Foundations (30h)

You start with the conceptual scaffolding everything else hangs on. The CIA Triad. Threat categories. Attack vectors. Major frameworks (the NIST Cybersecurity Framework, ISO 27001 at an overview level). Ethical and legal aspects. By the end you can read security news critically and understand the role landscape.

Tools introduced: Kali Linux, VMware, basic command line.

Module 2: Networking and Network Security (30h)

How networks actually work and how they get attacked. TCP/IP, the OSI model, IP addressing and subnetting, routing fundamentals. VPNs, VLANs, DMZs. Firewalls, IDS/IPS, NAC. Common network attacks including man-in-the-middle, DDoS, and ARP spoofing. Heavy lab time in Wireshark analyzing real packet captures.

Tools introduced: Wireshark, packet capture analysis, network device configuration.

Module 3: Operating Systems Security (30h)

Securing Windows and Linux endpoints. User and permission management. File system security and encryption. Patch management. Hardening techniques. Endpoint Detection and Response (EDR) fundamentals. Logging and auditing with Event Viewer and syslog. Automation with PowerShell and Bash.

Tools introduced: PowerShell, Bash scripting, EDR concepts, system logging tools.

Phase 2: Core skills (120 hours)

Module 4: Cryptography and Secure Communications (30h)

The math and protocols that make modern security possible. Symmetric and asymmetric encryption, AES, RSA, ECC, hash functions. Digital signatures and PKI. TLS handshakes and cipher suites. Common cryptographic attacks (brute force, downgrade, MITM). Practical evaluation of cryptographic implementations.

Module 5: Security Governance, Risk and Compliance (25h)

The organizational layer. NIST CSF and ISO 27001 in operational depth. GDPR and NIS2 implications. Risk assessment methodology. Drafting security policies. The regulatory landscape across the EU. This module is critical for GRC analyst roles and for any technical role that needs to communicate with auditors.

Module 6: Threat Modeling and Vulnerability Management (30h)

Identifying what could go wrong before it does. STRIDE, DREAD, and PASTA threat modeling frameworks. Vulnerability assessment methodology. CVSS scoring. The full vulnerability management lifecycle: discover, assess, prioritize, remediate, verify. Hands-on with Nessus and OpenVAS.

Tools introduced: Nessus, OpenVAS, threat modeling frameworks, CVSS calculators.

Module 7: Security Operations and Monitoring (35h)

How a modern SOC actually works. SOC roles and workflows. Log ingestion, normalization, and correlation. SIEM querying with Splunk. Detection engineering fundamentals. EDR and XDR investigations. MITRE ATT&CK mapping. Operational metrics and KPIs. This is the largest single module because it covers the most common entry role.

Tools introduced: Splunk, EDR/XDR platforms, MITRE ATT&CK navigator.

Phase 3: Advanced (135 hours)

Module 8: Advanced Security Operations (35h)

Beyond monitoring into modern defensive operations. Structured Incident Response. Digital Forensics and Incident Response (DFIR) fundamentals. Disk and memory forensics. Hypothesis-driven Threat Hunting. Threat Intelligence with strategic, operational, tactical, and technical layers. MISP and STIX/TAXII for sharing. MITRE ATT&CK for adversary mapping.

Tools introduced: FTK Imager, Autopsy, Volatility, MISP, STIX/TAXII platforms.

Module 9: Web Application Security (30h)

The OWASP Top 10 in practical depth. SQL injection, cross-site scripting, CSRF, IDOR, broken authentication, security misconfiguration, vulnerable components. Web architecture fundamentals. Practical mitigation strategies. Heavy hands-on time in Burp Suite analyzing realistic vulnerable applications.

Tools introduced: Burp Suite, OWASP testing methodology.

Module 10: Penetration Testing and Ethical Hacking (40h)

Offensive security through a defensive lens. Ethical and legal frameworks. Penetration testing methodology and rules of engagement. Reconnaissance, enumeration, exploitation, privilege escalation, lateral movement, persistence. Professional reporting. The largest module by hours because the lab depth matters.

