Please note our Academy is aimed at consultancies wishing to teach fundamental technical security to their junior intake or organisations needing to upskill existing security staff. At this time it is not open to individuals.
Teaching Skills | Assessing Competency | Certifying Professionals
Flexible sessions of remote or face-to-face learning, access to practicals and labs, mentoring, and soft skills development.
Culminating in the CSFL (Cyber Scheme Foundation Level) certified exam.
Please get in touch to discuss your training needs at this level. We can create a bespoke package to suit you, including skills gap analysis of existing staff, onboarding for career starters, group sessions, in-house training and fully remote flexible learning modules.
Why do we need this Academy?
Most organisations employing practitioner pen testers will see a regular throughput of talent which, due to an ongoing skills shortage in this sector, is exacerbated by poaching, burnout, natural progression to leadership roles and movement away from security testing into areas which are seen as being less pressurised and more flexible. Whilst movement is inevitable, when there is a shortage of suitable individuals coming up through the ranks it can create a huge amount of pressure, increasing the need for new staff to be able to reach a billable status as quickly as possible, lessening down time for both themselves and the principal testers who are mentoring them.
Seeking individuals who have the aptitude and technical curiosity to learn at the pace required, and the competency to carry out tests in a practical setting as well as just within gaming environments or on paper, is time-consuming at best, and feels impossible for many employers wishing to expand their teams in this way. Universities are not providing students with the technical know-how or the topical, practical knowledge they need. So employers are finding it increasingly difficult to source talent to replace those moving up through the ranks. It is a problem that is only getting worse.
A look at ‘entry level’ roles in the security testing sector is a stark example of where the gap between capability and expectation lies. A recent ad aimed at ‘school leavers with some gaming experience’ actually required them to demonstrate advanced network knowledge, programming skills, pen testing methodologies and a working knowledge of security tools – before any training had even begun! It is unrealistic to expect these jobs to be filled at scale – while there may be a few talented hackers out there who self-learn to this extent, the majority will need guidance and training before they can even answer a job ad which is supposed to be aimed at beginners.
Increase the technical skills of your existing team
In addition to talent acquisition at consultancy level, there is a growing need to cross-skill IT professionals already working in organisations that are vulnerable to attack. Gone are the days when MFA and changeable passwords along with education on phishing were enough to keep businesses safe; it is now accepted that breaches are inevitable, and so it is of utmost importance that in-house staff are given the basic tools needed to recognise vulnerabilities, act on incidents and learn from exploits.
The Cyber Scheme Academy is a comprehensive training course and assessment designed to teach essential technical skills to anyone wishing to become an industry ready practitioner. It is aimed at supporting junior testers in their first job, and career transitioners, teaching them essential skills, assessing their competency as quickly and efficiently as possible.
The Academy provides the practical stepping stones needed to become a junior tester. If you are already working in a related field such as IT support or engineering, this course is the perfect bridge between your existing knowledge and that needed to cross-skill into security testing as a career.
The Cyber Scheme Academy provides a technical introduction into cyber security in general; the training will highlight and enhance the skills and knowledge required at this beginner level, whilst the CSFL exam taken at the end of the course will measure competence. The CSFL is currently being mapped to CyBOK and is positioned at RQF level 4.
The Cyber Scheme Academy provides practical skills, technical knowledge and a pathway to Professional Registration
Culminating in our Foundation Level (CSFL) training and assessment, the academy encompasses all the practical and reporting skills employers are looking for. It also provides access to the Associate Level Professional Title in the Security Testing specialism, allowing individuals to begin their professional career with a recognised pathway endorsed by the UK Government.
Who is the Academy for?
The Cyber Scheme Academy, culminating in our certified CSFL qualification, is aimed at consultancies and organisations who wish their junior testers, or IT support staff, to be trained and assessed in the fundamentals of security testing, with the aim of expediting their journey to CSTM.
As soon as candidates enter the classroom they will be immersed in the world of cyber security with practical hands-on exercises and expert tuition. They will learn about Linux systems, Windows systems, how to script in bash and in python. Also taught are the fundamentals of computer networking, web application technologies and vulnerability scanning, as well as the laws and ethics associated with security testing. This training will give candidates the essential skills of an ethical hacker at junior level and prepare them for the subsequent assessment.
