The Cyber Scheme's Lead Assessor Paul Richards reflects on the first CSFL session two weeks on.
We sat down with Paul Richards this week to hear his take on the inaugural CSFL session. The Cyber Scheme Foundation Level (CSFL) training course and exam is an ideal starting point for anyone who wants to become a cyber security tester (formerly referred to as a penetration tester or ethical hacker). The course and assessment have been developed and is delivered by Paul, a subject matter expert in ethical hacking and penetration testing and certified teacher.
How do you feel the sessions went overall?
The sessions were an astounding success; so many candidates achieved their personal goals, both in the training and the assessment. This was a really great group of people to have for the first go around. The group had people from all walks of life with massively varying levels of experience and knowledge, this was incredibly useful for the first cohort.
The CSFL is aimed at aspiring security testers, as such it is suitable for many new to the industry such as:
- Graduates
- Career transitioners
- People returning from a career break
- People at the beginning of their cyber careers
If you have an interest in offensive security the course and assessment will help build up your foundational knowledge, however the CSFL is not easy.
What advice would you give to those about to do the CSFL?
You need to read the resources on the website, especially the syllabus. Whilst you don’t need to come already knowing everything about each subject covered, it’s a good start to at least know what will be coming up.
You also need to ensure you give thought to the prerequisites listed in the joining instructions, this leads back into preparation. You don’t want to waste time at the beginning of the session downloading your Kali distro and virtualisation software. This is an intensive course over two and a half days, time is a precious resource.
Any prior knowledge of security testing laws and ethics will be of great benefit to you, again you by no means need to be an expert, but some level of knowledge will help you get the most out of the course.
Has anything changed following the first session?
All of The Cyber Scheme’s courses get tweaked as time goes on; slides and topics get updated, or we often create extra support documents. As a course matures it changes less and less, but at the beginning of a new course you’re certainly going to see some changes.
There was a lot of opportunity following the first session to create supporting documentation and establish some extension exercises to help with the different levels of knowledge you will encounter on a course aimed at those at the beginning of their careers.
What would your top tips to prepare be?
First you need to think about your basic IT skills, such as:
- Mouse skills
- Keyboard skills
- Being able to change configuration settings
- Making files and folders
It’s important to remember that you can’t always rely on having IT support – if you create your own distro, you are your own IT support.
The second thing to bear in mind is that at The Cyber Scheme we teach real hacking. We don’t use a gamified version to teach you how to hack, we want to start you off with the best habits possible. Gamified hacking can often cause people to have unrealistic expectations of what a normal security test looks like, your exploits aren’t always going to work first time and it will definitely be slower than you expect. You just need to remember to be realistic.
What was a common mistake you identified, and what can future attendees do to avoid this?
We found that people underestimated the assessment aspect of the CSFL, in hindsight they would’ve benefited from some revision time in the evening, I think a lot of questions that went unanswered was due to a lack of revision. You need to keep in mind that this is an intensive course, you need to revise as you go. Throughout the session you will receive homework and have revision, its really important you give yourself time to do the work and to absorb all that you’ve learnt.
You will get out of the CSFL what you put in, if you put in the time and the work this is an excellent starting block to your career that will help to prepare you for your path as a security tester.