Tools introduced: Nmap, Metasploit, Burp Suite for offensive use, exploitation frameworks.

Module 11: Security Engineering and Emerging Technologies (30h)

Security automation with Python and PowerShell. SOAR concepts. Cloud security fundamentals and IAM. Cloud misconfigurations and attack/defense patterns. AI in cybersecurity (detection, automation, adversarial scenarios). LLM Security and the OWASP Top 10 for LLM Applications. AI-assisted pentesting. Ethics, privacy, and data protection in AI systems.

Tools introduced: Python for security automation, cloud security platforms, AI/LLM security tools.

Phase 4: Career launch (20 hours)

Module 12: Career Coaching and Certification Preparation (20h)

The transition from training to employment. Cybersecurity career path overview (SOC, pentest, security engineering, GRC). Resume and LinkedIn profile optimization. CompTIA Security+ (SY0-701) exam preparation including practice tests and exam strategy. Common cybersecurity interview questions and behavioral interview practice. Panel interview simulations. Long-term career growth planning.

Output: you sit Security+, you have a portfolio of three to five documented projects, you have a recruiter-ready LinkedIn profile, and you have a job search plan tailored to your local market.

Phase structure: foundation, core, advanced, career

The four-phase architecture is not arbitrary. It maps to how cybersecurity capability actually accumulates in a working analyst.

• Foundation (modules 1 to 3). Conceptual scaffolding plus the technical baseline (networking, OS internals) that makes every later topic legible. Without this, a SIEM query is opaque, a packet capture is noise, and a privilege escalation chain is inexplicable. Foundation hours are dense because the rest of the program assumes them.
• Core (modules 4 to 7). The transition from "I understand systems" to "I can apply security thinking to systems". Cryptography reframes how data moves. GRC reframes who owns risk. Threat modeling reframes how you see designs. Module 7 then introduces the workflow you will use daily in your first job: SOC operations.
• Advanced (modules 8 to 11). Specialized defensive (DFIR, threat hunting), offensive (web, pentest), and forward-looking (security engineering, cloud, AI) capability. By the end of this phase you can credibly hold a Tier 1 SOC seat or a junior pentest seat depending on cohort focus.
• Career (module 12). The phase most bootcamps skip or reduce to a CV review. Twenty hours of structured certification preparation, portfolio polishing, mock interviews, and personalized job search planning.

This sequence reflects how teams onboard juniors in production: defensive first, offensive after defensive is solid, specialization last. The curriculum mirrors the workplace.

Hours allocation: how 360 hours break down

The headline number is "360 scheduled hours". The actual structure within those hours is what most bootcamps do not disclose.

Of every ten hours of training, roughly five are theory, two and a half are hands-on, and the remainder is structured guidance plus expert exposure. This ratio is deliberate. Pure lecture produces shallow recall. Pure labs without theory produce confused recipe-followers. The blend is what produces practitioners. Most short-format bootcamps allocate 70 to 85 percent of their hours to live theory and limit labs to under 30 hours; the Unihackers ratio inverts that shortfall.

What makes a practitioner-led curriculum different from vendor-led

Many cybersecurity bootcamps are built around vendor certifications and vendor toolchains. The Unihackers curriculum is built around practitioner-grade tooling and methodology, with vendor certifications layered in for credentialing rather than as the curriculum's spine.

Practitioner-led means the tools you learn are the tools your future colleagues use in real engagements:

• Splunk for SIEM querying because it is the dominant platform in EU enterprise SOCs
• Wireshark for packet analysis because it is the universal default
• Burp Suite (community plus exposure to Pro features) for web testing because every pentest report references it
• Metasploit for exploitation because the framework is the exploitation lingua franca
• OWASP ZAP and Nmap because they round out the offensive baseline
• Volatility, FTK Imager, Autopsy for forensics because they are what real DFIR teams reach for
• MISP for threat intelligence sharing because the EU ecosystem standardized on it
• PowerShell and Python for automation because they are the two languages that pay rent in security

A vendor-led curriculum trains you to pass an exam. A practitioner-led curriculum trains you to handle an alert at 02:00 on a Tuesday. The exam then becomes a documentation step, not a destination.

