Tier 2 · Elite Diploma
Cybersecurity & CyberOps
A three-year elite diploma engineered to produce cybersecurity professionals who can be trusted at 2 AM — when the incident is real.
- Code
- SEC 200
- Tier
- Elite Diploma
- Duration
- 33 months · 132 weeks
- Cohort 01
- 02 November 2026
- Delivery
- On-Campus · Waterloo
- Credential
- WIATech Elite Diploma in Cybersecurity & CyberOps
The shortage in our region is not of people who own Kali Linux. It is of professionals who can receive an alert at 2 AM, investigate it, contain the incident, write the report, and brief the CISO by morning. This is an advanced, selective programme built for that gap — and built on a single commitment: every technique a graduate uses, they understand, can defend, and apply within the law.
What you'll become
- SOC Analyst
- Incident Responder
- Penetration Tester
- Threat Hunter
- Security Engineer
- DFIR Specialist
- Cloud Security Engineer
- Detection Engineer
- Red Team Operator
- Security Consultant
- Security Architect
- Security Founder
§ 01 · The difference
What sets this programme apart.
No Vibe Hacking
Every technique a WIATech graduate uses, they understand and can defend. Tools are taught inside methodology — never as ends in themselves. A student who can run a tool but cannot explain what it does, why, and how to defend against it has not learned security.
Every Attack Has a Defence
No offensive technique is ever taught without its defensive countermeasure in the same session. Students do not leave a lab knowing how to exploit a vulnerability without knowing how to remediate it. Attack and defence are taught as one discipline.
Lab Authorisation, Without Exception
Every student signs a lab authorisation agreement before touching an offensive tool. Under Sierra Leone's Cybersecurity and Crime Act 2021, unauthorised access is a crime — and "I was practising" is not a defence. Any breach of scope means immediate removal. This is the professional standard, and it is the law.
Documentation Is a First-Class Skill
A defender who can investigate an incident but cannot write a report a CISO can act on has done half the job. Every lab produces a written deliverable. Every capstone is defended orally. By graduation, the portfolio of professional reports is the credential.
West African Threat Reality
Students train against the threats this region actually faces — ransomware targeting banks, mobile-money fraud, telecom infrastructure attacks, NGO data incidents, insider threats in the financial sector. The real adversaries our graduates will defend against.
Real Tools. Real Labs. Real Operations.
Students operate a real SOC, a real cyber range, and live attack-defence simulations. They rotate through SOC analyst, incident responder, threat hunter, pen tester, and team lead roles. By graduation, they have done the job — not just studied it.
§ 02 · Who this is for
Built for engineers ready to operate at depth.
◆ The Aspiring Defender
You want to protect the banks, telecoms, and institutions of your region — not just earn a certificate. You want to walk into a SOC and be trusted with a real alert queue from day one.
◆ The Self-Taught Security Enthusiast
You have been grinding TryHackMe and HackTheBox, reading writeups, building a home lab. You have hit the ceiling self-teaching always hits. You need structure, real operations, and the credential to convert curiosity into a profession.
◆ The IT Professional Going Security
You work in IT, networking, or systems administration and want to specialise into security at depth — SOC operations, penetration testing, incident response, cloud security. You have the systems foundation; you want the security craft.
◆ The Future Security Leader
You see further than a single role. You want to become a SOC lead, a security architect, a DFIR specialist, a consultant — or to found a security firm. You want the technical depth and the leadership grounding to get there.
§ 03 · The Tier 1 floor
What you need before you start.
This is an advanced programme that begins above the foundation floor. Clear it by passing the WIATech technical assessment — or by completing the matching Tier 1 Foundations courses. The assessment is a placement instrument, never a rejection.
Required foundations
Every security control sits on top of how computers actually work. Defenders who don't understand CPUs, memory, processes, and the boot chain cannot reason about memory forensics, kernel-level malware, or privilege escalation.
Python is the security automation language — SOAR workflows, SIEM automation, IOC ingestion, recon frameworks, alert enrichment. SEC 200 builds advanced security automation on this foundation; it does not teach Python.
Linux is the security professional's primary environment. Every offensive tool, every forensics workflow, every SOC platform assumes fluency. SEC 200 hardens, defends, and exploits Linux systems — it does not teach the shell.
