HRDC SBL-Khas Claimable

Cybersecurity Training for Malaysian Teams

HRDC-claimable, hands-on, Malaysia-contextualised. From end-user awareness to PECB Lead Implementer — taught by CREST-certified practitioners, not slide-readers.

Request Course Calendar Talk to an Expert

Why HRDC matters

HRD Corp's Skim Bantuan Latihan (SBL-Khas) lets HRDF-registered Malaysian employers claim back training spend directly from their levy account. For cybersecurity programmes, that often means high-value, structured training comes at near-zero net cost to the business — but only when the provider is HRDC-registered and the course code is recognised.

Every nCrypt programme below is HRDC-registered with a valid course code, T3-credentialed trainer and SBL-Khas-ready documentation pack.

Course catalogue

Penetration Testing Fundamentals

5-day hands-on lab covering recon, web, infrastructure and reporting. For internal red-team and SOC analysts.

View details →

Secure Code Review

3-day workshop on OWASP-driven manual and tool-assisted code review across Java, .NET, Python and Node.js.

View details →

Phishing & Social Engineering Awareness

Half-day to full-day end-user awareness with live phishing simulation and Malaysian-context scenarios (Maybank, LHDN, JPJ lures).

View details →

PECB ISO 27001 Lead Implementer

5-day intensive with PECB certification exam. HRDC SBL-Khas claimable. Next intake: June 2026.

View details →

Incident Response Tabletop

Facilitated 1-2 day tabletop exercise tailored to your sector. Outputs: gap report + IR playbook updates.

View details →

PDPA Compliance for SMEs

1-day PDPA 2010 (as amended 2024) compliance bootcamp for Malaysian SMEs. Covers DPO appointment, breach notification, cross-border transfer.

View details →

NACSA Cyber Security Act 2024 Primer

Half-day executive briefing on Act 854, NCII obligations, notification timelines and audit cycle.

View details →

OWASP Top 10 Hands-On

2-day developer-focused workshop with a deliberately vulnerable Malaysian e-commerce app. Live exploitation + secure-coding fix.

View details →

Frequently asked questions

Is nCrypt training HRDC claimable?

Yes. nCrypt is an HRDC-registered training provider and all our public and in-house programmes are claimable under SBL-Khas for HRDF-registered employers. We provide the HRDC course code, T3 trainer credentials and post-training evaluation pack required for claim submission.

Do you run in-house training?

Yes. Most of our enterprise engagements are in-house, delivered on your premises or virtually for distributed teams. We tailor case studies and labs to your sector (FSI, government, healthcare, manufacturing) and your tech stack.

What's the typical class size?

Public intakes are capped at 16 participants to keep labs hands-on. In-house cohorts are typically 8-25 — beyond that, we recommend running parallel cohorts so the lab work doesn't bottleneck.

Do you provide post-training assessments?

Yes. Every technical course includes a hands-on assessment and a written knowledge check. PECB courses (ISO 27001 LI, LA) include the official PECB certification exam at the end of the week. Awareness training includes a follow-up phishing simulation to measure behaviour change, not just knowledge.

Can you certify our internal trainers?

Yes — we run train-the-trainer programmes for organisations standardising on an internal academy model. We can also help you operate a fully white-labelled internal cybersecurity curriculum that maps to your existing competency framework.

Train your team at near-zero net cost

Tell us your sector and team size — we'll send the next-quarter calendar plus a sample HRDC SBL-Khas claim pack.

Request Course Calendar