Training Description
Key Takeaways
- The Cybersecurity Summer BootCamp 2026 is an international training programme held in León, Spain, from 13–24 July 2026
- Now in its eleventh edition, the event delivers over 200 hours of specialised instruction in incident response, digital forensics, cybercrime investigation and cyber crisis management
- Target participants include law enforcement officers, CSIRT/CERT professionals, judges, prosecutors and public policy makers
- Organised by INCIBE in collaboration with the University of León and the Organization of American States (OAS)
- The programme emphasises hands-on learning through crisis simulations, collaborative exercises and real-case analysis
- Previous editions have trained more than 5,000 professionals from 27 countries
International Cybersecurity Training for Incident Responders and Law Enforcement
The Cybersecurity Summer BootCamp 2026 brings together law enforcement officers, computer security incident response teams, judicial professionals and government policy makers for an intensive two-week training programme focused on combating cybercrime and managing cyber incidents. Organised by Spain’s National Cybersecurity Institute (INCIBE) alongside the University of León and the Organization of American States, the event takes place in León from 13 to 24 July 2026.
The programme arrives at a time when organisations across sectors face increasingly sophisticated cyber threats, from ransomware campaigns targeting critical infrastructure to state-sponsored intrusions and financially motivated fraud. Effective response requires not only technical expertise but also coordination between security teams, law enforcement agencies and judicial authorities operating across different jurisdictions. The BootCamp addresses this challenge by creating a structured environment where professionals from these distinct domains can develop shared frameworks and working relationships.
About the Cybersecurity Summer BootCamp
Entering its eleventh year, the Cybersecurity Summer BootCamp has established itself as a reference initiative for advanced cybersecurity training and international cooperation. The programme combines technical, operational and legal content designed to address both current and emerging challenges in the digital environment. Over the course of its history, the event has trained more than 5,000 professionals, with the 2025 edition alone welcoming 507 participants from 27 countries.
INCIBE operates under Spain’s Ministry for Digital Transformation and Public Function through the Secretariat of State for Telecommunications and Digital Infrastructures. The partnership with the University of León provides academic rigour, while collaboration with the OAS extends the programme’s reach across the Americas. Additional support comes from the Government of Canada, the US Department of State and the City of León.
The bilingual format, delivered in Spanish and English, reflects the programme’s international character and facilitates knowledge exchange among participants who may not share a common working language. This linguistic accessibility is particularly valuable given that cyber threats routinely cross national boundaries, making multilateral cooperation essential for effective investigation and prosecution.
Curriculum Structure and Training Methodology
The programme delivers more than 200 hours of specialised instruction organised into distinct tracks tailored to different professional profiles. Content spans cybercrime investigation techniques, digital forensics methodologies, cyber crisis management protocols, security considerations for complex technological environments, and the legal and regulatory dimensions of digital operations.
Rather than relying solely on lectures, the BootCamp employs a methodology centred on active participation. Crisis simulations place attendees in realistic scenarios where they must coordinate responses under time pressure. Multidisciplinary collaborative exercises require technical specialists, investigators and legal professionals to work together on shared problems, mirroring the cross-functional coordination required during actual incidents. Analysis of real cases grounds theoretical concepts in operational reality.
This practical orientation distinguishes the programme from conventional academic courses. Participants leave not only with updated knowledge but with experience applying that knowledge in controlled environments that approximate the complexity of genuine cyber incidents. The approach also builds familiarity with the perspectives and constraints faced by professionals in adjacent disciplines, improving the quality of future collaboration.
Bridging Technical, Legal and Policy Domains
Cybersecurity incidents rarely remain confined to a single professional domain. A ransomware attack may begin as a technical problem for a CSIRT but quickly becomes a matter for law enforcement if criminal prosecution is pursued, and may ultimately inform regulatory policy if systemic vulnerabilities are exposed. The BootCamp’s multidisciplinary design acknowledges these interconnections.
For CSIRT and CERT professionals, the programme offers advanced technical content on incident detection, analysis and response. Law enforcement participants gain exposure to investigative techniques specific to technology-enabled crime, including methods for preserving digital evidence in ways that satisfy judicial requirements. Judges, prosecutors and magistrates benefit from instruction on the technical realities underlying cybercrime cases, enabling more informed decisions during proceedings. Policy makers and regulators encounter the operational challenges that shape effective cybersecurity frameworks.
This convergence of perspectives is particularly relevant as governments worldwide implement new cybersecurity regulations. The European Union’s NIS2 Directive, for example, imposes incident reporting obligations and security requirements on essential and important entities, creating new points of intersection between technical teams, legal counsel and regulatory authorities. Professionals who understand how their counterparts operate are better positioned to navigate these evolving requirements.
Building International Networks for Cyber Cooperation
Beyond formal instruction, the BootCamp serves as a venue for building professional relationships that extend well beyond the event itself. Cybercrime investigations frequently require cooperation across borders, whether to trace attack infrastructure, execute mutual legal assistance requests or coordinate takedown operations. These processes move more smoothly when the individuals involved have pre-existing relationships and shared understanding of each other’s capabilities and constraints.
The programme’s track record demonstrates this networking value. With participants drawn from government agencies, judicial systems, law enforcement bodies and public sector organisations across multiple continents, the BootCamp creates a community of practice that persists after attendees return to their home institutions. The 100 percent recommendation rate reported from previous editions suggests that participants recognise benefits extending beyond the curriculum content itself.
Intended Participants
The programme targets four primary professional categories. Members of law enforcement and security forces, particularly those assigned to units specialising in technology crime and cybercrime investigation, form one core constituency. CSIRT and CERT professionals responsible for detecting, analysing and responding to security incidents represent another. The judicial track welcomes judges, prosecutors and magistrates who handle cases involving cyber offences. Finally, policy makers and public regulators charged with developing cybersecurity strategies and regulatory frameworks complete the participant profile.
This composition reflects the programme’s emphasis on comprehensive capability building. Effective cybersecurity requires not only skilled technical defenders but also investigators who can build prosecutable cases, judicial officials who can evaluate digital evidence, and policy makers who can design frameworks that balance security with other societal values. By bringing these groups together, the BootCamp aims to strengthen the entire ecosystem rather than any single component.
León as a Cybersecurity Hub
The choice of León as the event venue is not incidental. The city serves as the headquarters of INCIBE and has developed into one of Spain’s principal centres for cybersecurity activity. This concentration of expertise and infrastructure provides a natural setting for advanced training, while the city’s accessibility and facilities support the logistical requirements of an international gathering.
For professionals travelling from abroad, the in-person format offers immersive engagement that remote alternatives cannot fully replicate. The intensity of a two-week residential programme, combined with informal interactions during breaks and social events, accelerates relationship building and knowledge transfer in ways that distributed formats struggle to match.
Addressing Contemporary Cyber Challenges
The BootCamp’s curriculum evolves to reflect the changing threat landscape. Current challenges include the proliferation of ransomware-as-a-service operations that lower barriers to entry for criminal actors, the use of legitimate cloud infrastructure to host malicious operations, and the growing sophistication of social engineering techniques. On the defensive side, organisations grapple with talent shortages, alert fatigue and the complexity of securing hybrid environments that span on-premises systems and multiple cloud providers.
Regulatory developments add another layer of complexity. Beyond NIS2, frameworks such as the Digital Operational Resilience Act for financial services and sector-specific requirements for critical infrastructure impose new obligations that security teams must operationalise. The BootCamp’s inclusion of legal and regulatory content ensures that participants understand not only how to respond to incidents technically but also how to satisfy compliance requirements and support potential enforcement actions.