Half of all security work is reading the network. OSI, TCP/IP, DNS, packet analysis, subnetting are the diagnostic vocabulary of defence. SEC 200 layers attack-defence pairings on top of solid networking; it does not start at Layer 1.
Universal parallel co-requisite
The universal parallel co-requisite, taken by every WIATech student. For SEC 200 it underwrites every incident report, executive briefing, CISO debrief, and oral defence — the reporting discipline the diploma is graded against.
SEC 200 admits character/aptitude-led, not strictly technical-gated. Because this programme teaches dangerous tools, judgement and integrity are weighted as heavily as technical readiness — sometimes more. The technical assessment determines route; the character and ethics interview determines admission.
Direct entry
Applicants who can demonstrate the four required foundations sit the SEC 200 technical assessment directly. A pass — calibrated to the exit standard of the Tier 1 foundations — routes the candidate into Semester 01, once the character interview is cleared.
Routed entry
Applicants who do not pass all sub-scores are not rejected. They are routed to the specific Tier 1 foundations indicated by their results, complete those exit assessments, and enter SEC 200 in the next cohort window. The portal is placement, not rejection.
§ 04 · The architecture
6 semesters. One graduating engineer.
Year 01 · Legal & Defensive Foundations · Semester 01
Legal Grounding & Defensive Core
The security craft begins above the foundation floor — the cybersecurity ecosystem and the law that governs it, network security and intrusion detection, Windows and Active Directory, web security and the OWASP Top 10, SOC fundamentals and cryptography.
Cybersecurity Foundations, Law & Ethics
The cybersecurity ecosystem and the law that governs it — security domains, the cyber kill chain, threat actor taxonomy, and the Sierra Leone Cybersecurity and Crime Act 2021. Every student signs a lab authorisation agreement before any offensive tool is touched.
CIA Triad · Cyber Kill Chain · CCA 2021 · STRIDE · Lab Authorisation
Network Security & Intrusion Detection
Network attacks and their defences at security depth from Week 1 — IDS/IPS with Snort and Suricata, firewall architectures, VPN security, Zero Trust, and analysing packet captures in production-like conditions.
Snort · Suricata · pfSense · Wireshark · Zero Trust
Windows Security & Active Directory
The environment most enterprises run on — Active Directory architecture, Group Policy, Kerberos and NTLM, the event log IDs every analyst must know cold, and AD attacks mapped with BloodHound alongside their defences.
Active Directory · Group Policy · Kerberos · BloodHound · Sysmon
Web Technologies & Web Security
How the web works and where it breaks — the OWASP Top 10 applied, SQL injection, XSS, CSRF, file upload and IDOR. Web assessments against DVWA and Juice Shop with Burp Suite, every exploit followed by its remediation.
OWASP Top 10 · Burp Suite · SQLi · XSS · DVWA · Juice Shop
SOC Fundamentals & SIEM Operations
The Security Operations Center as students will actually work in one — SOC architecture and analyst tiers, SIEM log ingestion and correlation, Splunk SPL and dashboards, alert triage, and investigating a simulated event end-to-end.
Splunk · ELK Stack · Wazuh · Security Onion · SPL
Cryptography Fundamentals
The mathematical foundation of every security control — symmetric and asymmetric encryption, hashing and salting, digital signatures, PKI and how HTTPS works, and recognising common cryptographic failures.
AES · RSA · Hashing · PKI/TLS · hashcat · Crypto Failures
Capstone
The Mini Security Operations Center
Working in teams, students stand up a functioning mini-SOC — deploy the SIEM, monitor traffic, build detection rules, investigate simulated attacks, and respond to threats in real time.
Deliverables: Deployed SIEM with detection rules · Live traffic monitoring · Investigated simulated attacks · Incident reports produced · SOC dashboards built · Team findings presentation
Year 01 · Engineering & Offence · Semester 02
Defensive Engineering & Offensive Methodology
Students develop both halves of the craft — defensive engineering at scale through hardening and configuration discipline, then the attacker mindset under PTES methodology, with web application penetration testing at depth. Every offensive technique paired with its defence.
Security Hardening & System Defence
Defending systems at scale — CIS Benchmarks, OS and application hardening, patch management, secure configuration, and least privilege applied across Windows and Linux, and where automation begins.
