Network Security
Internship Program
8-Week Live Defensive Security Training
This is not passive learning. You'll analyse real traffic, write detection rules, design secure architectures, and present findings weekly — mentored directly by practitioners who do this work professionally. By week 8, you're ready to step into a SOC, NSOC, or blue team role.
No refunds after enrolment — check Refund Policy
2 Training Sessions
per week, live
1 Intern Presentation
per week, graded
24 Live Touchpoints
total
3 Practitioner Mentors
direct access
Performance Certificate
earned, not given
Your Mentors
Not instructors who read slides. Practitioners who have done the work — and are still doing it.
Designs the internship curriculum and leads sessions on attack tradecraft, protocol abuse, and adversary thinking. Built the program to mirror real security operations — not textbook theory.
Leads sessions on SOC workflows, alert triage, log analysis, and threat detection. Brings Top 2% TryHackMe performance and real blue team execution experience to the cohort.
Focuses on traffic analysis, Wireshark labs, and network-level investigation. Brings practical CTI experience and ethical hacking depth to packet-level and detection-focused sessions.
What You Will Learn
How networks function and where attacks enter the picture
How to capture, filter, and interpret real network traffic
How attackers abuse protocols and exploit weak architectures
How to detect, triage, and investigate network threats
How to harden infrastructure using defensive frameworks
How to present technical findings and document professionally
Program Structure
8 weeks. 2 sessions per week. Each week closes with an intern presentation. Progressively deeper.
Networking Foundations & Security Mindset
OSI/TCP-IP models, packet flow, DNS/DHCP/ARP deep dives, and understanding why network security fails in real organisations.
Network Protocol Deep Dive
TCP internals, DNS tunneling, SMB, Kerberos, RDP/SSH security, SNMP risks, and NTP reflection/abuse.
Traffic Analysis & Wireshark Ops
Full PCAP malware investigation — detect port scans, brute force, C2 beaconing, and reconstruct attack sessions.
Firewalls, ACLs & Segmentation
Build ACL rule sets, segment flat enterprise networks, design DMZ architecture, and apply Zero Trust principles.
IDS/IPS & Detection Engineering
Write Suricata rules, triage alerts, correlate across events, and execute PCAP-to-detection rule exercises.
Network Hardening & Secure Architecture
Audit device configs for hardening gaps, design secure remote access, review bastion host and VPN architecture.
Network Attacks & Adversary Tradecraft
Study MITM, ARP spoofing, VLAN hopping, BGP hijacking, DDoS amplification, and network-based persistence.
Blue Team Ops & Final Capstone
SOC/NOC/NSOC triage workflows, escalation, documentation standards, and final capstone: Secure and Defend a Mock Enterprise Network.
Weekly Presentation Track
Every week you stand up, present your findings, and defend your work. Communication is a core operator skill.
Explain How a Packet Travels From Browser to Server
Annotated diagram with per-layer breakdown and one attack vector identified per layer
Most Abused Enterprise Protocol and Why
Research brief covering CVE history, exploitation method, and real-world business impact
Analyse This PCAP and Present Findings
Full malware PCAP investigation: victim host, initial suspicious packet, C2 infrastructure, payload transfer, beaconing pattern
Design Secure Network Segmentation for a Small Enterprise
Network diagram with VLAN layout, DMZ design, ACL rule set, and Zero Trust rationale
Investigate an IDS Alert and Explain Your Verdict
Alert triage walkthrough with true/false positive determination and supporting evidence chain
Harden a Given Network Architecture
Config audit with gap analysis, prioritised remediation steps, and secure architecture redesign
Break Down One Real Network Attack Case Study
Kill-chain analysis of a real-world attack (e.g. Mirai Botnet, AS7007 BGP Hijack) with lessons learned
Final Capstone: Secure and Defend a Mock Enterprise Network
Network diagram · Segmentation strategy · Firewall rule set · Detection logic · Threat model · Attack path analysis
Week 8 — Final Capstone Requirements
Your capstone must cover all six components. This is the definitive evaluation of your operator-level capability.
Performance-Based Recognition
Certificates are earned — not distributed. Your tier reflects actual output, assessed across all 8 weeks by your mentors.
Entry Level
Apprentice
- Attended 80%+ of all live sessions
- Completed and submitted all weekly presentations
- Participated in Q&A and group discussions throughout
Demonstrates consistent participation and foundational network security knowledge across all 8 weeks.
Intermediate Level
Analyst
- All Apprentice-level criteria met
- Strong documented lab outputs week-over-week
- Presentation quality assessed above cohort baseline
- Engaged in advanced challenge and research work
Demonstrates applied technical skill, structured analytical thinking, and measurable output quality.
Top-Tier Level
Operator
- All Analyst-level criteria met
- Exceptional six-component final capstone
- End-to-end operator-level thinking demonstrated
- Formally recognised by instructors for output quality
Reserved for interns who demonstrate true operator capability — someone TCL would refer to employers with confidence.
Certificate tier is determined by your mentors at program end based on session attendance, presentation quality, lab outputs, and capstone execution. All assessments are final and non-negotiable.
How You'll Actually Learn
- Live PCAP traffic analysis with real attack patterns
- Firewall rule writing and ACL design exercises
- Network diagram threat modelling assignments
- Detection engineering with Suricata/Snort rule writing
- Hardening checklists applied to real device configs
- CVE breakdown and deep-dive research assignments
- Weekly presentations defending your technical findings
Real-World Toolset
Built-In Learning Systems
Every week has structured deliverables so you're never stuck — and never coasting.
How to Earn Your Certificate
Meet all four criteria to qualify. Partial completion does not result in a certificate.
Attend 80%+ Sessions
Show up consistently. Reliability is the first operator-level behaviour we assess.
Complete Weekly Presentations
Every week, you present your findings to the cohort and defend your work.
Submit Final Capstone
A complete six-component enterprise network defence submission — no partial credit.
Participate in Q&A
Active, meaningful discussion and peer engagement expected across all sessions.
Where This Takes You
By program end you'll have real hands-on experience, a capstone project, and interview-ready skills for defensive security roles.
SOC / NSOC Analyst
Network Security Engineer
Blue Team Operator
- Beginners and intermediate learners entering network security
- Students preparing for SOC or blue team roles
- Anyone wanting structured, mentor-led defensive training
- Those targeting Net+ / CCNA / entry-level security certifications
- Not passive — you present, analyse, and defend findings every week
- Real-world defensive scenarios, not outdated theory or recycled slides
- Traffic analysis + hardening + detection combined in one program
- Mentored by practitioners — not hired instructors with no field experience
Train like it's your job.
24 live sessions. Weekly presentations. A capstone that proves your skills. Mentored by three active practitioners. Limited seats per cohort — this is an internship, not a course you can coast through.
No refunds after enrolment. Read the Refund Policy →
Limited seats per cohort · live sessions · direct practitioner feedback