PRINCE2® Foundation (7th edition)

NB! The last registration day is 14.09.2026

Within the course, we offer the opportunity to master the latest version of PRINCE2® – the 7th edition, enhanced with more contemporary tools, technologies, and processes for all types of projects. PRINCE2® 7th edition Foundation-level training lasts for 3 days and is suitable for anyone looking to start or further their career in project management using a modern and internationally recognized method.

During the training, participants will gain an understanding of the method’s key processes, principles, and themes to ensure that project management aligns with all 21st-century standards and requirements.

Course target

Gain a comprehensive understanding of project management principles developed in accordance with the PRINCE2® 7th edition methodology. The training includes preparation for the PRINCE2® 7th edition Foundation-level certification exam.

PRINCE2® is a registered trademark of AXELOS Limited.

Audience

Existing and aspiring project managers.

Other employees involved in project development and implementation, including:

  •   Project board members;
  •   Team leaders;
  •   Project assurance roles (such as business change analysts);
  •   Project support roles (project and program office staff);
  •   Operational managers/staff.

Course outline

  • Introduction to PRINCE2®;
  • Overview of PRINCE2® project management;
  • People;
  • Organization;
  • Starting a project;
  • Business justification;
  • Plans;
  • Quality;
  • Risk;
  • Controlling a stage and managing product delivery;
  • Managing stage boundaries;
  • Challenges;
  • Progress;
  • Closing a project;
  • Directing a project;
  • Course review.

At Course Completion

  • Understand key concepts related to projects and the PRINCE2® 7th edition methodology;
  • Understand PRINCE2® 7th edition principles, themes, processes;
  • Understand the importance of the human factor in successful project management;
  • Understand practical application of PRINCE2® 7th edition throughout the project lifecycle.

Prerequisites

No preconditions are necessary, but experience in project management is preferred.

Training materials

Participants will receive PeopleCert official training material and a preparation test for the exam.

Certification Exam

PRINCE2 Foundation Certification Exam (exam fees are already included in the training price).

Reseller Statement:
“The PRINCE2® Foundation (7th edition) course is provided by Baltijas Datoru Akadēmija, an ATO of PeopleCert.”

Acknowledgement Statement:
“PRINCE2®is a registered trademark of the PeopleCert group. Used under licence from PeopleCert. All rights reserved.”

Õppekavarühm: 0613 Tarkvara ja rakenduste arendus ning analüüs.

SQL Fundamentals

NB! The last registration day is 31.08.2026

This 3-day SQL Basics course is suitable for those with little prior knowledge. It teaches about the structure and operating principles of SQL databases, Familiarizes participants with the main SQL commands and functions and practically teaches them how to create simple SQL requests.  (veel …)

VMware Cloud Foundation: Build, Manage, and Secure [V9.0]

This five-day course provides you with the knowledge, skills, and abilities to achieve competence in deploying, managing, operating and securing private cloud using VMware Cloud Foundation® (VCF). You will learn about the architecture of VCF, storage and network management, licensing, and certificates. In addition to workload domains, availability, and life cycle management, the course also covers upgrade scenarios.

(veel …)

VMware Cloud Foundation: Build, Manage, and Secure [V9.0]

This five-day course provides you with the knowledge, skills, and abilities to achieve competence in deploying, managing, operating and securing private cloud using VMware Cloud Foundation® (VCF). You will learn about the architecture of VCF, storage and network management, licensing, and certificates. In addition to workload domains, availability, and life cycle management, the course also covers upgrade scenarios.

(veel …)

SQL andmete puhastamiseks ja andmeanalüüsiks koos generatiivse tehisaru (AI) mooduliga

Koolituse eesmärk: Kolmepäevase praktilise koolituse tulemusel, saavad osalejad teadmised SQL päringukeele olemusest, dialektitest. Samuti praktilised oskused kasutada SQL funktsioone andmete puhastamiseks ja analüüsiks. Lisaks teadmised tehisaru (AI) olemusest ning kasutamisest SQL päringute kirjutamiseks.

Koolituse eduka läbimise korral on osalejal ettevalmistus  Hackerrank SQL Basic sertifikaat eksami sooritamiseks.

Sihtrühm ja eelteadmised: Koolitusele on oodatud kõik, kes soovivad arendada oma teadmisi ja oskusi andmebaasidest päringute tegemiseks. Osalejal peavad olema eelnevalt keskmised oskused arvuti käsitlemisel ning varasem kogemus andmete töötlemisega (nt Excel, Power BI, Tableau vms).

