HRDC SBL-Khas Claimable

Cybersecurity Training for Malaysian Teams

HRDC-claimable, hands-on, Malaysia-contextualised. From end-user awareness to PECB Lead Implementer — taught by CREST member-firm practitioners, not slide-readers.

Request Course Calendar Talk to an Expert

Training tracks

Four specialist tracks — browse by discipline or mix and match for a customised in-house programme.

Red Team

Offensive Security

CEH, CPTE, OSCP Prep, CRTP, Burp Suite, Bug Bounty

Browse courses →

Blue Team

Defensive Security

Security+, SOC Analyst, IR Practitioner, Forensics, GCFA

Browse courses →

GRC

Governance & Compliance

ISO 27001 LI/LA, CISM, CISA, PDPA Officer, RMiT Workshop

Browse courses →

Cloud

Cloud Security

CCSK, CCSP, AWS Security Specialty, Azure AZ-500, DevSecOps

Browse courses →

Corporate

In-House & Corporate Training

Bespoke cohorts of 5+ delivered at your premises or virtually. Custom labs, HRDC claim support, white-label available.

Why HRDC matters

HRD Corp's Skim Bantuan Latihan (SBL-Khas) lets HRDF-registered Malaysian employers claim back training spend directly from their levy account. For cybersecurity programmes, that often means high-value, structured training comes at near-zero net cost to the business — but only when the provider is HRDC-registered and the course code is recognised.

Every nCrypt programme below is HRDC-registered with a valid course code, T3-credentialed trainer and SBL-Khas-ready documentation pack.

Course catalogue

Penetration Testing Fundamentals

5-day hands-on lab covering recon, web, infrastructure and reporting. For internal red-team and SOC analysts.

View details →

Secure Code Review

3-day workshop on OWASP-driven manual and tool-assisted code review across Java, .NET, Python and Node.js.

View details →

Phishing & Social Engineering Awareness

Half-day to full-day end-user awareness with live phishing simulation and Malaysian-context scenarios (Maybank, LHDN, JPJ lures).

View details →

PECB ISO 27001 Lead Implementer

5-day intensive with PECB certification exam. HRDC SBL-Khas claimable. Next intake: June 2026.

View details →

PECB ISO 27001 Foundation

3-day entry-level ISMS course for compliance officers, IT managers and project teams. PECB exam included. Next intake: July 2026.

View details →

CPTE — Certified Penetration Testing Engineer

5-day Mile2 CPTE prep with full cyber-range labs and exam included. For aspiring pentesters and IT pros transitioning to security. Next intake: August 2026.

View details →

CCSK — Cloud Security Knowledge

2-day Cloud Security Alliance CCSK exam prep aligned to CCM v4. Vendor-neutral, for cloud architects and DevSecOps engineers.

View details →

Secure Coding for Developers

OWASP Top 10 deep dive with language-specific labs (Java, .NET, Node.js, Python). 2-day core + 1-day stack lab. HRDC claimable.

View details →

Incident Response Tabletop

Facilitated 1-2 day tabletop exercise tailored to your sector. Outputs: gap report + IR playbook updates.

View details →

PDPA Compliance for SMEs

1-day PDPA 2010 (as amended 2024) compliance bootcamp for Malaysian SMEs. Covers DPO appointment, breach notification, cross-border transfer.

View details →

NACSA Cyber Security Act 2024 Primer

Half-day executive briefing on Act 854, NCII obligations, notification timelines and audit cycle.

View details →

OWASP Top 10 Hands-On

2-day developer-focused workshop with a deliberately vulnerable Malaysian e-commerce app. Live exploitation + secure-coding fix.

View details →

Frequently asked questions

Is nCrypt training HRDC claimable?

Yes. nCrypt is an HRDC-registered training provider and all our public and in-house programmes are claimable under SBL-Khas for HRDF-registered employers. We provide the HRDC course code, T3 trainer credentials and post-training evaluation pack required for claim submission.

Do you run in-house training?

Yes. Most of our enterprise engagements are in-house, delivered on your premises or virtually for distributed teams. We tailor case studies and labs to your sector (FSI, government, healthcare, manufacturing) and your tech stack.

What's the typical class size?

Public intakes are capped at 16 participants to keep labs hands-on. In-house cohorts are typically 8-25 — beyond that, we recommend running parallel cohorts so the lab work doesn't bottleneck.

Do you provide post-training assessments?

Yes. Every technical course includes a hands-on assessment and a written knowledge check. PECB courses (ISO 27001 LI, LA) include the official PECB certification exam at the end of the week. Awareness training includes a follow-up phishing simulation to measure behaviour change, not just knowledge.

Can you certify our internal trainers?

Yes — we run train-the-trainer programmes for organisations standardising on an internal academy model. We can also help you operate a fully white-labelled internal cybersecurity curriculum that maps to your existing competency framework.

Train your team at near-zero net cost

Tell us your sector and team size — we'll send the next-quarter calendar plus a sample HRDC SBL-Khas claim pack.

Request Course Calendar