CIS Benchmarks · OS Hardening · Patch Management · Least Privilege
Ethical Hacking & Penetration Testing
Penetration testing as a methodology, not a toolkit — the full PTES lifecycle from pre-engagement and written authorisation through reconnaissance, exploitation, privilege escalation, pivoting, persistence, and reporting.
PTES · Metasploit · Nmap · CrackMapExec · Hydra · Responder
Web Application Penetration Testing
Web vulnerabilities account for most breaches in the sectors this programme targets — advanced OWASP Top 10, authentication bypass, session and JWT attacks, SSRF, deserialization, API exploitation, and business logic flaws, with remediation.
Burp Suite · JWT · SSRF · API Exploitation · PortSwigger Labs
Advanced Python for Cybersecurity
Security automation at operational depth, building on the Python foundation students arrived with — API integration, concurrent scanning, SIEM automation, threat intelligence ingestion, and SOAR workflows.
Python · SOAR · SIEM Automation · Threat Intel Ingestion
Capstone
Enterprise Breach Simulation — Red vs Blue
A live, multi-week cyber war exercise. Students operate in both Red Team and Blue Team roles — the Red Team executes the attack chain and maintains persistence while the Blue Team detects, investigates, contains, and reports. Both sides are defended orally.
Deliverables: Red Team: full attack chain executed · Blue Team: detection & containment · Documented persistence & escalation · Incident reports with timelines · Both-side methodology defence · Oral engineering defence
Year 02 · DFIR & Threat Ops · Semester 03
Malware, Forensics & Threat Operations
Students go deep on the investigative craft — malware analysis and reverse engineering, digital forensics and incident response under the NIST IR framework, and proactive defence through threat intelligence and threat hunting mapped to MITRE ATT&CK.
Malware Analysis & Reverse Engineering
Understanding the adversary's payloads — malware categories, static, dynamic, and behavioural analysis, indicators of compromise, and evasion techniques, performed safely in an isolated lab.
Ghidra · IDA Free · REMnux · PEStudio · Procmon
Digital Forensics & Incident Response
Investigating and recovering from compromise — the incident response lifecycle, evidence acquisition and chain of custody, disk and memory forensics, timeline reconstruction, containment, and forensic reporting.
Autopsy · Volatility · Velociraptor · KAPE · NIST IR
Threat Intelligence & Threat Hunting
Proactive defence — the threat intelligence lifecycle, IOC analysis and TTP mapping to MITRE ATT&CK, threat hunting methodology, and detection engineering with MISP, OpenCTI, and Sigma rules.
MITRE ATT&CK · MISP · OpenCTI · Sigma Rules · Detection Eng
Capstone
The Compromise Investigation
Students are handed a fully compromised enterprise environment — disk images, memory dumps, log archives, network captures — and reconstruct the attack timeline, identify the entry vector, map TTPs to ATT&CK, and produce a forensic report a regulator could act on, defended orally.
Deliverables: Forensic timeline reconstruction · ATT&CK-mapped TTP analysis · Memory and disk forensics report · IOC feed · Executive incident summary · Oral engineering defence
Year 02 · Cloud & Enterprise · Semester 04
Cloud Security & Enterprise Defence
Students learn to defend modern enterprise infrastructure at scale — cloud security across AWS, Azure, and GCP, DevSecOps and secure software delivery, enterprise security architecture, governance, risk & compliance, identity & access management, and advanced defensive engineering.
Cloud Security Engineering
Where the workloads actually live — the shared responsibility model, IAM security and the common misconfigurations attackers exploit, cloud logging and monitoring, MITRE ATT&CK for Cloud, and cloud incident response.
AWS · Azure · GCP · IAM · CloudTrail · GuardDuty · Prisma Cloud
DevSecOps & Secure Software Delivery
Security built into the pipeline, not bolted on after — CI/CD security, SAST and DAST, dependency and secrets scanning, container and Kubernetes security, and Infrastructure as Code security.
Docker · Kubernetes · Terraform · Trivy · SonarQube · CI/CD
Enterprise Security Architecture
Designing security at scale — defence in depth, enterprise segmentation, identity and Zero Trust architecture, high-availability security, and business continuity, designed and defended against realistic threat models.