Õppevahendid: Arvuti, millel on õigused rakenduste installeerimiseks ja seadistamiseks. Kursuse käigus kasutatakse vabalt kättesaadavaid tarkvarasid: XAMPP ja Visual Studio Code.

Osalejal, kellel puudub vajalik õppevahend, on võimalus see BCS Koolituselt rentida. Palume sellest koolitusettevõtet eelnevalt teavitada.

Programm:
I koolituspäev 22.10.2026
Moodul 1 – Andmebaasid ja SQL päringukeel (2 ak h)

  • Seminar, mis annab ülevaate andmebaaside ning SQL päringukeele olemusest, põhitõdedest ning kasutamise parimatest tavadest.

Moodul 2 – Kohaliku andmebaasi üles seadmine, sellega ühendumine ning andmete üles laadimine (2 ak h)

  • Praktikum, mille käigus seatakse üles kohalik andmebaas ning laetakse üles andmed.

Moodul 3 – Andmete kvaliteedi kontroll ja puhastamine (5 ak h)

  • Praktikum, mille käigus tehakse läbi terviklik andmete kvaliteedi kontrolli ja puhastamise protsess näidisandmestiku põhjal. Kasutatavad käsud: SELECT, DISTINCT, COUNT, MIN, MAX, AVG, LENGTH, CASE WHEN, CAST, ORDER BY, WHERE, CREATE TABLE.

II koolituspäev 23.10.2026
Moodul 4 – Andmeanalüüs (5 ak h)

  • Seminar, mille käigus vaadatakse üle tabelite ühendamise loogika.
  • Praktikum, mille käigus vastatakse küsimustele näidisandmestiku põhjal. Kasutatavad käsud: AVG, SUM, ROUND, GROUP BY, WITH (CTE), alampäringud.

Moodul 5 – Tehisaru (AI) tugi SQL päringute loomisel (4 ak h)

  • Seminar, mille käigus tutvustatakse generatiivse tehisaru (AI) olemust, eri töövahendeid ning mudeleid.
  • Praktikum, mille käigus kasutatakse tehisaru (AI) SQL päringute loomiseks ning tulemuste tõlgendamiseks.

III koolituspäev 29.10.2026
Moodul 6 – SQL – Case Study (9 ak h)

  • Seminar, mille käigus osalejad saavad vastused vahepeal tekkinud küsimustele.
  • Praktikum, mille käigus tehakse läbi terviklik andmete puhastamise ja andmeanalüüsi projekt.

Õppemeetodid: Õppetöös saab osaleda klassiruumi tulles või liitudes koolitusega läbi veebikeskkonna Zoom.

Koolituse maht on 27 akadeemilist tundi sh 7 akadeemilist seminari ning 20 akadeemilist tundi praktikumi.

Hindamismeetod: Praktiliste harjutuste sooritamine koolituse käigus.

Hindamiskriteerium: Õpiväljundite saavutamist hinnatakse koolituse ajal läbi viidud tagasisidestatud praktiliste harjutuste põhjal.

Koolituse lõpetamine: Koolituse lõpetaja saab tunnistuse, kui sooritab kõik koolituse jooksul antud praktilised harjutused.  Osalejatele, kes õpiväljundeid saavutanud ei ole, väljastatakse soovi korral tõend koolitusel osalemise kohta.

Hind sisaldab: Kohvipause koolituskeskuses ja ühiseid lõunasööke.

Õppekavarühm: 0613 Tarkvara ja rakenduste arendus ning analüüs

Hands-on Hacking Advanced (HOHA)

Hands-on Hacking Advanced (HOHA) is a follow-up course to our Hands-on Hacking Essentials (HOHE)training.

Target audience: System administrators, information security specialists and -managers and any other IT personnel that is not afraid of the shell or command prompt.

Pre-requisites : Prior HOHE participation is required to take this course to ensure minimum same level of participants.

Training methods: Trainers will engage participants with lectures, live attack demonstrations and practical examples followed by individual hands-on exercise scenarios. Training is interactive,
practical, and besides active participation also full of attack stories that help to change the perspective and understanding of real life security threats.

