Resilience under complexity
Research, test, fail, fix, document, try again. The reflexes that separate working engineers from people who took a course.
European Bachelor
Cybersecurity
- FEDE-Accredited
- 26 months
- 180 ECTS
- +5,000 coding hours
The credential
A real degree. Real engineering. Built for what's next.
Most tech training ends with a certificate. Holberton takes you further: a FEDE European Bachelor at EQF Level 6, designed to give your skills academic weight and international readability.
You graduate with more than proof of attendance. You leave with a recognised qualification, real engineering experience, and the practical skills employers are actively looking for.
Curriculum
Three periods. One bachelor.
Three intensive periods. Each builds on the last.
Systems & Tooling
Period 1 · Engineering foundations
From your first line of C to your first deployed pipeline.
Master the foundations every working engineer is expected to know — the command line, version control, low-level programming, and the mental model of how a computer actually runs your code.
Learning Objectives
- Navigate Linux and the shell with confidence — files, permissions, redirection, scripting.
- Write programs in C, manage memory by hand, and debug at the pointer level.
- Collaborate through Git and GitHub — branches, merges, conflicts, pull requests.
- Build modular C programs that compile cleanly and pass strict style checks.
- Manipulate core data structures: linked lists, stacks, queues, trees.
Technologies
- C
- GCC
- Linux
- Bash
- Git
- GitHub
- Make
- Valgrind
Key Projects
-
_printf
Reimplement C's printf from scratch, in pairs.
-
Shell
Build your own Unix shell that executes commands and pipes.
-
AirBnB clone (console)
Command-line storage engine and object model.
Full-Stack Web Architecture
Period 1 · Engineering foundations
Design and build secure, end-to-end web applications.
Architect software the way a real engineering team would. Model the system, build the backend, secure the data, and serve it through a working web client.
Learning Objectives
- Model software systems with UML — package, class, and sequence diagrams.
- Build secure REST APIs in Python and Flask with JWT authentication and role-based access.
- Design relational schemas and persist data through SQLAlchemy.
- Develop standards-compliant web clients that consume APIs and manage sessions.
- Diagnose multi-language defects, write tests, and document code professionally.
Technologies
- Python
- Flask
- SQLAlchemy
- MySQL
- JWT
- HTML5
- CSS3
- JavaScript
- UML
Key Projects
-
AirBnB clone (web)
Full-stack rebuild: API, database, authentication, frontend.
-
HBnB Evolution
Architect and document a layered system with UML before writing code.
Resilient Delivery & Infrastructure
Period 1 · Engineering foundations
Ship software that survives contact with production.
Take the leap from 'it works on my machine' to 'it runs reliably for thousands of users.' Containers, networking, deployment, and the operational thinking that makes software resilient.
Learning Objectives
- Type complex backends with TypeScript and build maintainable Node.js services.
- Coordinate asynchronous workflows with Promises and concurrency patterns.
- Containerize applications with Docker and orchestrate them with Compose.
- Reason about web infrastructure — DNS, load balancers, redundancy, monitoring.
- Present and defend a complete software delivery as a portfolio-grade project.
Technologies
- TypeScript
- Node.js
- Express
- Docker
- Docker Compose
- Nginx
- Linux Networking
Key Projects
-
Pagination engine
Deletion-resilient pagination for production-scale datasets.
-
Containerized multi-tier app
Reverse proxy, load-balanced services, full Compose stack.
-
End-of-period portfolio
Documented, deployed, and presented to a jury.
Reconnaissance & Web Vulnerabilities
Period 2 · Cybersecurity
Map the attack surface. Break the web. Then harden it.
Step into the offensive mindset. Discover hosts, enumerate services, and exploit the OWASP Top 10 in a sandboxed environment — then turn the same tools on Linux to harden access controls and credentials.
Learning Objectives
- Run live host discovery and passive reconnaissance with Nmap, whois, DNS, and Shodan.
- Capture and analyse network traffic with Wireshark across the OSI stack.
- Exploit OWASP Top 10 web vulnerabilities — injection, XSS, broken access control, file upload bypass — using BurpSuite.
- Discover hidden endpoints with Gobuster, ffuf, and dirb, and weaponise the findings.
- Audit Linux access controls (permissions, SUID/SGID, SELinux) and crack weak hashes with John the Ripper and hashcat.
Technologies
- Nmap
- Wireshark
- BurpSuite
- Gobuster
- ffuf
- Shodan
- SELinux
- John the Ripper
- hashcat
Key Projects
-
Reconnaissance lab
Full discovery workflow: Nmap scans, passive enumeration, hash cracking on captured credentials.
-
OWASP exploitation suite
Manual and tool-assisted exploitation of injection, XSS, and file upload flaws in a sandboxed app.
