Training and certification MTCSE (MikroTik Certified Security Engineer)

MikroTik Certified Security Engineer (MTCSE) is the certification course for network engineers who want to plan, implement, and maintain security across MikroTik-based infrastructures. The curriculum covers the full scope of network security — from threat analysis and advanced firewall configuration to cryptography, secure tunnels, and RouterOS hardening. The course runs over 2 days, with hands-on laboratory exercises included in every module.

The course agenda covers the following modules:

Module 1 — Introduction to network security: you will understand attack typology, defence mechanisms, and the core principles of securing RouterOS devices in production environments.

Module 2 — Advanced Firewall: you will configure firewall chains, stateful firewall, and the RAW table for SYN flood mitigation. You will apply best practices for management access, bridge filtering, and ICMP filtering in critical infrastructure environments.

Module 3 — OSI Layer Attacks: you will learn to detect and prevent MNDP attacks, DHCP starvation, TCP SYN, UDP, ICMP Smurf, and brute-force attacks on FTP, Telnet, and SSH — including port scan detection and prevention.

Module 4 — Applied Cryptography: you will understand symmetric and asymmetric encryption, PKI infrastructure, self-signed and free valid certificates, and how to correctly integrate them into RouterOS.

Module 5 — Securing the Router: you will harden RouterOS using port knocking, secure connections via HTTPS, SSH, and WinBox, default service port configuration, and SSH tunnelling.

Module 6 — Secure Tunnels: you will implement VPN solutions using IPsec, L2TP+IPsec, and SSTP with certificates — covering real-world scenarios for secure site-to-site and remote user connectivity.

Prerequisite: Enrollment is only possible if you hold a valid MTCNA certification!