Defence in Depth · Zero Trust · Segmentation · BCP
Governance, Risk & Compliance
The executive layer of security — risk management, security frameworks, policy engineering, auditing, and third-party risk, with Bank of Sierra Leone guidelines and donor data protection requirements relevant to the region.
NIST CSF · ISO 27001 · SOC 2 · PCI DSS · Risk Management
Identity & Access Management
Identity as the new perimeter — authentication systems, MFA, RBAC and Privileged Access Management, federation and Single Sign-On, identity governance, and conditional access.
MFA · RBAC · PAM · SSO · Federation · Conditional Access
Advanced Defensive Engineering
Defence as engineering — detection engineering and detection-as-code, SOC automation, purple teaming, threat emulation, EDR and XDR, and advanced logging pipelines that scale a SOC beyond manual triage.
Detection-as-Code · Purple Teaming · EDR/XDR · SOC Automation
Capstone
Secure Enterprise Infrastructure
Students design and secure a complete enterprise environment — a multi-site network, cloud infrastructure, a hybrid identity system, a SOC environment, monitoring, incident response workflows, and secure CI/CD pipelines — then present to a mock executive board and defend every design decision.
Deliverables: Multi-site enterprise network design · Cloud + hybrid identity architecture · Integrated SOC & monitoring · Secure CI/CD pipelines · Incident response workflows · Executive board presentation
Year 03 · Specialisation · Semester 05
Elite Specialisation Track
Each student chooses one of six specialisation tracks and operates at elite depth within it — advanced labs, operational simulations, a research project, and a track-specific capstone defended before faculty and external practitioners.
Advanced Red Team Operations
Elite offensive specialism — adversary emulation, OPSEC for red teams, C2 infrastructure, evasion, initial access operations, Active Directory domination, and cloud exploitation, all within documented authorisation.
Adversary Emulation · C2 · Sliver · Mythic · Evasion · AD Domination
Advanced Blue Team Engineering
Elite defensive specialism — advanced detection engineering, behavioural analytics, SIEM optimisation and SOC scaling, purple teaming, threat hunting at scale, and EDR engineering.
Detection Engineering · SIEM Optimisation · EDR · Telemetry Pipelines
Digital Forensics & Incident Response
Elite investigation specialism — advanced memory forensics, enterprise investigations, ransomware response, insider threat and mobile device forensics, cloud forensics, and large-scale evidence management.
Memory Forensics · Ransomware Response · Cloud Forensics · Evidence Mgmt
Cloud Security & DevSecOps
Elite cloud specialism — multi-cloud and cloud-native security, Kubernetes defence, IaC security, supply-chain attacks, CI/CD hardening, cloud threat detection, and container forensics.
Multi-Cloud · Kubernetes Defence · Supply Chain · Policy-as-Code
Application Security Engineering
Elite AppSec specialism — secure software architecture, advanced web security, secure coding, API security engineering, software supply-chain security, and code auditing.
Secure Architecture · API Security · Code Auditing · Supply Chain
Governance, Risk & Security Consulting
The CISO and consulting pathway — enterprise risk programmes, security governance, policy engineering, regulatory compliance, security auditing, and board-level communication.
Risk Programmes · Governance · Auditing · Board Communication
Capstone
The Specialisation Track Capstone
Each student delivers the major project of their chosen track — operated at elite depth and defended before faculty and external practitioners.
Deliverables: Track-specific major project delivered · Operated at elite professional depth · Full professional documentation · Public portfolio artefact · Oral engineering defence
Year 03 · National Defence · Semester 06
National Cyber Defence & Final Capstone
The final semester combines security leadership and consulting, a production security residency with real team rituals and injected incidents, the National Cyber Defense Simulation, and the dual-track final capstone — defended in 60 minutes before an external industry panel.
Security Leadership & Consulting
Becoming a leader, not just an operator — technical leadership, team coordination, security consulting, executive communication, security strategy, and crisis communication.
Technical Leadership · Consulting · Crisis Communication · Strategy
Security Business & Entrepreneurship
The institute produces founders, not just employees — building a cybersecurity company, MSSP business models, consulting operations, pricing security services, and building SOC-as-a-Service.