-
Linux hardening audit
Permission audit, SELinux policy enforcement, and credential strength remediation.
Advanced Exploitation & Active Directory
Period 2 · Cybersecurity
Take down the enterprise. Then learn to defend it.
Move from one-off exploits to enterprise-scale attack chains. Bypass filtering with advanced Nmap scripting, write custom Metasploit modules, and walk an Active Directory domain end-to-end — from reconnaissance to Domain Admin to hardening.
Learning Objectives
- Run advanced Nmap scans (NULL/FIN/Xmas/Maimon) and bypass perimeter filtering.
- Exploit IDOR, file inclusion, command injection, and SSRF to validate access control failures.
- Scan with Nessus, prioritise by CVE/CVSS, and build custom Metasploit modules.
- Enumerate Active Directory with LDAP, BloodHound, and PowerShell — then chain kerberoasting, NTLM relay, and pass-the-hash to Domain Admin.
- Harden AD with Group Policy, LAPS, SMBv1 deprecation, and SIEM log aggregation.
Technologies
- Nmap
- Metasploit
- Nessus
- BloodHound
- LDAP
- PowerShell
- hashcat
- Wazuh
- ELK
Key Projects
-
SSRF & vulnerability assessment
Exploit SSRF, run Nessus, and document CVE-prioritised findings.
-
Active Directory attack chain
Enumerate with BloodHound, execute kerberoasting and pass-the-hash, reach Domain Admin.
-
Custom Metasploit module
Write and verify an auxiliary, exploit, or post-exploitation module end-to-end.
Privilege Escalation, Reverse Engineering & European Modules
Period 2 · Cybersecurity
Inside the binary. Inside the law. Inside the credential.
Escalate privileges across Linux and Windows, reverse-engineer compiled binaries and malware, and learn the governance frameworks that turn raw security work into auditable practice — alongside the European credentials that make this a recognised bachelor.
Learning Objectives
- Escalate privileges on Linux (kernel CVEs, SUID, cron, weak PATH) and Windows (service abuse, DLL hijacking, registry) and deploy persistence.
- Reverse engineer binaries with Ghidra, IDA Pro, GDB, and x64dbg — then map malware behaviour to MITRE ATT&CK.
- Defeat anti-analysis defences using symbolic execution and Z3 SAT solvers.
- Apply ISO 27001/27002, NIST SP 800-61, and GDPR to vulnerability disclosure, incident response, and breach notification.
- Achieve A2 proficiency in a second European language and complete the European citizenship module.
Technologies
- Ghidra
- IDA Pro
- GDB
- x64dbg
- Z3
- MITRE ATT&CK
- ISO 27001
- NIST SP 800-61
- GDPR
Key Projects
-
Privilege escalation lab
Linux and Windows escalation chains with documented exploitation steps and proof of root/SYSTEM.
-
Reverse engineering & malware analysis
Static and dynamic analysis of binaries, mapped to MITRE ATT&CK with sandboxed indicators.
-
Governance case study
Vulnerability disclosure plan and GDPR-aligned incident response workflow.
Algorithmic Mastery
Period 3 · Mastery and portfolio
The algorithms and data structures that come up in every senior interview.
Sharpen the algorithmic thinking that separates a junior who can ship from a junior who gets hired. Big-O reasoning, advanced data structures, and the discipline to deliver under constraints.
Learning Objectives
- Select and justify algorithmic paradigms: greedy, divide-and-conquer, backtracking.
- Implement and manipulate advanced data structures: AVL trees, heaps, skip lists.
- Analyze time and space complexity with Big-O notation and refactor for performance.
- Deliver production-grade code under explicit constraints (restricted calls, memory bounds).
- Defend algorithmic decisions in technical interview-style oral exams.
Technologies
- C
- Python
- Node.js
- Big-O Analysis
- Algorithm Design
Key Projects
-
Advanced data structures
Build AVL trees, heaps, and skip lists in C.
-
Algorithmic challenge set
Solve interview-grade problems under timed constraints.
-
Mock technical interview
Defend two random projects orally to a panel.
Cybersecurity Portfolio Project & Defence
Period 3 · Mastery and portfolio
Pick a track. Build the proof. Defend it to the panel.
The capstone. Choose Red, Blue, Purple, or CTI — then scope, build, and defend a four-week cybersecurity engagement. The project that goes on your CV and into every interview after graduation.
Learning Objectives
- Scope a four-week engagement on a chosen track (CTI, Blue, Red, or Purple) with weekly milestones.
- Architect track-specific tooling — OpenCTI, MISP, ELK, Wazuh, Cuckoo, YARA, Sigma, GoPhish, Caldera, Atomic Red Team.
