Built around the certifications employers already recognise.
Pamoja Cyber Academy maps every phase, lab and phase exam to the publicly published exam objectives of CompTIA Security+, CompTIA CySA+, EC-Council CEH and ISC2 Certified in Cybersecurity.
We are an independent prep platform, not affiliated with any vendor. Sit your exam with the official body.
Target certifications
Four globally-recognised exams. One programme.
Pick the credential most relevant to your career stage. Many learners stack ISC2 CC → Security+ → CySA+ over 9-12 months. CEH suits learners who want a clearly offensive-leaning track.
The fastest, most affordable entry credential — ISC2 currently offers it free to first-time candidates. Ideal first stop for Adrian and any new bursary intake.
- Audience
- Career-changers and graduates entering cybersecurity
- Format
- 100 multiple-choice · 2 hours · 700/1000 pass mark
- Approx. exam fee
- USD 50 with One Million Certified Cyber pledge
Globally the most commonly required entry-to-associate cybersecurity certification on job adverts. Our 4-phase programme covers all 5 SY0-701 domains.
- Audience
- SOC Analysts, IT Auditors, Junior Pen-testers
- Format
- Up to 90 questions (multiple-choice + performance) · 90 min · 750/900 pass mark
- Approx. exam fee
- USD 392 (vouchers from USD 295 via partners)
A natural step up from Security+ for analysts focused on threat detection, behaviour analytics and incident response. Strong fit for Phases 2-4.
- Audience
- SOC Analyst Tier 2 / Threat Hunter / Detection Engineer
- Format
- Up to 85 questions · 165 min · 750/900 pass mark
- Approx. exam fee
- USD 404
EC-Council’s flagship for ethical hacking with strong recognition by SA enterprises and government. Phase 2 (MIT Offensive Security) is the spine of CEH preparation.
- Audience
- Pen-testers, Red-teamers, Security Analysts moving offensive
- Format
- 125 multiple-choice · 4 hours · 70 % cut score
- Approx. exam fee
- USD 1,199 (eligibility application required if self-study)
Coverage matrix
Every phase, every objective.
The four phases of the Pamoja pathway map onto the published objective domains of each target exam. Use the matrix below as a study planner.
PHASE 1
CMU Network Defense
- Domain 4 — Network Security: secure design principles, firewall types, segmentation
- Domain 1 — Security Principles: CIA triad, defence in depth, access control concepts
- 1.0 General Security Concepts: control categories, defence in depth
- 4.1 Apply common security techniques to computing resources: firewalls, segmentation
- 4.5 Modify enterprise capabilities to enhance security: SIEM, IDS/IPS tuning
- 1.0 Security Operations: log ingestion, baseline establishment, indicators of compromise
- Module 12 — Evading IDS, Firewalls, and Honeypots
- Module 18 — IoT and OT Hacking concepts (defensive perspective)
PHASE 2
MIT Offensive Security
- Domain 4 — Network Security: threats and attacks (recon, scanning, DoS)
- 2.4 Threats, vulnerabilities and mitigations: enumeration, scanning, vuln management
- 5.5 Implement security awareness practices: red-team rules of engagement
- 2.0 Vulnerability Management: scanning, prioritisation, vulnerability response
- 1.4 Compare and contrast threat-intelligence and threat-hunting concepts
- Module 03 — Scanning Networks (Nmap, vulnerability scanning)
- Module 04 — Enumeration
- Module 05 — Vulnerability Analysis
- Module 06 — System Hacking (red-team methodology)
- Module 14 — Hacking Web Applications (intro level)
PHASE 3
SANS Incident Response
- Domain 2 — Business Continuity, DR & Incident Response: incident response lifecycle
- 4.8 Explain incident response activities: PICERL lifecycle, evidence handling
- 4.9 Use data sources to support investigations: log correlation, IoC pivoting
- 3.0 Incident Response & Management: detection, containment, eradication, recovery
- 3.4 Explain the preparation and post-incident phases of the lifecycle
- Module 02 — Footprinting & Reconnaissance (incident analysis from defender side)
- Module 11 — Session Hijacking & forensics handling
PHASE 4
NIST Governance
- Domain 5 — Security Operations: data security, secure configuration, hardening
- Domain 3 — Access Controls Concepts: identity governance, least-privilege, IAM
- 5.1 Effective security governance: policy, standards, procedures
- 5.2 Risk management process
- 5.4 Effective security compliance: NIST CSF, frameworks
- 4.0 Reporting & Communication: stakeholder reports, metrics, KPI dashboards
- Module 19 — Cryptography concepts (governance & key management)
- Module 20 — Cloud computing security