Learning and Development
The nature of the Cyber Security and information assurance world is the need for continuous personal and professional development. The challenges are constant and the grown of digital connected technology in every facet of life brings many opportunities but at the same time requires our leaders, their workforce and the public at large to be better informed.
One of the core areas where skills need to be at their best is in the area of Vulnerability assessments. For all businesses and Government/public sector it’s very important to understand if new technologies and systems have flaws or configuration problems that could make them susceptible to exploitation by criminal groups or groups that might want to do harm for a range of ideological or political reasons.
As part of addressing that skill shortage, Cyber Scheme has worked with the National Cyber Security Centre (and its predecessor organisation CESG) to develop a set of courses and exams which help support professionalisation in this field.
Cyber Scheme Team Member – CSTM
This four day course provides candidates with an introduction to the world of information security and penetration testing. Days one to three cover the theoretical underpinning and day four is a practical and assessment day where each candidate will be putting their existing experience and techniques learned on the course into practice in an evaluation environment.
Candidates are taught the theoretical and practical aspects of penetration testing using a realistic hands-on scenario. This includes a mock penetration test against a fictitious client; although the client may be fictitious, the tools and techniques used will be real. From the moment candidates enter the class they will be introduced to the highly technical and sometimes not so technical world of penetration testing.
Whether you are manipulating network traffic to grab passwords using Ettercap, intercepting WLAN traffic with Aircrack or seeking out vulnerabilities using Metasploit—you will find yourself in a fascinating and engaging environment designed to prepare you for the role of pen tester.
Our approved training providers will often schedule an exam day on the 5th day where individuals take the formal Cyber Scheme Team Member exam which is a formally set and invigilated exam. Candidates undertaking training are not obliged to take the exam straight after the course and none of Cyber Schemes courses are aimed to be a boot camp for new entrants to the industry. Our training providers outline quite extensive pre-knowledge requirements before attending the course in order to get best value from it.
The Cyber Scheme training providers will provide guidance on which course is most suitable for your particular needs.
A pass in this technical qualification is one of the mandatory assurance checks undertaken by the NCSC before CHECK Team Member Status can be awarded. The organisation cannot award CHECK status, but do award Certificates recognised by NCSC as confirmation that the necessary technical standard for CHECK has been met.
Cyber Scheme Team Leader – CSTL
The Cyber Scheme Team Leader course is currently under development (expected 1Q17) and is intended for individuals wishing to progress within the cyber security profession with an industry recognised high – level qualification. The course consists of 10 modules covering a range of more advanced techniques and tools which support the development of a Cyber Scheme Team Member to a point where they have the right level of practical and theoretical knowledge to undertake the CSTL exam.
As above there is a very practical hands on approach to this learning given as close to real world scenarios in order to truly test understanding and application of knowledge as a Senior Penetration Tester.
It is highly unusual for any candidate with less than two years practical experience as a Team Member to take the Team Leader examination.
The CSTL course aims to build on candidates’ already well-rounded understanding of the cyber security landscape by introducing more advanced techniques of enumeration and exploitation. The aims of the course are to ensure that candidates understand how environments that do not yield obvious flaws may have been implemented badly and how a security consultant can leverage those weaknesses during an engagement to move spread through a network and highlight the key weaknesses.
Once completed candidates will have a good understanding of the following topics as a minimum:
- Common protocols and misconfigurations
- Host enumeration
- Network Routing/Architecture
- Network Perimeter Devices (such as Firewalls & Routers)
- Port scanning
- Network Traffic Analysis
- Wireless Technologies
- Common Web Application vulnerabilities
- Operating system weaknesses
- Privilege Escalation techniques
- Desktop Breakout techniques
- Domain topology
This set of training modules can be undertaken as a 5 day course or a series of 1 day modules over a period of time in line with a company’s development planning for its internal workforce. Please contact Cyber Scheme for further information about this option.
More details on the CSTL the examinations and CHECK are provided in the Professional Exams section.
Training Provider: IRM Ltd
Cyber Scheme is currently undertaking a review of how it can support the development of the Digital Forensics profession alongside related activities such as Cyber Incident Response.
It is engaged with a number of key organisations which have a defined need but if you are interested in discussing with Cyber Scheme your needs or views please use the contact us page and we would be more than happy to contact you for a follow up.
Malware analysis and secure coding
Building on the core technical skills where shortages exist in the UK market, Cyber Scheme is exploring how it might develop out training and certification for these two specific disciplines.
If you are interested in talking to us about your needs and requirements, please use the contact us page and we would be more than happy to contact you for a follow up.