- Apply ethical and legal discipline: authorised labs, documented consent, sandboxed sensitive data.
- Produce portfolio-grade artefacts: repository, architecture diagram, threat model, findings report, reproducible logs.
- Defend the project in a final demo and oral evaluation — design choices, attacker/defender trade-offs, panel Q&A.
Technologies
- OpenCTI
- MISP
- ELK
- Wazuh
- Cuckoo
- YARA
- Sigma
- GoPhish
- Caldera
- Atomic Red Team
Key Projects
-
Cybersecurity capstone
A four-week, track-aligned cybersecurity project, deployed and defended to a jury.
Professional Practice & European Modules
Period 3 · Mastery and portfolio
From graduate to hire.
The bridge between the bachelor and your first role. Workplace practice, intercultural management, advanced language proficiency — and the professional habits employers screen for.
Learning Objectives
- Reach B1 proficiency in a second European language, in writing and speaking.
- Apply intercultural management principles to real workplace scenarios.
- Maintain professional conduct, attendance, and digital security across the program.
- Deliver original work and meet program milestones reliably.
- Communicate technical decisions to non-technical stakeholders.
Technologies
- English (Required)
- Second European Language
- Professional Workflows
Key Projects
-
Language proficiency exam (B1)
Written and oral, in your chosen European language.
-
Intercultural management assessment
Online MCQ on the FEDE reference framework.
-
Continuous professional review
80%+ professional score across the period.
How you learn
Train in the conditions of the job. Not in theory.
Software engineering is fast-paced, demanding, and constantly evolving. We train you for that reality from day one — not after.
Real autonomy
You learn to mobilize resources, structure your approach, ask for help effectively, and progress without waiting for a lecture.
Professional reflexes
Working with constraints. Delivering outcomes. Maintaining quality. Communicating technical choices. The job, not the simulation.
Adapting to change
Exposure to varied problems and contexts. You learn to evolve with tools and methods, not depend on a single technology.
Outcomes
Built for the job. Ready for the role.
Roles our graduates apply for:
- SOC Analyst
- Penetration Tester
- Vulnerability Analyst
- Incident Response Analyst
- Security Engineer
- Network Security Analyst
- IT Security Auditor / Compliance Analyst
How to join
Two paths in. One bachelor out.
We accept students through two routes. Both lead to the same European Bachelor.
Choose the one that fits your background.
You're ready if…
- You're 16+
- You can study full-time in English
- You're ready to commit two intensive years.
- You're more curious than credentialed.
- You want a degree and the skills to use it.
Path 1
Standard admissionApplicant with HSC, Baccalauréat, or equivalent minimum
- Apply online
- Motivation interview
- Welcome pack & enrollment
- Day one: you build
Path 2
Entry testApplicant without HSC or Baccalauréat
- Apply online
- Entry test (logic, problem-solving, basic programming)
- Motivation interview
- Welcome pack & enrollment
- Day one: you build
Start your application.
Thanks,
for your application
We'll contact you shortly.
We typically respond within 48 hours. Or call us directly: +230 5259 3052.
Questions
Things parents and applicants ask.
Is the Bachelor taught in English?
Yes. All instruction, projects, and materials are in English. We require a B2 minimum English level (C1 is comfortable) — this prepares you for the international tech industry, where English is the working language.
Is the European Bachelor recognized in Mauritius?
Yes. The degree is awarded by FEDE (Fédération pour l'Éducation en Europe), positioned at EQF Level 6 and internationally recognized. We can provide formal documentation on request.
How does this compare to a Mauritian university degree?
Different model. Local universities focus on lectures, exams, and theory across three or four years. Holberton focuses on projects, peer collaboration, and shipping real software across two intensive years. The credential is European, the degree is at the same EQF level (Level 6), and the practical experience is incomparable.
What can my child do after the Bachelor?
Two paths: enter the workforce as a junior engineer (most graduates worldwide), or continue to a Master's program in Europe or Mauritius using the 180 ECTS earned.
What does a typical week look like?
Five days a week on campus, 8:30 to 15:00 — project work, peer collaboration, and code review. After campus, students continue building independently. The program is full-time and intensive.
What's the campus like?
Our campus is at 17 Lislet Geoffroy Street in Port Louis. Modern facilities built for project-based learning. We welcome on-site visits — book one through our contact form.
What if my child doesn't have a tech background?
Most Holberton students don't, when they start. The Bachelor is built for committed beginners as much as for experienced builders. What matters is curiosity and the willingness to build.
What does the application timeline look like?
Apply any time. We respond within 48 hours, then schedule the motivation interview (and entry test, if applicable) within 1–2 weeks. From application to enrollment is typically 3–4 weeks. Cohort start dates are published on the application form.