Cyber Scheme Practitioner (CSTM)
This technical qualification is increasingly being seen as the 'gold standard' for mid-level security testers looking to progress their career.
The exam is suitable for individuals who want formal certification of their understanding of the theory and practical elements of cyber security and the fundamentals of Security (Penetration) Testing.
The Cyber Scheme’s Practitioner exam mirrors the exact content and format of our CSTM (Cyber Scheme Team Member) assessment. The only difference is that, as this exam is not part of the NCSC CHECK Scheme, candidates:
- Do not have to apply for Security Clearance (an NCSC requirement for CHECK Consultants);
- Will not have their results forwarded to NCSC for CHECK Scheme purposes;
- Do not need to re-sit this exam every three years.
This certified exam assesses competence at practitioner level i.e someone who has been working as a junior/midweight security tester for 1-2 years. It proves that the candidate is capable of offering assurance in technical cyber.
Our assessment processes assure recruiters, employers and the buying community that you demonstrate competency in your chosen field. As a Licensed Body for the UK Cyber Security Council, The Cyber Scheme can help you develop your subject matter expertise in line with the ever evolving cyber security profession.
This exam also meets the standard required from NCSC and IASME to operate Cyber Essentials Plus Certification Services. Find out more about becoming an assessor for Cyber Essentials Plus here.
Assessment for the CSTM consists of:
- A one hour 100 question multiple choice exam.
- A one hour written paper which covers theoretical and practical aspects of the course content.
- A 2.5 hour practical assessment, which provides a full scenario for penetration testing.
- A 15 – 30-minute viva during which students will provide a synopsis of their findings from the practical assessment.
Assessed components 2, 3 and 4 are invigilated and undertaken by an approved assessor.
Multiple Choice
You will be faced with a number of theoretical and practical questions answered over a relatively short period of time. This level of challenge ensures the candidate is being challenged at the appropriate level and in keeping with industry standard examination techniques. The questions are structured in such a way as to ascertain knowledge and understanding across a wide variety of subject specific topics, without losing the essence of the subject matter.
Written Assessment
Students are asked to answer two questions in one hour.
The rationale for using a written exam is that this is an appropriate assessment instrument to assess the syllabus taught for the CSTM course. This is also in keeping with standard assessment approaches used within UK and international educational institutions.
Practical Assessment (Network Assault Course)
Candidates are presented with a practical network assault course, where they must demonstrate that they can use the tools and techniques taught in the module to probe a given network infrastructure to gain access to information.
Candidates are permitted access to their own notes and course notes, but unsupervised access to the Internet or the use of mobile phones is not permitted.
This is a National Cyber Security Centre (NCSC) requirement to ensure rigour in the award of the Cyber Scheme CSTM qualification.
The technical skills candidates will be expected to demonstrate include:
Networking
- Understanding common networking protocols such as SMTP, NFS, FTP, DNS
- Service enumeration
- The ability to map a network
- Port scanning
- Identification of valuable hosts on a network
Web application
- Understanding basic web application vulnerabilities such as SQLi, XSS, LFI/RFI
Host exploitation
- Understanding of differences between OS’s
- Identification of server vulnerabilities
- Exploitation of server vulnerabilities Basic methods of privilege escalation.
Practitioner training - the perfect preparation for this technical assessment
The Cyber Scheme’s CSTM Practitioner Training Course has been recognised and certified by National Cyber Security Centre (NCSC) as being consistent with industry best practice.
With the abundance of cyber security training courses on offer, it can be difficult to identify highly competent trainers and good quality courses. NCSC Assured Training addresses this issue – providing you with the assurance that this course content, teaching methodology and our assessors themselves have been rigorously assessed.
This intensive series of training sessions takes place over five days in our assessment centre in central Cheltenham. The focussed, classroom based course is run by our lead trainer Paul Richards, and will encompass all aspects of cyber security at CSTM level.
The course is designed to help each and every candidate to be a confident, skilled, well rounded cybersecurity professional with proven and tested skills in the current threat theatre. It allows lots of time for Q & A and will support all of the candidates’ individual needs, helping them navigate complex technical topics.
This training covers the CSTM syllabus as well as giving you a well-rounded and comprehensive foundation on which to build your ethical hacking career. We aim for our courses and guidance to mean candidates are successful in whichever qualifications they are studying for (CEH/GPEN/CSTM/LSCP certification and more). The aim of our training is and will always be to give our candidates the skills, knowledge and techniques required for a career in penetration testing and ethical hacking.
Topics to be covered include:
- Setting up various operating systems and distros for hacking
- Network protocols
- Network scanning and device enumeration
- Service enumeration and fingerprinting
- Vulnerability analysis
- Exploitation techniques
- Cryptography
- Scopes, planning and risk management
- Web application hacking techniques
- Report writing
- Working in Cyber
- The laws and regulations around ethical hacking
- Password security.
Please contact us for detailed information on pricing and to book a place. Discounts are given for bookings of two or more candidates.
The Cyber Scheme believe everyone should have access to a career in security testing. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration.
Mobility
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.
