top of page

— LAW ENFORCEMENT & GOVERNMENT

Cyber forensics & technical training

Built by the people who trained Israel's national cyber units.

From digital forensics to OSINT, from offensive understanding to ICS/SCADA — the same hands-on methodology, now available to European law enforcement and government organizations.

SINCE 2016 · TRUSTED BY GOVERNMENTS 

// LAW ENFORCEMENT      

Cybercrime investigation units

National police, regional forces, judicial police. Digital forensics, OSINT, network investigation, forensic evidence handling.                                                                                                                                

// GOVERNMENT & DEFENCE

Government and military cyber teams

National security agencies, military cyber units, government CERTs. Critical-infrastructure defence, threat hunting, national-scale incident response.

// INTELLIGENCE

Intelligence and counter-terrorism

Cyber intelligence units, counter-terrorism cyber teams. OSINT, threat-actor profiling, operational tradecraft on a controlled, air-gapped platform.                                                            

— WHO IT'S FOR

Specialised training for the units that defend public institutions, citizens, and critical infrastructure.

Delivered by David Shiffman, CEO & CTO, ThinkCyber HQ

CACC 2025 - Training Room
CACC 2025 - ThinkCyber CEO
CACC 2025 - Books

2025 · NATIONAL SOC ANALYST TRAINING

80+ analysts trained for Israel's Homeland Security SOC

Two intensive days at Be'er Sheva for the Israel National Cyber Directorate. Tier-1 and Tier-2 SOC analysts from across Israel's national operations centre worked through attacker trace identification, network and malware analysis, steganography detection, and live investigation scenarios — all on Cyberium Arena, with NX212 Windows Forensics and City & Guilds–assured material at the core.

2023 · NATIONAL CERT

CERT-IL CACC Program

Israel's national CERT adopted Cyberium for their Advanced Cyber Training programme.

 

The Profile · Train · Drill methodology was presented by ThinkCyber at Cybertech Africa, in representation of the State of Israel.

David_Shiffman_CyberTech_Africa_2023.jpg

2021 · NATIONAL POLICE ACADEMY

National Police Academy of Israel

Immersive simulator sessions integrated into the national academy's curriculum. New officers entered the field with operational cyber readiness — not theoretical knowledge.

2017 · YEAR OF FIRST TRUST

IDF cyber units & Israeli Police

The Israel Defense Forces adopted Cyberium for internal cyber unit training. A 7-month intensive program forced platform iteration that no startup customer ever could. The Israeli Police followed.                                             

— TRACK RECORD

If a national CERT trusts the platform, the credibility question is over.

ThinkCyber has been training law enforcement, military, and intelligence cyber units since 2016. Four milestones define the trajectory:

// ALSO AVAILABLE

CX401 Intro to ICS/SCADA — for units protecting critical infrastructure (energy, water, transport). NX232 Malware Analysis · ZX331 Exploit Development — for advanced cyber operations teams. 

See full catalog →

NX201 · Network Research

Foundational layer: Linux command-line, networking protocols, scanning, attack analysis, defence basics. The prerequisite for every program above.                           

NX212 · Windows Forensics

Registry analysis, event logs, artefact recovery, timeline reconstruction. Core forensic skills for incidents involving Windows endpoints.                            

NX215 · Linux Forensics         

Log analysis, file-system investigation, memory forensics, evidence-preservation chain-of-custody. Essential for server-side incidents.

NX216 · Network Forensics

PCAP analysis, protocol dissection, network-based evidence collection. Reconstructing what happened on the wire.

ZX301 · Penetration Testing

Offensive methodology. To investigate cybercrime, investigators must understand how attackers actually operate — exploitation, privilege escalation, lateral movement.

NX214 · OSINT                              

Open-source intelligence gathering. Shodan, Maltego, social-media tradecraft. For investigators and intelligence analysts who need to track without leaving footprints.                        

— PROGRAMS FOR LAW ENFORCEMENT MISSIONS

Every operational mission has a matching program.

Six programs build the core technical capabilities a modern cybercrime investigation unit relies on. All hands-on. Real terminals, real malware, real evidence-preservation workflows.

— FOR YOUR NETWORK

Deploy Specto+ on your network.

Train your investigators on the attacks that actually targeted you.

Specto+ is a 1U appliance that runs entirely on-premises. Air-gapped. No cloud. It detects real threats on your infrastructure — intrusions, lateral movement, vulnerability exposures, malicious anomalies. Every detection generates forensic evidence. That evidence becomes a Cyberium scenario your investigators practice on.

The attacks are real. The training is immediate. The cycle is closed.

ON-PREMISES — AIR-GAPPED — PCAP FORENSICS —  NO CLOUD DEPENDENCY — 1U RACK

SEE THE FULL SPECTO+ TECHNICAL OVERVIEW →

// 01 · PROFILE

Map capability with real scenarios

Each participant runs scenarios drawn from across several training programs. Every scenario report yields a Purple-Blue-Red breakdown — offensive, defensive, adversarial — plus scoring on speed, accuracy and performance under pressure. The result is a broad, evidence-based profile of each person's real strengths and gaps, so training is scoped to what the unit actually needs — and commanders have a basis for who fits which role.

// 02 · TRAIN

Hands-on, structured, tailored

Training is built on the profile, not a generic curriculum. Real terminals, real malware, real PCAP — scenarios derived from live threat data. No multiple choice. Every module ends with a scenario, not a quiz.

// 03 · DRILL

Repeat to maintain readiness

Skills decay; drills are the repetition that prevents it. The profiling scenarios are re-run on a regular cadence — a cyber drill each quarter — so capability is refreshed and re-measured over time, not assumed from a one-off course. The unit operates as a unit. This is where readiness stays operational.

— METHODOLOGY

The three-stage operational model that defined the CERT-IL CACC program. Tested on national-scale cohorts. Adapted for European law enforcement and government cyber teams.

Profile. Train. Drill.

Instructor-led

On-site or remote, with a dedicated instructor. Best for intensive ~40h-per-program training to bring a unit up to speed fast — unit-wide upskilling and certification prep on a compressed timeline.

Self-paced

24/7 platform access: video lessons, books, labs, and scenarios. Best when teams need more time flexibility: a few hours a week over several months, around operational duties.                                

Custom programs

For specialised units. We adapt program content to your operational threat landscape, evidence-handling procedures, and case-specific scenarios.                                                                                                         

— DELIVERY

— NEXT STEP

Request a briefing for your unit.

Private session. We'll assess your unit's training needs, walk through the platform live, demonstrate Specto+ on a controlled network, and recommend a programme tailored to your operational requirements. No general pitch.

bottom of page