Military Programme

What is it?

Our military programme has been designed to provide globally accredited training and qualifications in cyber security and information assurance, delivered over 10 days, to UK Armed Forces that meet the adjacent criteria, for FREE.

The programme aims to enhance existing skills, develop new ones and to ultimately provide a pathway to a new career in cyber security.

If you are interested in finding out more before applying, you are welcome to attend one of our Insight Days.

Who is it for?

Currently serving members of the UK Armed Forces going through resettlement.


If you have already left the Armed Forces within 2 years and are currently unemployed.


If you are the spouse of either of the above.

The Process
1. Application

Apply online today via our application page. You will be asked to fill in some personal details about your current situation and then asked to select a course date. We will try our best to accommodate your choice on course dates, but we cannot always guarantee this. See our selection for classroom courses for more details.

2. Begin online training

Once you have applied, the Crucial team will send you your login details via email to join our online learning platform. Depending on which course you applied for, you will receive a customised curriculum on our online platform that you will need to work through. We highly recommend you work through CompTIA’s Network+ and Security+ courses (if you haven’t done so already), which are available on the platform. Though we do not require you to have the CompTIA certificates for these courses, if you are interested in obtaining them, we can provide you with a discounted exam voucher thanks to our partnership with CompTIA.

3. Selection for classroom courses

Places on our classroom-based courses are competitive and the team will be measuring your application against other applicants. Your application will be assessed based on your progress through our online training platform curriculums, your CV (including previous experiences) and your flexibility in regard to employment arrangements. Selection will take place no later than a month before the course start date and you will be notified when this is to happen. As part of the selection, you may have a technical interview with one of our instructors, who will ask you questions to ascertain your current knowledge level. It is also around this time that we like to get our employment partners involved and there is a good chance that they will want to speak with you and discuss employment opportunities. Then, if successful, you will be contacted and offered a provisional place on the course.

4. Attend classroom course

Congratulations, at this point you’ve been selected for one of our classroom courses! Here you will undertake an intensive 10 day training package for free. Students are required to pay for their exams. If you successfully complete the course and pass your exams, you will earn globally recognised cyber security qualifications. A point to note, you will need to organise your own accommodation for the duration of the course. If you are still in resettlement you can claim the cost of your accommodation and expenses back through the ‘MoD Form 2245’ which we can sign and stamp for you (If you are unsure where to find this form, please go and speak to your Unit clerk). During the course you will be working from 0830 – 1700 Monday to Friday and will be expected to complete homework assignments and projects. 

5. Completion

After completion of your course, you will receive your Crucial Academy certificate and your new qualification(s). We will add you to our Crucial Community, where you can network with former students and share knowledge, tips and job vacancies. If you have already spoken with an employment partner, this is where they will typically look to interview you in person. If you are yet to speak with an employment partner, we will do all we can to introduce you to companies we work with, but we cannot guarantee employment.


Offensive Cyber Security (Military Programme)

10 day course covering CREST CPSA and CRT, exclusively for our Military Programme

Offensive Cyber Security is a proactive approach to protecting computer systems, networks and individuals from attacks. The practice at its core involves conducting a penetration test of computers and networks looking for vulnerabilities and weaknesses that attackers could exploit.The CREST Practitioner Security Analyst (CPSA) qualification is an entry-level examination that tests a candidate’s knowledge in assessing operating systems and common network services at a basic level. The CPSA examination also includes an intermediate level of web application security testing and methods for identifying common web application security vulnerabilities.

The CREST Registered Penetration Tester (CRT) examination is recognised by the National Cyber Security Centre (NCSC) as providing the minimum standard for CHECK Team Member status and is designed to assess a candidate’s ability to carry out basic vulnerability assessment and penetration testing tasks.