MSSP Models · SOC-as-a-Service · Pricing · Proposal Writing
Production Security Residency I — Operations
Real team rituals — morning SOC shifts, incident response drills, threat hunting exercises, Red vs Blue competitions, and executive tabletop exercises.
SOC Shifts · IR Drills · Threat Hunting · Tabletop Exercises
Production Security Residency II — Incidents
On-call rotations with injected real incidents — ransomware outbreaks, insider threats, phishing campaigns, cloud compromise, credential theft — with Incident Commander rotation, blameless postmortems, and recovery operations.
On-Call · Incident Command · Postmortems · Recovery Operations
National Cyber Defense Simulation
The programme's elite operational exercise — students defend a simulated country's critical infrastructure under live attack, staffing National SOC, Red Team, IR, Intelligence, Executive, Infrastructure, and Crisis Communication teams.
National SOC · Live Attack-Defence · Crisis Command · Recovery
Final Capstone — Engagement & Defence
The graduation requirement — Track A is a full professional engagement with a formal report and oral defence; Track B is a security research artefact or open-source security tool with a public writeup. Defended in 60 minutes before an external industry panel.
Professional Engagement · Formal Report · Research Artefact · Panel Defence
Capstone
The Flagship Capstone — Enterprise Engagement OR Security Research Artefact
The graduation requirement that defines a WIATech defender. Track A is a full professional engagement (penetration test, SOC investigation, or enterprise security assessment) with a formal report; Track B is a security research artefact or open-source security tool. Either is defended in 60 minutes before an external industry panel.
Deliverables: Track A: scoped engagement + formal report · Track B: research artefact or security tool · CVSS-scored findings with remediation · Public security portfolio · 60-minute industry panel defence
§ 05 · The toolkit
The stack you'll master.
§ 06 · Grading
How the work is measured.
§ 07 · Credentials & career
What you walk out with.
A Tier 2 Elite Diploma in Cybersecurity & CyberOps, issued by the Waterloo Institute of Advanced Technology — an academy of Tabempa Engineering Limited. The diploma is marked with the graduate's specialisation track and accompanied by the verified portfolio of professional reports and the defended dual-track capstone that defines a WIATech defender.
The portfolio
- A full body of professional security reports
- Six production-grade capstone systems
- Penetration test & vulnerability assessment reports
- Detection rules, scripts & automation tools on GitHub
- Windows & Linux hardening checklists
- Twenty-two oral defence records on file
- National Cyber Defense Simulation record
Career acceleration
- Security+, CySA+, CEH & OSCP preparation
- Cloud security certification tracks (AWS, Azure)
- Mock interviews & technical assessment prep
- GitHub, LinkedIn & security-blog brand-building
- Direct introduction to partner organisations
- Alumni network access — for life
§ 08 · Admissions
Who we admit. How we admit them.
Admission is highly selective and does not depend on credentials — no WASSCE results, university degree, or formal IT certifications are required. What is required is demonstrated capability (via direct technical assessment or completed Tier 1 foundation certificates) and, above all, integrity. Because this programme teaches dangerous tools, SEC 200 admits character/aptitude-led: judgement and integrity are weighted as heavily as technical readiness, and the character and ethics interview is the primary gate.
Application
Online application form, any portfolio or lab profile, and a 300-word statement of intent answering why operational defence rather than a faster certification.
Technical Assessment
A WIATech-administered assessment covering the four Tier 1 floor domains — computer systems, Python, Linux, and networking — plus logical reasoning and written communication. Results route the candidate to direct entry or a specific Tier 1 path; it is a placement instrument, not a rejection instrument.
Character & Engineering Interview
A structured interview with faculty assessing integrity, judgement, intent, and the capacity to commit to three years of substantive work. For SEC 200 this stage carries the heaviest weight — character is not a tiebreaker, it is the gate.
Offer & Enrolment
Successful applicants receive a formal offer indicating their entry route (Direct or Routed), an enrolment package, and the lab authorisation agreement signed at the start of the programme.
Starting from the foundations, via the Cybersecurity Foundations Pathway: NLe 98,500 total (NLe 13,500 foundations + NLe 85,000 diploma). Tier 2 Elite Diploma tuition is set in advance and paid in monthly instalments after a seat deposit. Full tuition & payment →