The journey starts with an application
Our information supports and is informed by the UK Cyber Security Council.
Please click here to be taken to their website.
Application Guidance for Professional Registration - Security Testing Specialism
There are three professional registration titles aligned to the Council’s professional standard. These are:
- Associate – An Associate title is awarded to a cyber professional who understands the fundamentals of cyber security and can evidence applying these fundamentals in their career to date.
- Principal – A Principal title is awarded to an established cyber professional who plays an active part in the profession and can demonstrate practical contributions to cyber engagements whilst not necessarily leading them.
- Chartered – A Chartered title is awarded to an established Cyber professional who can evidence leadership in cyber engagements whilst playing an active role in the wider profession and has knowledge of related specialisms.
Associate – ACSP
The Associate Level of security testing is the first grade of membership in the cyber security chartership scheme. An Associate Cyber Security Professional has practical experience in cyber security and will be a practitioner operating at a level at which their professional expertise is being used effectively in their role.
An ACSP must be able to demonstrate that they are working at the associate level by meeting the following criteria:
- Be able to demonstrate their knowledge, understanding and experience relating to their role, some understanding of cyber security in its wider sense, and should be able to demonstrate practical experience within their career.
- Be able to demonstrate that they have reasonable communication and interpersonal skills.
- Be able to demonstrate that they understand the need to develop management skills and have carried out some supervisory activity within a cyber security environment.
- Be able to demonstrate that they understand and apply integrity, morals, and ethical values.
- Be able to demonstrate that they carry out and plan for continued development of themselves and the cyber security profession.
Principal – PCSP
The Principal level of security testing is the second grade of registration in the cyber security chartership scheme. A Principal Cyber Security Professional will have practical experience in a specific specialism, at which they are an expert practitioner, and have experience in other specialisms. As such, they should be operating at a level where their professional expertise may reasonably be sought to contribute to the development of their specific Specialism.
A PCSP must be able to demonstrate that they are working at the principal level by meeting the following criteria:
- Be able to demonstrate their knowledge, understanding and experience relating to their specialism, including experience of cyber security in another specialism.
- Be able to demonstrate that they have appropriate communication and interpersonal skills to fulfil their role with their organisation. This includes communicating with those who may have little or no knowledge of cyber security.
- Be able to demonstrate that they have developed management skills and are able to demonstrate their ability to lead groups and individuals in a personal, technical, or business cyber security environment.
- Be able to demonstrate that they have high levels of integrity, morals, and ethical values.
- Be able to demonstrate that they are committed to the continued development of themselves and the cyber security profession.
Chartered – CHCSP
The Chartered level of security testing is the highest level of membership in the cyber security chartership scheme. A Chartered Cyber Security Professional will have significant practical knowledge in several Specialisms, though should have a particular Specialism at which they are an acknowledged expert. As such, they should be operating at a level where their professional opinion may reasonably be sought to contribute to the development of the overall cyber security profession. A ChCSP must be able to demonstrate that they are working at the associate level by meeting the following criteria:
- Be able to demonstrate their knowledge, understanding and experience relating to their specialism, including an understanding of cyber security in its widest sense and should be able to demonstrate knowledge across a number of security specialisms.
- Be able to demonstrate that they have effective communications and interpersonal skills to operate at all levels within and without an organisation, with their peers and those who have little or no knowledge of cyber security.
- Be able to demonstrate that they have developed effective management skills and are able to demonstrate their ability to lead and mentor groups and individuals in a personal, technical, or business cyber security environment.
- Be able to demonstrate that they have the highest level of integrity, morals, and ethical values.
- Be able to demonstrate that they are committed to the continued development of themselves and the cyber security profession.
Requirements & Expected Equivalencies
|
Associate (PCSP)
|
Principal (PCSP)
|
Chartered (ChCSP)
|
|---|---|---|
|
SFIA Level 3
|
SFIA Level 5
|
SFIA Level 6
|
|
CiiSEC Skills Framework Level 3
|
CiiSEC Skills Framework Level 5
|
CiiSEC Skills Framework Level 6
|
|
NICE Cybersecurity Workforce Framework - Entry
|
NICE Cybersecurity Workforce Framework – Intermediate
|
NICE Cybersecurity Workforce Framework – Advanced
|
The Pathway to Chartered Status
There are three stages to becoming chartered: the application form, exam, and interview.
The route to chartership is not a tick box exercise; it is a rigorous process to recognise achievement and excellence within the industry.
The application form is the initial stage of your route to chartership. The form is detailed; please see below advice and guidance on filling it in to give you the best chance of success.
We recommend following the STAR technique, a proven method of answering tricky situational questions systematically while providing all the essential details.
The STAR technique is a method of answering questions that is comprised of four steps:
Situation: Describe the situation and when it took place.
Task: Explain the task and what was the goal.
Action: Provide details about the action you took to attain this.
Result: Conclude with the result of your action.
Application Form
Professional History
You are expected to cover your complete professional history as well as your current work in industry. Start with your most recent post and work backwards over a 10-year period. Mention your individual achievements, tasks, and actions, talk about yourself rather than team efforts.
- Indicate the size and complexity of any projects or tasks you describe
- Give an extended description of your current role
- Explain any acronyms or abbreviations the first time you use them.
Education History
The application form also asks for your education history, such as professional qualifications, apprenticeships, and degrees.
Additional information required
You will be given the opportunity to detail any papers you have contributed to; this can include articles published in recognised journals, in-house publications, conference and seminar presentations, and any other contribution to industry, national and international bodies.
You are then asked to provide evidence of your competence mapped to the Standard of Professional Competence & Commitment (UK CSC SPCC). Using the STAR model will also prove beneficial here.
Finally, you will also be asked to provide at least two referees; professionals who are familiar with your technical knowledge and work-based experience.
Once your application has been approved your pathway will follow one of two routes:
- Exam and interview (viva) or
- Interview only (if you have completed an appropriate exam within the last three years).
Depending on which category of chartership you are applying for, different exams map to the required skill level. The CHECK Scheme examination standard has been mapped against the UK Cyber Security Council Standard for Professional Competence and Commitment (UKCSC SPCC) and approved as a means of testing technical knowledge requirements.
For registrants applying through The Cyber Scheme, this means:
- For Chartered Title, applicants are required to pass or hold The Cyber Scheme’s CSTL exam (App or Inf) to proceed with their application.
- For Principal Title applications, registrants are required to pass or hold The Cyber Scheme’s CSTM exam.
- The Associate Title will most likely map to The Cyber Scheme’s Fundamentals exam (CSFL), however this is still in development so please get in touch if you’d like to know more about applying at this level.
Interview
The interview will be conducted by Chartered Assessors. The interview is your opportunity to give evidence that you meet the expected level on the framework. Initially all interviews undertaken by The Cyber Scheme will take place in person and will be scheduled around any existing exam commitments. A remote option may be available in future.
Final Assessment
Following the application, examination and interview, a Final Assessment review will take place before Professional Registration can be awarded. The Final Assessment Assessors are responsible for holistically reviewing all the evidence from each stage and will take recommendations from assessors and interviewers as necessary.
Sign up here to be told when applications for Chartership in the Security Testing specialism open up.
"It is recommended you provide plenty of detail as to why you should be chartered, showing evidence of your skills and competencies wherever possible".