  • Engagement Lifecycle
  • Introduction to Law and compliance
  • Scoping
  • Logging & Reporting
  • Open Source Intelligence (OSINT) techniques
  • Regional Internet Registries & WHOIS
  • Domain Name System enumeration
  • Understanding Intelligence value of Mailing lists/Newsgroups
  • Information leakage from Mail headers
Network Enumeration
  • Introduction to Wireshark
  • Local network traffic analysis
  • Analysis of PCAP files
  • Network Mapping & Target Identification
  • Introduction to Nmap & the Nmap Scripting Engine
  • OS Fingerprinting
  • Application fingerprinting
  • Banner Grabbing
  • Enumerating Microsoft Windows
  • Domain Reconnaissance
  • User Enumeration
  • Enumerating Linux/Unix Services
  • Username Enumeration
  • Rusers
  • Rwho
  • Sendmail/SMTP
  • Finger
Network Exploitation
  • Exploiting Microsoft Windows
  • Windows Vulnerabilities
  • Exploiting Linux/Unix
  • Unix Vulnerabilities
  • Exploiting Generic Services
  • Telnet
  • SSH
  • SNMP
  • NFS
  • Sendmail/SMTP
  • FTP
  • Access control
  • Risks surrounding Anonymous access
  • Microsoft Exchange
  • Common attack vectors
Post Exploitation
  • Obtaining password hashes
  • Cracking password hashes
Lateral Movement
  • Creating Tunnels
  • Using credentials
  • Passing the hash
Web/Database Exploitation
  • Web Architecture Overview
  • Tiered Architectures
  • Proxies & their purpose
  • Web Servers & their flaws
  • Understanding Web Protocols
  • Cookies
  • Cookie manipulation
  • Sessions
  • Session Hijacking
  • Introduction to Web Markup languages
  • HTML & XML
  • Web Programming Languages
  • Application Servers
  • Web Reconnaissance
  • Enumerating site structure
  • Parameter manipulation
  • Using Burpsuite
  • XSS Attacks & types
  • SQL Introduction
  • Writing basic SQL to manipulate databases
  • SQL Injection
  • MS SQL Server
  • Common attack vectors
  • Privilege escalation
  • Oracle RDBMS
  • Enumeration
  • Default accounts
  • File Inclusion vulnerabilities & how to exploit
  • Local File Inclusion
  • Remote File Inclusion
  • Post engagement reporting
  • Writing the report

Cyber Threat Intelligence (Military Programme)

10 day course covering CREST CPTIA and CRTIA, exclusively for our Military Programme

Cyber Threat Intelligence (CTI) is an area of cyber security that focuses on the collection and analysis of information about current and potential future attacks that threaten the safety of a nation, an organisation and/or its assets and individuals. The benefit of threat intelligence is that it's a proactive security measure, hopefully preventing data breaches and saving businesses the financial costs of cleaning up an incident. Its purpose is to give companies and individuals an understanding of the threats that pose the greatest risk to their infrastructure and employees and allows them to make informed decisions on what they can do to protect themselves.

The Crucial Academy Cyber Threat Intelligence course focuses on two qualifications. The CREST Practitioner Threat Intelligence Analyst (CPTIA) examination is an entry-level qualification aimed at individuals who are seeking to establish themselves within the Threat Intelligence industry. There is no requirement for a candidate to have a specified amount of previous experience working in the Threat Intelligence industry.

The CPTIA qualification demonstrates that an individual has a solid understanding of the theory and practice of cyber threat intelligence operations and is competent to undertake operational Threat Intelligence activities under the supervision of a CREST Certified Threat Intelligence Manager.

The CREST Registered Threat Intelligence Analyst (CRTIA) examination is aimed at individuals who are part of a team delivering threat intelligence services. A minimum of two years’ experience collecting, analysing and documenting threat intelligence is expected.

The CRTIA qualification provides assurance that an individual has reached the appropriate standard as a threat intelligence team member to deliver safe, legal and ethical services.

  • Introduction to Cyber Security
  • Cyber Security Principles
  • Introduction to Cyber Threat
  • Intelligence
  • Common Threats
  • Common Attack Methods
  • Common Protocol Attacks
  • Cryptography
  • C2 and Data Exfiltration
  • Attack Attribution
  • Common Vulnerabilities
Key Concepts
  • What is Intelligence?
  • Types of Threat Intelligence
  • Data Reliability
  • Introduction to Analysis
  • Cognitive Biases
  • Threat Risk Analysis
  • Threat Modelling
Gathering Intelligence
  • Active Reconnaissance
  • Passive Reconnaissance
  • Gathering Organisational Intelligence
  • Detecting, Preventing & Responding to Reconnaissance

Intelligence Lifecycle
  • Intelligence Lifecycle
  • Direction and Planning
  • Collection
  • Processing
  • Analysis
  • Dissemination
  • Review
  • Intelligence Lifecycle Security
  • Intelligence Maturity
  • Failures of the Intelligence Lifecycle

Analysing Intelligence
  • The Role of the Intelligence Analyst
  • Skills and Techniques
  • Using Logic
  • Analytical Tools
  • Analytical Process
Intelligence Models
  • Intelligence Estimate
  • Cyber Kill Chain
  • 7 Defensive Capabilities
  • Diamond Model
  • Gathering Indicators
Management of Intelligence
  • Client Management
  • The Language of TI
  • Managing Reporting
  • Managing Frameworks
  • Managing Third Parties
  • Legislation Awareness
  • Implementing an Intelligence Plan
  • Threat Intelligence Consumption
  • Threat Intelligence in Action
  • Operational Risk
  • Project Management
  • Organisational Threat Intelligence
  • Regulated Threat Intelligence Schemes
Auditing and Review
  • Monitoring, measurement, analysis and evaluation
  • Internal audit
  • Data breaches and corrective actions
  • Continual improvement
  • Competency, evaluation and closing the training

Defensive Cyber Security (Military Programme)

10 day course covering CompTIA CySA+, exclusively for our Military Programme

Defensive Cyber Security focuses on detecting, orienting, and engaging cyber threats in order to ensure businesses and individuals remain secure and have the ability to out-manoeuvre adversaries. The course has a strong emphasis on intelligence, surveillance, vulnerability management and implementing security controls.