Ideology of this training: The main differences between hacking and penetration testing are the intent and (imposed) limitations. Therefore, the idea behind this training is to see practical
information security from the attacker’s or “opposing team’s” point of view and to deliver first-hand experience or running attacks. Everyone will walk through the phases of an attack until successfully owning various systems and services. There are plenty of attack scenarios to play through and to complete scored objectives. Since the expected participants’ skill and experience level is varying to a large degree, we cover a mix of *nix and Windows world and focus on explaining key concepts and on showing real attacks even to those who have never compiled or launched any exploits before.

Training objectives: During the 3 days hands-on training experience the participants should build upon HOHE training in understanding of current attacker tool-sets, attack types and methods. By experiencing the attacker mindset and point of view via hands-on exercises the participants will use Tuoni C2 and other tools from a Red Teaming perspective in order to understand what it takes in terms of individual skills to be a red team member.

Intended outcome: During the 3 day hands-on training experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the
attacker mindset and point of view via hands-on exercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defense.

Day 1

Warm-up scenario – Introduction to C2 frameworks using Tuoni. Learn to create and deliver client-side attacks that are not recognized as malicious neither by the user nor various security
products. Examples of common initial access vectors. Since all participants are expected to have completed our HOHE (Hands-on Hacking Essentials) course, we pick up speed fast and there is no time for much “spoon feeding”.

Mission: Your mission, should you choose to accept it, is to help a victim of ransomware attack. From the darknet ransomware site you discover that there is an actual company offering ransomware as SaaS and you dig deeper…

Iron Argon Development – a company “Network Takeover ” scenario of fully patched and properly configured networks. After initial reconnaissance of the target domain and public facing services we gain an initial foothold by sending phishing e-mail. Using in memory execution of different tools we gather information from infected workstation and set up persistence.

Day 2

Iron Argon Development – a company “Network Takeover ” scenario (continues)
Explanation of common .NET offensive tools for enumeration. Using Python and Tuoni API we enhance our C2 user experience. Explanation of kerberoasting. Side mission to recover domain accounts passwords from kerberoasted hashes with Hashcat. Enumeration of AD using Bloodhound. Discovering next targets and potential attack paths from Bloodhound. Lateral movement using different tunneling and C2 features inside the organization network. Bypassing applocker restrictions to execute our malware.

Day 3

Iron Argon Development – a company “Network Takeover ” scenario (continues)
We continue moving around inside the network, elevating our privileges using common misconfiguration. We steal kerberos ticket from the owned system and implant it into memory to
gain more access inside the domain. ADCS misconfigurations are common and Iron Argon Development network is not an exception here. We abuse ADCS misconfiguration to gain even more
access inside the domain and then laterally move with new permissions inside the isolated development network segment relaying our C2 traffic via SMB beacon. Side mission to take over other
servers including source code repository and backdoor the ransomware.

Mission ending
Having obtained the ransomware binary, we reverse engineer it and discover a decryption key for the victims. We finish the course with the final feedback round, re-iterate what we learned in the process and ask your opinion of the course to continuously improve the content and learning experience.

Delivery: We can deliver on-site at group pricing anywhere in the world where good broadband connection is available. Ask us for the group pricing or for times and locations of our public courses.

More information: read from here.

Service Hardening (SH)

Service Hardening is about configuring services to reduce their attack surface. By combining various low priority configuration issues, an attacker may be able to gain access and even elevate in a system without leaving much traces behind. Training focuses on practices that can be applied to almost any service – without modifying the program code.

Contents of the training:

This course is based on the most frequently occurring configuration security issues that our team has encountered over years of penetration testing.

  • The main topics covered are:
    • Public Key Certificates – chain verification, status, transparency
    • Reverse proxy – IP-address and certificate info forwarding
    • TLS – protocol, cipher suites, forward secrecy, CCA
    • SSH – host keys and SSHFP, agent forwarding
    • DNS – DoT/DoH, DNSSEC
    • E-mail – DKIM, SPF, DMARC
    • Logging – log tampering, creating meaningful logs

For each topic, first the theory is explained, based on this, the student will attack a service in a lab environment and finally, for selected topics, the student will harden that service to withstand such attack.

Target audience: developers, administrators, testers, security incident handlers and anyone else who has to deal with creating or maintaining services.
Learning method: Practical, lecture, hands-on-lab

More information from here.

Hunt the Hacker (HtH)

Participants will understand what threat hunting is, be utterly convinced of the need for it, know what infrastructure is required to facilitate it, and be able to start doing it with confidence within their own organizations.

