Learn from our Cyber Advisor assessor Sarah Knowles
The role of the Cyber Advisor is to work with micro, small and medium sized businesses to improve their cyber resilience. Being a cyber advisor means that you have passed an assessment where you have demonstrated that you are able to provide sound, quality advice to a customer and have been able to help them implement applicable cyber security controls.
As engagements with customers can take different forms, the assessment has been broken down into three styles of questions to help assess a candidate’s overall knowledge and capability. The three questions styles are:
- Multiple choice
- Written, short form responses
- Verbal, discussion.
The multiple choice and short form responses are completed on The Cyber Scheme’s assessment platform. This is a timed assessment completed in exam conditions, although it is open book and internet access is allowed (and encouraged).
The candidates have one scenario presented to them, and all questions regardless of the style are based on this, and the requirements for achieving Cyber Essentials.
1 – Multiple choice
This style of question is commonly seen within other vendor’s exams. A question will have four possible answers and the candidate has to pick the best response. The majority of candidates find this style of question relatively straightforward.
2 – Written, short form responses
Alongside the multiple choice questions is then a loosely related short form question. This is where we as assessors are looking to determine how a candidate interacts with a customer on a written basis. As assessors, we are no looking for a particular style of writing; our suggestions include writing an email response to a customer question, or is an excerpt from a report. The key information we are looking for is a response to the question and how this is conveyed to the customer.
This part of the assessment is timed, and probably the biggest issue we see as assessors is poor time management. The first half of the questions are answered in great detail, and then the second half are not! We do provide time prompts throughout the assessment to try and keep candidates on track as much as possible. My advice would be to set a time limit per question and stick to it. You can always go back and revise your original response if needed.
My second piece of advice is to ensure you are answering the short form question, and not the multiple choice one. Marks are often lost because the candidate is expanding on the question asked within the multiple choice and not the short form. There is a similar theme linking the two questions, but treat them separately.
Thirdly – we are looking at how you communicate with customers. Bearing in mind that the Cyber Advisor is dealing with smaller organisations who are unlikely to have a dedicated IT resource means that you are often communicating with individuals who do not know or understand complex terminology or acronyms.
The assessment is classed as open book and candidates can bring in any material that they see fit as well as access the internet. This means that candidates can provide additional supporting information to the customer that perhaps justifies why you are making a particular recommendation. All we ask is that provide details of the reference used. We are not expecting any formal notation to be used, as long as it is clear where the information has come from.
3 – Discussion phase
Once parts 1 and 2 have been completed on the assessment platform, the candidates move to part 3 of the assessment. This is where the Assessor takes the role of the customer and will discuss some of the points raised within your short form responses. The questions may look to seek clarification or confirm understanding of a particular point. But the overall goal of this part is to assess how you engage with a customer in a face-to-face environment.
Readiness for the Assessment
I don’t think there is one particular way to prepare for the assessment. I have seen successful candidates with a variety of skills and backgrounds – there is no particular profile to a successful candidate. You do need to have an understanding of the Cyber Essentials Requirements for IT Infrastructure document, and additional knowledge of the NCSC Small Business Guide and Cloud Security Guidance may also be beneficial. But you do not necessarily need to be a Cyber Essentials Assessor, and you don’t need to already be working as a consultant.
Sarah Knowles is Co-Founder at Shift Key Cyber, a CISO and Managing Consultant and an inaugural member of The Cyber Scheme’s Technical Advisory Board.
For more details on booking a Cyber Advisor exam, please click here.