The CSTM exam has been upgraded
What you need to know
Please check back for regular updates as we transition.
We are upgrading the CSTM (Cyber Scheme Team Member) exam from early 2025.
Please be assured the syllabus/knowledge domains have not changed, so any preparation for the assessment will still be valid.
Our industry is changing, and we need to address the requirements stipulated for professional titles. Soft skills, CPD, and the opportunity to explain technical techniques in a face-to-face interview are the best ways to determine a candidate’s understanding of a given topic.
We will no longer be using the multiple choice format, or long form essay writing. The assessment will consist of a longer practical exam, extended viva and the creation of an executive summary report.
Why are we doing this?
- Traditional multiple-choice only skims the surface of the knowledge domain and often becomes a test of memory instead of a test of substantial knowledge and skills.
- Long form essay style elements don’t always allow candidates to interpret the question correctly, which might cost them marks. In an interview style assessment, the assessor can phrase the questions to suit the needs of the candidate. This also allows us to assess in many different mediums making the assessment fair for anyone who is neurodiverse.
The Cyber Scheme have invested considerable time looking at all our assessments to ensure they are the best they can be for all candidates. Any questions? Please get in touch.
What’s changing with the CSTM exam upgrade, and what’s staying the same?
- The assessment is open book, except the short report writing exercise. We will not allow report writing tools, AI or pre-prepared reports.
- The practical element will have infrastructure and application questions, as before – but now supported by the report.
- The VIVA (interview) will involve being asked some technical questions at the end of the practical review.
Changes to the VIVA
What’s happening to the VIVA (interview) element of the CSTM assessment?
The practical assessment is watched over by an assessor or invigilator to make sure the assessment is fair (in that the network is acting correctly, and the candidate is staying within the rules of the assessment). The assessor or invigilator may make notes and award marks where they can see a valid technique, command and outcome.
The VIVA is a chance for the assessor to make sure they have seen all the commands run and tool output needed to award marks for the practical section, while the candidate is available for questions. The purpose of the questions is to establish if the candidate is aware of the purpose of the commands executed, the risks, the expected outcomes and in some cases the mitigation of the issues found. The assessor will ask to see any written answers (tools, flags, parameters, tool output etc), any screen shots and any vulnerability assessment software output.
The candidate will not be asked to explain every command in detail, but will need to show the practical assessment is their own work and that they have not been coached. In some instances the questions will be used to establish the depth of knowledge around tool selection, use and trade craft.
In the new 2025 CSTM, further technical questions will be asked to indicate to the assessor that the candidate has a firm grasp of the knowledge domains and the Knowledge, Skills, Abilities and Tasks (KSATs) expected for CSTM (practitioner) level. These knowledge domains are all outlined on the Cyber Scheme’s website and were previously assessed using multiple-choice and long form essay elements.
The marks awarded for the practical section and the VIVA section are linked. For example a candidate who runs a valid tool and can explain why it was run, the risks involved and the expected outcome may be awarded more marks than a candidate who ran a tool but doesn’t know why, what the risks were, what the expected outcome was, they just found it on a cheat sheet and it seemed to work.
General FAQs
We will begin to use the new format in January 2025, and will adopt a review phase which will allow for candidate feedback, necessary adjustments and the development of resources to award Professional Titles alongside the exam where needed.
In line with the transition of CTMs to a Professional Title with the UK Cyber Security Council, all candidates taking our CSTM exam for the first time, with a view to becoming a CTM and working on CHECK contracts, are encouraged to have filled out and submitted the professional title application form prior to attending their assessment.
If required, a short top up interview to review the Professional Title application (Practitioner level) may be offered, or in some circumstances the application form may be returned for further improvements.
The course material has not changed, only the assessment format. The knowledge domains and syllabus we include on our website are relevant to future learners, and anyone who has undertaken our practitioner training will have the resources they need to take this assessment.
Please note, we are the ONLY official training provider for CSTM; you may see training provided by third party vendors who are NOT endorsed to provide training on our behalf. Any training that includes multiple choice questions will no longer be valid.
During our review phase it will be possible to take the old CSTM format if you prefer. Just let us know at time of booking.
In order to maintain the integrity of our assessment, it is not available to take remotely. Attendance is required at our assessment centre in Cheltenham. We make reasonable adjustments for attendees when needed.