CSFL Training and Syllabus
The Cyber Scheme Foundation Level (CSFL) training course is designed for anyone wishing to begin a career in technical cyber security.
The Cyber Scheme has developed the CSFL assessment to measure the competence of a junior and/or graduate cyber security professional looking for an entry level role. To support the assessment, The Cyber Scheme has developed a comprehensive training course which will highlight and enhance the skills and knowledge required in order to be successful in the exam.
In person training – the sure route to success.
To support the assessment, The Cyber Scheme has developed a comprehensive training course which will highlight and enhance the skills and knowledge required in order to be successful in the exam. The course takes place over two and a half days from a purpose built assessment centre in Cheltenham – following The Cyber Scheme’s belief that in-person training is of a much higher level, is much more bespoke and is much more effective than anything provided online or remotely.
As soon as candidates enter the classroom they will be immersed in the world of cyber security with practical hands-on exercises and expert tuition from a Cyber Scheme Instructor. They will learn about Linux systems, Windows systems, how to script in bash and in python. Also taught are the fundamentals of computer networking, web application technologies and vulnerability scanning, as well as the laws and ethics associated with security testing. This training will give candidates the essential skills of an ethical hacker at junior level.
Training is led by Paul Richards, a subject matter expert in ethical hacking and penetration testing who specialises in helping others progress within cyber security through training, mentoring and the highest standard of assessment.
Training modules for the CSFL course consist of:
- The Laws and Ethics Associated with Security Testing
- Building and Maintaining a Security Testing Device
- Fundamental Linux CLI for the Purpose of Security Testing
- Fundamental Linux Scripting for the Purposes of Security Testing
- Fundamental Python Coding for Ethical Hackers
- Fundamental Windows Operating System Commands
- Computer Networking Fundamentals
- Packet capturing for Security Testing and Ethical Hacking
- Web Application Fundamentals
- Vulnerability Analysis Fundamentals.
What you need to know about the training
The training course associated with the CSFL assessment is an entry level course and as such has no prerequisites. However, candidates should bring a working laptop (i.e. Windows 11), with a security testing distro (i.e. Kali Linux), some form of VA software (i.e. Nessus) and a working power supply, wired Ethernet port and have admin rights to add and remove software as required. You will need to use the USB ports to copy data.
Base Operating System – Microsoft Windows 11 (or 10), is advised. Apple mac and other operating systems are allowed but you will need to provide your own IT support. You will need admin rights to the base OS. A copy of Microsoft Word or something similar would be beneficial.
Virtualisation – Research and get to know a virtualisation solution. We recommend Oracle VirtualBox, but other software is available however you will need to provide your own IT support.
In particular you should get to know:
- How to install the software
- How to install the extension pack
- How to install the Guest Additions software.
It would be useful to get to know how to clone and snapshot a virtual machine.
Kali Linux – Research and install a copy of Kali Linux as a virtual machine. You should have at least 8G of Ram for your virtual machine, at least 200G of disk space and take some time getting to know the networking settings. (i.e NAT, Bridged, etc)
Nessus – You don’t have to use Nessus; you can use any vulnerability assessment (VA) software you like however you will need to support it yourself. Nessus has a variety of licence options and for the training and assessment the free versions are fine. (Full version free trial or Essentials version). It doesn’t really matter if you install Nessus onto the base OS or onto the virtual Kali machine. If unsure, add it to Kali.
In summary you should bring a working laptop, with a virtualised working copy of Kali Linux and a working copy of Nessus. (Other options / configurations are available.)
If you want to start researching some of the topics, take a look at the laws and ethics around ethical hacking and some basic computer networking concepts. We will cover all this in the training, but some people like to get a head start.
What you need to know about the assessment/exam
You must supply your own laptop, with a security testing distro, Nessus (or some form of VA software) and a working powers supply, wired ethernet port and have admin rights to add and remove software as required. You will need to use the USB ports to copy data.
- The exam begins at 1pm – please arrive 30 minutes before the start time to get set up.
- The multiple-choice element is closed book and the practical element is open book.
- MC – 1 hour – 100 questions – answer all questions.
- Practical – 2 hours – answer all assignment questions. Use of the internet is allowed.
We do not currently wipe hard drives during this assessment, but the assessment data must be removed from your laptop at the end of the assessment.
Click on the link below to access the full syllabus.
Inclusion and Accessibility
The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.