A 5-week, hands-on mentorship that teaches you how security leaders think, decide, and communicate
so companies actually hire you.
Built from 15+ years securing global enterprises, not textbooks.
5-week live mentorship
Hands-on, no recorded course
Real Azure environment (your own)
Personal cloud security playground
Live attack & defense scenarios
Real attacker thinking, not textbook theory
CV & senior-level interview coaching
Get past ATS filters and impress hiring managers
Ongoing support until your next career milestone
- We stay with you beyond the 5 weeks
- Lifelong access to our private Discord community: connect with fellow alumni, share wins, ask questions, and grow together long after the program end
- Exclusive job opportunities shared directly in the community: positions you won't find on public job boards
Format
Small cohort (max 15)
Application-only
March 26 start
Applying does NOT mean enrolling.
We only accept people we can actually help.
→ You're technical enough to understand systems but not taken seriously in security interviews
→ You're tired of being seen as "the ticket person" instead of the decision-maker
→ You already did the certs, labs, and applications and still get rejected
→ You want architect, manager, or CISO paths, not endless analyst roles
→ You come from business or consulting and want to turn that into a security advantage
15+ years securing global enterprises
Zero major incidents across 150k+ employee environments
Built security from scratch across 4 continents
Real incident response & forensics experience
This program is built from real experience, not theory.
Welcome to
by Pentest School
A Career-Focused Mentorship That Gets Results
Teaching What Companies Need, Not What's in Textbooks
Support Until You Get Hired
For beginners, juniors, and professionals,
We work with you until you land your security role or reach your next career milestone
Here is how it works
You don't need more certifications or training. You need someone who understands exactly where you're blocked and how to break through. Here's how we help based on where you are now.
You've tried: Getting certs. Building home labs. Watching tutorials. Applying to hundreds of jobs.
The problem: You don't know what "thinking like a security professional" actually means. And hiring managers can tell.
We teach you the attacker mindset, defense design, and incident judgment that gets you past HR filters and impresses interviewers.
Your day: Responding to alerts. Clicking "approve" on access requests. Running vulnerability scans. Following procedures someone else designed.
The problem: You're seen as a technician, not a strategist. Senior roles go to people who design systems and influence decisions: skills no one teaches you.
We teach you architecture thinking, business justification, and political navigation that qualify you for Architect, Manager, and CISO positions.
Most candidates fail interviews because they know frameworks but can't think like security professionals. Each phase builds the judgment and instincts that make hiring managers say "this person gets it."
Where most candidates fail: When asked "How would you secure this?", they recite frameworks. When asked "How would you attack this?", they freeze.
Hiring managers instantly know who can actually defend systems vs who memorized textbooks. The attacker mindset isn't taught in courses, it's developed through practice.
You'll learn to spot attack vectors before reading the CVE, explain exploits to executives, and demonstrate security expertise that makes you hireable.
Week 1The gap between junior and senior: Juniors say "add MFA." Seniors explain why MFA alone fails and design defense in depth.
Architecture roles pay 30-50% more because they require systems thinking: understanding how attacks chain, where controls fail, and how to design resilience. This isn't taught in cert courses.
You'll learn to design security that survives real attacks, justify architecture decisions to executives, and qualify for architect-level roles.
Week 2When the breach happens: Theory disappears. Executives demand answers. Legal asks about liability. Ops wants systems back NOW.
Your ability to make decisions under pressure (contain without breaking business, communicate to execs, coordinate teams) determines if you're an asset or a liability. Frameworks don't prepare you for this.
You'll practice incident scenarios that test judgment under chaos, learn what to say (and not say) to stakeholders, and build the confidence that makes companies trust you with critical situations.
Week 3Why smart technical people stay stuck: You find the vulnerability. Recommend the fix. Exec says "not a priority." Nothing changes.
Senior security is about influencing people who don't report to you. Translating risk to business language. Building political capital. Navigating budget cycles. These skills determine who becomes CISO and they're never taught.
You'll learn to speak executive language, build influence across departments, justify security investments, and navigate corporate politics that separate managers from individual contributors.
Week 4Why good candidates don't get interviews: Your CV lists what you did. Hiring managers want to know how you think. Recruiters screen for keywords you don't have.
