Question 1

Can the Agentur für Arbeit fund this programme?

Accepted Answer

Yes. If you are registered as a jobseeker or at risk of unemployment, you may be eligible for a Bildungsgutschein (education voucher) that covers the full cost of the programme.

The process involves three steps: registering as a jobseeker with your local Agentur für Arbeit or Jobcenter, requesting our official training documentation (we provide this within one working day), and submitting the voucher application. Approval typically takes two to six weeks — cohort sizes are limited to approximately 15 participants, so starting early matters.

Contact us at studienberatung@neuefische.de or +49 30 9173 9346. We will walk you through the process.

Question 2

Do I need an IT or cybersecurity background to apply?

Accepted Answer

No. The programme is designed to take you from foundational IT knowledge to job-ready cybersecurity skills in 16 weeks. Phase 1 begins with how computer systems work and structured troubleshooting — no prior technical knowledge assumed. Career changers from non-technical backgrounds make up a significant part of every cohort.

The 259 structured hands-on labs and two dedicated coaches per cohort are specifically designed to build confidence and capability from wherever you start.

Question 3

Why is cybersecurity a strong choice for a Bildungsgutschein qualification right now?

Accepted Answer

Germany currently has over 104,000 unfilled cybersecurity roles, and the Bundesagentur für Arbeit approves Bildungsgutschein funding for training that is demonstrably labour-market relevant. Cybersecurity meets that test comprehensively.

Germany's NIS2 implementation came into force in December 2025, creating mandatory security obligations for approximately 29,000 organisations that previously had no formal cybersecurity requirements. These organisations need qualified professionals immediately. ISO 27001, GDPR, and NIS2 compliance skills are now explicitly recognised as shortage-area qualifications — which strengthens the case when speaking with your counsellor.

Question 4

How intensive is the programme? What does a typical week look like?

Accepted Answer

The programme runs Monday to Friday, 9:00–18:30 — approximately 47.5 structured hours per week. This is a full-time commitment equivalent in time to a full-time job. The intensity is deliberate: 16 weeks of full-time study compresses a qualification that would take 18–24 months of self-study into a programme that gets you job-ready quickly.

A typical week includes instructor-led sessions in the morning, hands-on lab work in the afternoon, and structured exercises or peer collaboration in the later session. Certification study requires consistent additional effort outside structured hours.

Question 5

What are the 200+ labs and why does the number matter?

Accepted Answer

200+ labs means 200+ separate hands-on exercises on real Virtual Infrastructure — not simulated click-throughs or screen-recorded demos. Each lab is a real task in a real environment, using the actual tools used in professional security operations.

The breakdown: 80+ labs in Networking & Connectivity, 50+ in Compliance & Security Frameworks, 50+ in Hardware & Troubleshooting, 30+ in Operating Systems, 25+ in Cybersecurity Analysis, and 10+ in Cloud & Virtualisation. The labs also include unassisted diagnostic sessions — see the next question.

200+ labs = 200+ opportunities to practise before your first day on the job.

Question 6

How does one programme deliver four CompTIA certifications in 16 weeks?

Accepted Answer

The four certifications (A+ Core 1, A+ Core 2, Security+, CySA+) follow a deliberate progressive structure: each builds on the previous one, and certification preparation is woven into the content rather than treated as a separate study stream.

A+ Core 2 is examined at the end of Phase 1, A+ Core 1 at the end of Phase 2 — while the hardware and networking content is current. Security+ is examined at the end of Phase 4 after 9 weeks of progressively deeper security content. CySA+ is examined at the end of Phase 5 after analyst-level skills have been developed across multiple lab scenarios.

Question 7

Are CompTIA certifications recognised by German employers?

Accepted Answer

Yes. CompTIA certifications are vendor-neutral and globally recognised. Security+ is the most widely cited entry-level cybersecurity certification in German job postings. CySA+ signals analyst-level readiness and commands a measurable salary premium. A+ is recognised as a baseline for IT and support roles. CompTIA's certification objectives are aligned with EU cybersecurity frameworks including ISO 27001 and NIS2, which means the credentials speak directly to the compliance requirements German employers are now managing.

