Training Comparison
Which training course is right for YOU?
It can be very confusing deciding on a certification and assessment pathway that is right for you. Unlike other assessment bodies we do not stipulate lower level exams as a pre-requisite for taking our advanced assessments, but we do endorse training as a way of ensuring you take your assessment with confidence and maximise your chance of success.
Below is a summary of all our current courses to allow you to compare your existing knowledge and book the course most suitable for you.
Entry Level
The Cyber Scheme’s new Academy is aimed at someone with little to no practical cyber security testing knowledge, who is looking to start a career as a Junior Pen Tester. There are no pre-requisites to applying, but we do filter candidates and won’t take anyone without the necessary aptitude and technical curiosity. We look for candidates who enjoy coding, are familiar with some programming and scripting languages, and have worked in a similar field such as IT Support, engineering or technical roles within the military.
Our Academy is aimed at those already in employment with flexible learning. There are remote and face-to-face modules, and successful candidates will be helped into employment within our extensive industry network.
The Academy bridges the gap between entry level and our Cyber Scheme Team Member (CSTM) course and assessment.
Please note, we are developing this Academy with our Technical Advisory Board, and it is currently only open to employers looking for bespoke training opportunities, not individuals. We will publish more information as we develop this scheme in 2025.
Practitioner Level
If you already know Windows basic CLI, Linux basic CLI, VA scanning and you can write a “hello world” program in Python, then our Practitioner Training might be a better fit, especially if you are currently working towards our CSTM exam and/or have been a Team Member for a couple of years.
Advanced Mentoring
If the CSTM syllabus seems too low a level for your current skills and knowledge, or you have been a security tester for a number of years, then you may be more suited to our Advanced Infrastructure or Advanced Web App Hacking courses.
IoT/OT Hacking
This specialist course trains and assesses testers, design reviewers and engineers to assess and exploit technologies within a range of industrial environments. It’s an absolute must for increasing understanding of technologies not covered in traditional pen testing scenarios.
Read on for more details at a glance – and do get in touch if you have any questions.
Academy Training Syllabus at a Glance
- The Laws and Ethics Associated with Security Testing. (Computer misuse act, scopes, risk etc)
- Building and Maintaining a Security Testing Device. (Although we expect you to arrive with a laptop and a virtualised copy of Kali running and working, we will look at improvements, hints and tips)
- Fundamental Linux CLI for the Purpose of Security Testing (Copying files, making text documents, moving files, deleting files, file permissions etc)
- Fundamental Linux scripting for the Purposes of Security Testing (Creating basic bash scripts, loops, if then statements)
- Fundamental Python coding for Ethical Hackers (Hello world, loops and if then statements)
- Fundamental Windows Operating System commands (Creating, moving, deleting files through the CLI)
- Computer Networking Fundamentals (Learn about DNS, TCP, UDP, OSI and DoD)
- Packet capturing for security testing and ethical hacking. (Basic Wireshark and packet analysis)
- Web application Fundamentals (How does the HTTP protocol work, a high-level overview)
- Vulnerability Analysis Fundamentals (How to scan for vulnerabilities, CVSS scores, port discovery using Nmap etc)
- Testing Mobile Devices Fundamentals (A beginner’s guide to mobile)
- An Introduction to Testing in the Cloud (A beginner’s guide to the cloud).
CSTM Practitioner Syllabus at a Glance
- The Laws and Ethics Associated with Security Testing. (Computer misuse act, scopes, risk etc)
- Building and Maintaining a Security Testing Device. (Although we expect you to arrive with a laptop and a virtualised copy of Kali running and working, we will look at improvements, hints and tips)
- Computer Networking Fundamentals (Learn about DNS, TCP, UDP, OSI and DoD)
- Web application hacking (Methodology, SQLi, XSS etc)
- Host and service discovery (Nmap and associated flags)
- Host and service enumeration (An in-depth look at the TCP and UDP protocols)
- Vulnerability Analysis Fundamentals (How to scan for vulnerabilities)
- Exploitation using a framework. (Using freely available exploits to compromise devices)
- Reporting techniques, mitigation of vulnerabilities, being a consultant.
- Guided self-study to get a broad understanding of cybersecurity.
Advanced Mentoring at a Glance
Advanced Practitioner – INF
- The basics revisited – low hanging fruit (protocols and enumeration)
- Pivoting and tunnelling
- Reporting and wash up meetings
- Scoping, risk, and the laws according to testers
- Managing a team
- Advanced exploitation
- Privilege escalation
- Enumerating compromised devices
- Remediation advice
- Tools and techniques.
Advanced Practitioner – APP
- The methodology of an application test.
- How to get the most out the plethora of tools available.
- How to exploit the most common application vulnerabilities.
- Exploiting databases through application vulnerabilities.
- Session tokens and exploitation of session tokens.
- API (Application Programming Interface) enumeration.
- Decoding and encoding of data.
- Java serialisation vulnerability exploitation.
- Injection vulnerabilities such as XXE, SQL and no SQL.
- OWASP top ten exploitation and beyond.
- Practical applications to test your skills against.
CSIP - IoT/OT/ICS Syllabus at a Glance
- Understanding IoT & OT Ecosystems
- Edge Devices
- Legal and ethical considerations In IoT
- The Cyber Kill Chain
- Common Vulnerabilities in IoT and OT Technologies
- CAN Protocol
- Assessing OT Environments & Special Considerations
- The Devices Found Within ICS Environments
- Assessment and Exploitation of exclusive Virtualised Factory
- Hardware Overview
- UART
- JTAG
- Reverse Engineering Firmware.
The Cyber Scheme is one of only two organisations certified by NCSC to offer examinations that meet UK Government Standards in Penetration Testing. Our CSTM Training is also NCSC Assured.
The NCSC, as the National Authority for Cyber Security ensures that the Cyber Scheme is operating at the highest standards in the delivery of our training and examinations. Certifications issued by the Cyber Scheme are therefore recognised by NCSC as meeting the highest standards.
Quality of service delivery is subject to regular audit and is monitored on an on-going basis by the NCSC. This ensures that course content reflects the current cyber security trends and threats and that the examination processes are robust and as near real world as is possible in an examination environment.
We issue certificates at successful completion of all our exams. Certificates are issued securely via BlockMark technology and feature QR codes allowing them to be checked for validity in real time. If you need to validate a Cyber Scheme Certificate please get in touch and we will get back to you as soon as possible.
The Cyber Scheme believe everyone should have access to a career in cyber security. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during training and examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration (please note this doesn’t apply to our training courses).
Mobility
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.