Amman, Jordan · 2025–2026
Cybersecurity & Digital Forensics Program
Overview FAQ Roles
Questions from the Field

Answers for
applicants

These are the questions to ask before you apply. This page explains who the program is for, how the learning works, what the two tracks mean, and what learners get at the end.
100 learners 2 tracks 30–40 hrs / week Practice-driven Capstone-based
Start with fit See support & outcomes
100
Learners
75 learners in Cybersecurity and 25 in Digital Forensics, inside one shared program.
30–40
Hours / week
A serious weekly commitment across live sessions, labs, assignments, and self-study.
2
Specializations
One shared foundation first, then a track in either Cybersecurity or Digital Forensics.
2
Funding paths
An FSF-funded route for eligible learners and a self-pay path for others.
This program is designed to make you job-ready. You will not just learn concepts. You will practice real tasks, document your work, and present results in a way employers can understand.
Navigate by topic

Use the page the easy way

You do not need to read every answer in order. Most applicants start with fit, then learning model, then compare tracks, then check support and outcomes.
Program fit Learning model Tracks & careers Support & outcomes
Program fit

Who this is for, and what you should know first

Start here if you are asking the first practical questions: Is this for someone like me? Do I need job experience? Do I already need Bash, Git, or GitHub?
Is this program right for me?

This program is for people who want to start a career in cybersecurity or digital forensics.

You do not need job experience.

You do need focus, discipline, and willingness to learn every week.

This is not a casual program.

It requires consistent work each week, similar to a full-time commitment.

What happens if I cannot keep up with the workload? +

If you fall behind, you will not be left alone.

The program includes structured support to help you stay on track.

Support includes:

  • Regular attendance and progress review
  • Early follow-up when participation drops
  • Teaching Assistant support and office hours
  • Guidance from instructors when needed

However, this program requires consistent effort each week.

Staying engaged and keeping up with the work is important for success.

Who is this program built for? +

The main audience is unemployed graduates from low-income families in Jordan with degrees in computer science, IT, engineering, or related technical fields.

There is also a second audience: early-career professionals who want to move into cybersecurity or digital forensics but may not qualify for FSF funding.

What do I need to know before I apply? +

You do not need advanced experience.

Helpful:

  • Basic understanding of computers and operating systems
  • Basic networking ideas like internet, IP, DNS, and websites
  • Comfort with solving problems step by step
Windows / Linux TCP/IP Problem-solving
Do I need Bash or command-line experience already? +

Helpful, yes. Required, no.

Command-line basics are covered in pre-work before the main course begins.

Do I need Git or GitHub before I start? +

No.

Git workflows and GitHub are introduced during pre-work. Learners use GitHub during the program, but no prior experience is expected.

Learning model

What the learning feels like in real life

These are the questions behind most comparisons: will I do real work, what does practice-driven learning mean, how many hours does this take, and what is the capstone actually like?
One clear example

The same activity, seen from two sides

Early in the program, Cybersecurity learners run scans in a lab. In the same part of the program, Digital Forensics learners study the artifacts those scans created.

One side creates the activity. The other side investigates the evidence. This is what practice-driven learning means here: not isolated exercises, but connected work that shows how real teams operate.

Students working together in a cybersecurity learning environment
Will I actually do real work, or just watch videos?

You will do real work.

Every week includes hands-on labs, real tools, and real scenarios.

You will:

  • Run scans
  • Analyze data
  • Investigate incidents
  • Write reports

This is not passive learning.

If I could take any online course instead, why choose this program? +
  • It is structured and supervised, not self-paced
  • It is cohort-based, so you learn with other people and stay accountable
  • It uses both tracks together in the capstone, which matches how real teams work
  • It includes an FSF-funded route for eligible learners
  • It includes job-facing preparation like portfolios, GitHub, and LinkedIn support
  • It uses hybrid delivery instead of being only virtual
What does practice-driven learning actually mean? +

It means you are not only hearing about tools and workflows. You are using them inside structured scenarios that match real work.

  • Hands-on labs
  • Scenario-based exercises
  • Structured documentation and reporting
  • MITRE ATT&CK-aligned thinking where relevant
How many hours per week should I expect? +

Plan for about 30–40 hours per week.

That includes live sessions, labs, assignments, self-study, English-language learning, and soft-skills work.

What does a typical week include? +
  • Live concept teaching
  • Applied labs
  • Assignments and structured practice
  • English-language learning
  • Soft-skills sessions
  • Peer interaction and self-study
What does the capstone project look like? +

The capstone is a joint red/blue team exercise in the final phase of the program.

Cybersecurity and Digital Forensics learners work in mixed teams around a realistic security engagement.