Question 8

Why does this programme include AI in cybersecurity? Is it really that relevant yet?

Accepted Answer

Yes — emphatically. As of 2026, more than 64% of cybersecurity job listings require AI, machine learning, or automation skills. Demand for AI security skills has grown 678% since 2023. AI is an active hiring criterion, not a future trend. On the attack side, threat actors use AI to generate personalised phishing emails in fluent German at scale, clone voices for CEO fraud calls, create deepfake video for executive impersonation, and adapt malware faster than signature-based defences can respond. On the defence side, AI is used to triage thousands of alerts, summarise log files, detect anomalies, and automate reporting. And increasingly, organisations' own AI tools — chatbots, copilots, automated workflows — are themselves targets that need to be secured. The programme covers all three dimensions across five dedicated AI in Cybersecurity sessions distributed through Phases 4 and 5.

Question 9

What specific AI skills will I develop?

Accepted Answer

You will be able to: Use AI-assisted tools for reconnaissance, scan analysis, and alert triage workflows Recognise and respond to AI-powered attacks: phishing, voice cloning, deepfake, AI-generated malware Assess the security of an organisation's AI systems using a structured four-category risk framework Write AI risk registers and governance documentation within an ISO 27001 or NIS2 compliance programme Evaluate AI outputs before acting on them — the professional judgement skill that separates effective analysts from those who delegate thinking to AI

Question 10

ISO 27001 appears in many job descriptions. What will I be able to do with it after this programme?

Accepted Answer

ISO 27001 is the international standard for information security management — the framework German public tenders, enterprise supply chains, and GDPR supervisory authorities most commonly reference when assessing an organisation's security maturity. After this programme you will be able to explain what an ISMS is and how it is structured, contribute to ISO 27001 implementation and maintenance, understand the policies and risk registers that auditors require, and understand the Stage 1/Stage 2 audit process and your role in preparing for it.  When a job description says "ISO 27001 experience required," it typically means experience working within an ISO 27001 environment — helping implement, maintain, and audit it.

Question 11

What German and EU regulations are covered? I'm particularly interested in NIS2 and GDPR.

Accepted Answer

The programme covers the full landscape on awareness of German and EU cybersecurity regulation: GDPR: Article 32 (security of processing), Article 33 (72-hour breach notification), Article 34 (data subject notification), Article 30 (Records of Processing Activities). How German supervisory authorities enforce these requirements. NIS2 / IT-SiG 3.0: Germany's implementation in force since December 2025. Scope (essential vs. important entities), Article 21 technical requirements, incident reporting timelines (24h/72h/1 month), BSI as competent authority. BSI-Grundschutz: Germany's national security framework — structure, profiles, relationship to ISO 27001. DORA: Awareness-level — financial services scope and requirements. EU Cyber Resilience Act: Awareness-level — software and connected product security requirements. The GRC content was developed specifically for the German market

Question 12

Is GRC realistic for someone from a non-technical background?

Accepted Answer

Yes — and it is one of the most accessible entry points into the cybersecurity sector for career changers with backgrounds in administration, project management, finance, healthcare, or education. GRC roles require structured thinking, clear writing, and the ability to translate regulatory requirements into practical controls — skills that transfer across many careers. What you need is the regulatory and framework knowledge this programme provides, plus demonstrated ability to produce GRC documentation. The 58 Compliance & Security Framework labs give you that demonstrable experience. Entry-level GRC Analyst roles in Germany currently offer €55,000–€85,000.

Question 13

The programme is in English. Will that be a problem for working in Germany?

Accepted Answer

The cybersecurity industry in Germany operates primarily in English — job descriptions, technical documentation, vendor tools, certification exams, and international team communication all use English as the working language. Completing a demanding technical programme in English is itself a demonstrable professional skill. The content is fully contextualised for the German market: German regulatory frameworks (GDPR, NIS2, BSI), German business scenarios (Mittelstand manufacturers, healthcare providers, financial services firms), and German supervisory authority structures are woven throughout the programme. You will be ready to work in a German-language organisation with German regulatory obligations. For students whose English is still developing, the small cohort size (~15 participants), plain-language materials designed for an A2–B1 level, and direct coach access make it possible to keep pace and succeed.