The role in Defensive Cyber Security focuses on securing networks and monitoring the data within computers and systems whilst hunting for threats. You will protect businesses against a range of different attacks from malware, social engineering, phishing and physical techniques attempting to gain access to systems.

CompTIA Cyber Security Analyst+ (CySA+) is the only intermediate highstakes cybersecurity analyst certification with performance-based questions covering security analytics, intrusion detection and response. It is the most up-to-date security analyst certification that covers every topic you need to protect businesses against the myriad of threats posed nowadays.

  • Introduction to Cyber Security
  • Principles of Security
  • Cyber Security vs Information Security
  • The Basics of Cyber Security
  • Cyber Threats
  • Common Attack Methods
  • Vulnerabilities
  • Defence Against Attacks
  • Active Reconnaissance
  • Passive Reconnaissance
  • Gathering Organisational Intelligence
  • Common Resources
  • Detecting, Preventing and Responding to Reconnaissance
Threat Management
  • Building a Secure Network
  • Cyber Security Toolkit
  • Penetration Testing
  • Reverse Engineering
  • Introduction to Risk
  • Evaluating Risk
  • Risk Reduction Techniques
  • Cyber Kill Chain
  • Diamond Model
  • Gathering Indicators
Vulnerability Management
  • Implementing a Vulnerability Management Plan
  • Analysing Vulnerability Scans
  • CVSS Scoring
  • Network Vulnerabilities
  • Host Vulnerabilities
  • Wireless Vulnerabilities
  • Application Vulnerabilities
  • Virtual Infrastructure Vulnerabilities
  • ICS Vulnerabilities
  • Tools for Vulnerability Detection
Incident Response
  • Incident Response
  • Capturing Events
  • Detecting Common Network Issues
  • Handling Network Probes & Attacks
  • Investigating Host Issues
  • Analysing Data Exfiltration
  • Analysing Application Symptoms
  • Understanding the Compromise
  • Recovery and Post-incident Response
  • Conducting a Forensic Investigation
Security Architecture
  • Security Architecture
  • Defence-in-Depth
  • Common Architectural Issues
  • Maintaining & Reviewing
  • Policy & Compliance
  • Software Development Lifecycle Security
  • Secure Coding
Access Management
  • Identity and Access Management Security
  • Identity as a Security Layer
  • Identity Attacks
  • Building a Forensic Capability

What our customers say about us

“I was lucky enough to be on the first offensive course. The training and qualification gained from the Crucial Academy allowed me to step straight into a career as a penetration tester. I cannot recommend the Crucial Academy highly enough to those starting their new cyber career”

Context IS

"I attended the Defensive Course in July 2018 and I would urge anyone with an interest in a cyber career to attend. A professionally run team with a wealth of knowledge, that helped me expand my military cyber experience and gain new qualifications that secured me a new career route"

MWR InfoSecurity

"I attended the Crucial Academy Information Assurance course in July 2018. The organisation provides great opportunities, helping to advance your career into cyber. I would recommend this company to others"


"I attended the Crest Registered Threat Intelligence Analyst course at the Crucial Academy in November 2018. I can't thank Crucial Academy enough, the instructors, guest speakers and the mentors were all truly fantastic. They enabled me to gain a deeper understanding about cyber security, helped me to focus on what was relevant, gave me plenty of useful links and self study tutorials"


"I attended Crucial Academy's first Information Assurance and Cyber Threat Intelligence courses. The content and instruction on both were of a very high standard. The Crucial offer is an incredible opportunity, not to be missed, for current and ex-military hoping to transition into Information/Cyber Security"


"Crucial Academy provided an impressive fusion of real-world experience with subject matter expertise. This training ensured that the students not only passed their exam but came away with the information to be better information security professionals. I recommend Crucial Academy to anyone looking to improve their understanding of cyber security"


"I attended Crucial Academy's Cyber Threat Intelligence course and was incredibly pleased with the quality of instruction. I struggled in one or two areas and the instructor went out of his way to sit with me and run through everything after hours until I was happy. Great bunch of people and a fantastic offering"