Getting past ATS filters, showing strategic thinking on paper, answering "tell me about a time..." questions, negotiating offers: these are learnable skills. Most candidates wing it and lose $20K+ per year in salary.
You'll rewrite your CV to pass ATS and impress humans, prepare stories that demonstrate security judgment, practice interview techniques for senior roles, and learn negotiation tactics that increase your offer.
Week 590% of candidates approve this request without adding mitigating controls during interviews, and they fail.
This is the kind of scenario we walk through together. See how attacker thinking separates security professionals from people who memorized compliance checklists.
Theme: Think Like an Attacker
A SaaS vendor asks you to grant them the Azure "User_impersonation" user delegated permission in your Entra ID.
Textbook knowledge says: "OAuth is secure. User delegated permissions are safe."
Attacker thinking asks: "What can go wrong? Who else gets access to this token? What happens if the vendor gets breached?"
We walk through real scenarios like this live in the program.
You'll learn to build attack paths and think in sequences: not memorize answers.
Real cloud. Real attacks. Real experience recruiters care about. This is not a demo: it's hands-on cloud security experience you can confidently talk about in interviews.
Each student receives their own Azure subscription, not a shared sandbox. You will secure real Azure resources (IAM, networking, storage, compute), fix intentional misconfigurations, and harden environments the same way cloud security engineers do in production. Outcome: You gain verifiable cloud security experience, not just theoretical knowledge.
A custom "chaos robot" periodically introduces realistic security flaws into your environment, such as over-permissive IAM roles, exposed services or storage, weak network segmentation, and misconfigured security controls. Other students are allowed to discover and exploit these weaknesses. Outcome: You learn to detect, respond, and recover from attacks under pressure, exactly like in a real cloud security role.
All environments are visible in read-only mode to other students. You will study how others secure their infrastructure, learn multiple defensive approaches to the same problem, and defend your design decisions when vulnerabilities are found. Outcome: You develop security reasoning and communication skills—critical for interviews and real teams.
There is no "reset lab" when something breaks. You must maintain availability while under attack, respond to incidents in real time, and prioritize fixes based on impact and risk. Outcome: You stop thinking like a student and start thinking like a cloud security professional.
By the end of this lab, you won't say: "I learned Azure security."
You'll say: "I've defended a cloud environment against real attacks."
This program is designed around one metric: career traction. Not more theory. Not more certificates. But the skills, judgment, and proof that hiring managers, tech leads, and CISOs actually evaluate.
Learn how security teams actually evaluate candidates through scenarios, trade-offs, and decision-making. You'll practice explaining why you chose an approach, not just what tool you used. Exactly what technical interviews test.
Build skills that map directly to higher pay roles: threat modeling, risk communication, architecture decisions, and business-aligned security. You'll also learn how to articulate your impact in compensation discussions without bluffing or buzzwords.
Move beyond 'task executor' roles by developing the mindset of architects and security leaders. Understand how senior roles think, prioritize, and justify decisions so promotions become a natural next step, not a waiting game.
Work through realistic scenarios drawn from corporate environments: legacy systems, political constraints, incomplete information, and real risk trade-offs. This is the gap most self-taught candidates never cross—and the one companies pay for.
You'll think, decide, and communicate like someone companies trust with real responsibility and that's what separates hired professionals from certificate collectors.
The answers that separate you from dozens of other candidates
"I don't just implement controls — I evaluate whether they're the right controls. In my last project, I recommended against MFA bypass requests not because policy said so, but because the business workflow could be redesigned to eliminate the need entirely."
"I understand threat modeling in real environments — not theoretical scenarios. I've worked through trade-offs where the 'right' answer wasn't viable, and I designed alternatives that reduced risk within constraints."
"I can communicate risk to non-technical stakeholders without fear-mongering or jargon. I've presented to business leaders who initially said 'just make it work' and left understanding why the secure path was also the better business decision."
"I've built hands-on experience you can verify — I've deployed real security controls in Azure environments, responded to simulated incidents, and conducted attack simulations. This isn't theoretical; I can walk you through what I've actually done."
These answers don't sound scripted. They sound experienced.
Because you'll have actually done the work, made the decisions, and learned from real scenarios.
Learn from 15+ years securing global enterprises and creating a Cybersecurty SaaS, not a trainer who's never worked in the field. Get the practical wisdom universities and online courses can't teach.
