Recent Testimonials
We regularly ask for feedback from our exam candidates and training attendees. This helps us develop the schemes and standards that our industry requires – and create the optimum learning and assessment environments for our community, taking into account individual needs where possible.
Please contact us if you would like to submit any feedback on your experiences.
Paul Beechey, Adaptive Tradecraft:
Yesterday’s Cyber Scheme Team Leader (CSTL) Application exam was my first experience of Cyber Scheme, despite having been a full-time pentester for nearly two and a half decades. I first have to say that I found the whole administrative process around the Cyber Scheme experience to be a pleasure, from booking the exam date; invoicing and payment for the exam; the clarity of joining instructions; and even the directions to the exam venue, all were all highly professional and clearly detailed.
The examination day was a smooth experience, my clearly well practiced invigilators were both highly professional, friendly and helpful throughout the day. The other candidates and I were collected from reception promptly, escorted to the examination room and made to feel comfortable. Time was allocated to ensure each candidate was able to connect to the monitoring screens, and the briefing reiterating how the day would run was clear and most helpful with times of the lunch break clarified.
With regards to the examination content, the scoping interview section of the day was a refreshingly accurate reflection of the experience of capturing customer requirements, with two-way communication and realistic responses – from the simulated client – in response to questions about the engagement (In this case about the upcoming practical exam scenario).
As I mentioned, I had no prior experience of the Cyber Scheme technical – hands on keyboard – aspects of a Cyber Scheme examination until yesterday. But I found the practical assessment to be engaging, with interesting and realistically vulnerable scenarios. I can honestly say that none of the vulnerabilities were trivial, and when reflecting why, I discovered I appreciated the split of the effort required to first demonstrate that a candidate could identify the point in the application that was vulnerable, and then to demonstrate a realistic end to end exploitation of the discovered vulnerability to help a customer understand the true impact (allowing the risk to be calculated for the client).
I appreciated the effort and balance which had gone into the intent within the design of the vulnerabilities within my exam rig, which were sufficiently challenging that none of my extensive cheat-sheets compiled over the last two and a half decades of searching for and exploiting OWASP top ten style vulnerabilities could simply be cut and pasted, without practically demonstrating to the invigilators that the context of the injection point was understood.
I found that exam timings for the practical were well balanced, and while I understand that time-management is part of being a team leader, the Cyber Scheme time allocation reflected how much time I would have scoped to test an application of that size.
I strongly believe the timing of the Cyber Scheme practical exam is perfect to allow a candidate to apply a realistic testing methodology as they would for a short engagement, and ultimately I felt that Cyber Scheme had exactly grasped the raison d’etre of a professional examination – providing assurance to a client that a team leader has been observed competently applying a methodology in a safe, repeatable, controlled and reasoned manner.
The simulated engagement close-down meeting (wrap-up meeting) was another great assessment of soft skills (consulting skills), and while it can be easy for viva portions of exams to be seen as subjective, the structure of a wrap-up meeting is a familiar enough experience to allow a candidate like myself to rattle through findings and risk rating, recommendations, and provide advice; while the invigilator could dip into areas to ensure I wasn’t just parroting advice without understanding the reasoning behind what I was communicating. Therefore, I found this section to be a quite enjoyable experience, and that is in-part a tribute to the strong consulting skills of the invigilator who was able to ask realistic and meaningful questions in order to test my understanding of the findings presented from the practical assessment.
Overall I was incredibly pleased with the Cyber Scheme experience from the initial contact, through to sitting the exam, and while I still await the result of my exam, I have already begun to pass on how positive and refreshing the whole Cyber Scheme experience was.
I sincerely look forward to a long future with Cyber Scheme. Thanks again to everyone involved in Cyber Scheme for making the taking of a professional examination an interesting and engaging day, rather than a fretful and/or uneasy one.
Richard Jones, Defense Logic:
I had the privilege of taking the Cyber Scheme Team Leader (CSTL) exam last Friday, and I must say it was an exceptional and rewarding experience. From start to finish, the exam demonstrated a level of excellence that surpassed my expectations, leaving me thoroughly impressed and satisfied.
One aspect that truly stood out was the efficient organization and structure of the exam. Despite the allotted time being four hours, I found myself completing it in just three hours, a testament to the exam’s well-planned and streamlined format. This not only speaks volumes about the proficiency of the examiners but also highlights their dedication to creating an assessment that maximizes productivity and minimizes unnecessary time constraints.
Beyond the logistics, what truly made this experience memorable were the remarkable individuals I had the pleasure of encountering. The exam environment was not only professional but also exuded a warm and welcoming atmosphere. The people I met were not only friendly but also displayed an eagerness to contribute positively to the overall ambiance of the exam. Their presence undoubtedly played a significant role in fostering a sense of relaxation and comfort, allowing me to perform at my best.
The exam itself was a comprehensive test of my knowledge and skills in various domains of cybersecurity. From ethical hacking to network security, web application security, and vulnerability assessments, the exam covered a wide range of topics essential for a cybersecurity professional. The content was meticulously designed to assess my proficiency thoroughly, challenging me to apply my expertise in real-world scenarios. It struck the perfect balance between difficulty and achievability, pushing me to excel without feeling overwhelmed.
Throughout the exam, the examiners demonstrated a high level of professionalism and expertise. Their guidance and support were invaluable, ensuring that I felt encouraged and motivated throughout the process. Moreover, they showcased an unexpected sense of humor, which not only alleviated the inherent pressure of the exam but also fostered an enjoyable and engaging experience.
In conclusion, I wholeheartedly endorse the CSTL exam to anyone seeking to advance their career in cybersecurity. The exam’s comprehensive and well-structured content, combined with the competence and support of the examiners, make it a truly exceptional opportunity for professional growth. The congenial atmosphere and the presence of fellow cybersecurity experts further enhance the experience, providing an invaluable platform for networking and knowledge exchange.
Undertaking the CSTL exam was a decision I will never regret. It not only reaffirmed my passion for cybersecurity but also equipped me with a deeper understanding and confidence in my abilities. If you are serious about pursuing a successful career in cybersecurity, I strongly encourage you to embrace this opportunity.
Join Our Newsletter
Please sign up for industry news, education resources, Sponsor projects and ongoing initiatives. We will also let you know about our exams and training provision, including additional dates as they are added. You can unsubscribe at any time.