The tools stack mapped to curriculum phases

The toolchain expands phase by phase to mirror the analyst's growing scope.

The same tool may appear in multiple phases at increasing depth. Wireshark in module 2 is "open a pcap and identify a TCP handshake". Wireshark in module 8 is "trace a lateral movement chain across captures and produce a forensic timeline". The depth scales with the analyst.

Capstone and final project reality

Module 12 is the structured certification preparation phase, but the real capstone of the program is the portfolio you build across modules 7 through 11. This is what gets reviewed in interviews, not the diploma.

Each cohort produces three to five documented artifacts per learner. Typical examples:

• An end-to-end alert triage writeup using Splunk queries on a realistic dataset
• A vulnerability assessment report on a deliberately vulnerable web app
• A network forensic timeline reconstructed from a real pcap and event logs
• A pentest engagement summary with reconnaissance, exploitation, and remediation
• A detection rule written for a specific MITRE ATT&CK technique with test data

The mentorship hours are where these artifacts get refined into hiring-grade material. The career coaching hours are where they get repackaged into a LinkedIn portfolio and a recruiter-ready CV. By graduation you have something concrete to show, not just a badge.

Certification mapping inside the curriculum

The curriculum maps explicitly to three certification tracks. The Security+ exam voucher and preparation are bundled. CySA+ and OSCP are realistic next steps that compound the bootcamp investment.

Specific role pages also break down which certifications matter most by job: SOC analyst, security engineer, pentester, and cloud security engineer.

What is included beyond the modules

The 360-hour curriculum is the core of the bootcamp. The full program includes additional structured value:

• CompTIA Security+ preparation and exam voucher with a combined value of over €985
• Certiprof certification voucher worth approximately €250
• TryHackMe Premium access for the duration and beyond
• 25 hours of one-on-one mentorship with active practitioners
• 15 hours of personalized career coaching
• 12 hours of live expert panels with industry leaders
• 30 hours of recorded masterclasses for asynchronous depth
• Professional headshots for your LinkedIn presence
• The Unihackers Diploma and digital badge for your professional profiles

Roles the curriculum directly prepares you for

The curriculum maps explicitly to several entry-level cybersecurity roles. Listed in order of typical placement frequency for our cohorts:

• SOC Analyst (Tier 1), prepared by modules 1, 2, 3, 7, 8, 12
• GRC Analyst, prepared by modules 1, 5, 6, 12
• Junior Cybersecurity Analyst, prepared by modules 1 through 8 plus 12
• IT Security Support, prepared by modules 1 through 7
• Junior Penetration Tester (with extra independent practice), prepared by modules 9, 10
• Incident Response Trainee, prepared by modules 7, 8

Cloud security, security architecture, and senior consulting roles are not entry roles regardless of program. The curriculum gives you the foundation to specialize toward them in your second or third year of career experience.

Where this curriculum sits in the broader market

A few honest comparisons for context:

• Most "cybersecurity bootcamps" run 12 to 16 weeks. The Unihackers program runs 24 weeks because the curriculum density and hands-on hours genuinely require it.
• Most bootcamps include zero certification vouchers. This program includes two.
• Most bootcamps cap labs at 20 to 40 hours. This program is 90+ hours of structured labs.
• Most bootcamps lecture using career instructors. This program uses active practitioners with current SOC, IR, and pentest engagements.

These differences are not marketing claims; they are structural decisions you can verify by reading the verified student reviews and the instructor profiles on the bootcamp page.

Next steps

If the curriculum depth matches what you are looking for, the next step is the application or a conversation with admissions. The interview is the right place to ask which modules will be hardest for your specific background and how the mentorship can be tailored to your target role.

Start your application, view tuition, or see the full bootcamp page.