✗ Memorizing framework acronyms (NIST, CIS, ISO)
✗ Doing fake labs with outdated vulnerabilities
✗ Chasing random certifications recruiters don't care about
✗ Watching 40-hour video courses you'll never finish
You'll work on real scenarios from enterprise environments. Practice decisions that matter. Build judgment that gets you hired.
Only 15 spots. We only accept people we can actually get hired.
Enrollment closes February 26th
Applying does NOT mean enrolling.
We only accept people we can actually help.
1-on-1 Coaching • 5-Week Core + Ongoing Support • Career-Focused
I am completely satisfied, the teaching is very good and many points are covered, bravo and thank you.
Thank you for this very practical and well-explained course.
Training very rich in content and field-oriented. Thank you very much.
The course is clear and gives plenty of information to do small pentests.
Very interesting training. Well explained.
This course is great, it's really the Anglo-Saxon (American) approach, meaning directly pragmatic and practical. I learned several techniques to implement directly. Of course you can complement it with a bit (or more) of theory elsewhere.
Understanding comes gradually, with a lot of courage I will get there. Thank you for your expertise. Hats off!
Yes, this corresponds perfectly, very good approach. I hope it will be updated regularly. Thank you!
This is very well explained and very detailed, I will recommend this course.
Quite complicated but very very well explained. With a lot of work and following the trainer's recommendations one should be able to get very good results.
Common questions about the mentorship program
If you want to do it properly, expect between 4 to 6 hours per week for the personalized assignments and case studies.
Each phase includes approximately 4 hours of group sessions (with Q&A), delivered weekly so you can watch them live or as replays.
This brings us to around 6 to 8 hours of total work per week.
The group sessions run approximately 4 hours, with time allocated for each student's questions and specific challenges. Don't worry if you have to leave early, these are recorded and available as replays almost immediately after they're done.
Yes! And available as replays almost immediately after they are done!
This program works for all levels, from complete beginners to experienced professionals.
Already in security (SOC Analyst, Security Engineer, even Senior roles)? We'll teach you the advanced skills companies need for architect, manager, and CISO positions, expertise you can't get from books or certifications.
Transitioning from IT or just starting? We'll build the practical, job-ready skills hiring managers actually look for. You'll learn what companies need, not just academic theory.
Complete beginner to IT? You'll need extra foundational work, but with the right mindset and commitment, we'll get you there. We've successfully coached people transitioning from completely different fields.
What matters most: Your commitment to doing what it takes to get hired and advance your career.
Most people from business school tell me exactly the same thing. That fear is completely normal — and actually a good sign.
Here's something most people don't tell you:
Cybersecurity is not a "pure technical" field once you go beyond junior roles. The people who struggle long-term are often the most technical, because they can't explain risk, influence decisions, or justify trade-offs.
Your business background is not a weakness. It's exactly what senior security roles require.
I can teach you how systems are attacked and how defenses work. What I can't teach easily is:
You already have that.
The mentorship is not built like a traditional technical course. You're not expected to "already know" things and keep up.
We start from mental models, not tools. Before touching Azure, IAM, or attack paths, we answer:
Technical depth comes gradually, but always in context. You're never learning commands in a vacuum.
In every cohort, we have mixed profiles: engineers who lack business thinking, and business profiles who lack technical exposure. What happens is interesting: the engineers learn how to explain, and business profiles learn how systems really fail.
You won't be compared. You'll be coached based on where you are, not where others are.
Here's how business-school students typically progress:
Week 1–2: You understand how attacks and trust boundaries work even if you can't do everything yet.
Week 3–4: You start reasoning about architecture, trade-offs, and incident decisions.
By the end: You can hold a credible security conversation with engineers and executives which is exactly what companies hire for.
You don't need to be technical to start. You need to be curious, disciplined, and willing to think.
If after the first weeks it's not the right fit, we'll know quickly. But people with business backgrounds usually discover this is where they finally make sense of security.
All communication and Group Sessions will happen on Discord.
The Video Course content and session replays will be available on Teams.
There are 2 sessions per week: one on Saturdays, the other on Sundays.
I'm running 2 time slots each of these days:
- One from 1:30 PM to 5:30 PM CET
- The other from 8:00 PM to Midnight CET
This allows us to cover everyone's availabilities and timezones.
You can join whichever suits you best and watch the replay of the other if you want.
