EC-Council AuthorisedIntermediate · Defender2026 RefreshBlue-Team Foundation
CND v3 Certified Network Defender
EC-Council's network-defence credential, refreshed for 2026. Proactive network protection — monitoring, traffic analysis, segmentation, defence-in-depth and the modern blue-team mindset.
CND v3 is EC-Council's network-defence credential, refreshed for 2026 to cover modern blue-team work — cloud-network defence, zero-trust segmentation, traffic analysis and threat hunting. It is the cert most often mapped to network-engineer-pivoting-blue and SOC-tier-2 roles.
At Nexperts, CND v3 is delivered as a 5-day intensive across 40 hours of cyber-range time. We build the blue-team mindset module-by-module — from baselining a network through deploying SIEM detections to running threat hunts. By day 5 you've worked through 14 graded scenarios on the range.
CND is the cert that promotes someone from 'I monitor alerts' to 'I architect defences'. The blue-team mindset is the unlock — once installed, every alert in your queue starts to look different.
The 2026 refresh sharpened cloud-network defence, zero-trust depth and modern threat-hunting workflows. We teach against current attacks, not 2018 textbook examples.
Who should take this course
📚
Network engineers
Pivoting into security. CND is the formal credential for the move.
Owning network-tier defences. CND is the recognised credential.
📜
Compliance leads
Mapping network controls to BNM RMiT, ISO 27001 and PCI.
👨💻
Sysadmins
Building defensive depth alongside admin work.
📈
CCNA Security holders
Building modern blue-team skills beyond CCNA-Sec coverage.
Prerequisites
✓ Strong networking foundation (Network+, CCNA or equivalent)
✓ Basic security awareness (Security+ or CCT helpful)
✓ Comfortable with Linux + Windows at admin level
✓ We strongly recommend Network+ before CND v3
→ No networking background? Ask about the Network+ → CND v3 bundled track.
Course Curriculum
Five days. Network defender, modernised.
CND v3 covers 14 modules across 5 days. Every module is 70% hands-on against the EC-Council iLabs cyber range and our internal Nexperts range.
Hands-On Cyber Range
14 labs. On a real cyber range.
Every lab runs on EC-Council's iLabs cyber range plus our internal Nexperts range. By day 5 you've worked through 14 scenarios across the modern blue-team workflow.
01
Attack Map
Map attack vectors against a fintech network.
Foundation
02
Baseline Pack
Build policy + baseline pack for a small bank.
Admin
03
Segmentation
Design segmentation for a 3-tier app.
Technical
04
Cloud Network
Harden a multi-VPC architecture on AWS.
Cloud
05
Rogue AP
Detect and respond to a rogue-AP attack.
Wireless
06
PCAP Analysis
Identify 8 anomalies in a real PCAP.
Traffic
07
Splunk Detections
Build a 12-detection baseline pack in Splunk.
Logs
08
IR Walk
Walk a real malware-incident response.
IR
09
DR Design
Design a DR site for a SaaS workload.
BCDR
10
Threat Hunt
Run a hypothesis-driven hunt against a sample compromise.
Hunting
11
Vuln Triage
Build a 30-finding triage report.
Vulns
12
Custom Detection
Build a custom SIEM detection rule.
SOC
13
OT Audit
Audit an OT-style segmented network.
OT
14
Capstone
Final full-environment cyber-range exercise.
Capstone
+ 14 take-home cyber-range challenges with reference walkthroughs.
Exam Information
One exam. CND v3.
CND v3 has one exam: 312-39 (4-hour). 100 questions, scaled scoring. You need 70% to pass.
CND v3 Exam (312-39)
Questions100 multiple choice
Duration4 hours
Passing score70%
FormatEC-Council ECC Exam Centre / iLearn
Validity3 years (CPE-renewable)
Industry avg pass rate~74% first attempt
Nexperts pass rate91% first attempt
Our 4-Mock Programme
01
Diagnostic
End of day 2. Sets the baseline. Average 56%.
02
Domain Drill
End of day 3. By-domain mock.
03
Full Mock
End of day 4. Full timed simulation. 75%+ before booking.
04
Clearance
Day 5 morning. Final clearance. 80%+ before booking.
0%
Pass Rate
91% of our CND v3 candidates pass on first attempt.
The CND v3 global first-attempt rate sits around 74%. We hit 91% by drilling blue-team thinking on real cyber-range scenarios and gating booking on a clearance mock.
iLabs cyber range2026 refresh91% first attemptFree retake voucherEC-Council aligned
Why our pass rate is 91%
Industry average: ~74%
Most candidates can recite security concepts but cannot defend a network-design decision under timer. CND v3 questions are heavy on judgement and architecture.
Nexperts: 91%
We work network-design exercises for 60% of class time. We drill the blue-team mindset. We gate booking on a clearance mock.
Your Blue-Team Path
CND v3 pairs with CSA, CHFI and CISM.
CND v3 is the modernised network-defender credential. Stack with CSA for SOC-track depth, CHFI for forensics, or CISM for security-management leadership.
Expected salary range after CND v3 + 2 years experience: RM 7,500 – RM 13,500/month for network-defender / SOC-tier-2 roles in MY MSSPs, banks and tech firms.
Student Reviews
What our CND v3 graduates say.
4.7
★★★★★
124 reviews
5★
98%
4★
22%
3★
4%
★★★★★
"Best blue-team course in MY. The Splunk-detections lab is what we now use as our company SOC standard. Cleared first attempt and got promoted in 4 months."
KS
Kavin Sundram
Senior SOC Engineer · LGMS
✓ First-attempt pass
★★★★★
"Coming from CCNA, CND v3 was the bridge into security-architect work. The segmentation and zero-trust modules were 2026-current, not 2018 theory."
HA
Hafidz Anuar
Network Security Engineer · Maxis
✓ First-attempt pass
★★★★
"CND v3 + cyber range is a great combo. The threat-hunt lab on day 4 was the most valuable single exercise of my year."
FY
Faridah Yaakub
SOC Analyst · Sapura Energy
✓ First-attempt pass
★★★★★
"CND v3 launched my move from network engineer to security architect. Course content was current, instructor was practising blue team at a Big-4."
JC
James Chua
Security Architect · KPMG MY
✓ First-attempt pass
Copy page link
Share this course page with your team or save the URL for later.