  • Cybersecurity learners plan and execute an attack campaign in a lab
  • Digital Forensics learners collect, analyze, and build timelines from the same scenario
  • Both sides document their work clearly
  • The final phase ends with a presentation to a CISO-style panel
Tracks & careers

How the two tracks differ, and where they can lead

This section answers the questions applicants usually ask when comparing paths: what each track actually means, how track placement works, and what jobs the program supports.
Specializations

What is the difference between the two tracks?

What is the difference between the two tracks?

Cybersecurity means finding problems before attackers do.

Digital Forensics means investigating what already happened.

Simple example:

  • Cybersecurity tries to break into a system in a safe lab
  • Digital Forensics explains what happened, what changed, and what evidence exists

Both tracks work together at the end of the program.

How do learners choose a specialization? +

Learners are not simply asked to pick a track on the application form.

Placement happens during onboarding based on interests, assessment results, and education-team judgment.

Which track fits which kind of work? +

Cybersecurity: penetration testing firms, red team roles, security consultancies, tech companies, and managed security services.

Digital Forensics: government-related work, banking and finance, large enterprises with SOC functions, insurance or legal cyber claims, and compliance-heavy environments.

Career targets

What jobs can graduates realistically target?

What jobs can graduates realistically target?
  • SOC Analyst L1 / L2
  • Threat Intelligence Analyst
  • Incident Responder
  • Digital Forensics Analyst
  • Penetration Tester (junior)
  • Junior Threat Hunter
  • Junior AppSec Analyst
What certifications, frameworks, or standards does the program align with? +
  • CompTIA Security+
  • CompTIA CySA+
  • CompTIA CASP+
  • MITRE ATT&CK
  • Chain-of-custody and forensic imaging best practices
  • Incident-response playbook design
  • OWASP Top 10
  • AI/LLM security ideas such as OWASP LLM Top 10 and MITRE ATLAS as relevant topics grow
What can graduates do that a university-only graduate often cannot do on Day 1? +
  • Run a lab-based penetration test from recon through report delivery
  • Image a drive with validated hashes and defensible documentation
  • Triage alerts, parse logs, and escalate incidents in a SOC-style workflow
  • Script parts of their workflow in Python or Bash
  • Work across offense and defense in purple-team style collaboration
  • Write executive-ready and technical reports
  • Use AI tools with validation, auditability, and documented judgment
The difference is operational capability. The goal is not just to explain concepts. The goal is to perform, document, and defend the work.
Support & outcomes

What support exists, how funding works, and what you leave with

These are the practical closing questions: what happens if someone struggles, how the funding model works, what the program gives you at the end, and how to think about public claims in a credible way.
Support systems

What happens if I struggle?

What happens if I struggle?

You will not be left alone.

Support includes:

  • Attendance review and follow-up
  • Weekly reflection review
  • LMS progress review and intervention
  • First-line technical support
  • Teaching Assistant office hours for group and individual help
Does the program expect people to solve everything alone? +

No.

The program is built around monitoring, intervention, and support. Struggle is normal. Silent drift is what the system is designed to catch early.

Funding

How funding works

What does the FSF funding cover, and who is eligible?
  • No upfront payment for eligible learners
  • Repayment starts only after employment is secured
  • Repayment is capped at 10% of monthly salary
  • No guarantor required
  • Eligibility depends on FSF criteria
What if I do not qualify for FSF funding? +

The program also supports or is considering a self-pay path for early-career professionals and others outside the FSF eligibility rules.

Outcomes

What will I have when I finish?

You will leave with real work you can show to employers, not just a certificate.

  • A documented portfolio of lab work, reports, and exercises
  • A capstone project and final presentation
  • A structured, career-ready GitHub repository
  • A guided LinkedIn profile
  • Exposure to industry practitioners
  • A graduate title framed around Cybersecurity Analyst (SOC/IR) with specialization
Portfolio GitHub Capstone LinkedIn
You will not just have a certificate. You will have work you can show employers.
Credibility

Who teaches the program?

Who are the instructors and what makes them credible?

The curriculum is developed by LevelUp Economy and Istidama Consulting.

Delivery is structured around a Program Lead plus technical instructors for applied work.

Detailed public bios, practitioner history, client references, and certifications should be shared separately once they are finalized for public use.

Why does this page not list every employer partner by name? +

Public placement claims and named partnerships should only be added when they are confirmed and approved for external use.

This keeps the page credible and avoids promising something that is still being finalized.

This page is meant to be clear and honest. It explains what is known now without overstating what is still being finalized.
Next step

Ready to review the full program?

If this program fits what you are looking for, the next step is to review the full program structure, schedule, and expectations.

Go to program overview
More detail

Want to see the teaching roles?

If you are exploring who teaches the program or how delivery is structured, you can review the instructional roles on the main program page.

View roles