Cyber Scheme Fundamentals Level (CSFL)

Bridging the gap between formal education and industry-ready practitioner.

Our inaugural CSFL training and exams sessions will be held in mid November. We are restricting our first course to 12 attendees. Please get in touch if you’d like to know more, or to discuss future or bulk bookings.

2.5 days training at our assessment centre in Cheltenham £900 +VAT

Half day exam, on the third day of training or on a date to suit you £500 +VAT

Next dates November 15th-17th 2023. Laptop and pen testing distro required for attendance.

The Cyber Scheme Fundamental Level (CSFL) training and assessment is designed for anyone wishing to begin a career in technical cyber security.

The Cyber Scheme has launched a new assessment, with corresponding training, to help entry level, graduate and junior cyber security professionals follow the best possible route to a career in security testing.

The Cyber Scheme Fundamental Level (CSFL) training course and exam is an ideal starting point for anyone who wants to become a cyber security tester (formerly referred to as a penetration tester or ethical hacker).

It takes time, effort and a huge opportunity cost to bring testers to a level where they can become a billable asset. A gap has been identified between the practical skills and knowledge demonstrated by a recent graduate or career starter, and those required by employers. This assessment aims to fill that gap, and to quicken the journey from career starter to billable consultant. We have a proven track record in creating NCSC certified and assured training and assessments for technical, offensive security at the highest level available.

The CSFL assessment measures the competence of a junior and/or graduate cyber security professional looking for, or already in, an entry level role. There is an emphasis on practical skills, in addition to a multiple-choice theory section which aims to prepare candidates for future, higher level certifications. Candidates are given the fundamental skills and knowledge to begin the journey towards becoming a certified security tester. If required, this assessment will also help expedite progress to Check Team Member, or equivalent, and will certify and demonstrate the practical knowledge employers are looking for.

This qualification can either be booked independently or as part of a company’s onboarding scheme for new staff. Whilst The Cyber Scheme offer face to face training for this assessment, the knowledge and skills required to be successful can also be obtained through self-study and experience, and this qualification is achievable regardless of cyber security education or academic background.

The training will highlight and enhance the skills and knowledge required at this level, whilst the exam will measure competence. We hope anyone taking this training and exam will expedite their progress to CSTM, or equivalent, and be able to demonstrate the practical knowledge employers are looking for.

We have positioned the assessment at RQF 4 (Regulated Qualifications Framework); it is aimed at anyone wishing to begin a career in the cyber security testing specialism as well as candidates looking for a comprehensive introduction to technical cyber security. Whilst we offer face to face training for this assessment, the knowledge and skills required to be successful can be obtained through self-study and experience and this qualification is achievable regardless of cyber security education or academic background.

The Cyber Scheme firmly believe this is an essential qualification for those looking to obtain an entry level job in technical cyber security. It provides the skills employers are looking for, and bridges the gap between education and practical learning.

Assessment for the CSFL consists of:

One hour multiple choice exam (closed book) consisting of 100 questions
Two hour practical assault course. Monitored internet access will be available.

Multiple Choice

You will be faced with a number of theoretical and practical questions answered over a relatively short period of time. This level of challenge ensures the candidate is being challenged at the appropriate level and in keeping with industry standard examination techniques. The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.

Practical Assessment (Network Assault Course)

Candidates are presented with a practical network assault course, where they must demonstrate that they can used the tools and techniques taught in the module to probe a given network infrastructure to gain access to information.

Candidates are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted.

Topics include:

The Laws and Ethics Associated with Security Testing
Building and Maintaining a Security Testing Device
Fundamental Linux CLI for the Purpose of Security Testing
Fundamental Linux Scripting for the Purposes of Security Testing
Fundamental Python Coding for Ethical Hackers
Fundamental Windows Operating System Commands
Computer Networking Fundamentals
Packet capturing for Security Testing and Ethical Hacking
Web Application Fundamentals
Vulnerability Analysis Fundamentals
Testing Mobile Devices Fundamentals
An Introduction to Testing in the Cloud.

Passes for successful candidates will be awarded at Pass, Merit or Distinction. This will enable candidates to differentiate themselves in the marketplace, and also aid current/future employers in deciding career paths.

What you need to know about the assessment/exam

You must supply your own laptop, with a security testing distro, Nessus (or some form of VA software) and a working powers supply, wired ethernet port and have admin rights to add and remove software as required. You will need to use the USB ports to copy data.

The exam begins at 1pm – please arrive 15 minutes before the start time to get set up.
The multiple-choice element is closed book and the practical element is open book.
MC – 1 hour – 100 questions – answer all questions.
Practical – 2 hours – answer all assignment questions. Use of the internet is allowed.

We do not currently wipe hard drives during this assessment, but the assessment data must be removed from your laptop at the end of the assessment.

All the topics shown above are covered in our comprehensive training course. Click on the link below to find out more.

The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations.

These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.

We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.

There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.

Mobility

Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.