If you are looking for fundamentals training, with the option to create fully bespoke modules to suit your staff, get in touch.
Why has The Cyber Scheme created this?
One of the reasons The Cyber Scheme have created this Academy is to help close the cyber security skills gap in technical cyber security, by increasing the number of appropriately qualified people entering the industry and supporting industry needs for practical expertise even at beginner level jobs. The Academy forms a fundamental part of our talent development programme, enabling us to support our industry partners and Sponsors by increasing the speed to which their juniors reach CSTM, and maximising success.
The Cyber Scheme Academy provides candidates with a meaningful starting qualification from an industry leading, NCSC-Assured assessment body. Employers will know candidates with the CSFL qualification have the foundational skills needed to be on their way to becoming a security testing practitioner. It also supports organisations which need to protect themselves by providing their teams with technical expertise across many topics; we can create bespoke training courses to fit many different needs.
The perfect competency assessment for organisations training up their junior consultants
We as an industry have become increasingly frustrated by the issues caused by the cyber security skills gap. We have repeatedly heard from our sponsor community about issues this is causing when trying to fill their available job roles. The cost of hiring a completely new candidate is currently very high due to inflated salary expectations and recruitment fees. We are aiming to help companies develop security testing practitioners who are already in a related or complementary field, fully aligned to their needs.
Working together, we can help give those new to the industry the best introduction into cyber security with clear defined career pathways. This in turn will help the industry train and retain practitioners and shorten the length of time it takes for them to contribute fully to security testing projects.
It takes time, effort and a huge opportunity cost to bring testers to a level where they can become a billable asset. A gap has been identified between the practical skills and knowledge demonstrated by a recent graduate or career starter, and those required by employers. The Cyber Scheme Academy aims to fill that gap, and to quicken the journey from career starter to billable consultant. We have a proven track record in creating NCSC certified and assured training and assessments for technical, offensive security at the highest level available.
Our Academy aims to change the narrative around entry level recruitment. There is an emphasis on practical skills, and candidates are given the fundamental skills and knowledge to begin the journey towards becoming a certified security tester. If required, this assessment will also help expedite progress to Check Team Member, or equivalent, and will certify and demonstrate the practical knowledge employers are looking for.
The Cyber Scheme firmly believe this is an essential qualification for those starting their career in technical cyber security. It provides the skills employers are looking for, and bridges the gap between education and practical learning.
CSFL (Cyber Scheme Foundation Level); achieved at the end of your time with The Cyber Scheme's Academy.
Assessment for the CSFL consists of:
- One hour multiple choice exam (closed book) consisting of 100 questions
- Two hour practical assault course. Monitored internet access will be available.
Multiple Choice
You will be faced with a number of theoretical and practical questions answered over a relatively short period of time. This level of challenge ensures the candidate is being challenged at the appropriate level and in keeping with industry standard examination techniques. The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.
Practical Assessment (Network Assault Course)
Candidates are presented with a practical network assault course, where they must demonstrate that they can used the tools and techniques taught in the module to probe a given network infrastructure to gain access to information.
Candidates are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted.
Topics include:
- The Laws and Ethics Associated with Security Testing
- Building and Maintaining a Security Testing Device
- Fundamental Linux CLI for the Purpose of Security Testing
- Fundamental Linux Scripting for the Purposes of Security Testing
- Fundamental Python Coding for Ethical Hackers
- Fundamental Windows Operating System Commands
- Computer Networking Fundamentals
- Packet capturing for Security Testing and Ethical Hacking
- Web Application Fundamentals
- Vulnerability Analysis Fundamentals
- Testing Mobile Devices Fundamentals
- An Introduction to Testing in the Cloud.
What you need to know about the assessment/exam
Candidates must supply your own laptop, with a security testing distro, Nessus (or some form of VA software) and a working powers supply, wired ethernet port and have admin rights to add and remove software as required. They will need to use the USB ports to copy data.
- The exam begins at 1pm – please be ready 15 minutes before the start time to get set up.
- The multiple-choice element is closed book and the practical element is open book.
- MC – 1 hour – 100 questions – answer all questions.
- Practical – 2 hours – answer all assignment questions. Use of the internet is allowed.
We do not currently wipe hard drives during this assessment, but the assessment data must be removed from your laptop at the end of the assessment.
Inclusion and Accessibility
The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.
Mobility
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.