— LAW ENFORCEMENT & GOVERNMENT
Cybercrime investigation training
built by the people who trained Israel's national cyber units.
From digital forensics to OSINT, from offensive understanding to ICS/SCADA — the same hands-on training methodology used by Israel's Police, military, and intelligence agencies. Now available for European law enforcement and government organizations.
SINCE 2016 · TRUSTED BY GOVERNMENTS
// LAW ENFORCEMENT
Cybercrime investigation units
National police, regional forces, judicial police. Digital forensics, OSINT, network investigation, courtroom-grade evidence handling.
// GOVERNMENT & DEFENCE
Government and military cyber teams
National security agencies, military cyber units, government CERTs. Critical infrastructure defence, threat hunting, national-scale incident response.
// INTELLIGENCE
Intelligence and counter-terrorism
Cyber intelligence units, counter-terrorism cyber teams. OSINT, threat actor profiling, operational tradecraft on a controlled platform.
— WHO WE WORK WITH
Specialised training for the units that defend public institutions, citizens, and critical infrastructure.
Delivered by David Shiffman, CEO & CTO, ThinkCyber HQ
2025 · NATIONAL SOC ANALYST TRAINING
80+ analysts trained for Israel's Homeland Security SOC
Two intensive days at Be'er Sheva for the Israel National Cyber Directorate. Tier-1 and Tier-2 SOC analysts from across Israel's national operations centre worked through attacker trace identification, network and malware analysis, steganography detection, and live investigation scenarios — all on Cyberium Arena, with NX212 Windows Forensics and City & Guilds–assured material at the core.
2023 · NATIONAL CERT
CERT-IL CACC Program
Israel's national CERT adopted Cyberium for their Advanced Cyber Training programme.
The Profile · Train · Drill methodology was presented by ThinkCyber at Cybertech Africa, in representation of the State of Israel.
2021 · NATIONAL POLICE ACADEMY
National Police Academy of Israel
Immersive simulator sessions integrated into the national academy's curriculum. New officers entered the field with operational cyber readiness — not theoretical knowledge.
2017 · YEAR OF FIRST TRUST
IDF cyber units & Israeli Police
The Israel Defense Forces adopted Cyberium for internal cyber unit training. A 7-month intensive program forced platform iteration that no startup customer ever could. The Israeli Police followed.
— TRACK RECORD
If a national CERT trusts the platform,
ThinkCyber has been training law enforcement, military, and intelligence cyber units since 2016. Four milestones define the trajectory:
the credibility question is over.
// ALSO AVAILABLE
CX401 Intro to ICS/SCADA — for units protecting critical infrastructure (energy, water, transport). NX232 Malware Analysis · ZX331 Exploit Development — for advanced cyber operations teams.
NX201 · Network Research
Foundational layer: Linux command-line, networking protocols, scanning, attack analysis, defence basics. The prerequisite for every program above.
ZX301 · Penetration Testing
Offensive methodology. To investigate cybercrime, investigators must understand how attackers actually operate — exploitation, privilege escalation, lateral movement.
NX214 · OSINT
Open-source intelligence gathering. Shodan, Maltego, social media tradecraft. For investigators and intelligence analysts who need to track without leaving footprints.
NX216 · Network Forensics
PCAP analysis, protocol dissection, network-based evidence collection. Reconstructing what happened on the wire.
NX215 · Linux Forensics
Log analysis, file system investigation, memory forensics, evidence preservation chain-of-custody. Essential for server-side incidents.
NX212 · Windows Forensics
Registry analysis, event logs, artefact recovery, timeline reconstruction. The foundation of any cybercrime investigation involving Windows endpoints.
— PROGRAMS FOR LAW ENFORCEMENT MISSIONS
Every operational mission has a matching program.
Six programs cover the core capabilities of a modern cybercrime investigation unit. All hands-on. Real terminals, real malware, real evidence preservation workflows.
— FOR YOUR NETWORK
Deploy Specto+ on your network.
Train your investigators on the attacks that actually targeted you.
Specto+ is a 1U appliance that runs entirely on-premises. Air-gapped. No cloud. It detects real threats on your infrastructure — intrusions, lateral movement, vulnerability exposures, malicious anomalies. Every detection generates forensic evidence. That evidence becomes a Cyberium scenario your investigators practice on.
The attacks are real. The training is immediate. The cycle is closed.
ON-PREMISES — AIR-GAPPED — PCAP FORENSICS — NO CLOUD DEPENDENCY — 1U RACK
// 01 · PROFILE
Assess current capability
CyBrain skill assessment maps each investigator's strengths and gaps. The result: a unit-wide capability profile, not a generic curriculum assumption.
// 02 · TRAIN
Hands-on, structured
Programs delivered instructor-led or self-paced. Real terminals, real malware, real PCAP. No multiple choice. Every module ends with a scenario, not a quiz.
// 03 · DRILL
Cyber drills under pressure
Timed, scored exercises that simulate real incidents. The unit operates as a unit — not as individual learners. This is where capability becomes operational readiness.
— METHODOLOGY
The three-stage operational model that defined the CERT-IL CACC program. Tested on national-scale cohorts. Adapted for European law enforcement and government cyber teams.
Profile. Train. Drill.
.
Instructor-led
On-site or remote. Cohort training with a dedicated instructor. Recommended for unit-wide upskilling and certification preparation.
Self-paced
24/7 platform access. Auto-mode training with video lessons, books, labs, and scenarios. For experienced officers continuing skill development on their own schedule.
Custom programs
For specialised units. We adapt program content to your operational threat landscape, evidence handling procedures, and case-specific scenarios.
— DELIVERY