My Journey to CSTM Certification.An article by Nathan Warren, Technical Manager, Reformit
“In April 2023 I made the decision to start a new role which presented me with a challenge, obtaining a certification in security testing (aka penetration testing) to become a Cyber Essentials plus lead assessor. After spending the last 12 years in managed IT services I had limited knowledge of security testing so knew this would not be easy. That was until I came across The Cyber Scheme.
Everyone learns in different ways and personally I learn by visual and hands on practical experience, when I found that The Cyber Scheme offered a one week in person intensive training course I jumped at the opportunity, the process to get booked onto the course was seamless and the customer services team were very helpful and provided everything I needed in preparation for the week.
The course itself was everything I thought it would be and more, the trainer Paul was exceptional, his first-class knowledge and ability to teach the core skills that make up the CSTM content made the week highly enjoyable even if after Web Day on the Wednesday I wondered how I am going to make it to Friday. The split of PowerPoint presentation, to live tool demos in a lab environment to practical hands-on experience suited my learning style.
I now had a core understanding of what was involved so spent time furthering my knowledge:
1. Setting up my own lab environment with a Kali Linux machine and metasploitable vulnerable machines to attack.
3. Spending some time watching some training videos on areas I thought I needed to further my understanding such as SQL Injection and Cross Site Scripting.
4. Running through virtual labs on Try Hack Me, Hack the Box and OWASP Juice Shop.
I could have carried on and spent many hours studying going down rabbit holes but decided that if I don’t give the exam a go I will not know where I am in my journey.
Booking the exam again was a painless process and the team provided everything I needed in preparation. Exam day came and it is not like any other exam I have taken; the atmosphere is very relaxed, and you almost feel like you are at a security test engagement. The exam is made up of 3 parts, practical assault course, multiple choice questions, long form questions covering a broad range of topics.
I would recommend taking the CSTM for anyone wanting to gain industry recognised qualifications and break into the Cyber industry and could not fault the experience I had at the cyber scheme – 10/10.”
Thank you to Nathan for his informative take on our exam.