5-Day Instructor-Led Programme
The XNDS Certification Programme is the practitioner standard for network and cloud defence specialists who design, implement, and validate defensive security architectures across enterprise, hybrid, and multi-cloud environments. Assessed on Day 6 through a supervised network hardening design and zero trust architecture review — no multiple choice, no exam.
Duration
5 Days
Price
$4,995
Perimeter-based security is gone. Enterprise networks are hybrid, multi-cloud, and permanently exposed. The defender who can only configure a firewall and monitor SIEM alerts is not equipped for the threat landscape organisations face today. XNDS is built for professionals who design and validate the defensive architecture — not just operate within it.
Across six instructor-led days, participants build capability from network security foundations through zero trust architecture design, cloud security controls across AWS, Azure, and GCP, endpoint hardening, identity and access management security, network segmentation validation, and defensive toolstack design. Every session challenges participants to design controls against real adversary techniques, informed by MITRE ATT&CK and validated against international frameworks.
On Day 6, participants design and present a network and cloud defensive architecture for a simulated enterprise environment, incorporating zero trust principles, micro-segmentation, identity governance, and cloud security controls. The senior practitioner reviews architectural soundness, threat coverage, and control justification. XNDS certificate and Practitioner Assessment Report issued together. Aligned with NCSC Zero Trust Architecture Principles, NIST SP 800-207, CIS Controls v8, NCSC Cloud Security Principles, and NIST CSF 2.0.
Hands-on firewall and IDS/IPS rule configuration, zero trust architecture design exercises, cloud security control implementation (AWS/Azure/GCP), network segmentation validation, and endpoint hardening labs.
Mentor-led sessions covering NCSC Zero Trust Architecture principles, UK government cloud security requirements, and the practical trade-offs in defensive architecture design for real enterprise environments.
Design and validate defensive network and cloud security architectures incorporating zero trust principles, aligned to NCSC, NIST, and CIS Controls frameworks, and communicate architecture decisions to technical and leadership audiences.
Design enterprise network security architectures incorporating defence in depth, microsegmentation, and zero trust principles aligned to NCSC and NIST 800-207
Implement and validate cloud security controls across AWS, Azure, and GCP against NCSC Cloud Security Principles and CSA CCM
Configure and harden network security controls including next-generation firewalls, IPS, DNS security, and endpoint protection
Evaluate identity and access management security including PAM, MFA, conditional access, and non-human identity governance
Assess cloud security posture using CSPM tooling and design remediation roadmaps aligned to NCSC 14 Cloud Principles
Validate defensive architectures through purple team exercises mapped to MITRE ATT&CK v14 and CIS Controls v8
Minimum 12 months in a network security, cloud security, or infrastructure engineering role
Working knowledge of TCP/IP networking, firewall concepts, and at least one cloud platform (AWS, Azure, or GCP)
Basic familiarity with security monitoring concepts: SIEM, IDS/IPS, or EDR
Organized by professional domains with comprehensive coverage
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Credential
On successful completion of Xcademia Network & Cloud Defence Specialist, learners receive an Xcademia Certificate of Completion. This standalone certificate is issued directly by Xcademia and recognised by employers across the UK defence and security sector.
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
CND is a 5-day course followed by a 100 multiple choice exam. XNDS is 6 instructor-led days culminating in a supervised network and cloud defensive architecture design assessment on Day 6. Participants design real security architecture against real threat scenarios — not answer MCQ questions. XNDS also covers zero trust architecture and cloud security controls that CND does not address at depth.
Take the next step in your professional development