(veel …)

Hands-On Hacking Essentials (HOHE)

During the 2 day hands-on course experience the participants should form a good understanding of current attacker tool-set, attack types and methods. By experiencing the attacker mindset and point of view via hands-onexercises the participants not only will gain much higher appreciation for attack threats, but will be much more alert and better prepared for their own IT systems defence and security testing.

(veel …)

Web Application Security (WAS)

Web Application Security (WAS) is an eye-opening practical security course for anyone involved with development, testing and upkeeping of web applications on a daily basis.

Training days: 9-10 & 16-17 November 2026

Training duration: a total of 4 days of highly practical information heavily mixed with hands-on labs: two days of Server-Side attacks (directly attacking the server itself) and two days of Client-Side attacks (attacks that incorporate the victim’s browser).

Target audience: WebApp deve8lopers, testers, QA, maintainers, team leads, project leads, web server or hosting providers / administrators, information security specialists and managers.

Teaching aids: Any operating system computer with permissions to install and configure applications.

Server-Side attacks module (2 days):

  • Security, security related terminology
  • Factors for calculating risk
  • Information sources
  • The HTTP protocol and communication, using intercepting proxies
  • Web application architectures – REST vs “oldschool”
  • Building a defense (user input, input validation, encoding, sanitization, defense layers)
  • Authentication (passwords and hashes; rules, common misunderstandings and mythsrelated to passwords)
  • Authorization (lacking access controls)
  • Unintended information leakage (using search engines, metadata from files)
  • Business logic issues
  • SQL injection – detection, query and database structure identification, blind and partially blind attacks, incorrect defenses and bypasses
  • Command injection
  • Web server configuration issues
  • Path traversal
  • File inclusion attacks (LFI, LFI2RCE)
  • File upload and processing (bypassing incorrect defenses, ZIP and XML features)
  • Server-Side Request Forgery (SSRF)
  • XML eXternal Entity (XXE)

Client-Side attacks module (2 days):

  • Browser security policies and terminology
  • Cross-Site Script (XSS) – what it is and what it is not
  • Web Content Injection attacks (HTML injection, JavaScript injection)
  • URL encoding, URL manipulation
  • Referrer, Referrer-Policy
  • Content Execution Attacks
  • Web Content Execution from uploaded files (HTML, XMl, SVG)
  • Serving files, Content-Disposition header
  • Using 3rd party content
  • HTTP response headers (Content-Security-Policy (CSP), X-Content-Type-Options, StrictTransport-Security)
  • Browser storages
  • Cookies, setup and parameter nuances
  • Web Storage API
  • Session, session hijacking and session fixation attacks
  • Client-Side Request Forgery attacks
  • Cross-Origin Resource Sharing (CORS), CORS-safelisted and pre-flight requests, related headers
  • UI Redress Attacks (ClickJacking)

Training methods: Our course employs a dynamic blend of theoretical concepts and hands-on application. Through interactive lectures, engaging discussions, and immersive labs, participants actively experience web application security. Everyone, regardless of their background, will successfully complete the labs, either independently or with guidance from our expert instructors. By placing you in the attacker’s shoes within our dedicated lab environment, we transform theoretical knowledge into practical skills. Instructors leverage real-world case studies and storytelling from penetration tests to provide a vivid and relatable learning experience. This approach ensures that participants not only grasp the intricacies of security principles but also gain the practical know-how to navigate and secure real-world scenarios.

Ideology of this training: At the core of our course is the belief that understanding the offensive side is paramount to effective defense. The “Attack to Defend” motto encapsulates this ideology, emphasizing the importance of practical knowledge. We go beyond traditional approaches, challenging outdated terms and providing insights into cutting-edge techniques. The course is designed not just to teach security principles but to instill a proactive mindset, empowering you to anticipate and thwart potential threats.

Intended outcome: By the end of this course, participants will possess the expertise to architect inherently secure software, integrating robust defense mechanisms seamlessly into the development process.Security will be ingrained as a proactive element, enabling participants to identify vulnerabilities early and build resilient applications from the ground up. Whether you’re a security enthusiast, developer, or IT professional, this program equips you to confidently create digital landscapes where security is not an addition but an integral part of the development lifecycle.

Graduation Criteria: A graduate of the training receives a certificate if he performs all the practical exercises given during the training.  Participants who have not achieved the learning outcomes will be issued a certificate of participation in the training upon request.

Curriculum group: 0612 Database and network design and management.

More information read from here.