Group sessions will be in English. 1-to-1 sessions can be done in English, French, and Spanish.
A microphone, an internet connection, and optionally a webcam.
For the technical work, just your usual setup, access to a computer where you can practice security concepts. Some phases may benefit from access to cloud environments (Azure, AWS) for hands-on work, but we'll work with what you have available.
We understand that unexpected events occur.
If you happen to miss a session, don't worry, you can watch the replay and we will make time during the next session for you to catch up on your specific assignment.
In the event of multiple absences, we will work together to devise a suitable catch-up plan, provided this benefit is not exploited.
It depends on your starting point, your current role, and how much time you dedicate to applying what you learn.
Some mentees already in security roles have landed Security Architect or Lead positions within 3-6 months of completing the program.
Others transitioning from IT to security took 6-12 months to build the necessary portfolio of thinking, complete certifications, and demonstrate the new mindset in interviews.
In any case, for as long as you do the work, I keep working with you until you reach your goal.
This mentorship is focused on developing the thinking and judgment that makes you effective in real enterprise environments, not on passing specific exams.
However, this mentorship is meant to get you to level-up dramatically in how you think about security.
The capabilities you develop here, attack path analysis, architectural thinking, risk communication, are exactly what make the difference between someone who memorized answers and someone who actually understands security deeply.
Many concepts we cover align with CISSP, Azure Security Engineer, and other certifications, but that's not the primary focus.
During the program, we discuss which certifications actually matter for your specific career goals and when to pursue them strategically.
Absolutely!
While many examples use Azure (because of my extensive experience securing large Azure environments), the mentorship is cloud-agnostic and focuses on universal security principles.
The concepts we cover, identity and access management, defense-in-depth, architectural security, incident response, apply equally to AWS, GCP, on-premise, or hybrid environments.
In fact, understanding security across different platforms makes you more valuable. The framework and thinking patterns transfer completely.
Totally!
Actually, around a third of my past students were in GRC, audit, or compliance roles and wanted to develop deeper technical understanding to be taken seriously in security discussions.
It's very likely that you understand policies and frameworks without deeply thinking about the actual attack scenarios and technical implementation, or how attackers bypass the controls you audit.
The mentorship is there to bridge that gap and allow you to move forward with both compliance knowledge AND technical security thinking. This combination is incredibly powerful and rare.
Additionally, this will likely help you command higher compensation and respect in technical discussions.
Because I've been successfully applying this formula with enterprise security for over 15 years.
Because I went from Web developer → SAP business analyst → IT auditor → security analyst to architecting security for global organizations serving 70 countries and creating a SaaS cybersecurity business with dozens of enterprise clients using this exact thinking process
Because I have more than enough real-world results, three global SAP deployments secured, six years protecting one of Europe's largest M365/Azure environments with zero breaches, to prove the approach works, and I share these principles in total transparency.
Because very little to no other mentorship online focuses on that other 50% of the security job, the architecture, influence, strategic thinking, and business enablement that actually gets you promoted.
Because this is not a fixed course you can find elsewhere. What I teach you is specifically adapted to YOUR environment, YOUR challenges, YOUR career goals. The OAuth case study you saw? That's just one example. Your assignments will be tailored to the gaps in your current thinking and the specific scenarios you'll face in the roles you're targeting.
The goal is not to teach things you can learn from YouTube, Udemy, or certification boot camps.
The goal is to develop the judgment, architectural thinking, and strategic influence that takes most people 15+ years to figure out, and to do it in a way that directly applies to your day-to-day reality.
Still don't trust me? Have a look at what students actually say about the transformation in their thinking and careers.
Most training teaches you tools, techniques, and certifications. You can get that anywhere.
This mentorship teaches you how to think like someone who has architected security for 100+ enterprise applications across 70 countries.
- Most courses teach you what to do. This teaches you why, when, and how to influence others to do it.
- Most courses give you fixed labs. This gives you real scenarios adapted to your actual environment.
- Most courses prepare you for exams. This prepares you for the conversations that get you promoted.
I don't create courses that exist elsewhere on the market. If you can learn it from a certification or YouTube, I won't waste your time teaching it.
What I teach is the invisible knowledge, the architectural intuition, the attack path thinking, the political navigation, that separates someone stuck at analyst level from someone who becomes a trusted security authority.