Graduate Programs
Advanced Cybersecurity Operations
Cybersecurity is no longer an option. In an era where adversaries include sophisticated criminal organizations, state-sponsored espionage groups, and actors with access to arsenals of military-grade exploits, the difference between a resilient organization and a victim lies in the quality of the people who build and operate its defenses.
The ISTEC Lisbon Advanced Operational Cybersecurity Graduate Program was created to train precisely those people.
This program is not an introduction to cybersecurity. It is the next level, designed for professionals already working in the field who want to master the tools, techniques, and strategic thinking that define the world’s top experts.
Duration
28 weeks
Scheduled start time
October 2026
Course load
Up to 8 hours per week | 192 contact hours
Scheme
After work
Language
English
ECTS
30
Threat-Informed Defense
A unique methodology
The program is structured around the principle of threat-driven defense. Students do not learn abstract concepts; instead, they learn to think like an attacker in order to build defenses that can withstand real-world attacks. The curriculum follows a logical and sequential progression:
- Understanding the adversary: how they think, how they act, and what their goals are
- Mastering offensive techniques: not to attack, but to know exactly what to defend against
- Designing resilient systems: security by design, not as an afterthought
- Detect and respond in real time: detection engineering and advanced SOC operations
- Investigate and preserve evidence: digital forensics with procedural rigor
- Deliver concrete results: through a project with real impact
World-class infrastructure
The program provides access to one of the most advanced cyber range platforms on the market: virtual environments that simulate attacks and replicate real-world infrastructures, including corporate networks and cloud environments. It’s learning by doing, in conditions that mimic what professionals face in the field.
The Learning Management System (LMS) combines high-quality asynchronous content with synchronous sessions, hands-on labs, and assessments based on real-world scenarios, blurring the line between training and professional practice.
Faculty members with international work experience
The faculty consists of cybersecurity professionals with active international careers. They are experts who work daily with the threats, tools, and platforms they teach. Each session takes the form of a high-level technical showcase: intensive, applied learning led by those who live and breathe the subject.
This graduate program is the most direct path to becoming a leading cybersecurity engineer, with the technical skills, strategic mindset, and academic recognition that the market demands.
Course Plan
6 sequential modules | 192 contact hours | 30 ECTS | 28 weeks
Fundamentals of applied threat intelligence: the MITRE ATT&CK framework, TTP analysis, APT group profiling, advanced OSINT, and the development of actionable threat intelligence. Students learn to think like an adversary before building any defenses.
Offensive security with direct application to defense: penetration testing methodologies, vulnerability exploitation, post-exploitation techniques, pivoting, and detection evasion. Extensive use of cyber ranges to simulate attacks in controlled environments. Based on the PTES standard and OWASP frameworks.
Designing resilient security architectures: Zero Trust principles, microsegmentation, identity and privileged access management (PAM/IAM), system hardening, and cloud-native security (AWS, Azure, GCP).
Detection engineering based on real threats: development of SIEM rules (Sigma, Splunk SPL, KQL), proactive threat hunting, behavioral analysis (UEBA), and response orchestration (SOAR).
Digital forensics with procedural rigor: memory analysis, disk forensics, network forensics, and cloud forensics. DFIR methodologies for containment, eradication, and recovery. Preservation of evidence with legal admissibility and preparation of technical and executive reports.
An integrative project that simulates a real-world security scenario, drawing on skills from all previous modules. It may include red team/blue team exercises, forensic investigation of a complex incident, or implementation of a Zero Trust architecture.
Career Opportunities
Graduates will be prepared to take on roles requiring a high level of technical expertise in the most critical areas of cybersecurity:
- Threat Intelligence Analyst
- Penetration Tester / Red Team Operator
- Security Architect
- Detection Engineer
- SOC Analyst (Level 2/3)
- Threat Intelligence Analyst
- Penetration Tester / Red Team Operator
- Security Architect
- Detection Engineer
- SOC Analyst (Nível 2/3)
The program also opens doors to technical leadership positions (CISO, Head of Security Engineering, Director of Incident Response) at national and international organizations in the financial, telecommunications, defense, energy, healthcare, and government sectors.
Academic Staff
The faculty consists of professionals with active international careers in cybersecurity. They are experts who work in the field and bring real-world cases, tools currently in use, and the perspective of those who face sophisticated adversaries into the classroom. Most faculty members operate on an international level, giving the program a global dimension that is unique within the Portuguese educational landscape.
Faculty to be published shortly.