Training Comparison
Which training course is right for YOU?
It can be very confusing deciding on a certification and assessment pathway that is right for you. Unlike other assessment bodies we do not stipulate lower level exams as a pre-requisite for taking our advanced assessments, but we do endorse training as a way of ensuring you take your assessment with confidence and maximise your chance of success.
Below is a summary of all our current courses to allow you to compare your existing knowledge and book the course most suitable for you.
Entry Level
The Cyber Scheme Foundation Level (CSFL) is a comprehensive training course and assessment designed to teach essential technical skills to individuals wanting to become industry-ready technical practitioners. It is aimed at supporting junior testers into their first role, teaching them essential skills, and assessing their competency as quickly and efficiently as possible.
We would expect candidates to already enjoy coding, and be familiar with some programming and scripting languages, to make the most of this learning opportunity.
There are remote training modules, and we can highlight specific learning areas during the course. Individuals take our CSFL (Cyber Scheme Foundation Level) exam at the end of the training, which is being mapped to an Associate Level Professional Title with the UK Cyber Security Council.
This training bridges the gap between entry level and our Cyber Scheme Team Member (CSTM) course and assessment. We would expect successful candidates to continue to CSTM as soon as they are ready.
Practitioner Level
If you already know Windows basic CLI, Linux basic CLI, VA scanning and you can write a “hello world” program in Python, then our Practitioner Training might be a better fit, especially if you are currently working towards our CSTM exam and/or have been a Team Member for a couple of years.
Advanced Mentoring
If the CSTM syllabus seems too low a level for your current skills and knowledge, or you have been a security tester for a number of years, then you may be more suited to our Advanced Infrastructure or Advanced Web App Hacking courses.
Read on for more details at a glance – and do get in touch if you have any questions.
Organisation Training Syllabus at a Glance
- The Laws and Ethics Associated with Security Testing. (Computer misuse act, scopes, risk etc)
- Building and Maintaining a Security Testing Device. (Although we expect you to arrive with a laptop and a virtualised copy of Kali running and working, we will look at improvements, hints and tips)
- Fundamental Linux CLI for the Purpose of Security Testing (Copying files, making text documents, moving files, deleting files, file permissions etc)
- Fundamental Linux scripting for the Purposes of Security Testing (Creating basic bash scripts, loops, if then statements)
- Fundamental Python coding for Ethical Hackers (Hello world, loops and if then statements)
- Fundamental Windows Operating System commands (Creating, moving, deleting files through the CLI)
- Computer Networking Fundamentals (Learn about DNS, TCP, UDP, OSI and DoD)
- Packet capturing for security testing and ethical hacking. (Basic Wireshark and packet analysis)
- Web application Fundamentals (How does the HTTP protocol work, a high-level overview)
- Vulnerability Analysis Fundamentals (How to scan for vulnerabilities, CVSS scores, port discovery using Nmap etc)
- Testing Mobile Devices Fundamentals (A beginner’s guide to mobile)
- An Introduction to Testing in the Cloud (A beginner’s guide to the cloud).
CSTM Practitioner Syllabus at a Glance
- The Laws and Ethics Associated with Security Testing. (Computer misuse act, scopes, risk etc)
- Building and Maintaining a Security Testing Device. (Although we expect you to arrive with a laptop and a virtualised copy of Kali running and working, we will look at improvements, hints and tips)
- Computer Networking Fundamentals (Learn about DNS, TCP, UDP, OSI and DoD)
- Web application hacking (Methodology, SQLi, XSS etc)
- Host and service discovery (Nmap and associated flags)
- Host and service enumeration (An in-depth look at the TCP and UDP protocols)
- Vulnerability Analysis Fundamentals (How to scan for vulnerabilities)
- Exploitation using a framework. (Using freely available exploits to compromise devices)
- Reporting techniques, mitigation of vulnerabilities, being a consultant.
- Guided self-study to get a broad understanding of cybersecurity.
Advanced Mentoring at a Glance
Advanced Practitioner – INF
- The basics revisited – low hanging fruit (protocols and enumeration)
- Pivoting and tunnelling
- Reporting and wash up meetings
- Scoping, risk, and the laws according to testers
- Managing a team
- Advanced exploitation
- Privilege escalation
- Enumerating compromised devices
- Remediation advice
- Tools and techniques.
Advanced Practitioner – APP
- The methodology of an application test.
- How to get the most out the plethora of tools available.
- How to exploit the most common application vulnerabilities.
- Exploiting databases through application vulnerabilities.
- Session tokens and exploitation of session tokens.
- API (Application Programming Interface) enumeration.
- Decoding and encoding of data.
- Java serialisation vulnerability exploitation.
- Injection vulnerabilities such as XXE, SQL and no SQL.
- OWASP top ten exploitation and beyond.
- Practical applications to test your skills against.
The Cyber Scheme is one of only two organisations certified by NCSC to offer examinations that meet UK Government Standards in Penetration Testing. Our CSTM Training is also NCSC Assured.
The NCSC, as the National Authority for Cyber Security ensures that the Cyber Scheme is operating at the highest standards in the delivery of our training and examinations. Certifications issued by the Cyber Scheme are therefore recognised by NCSC as meeting the highest standards.
Quality of service delivery is subject to regular audit and is monitored on an on-going basis by the NCSC. This ensures that course content reflects the current cyber security trends and threats and that the examination processes are robust and as near real world as is possible in an examination environment.
We issue certificates at successful completion of all our exams. Certificates are issued securely via BlockMark technology and feature QR codes allowing them to be checked for validity in real time. If you need to validate a Cyber Scheme Certificate please get in touch and we will get back to you as soon as possible.
The Cyber Scheme believe everyone should have access to a career in cyber security. We are available to discuss any concerns you have and are more than happy to make reasonable adjustments for any candidate who requires them during training and examinations.
These reasonable adjustments are to ensure you are given an equal opportunity to demonstrate the necessary knowledge, skills and behaviours required. We recognise that not all disabilities are visible.
We have a range of reasonable adjustments we can offer depending on what difficulty you might face. If you request an adjustment which we are unable to offer, we will give you a reason why we cannot offer it. This might be because it maps to a key Knowledge, Skill or Behaviour that we have to assess against within the certification. If that is the case, we will tell you which aspect we think would not be properly assessed.
There may be background noise during an assessment. Please bring (or ask for) ear plugs / ear defenders or listen to music if background noise is likely to affect your concentration (please note this doesn’t apply to our training courses).
Mobility
Access to all of our facilities is suitable for people with mobility issues. Should any other special facilities be required please get in touch at time of booking. For some reasonable adjustments, such as access to a disabled parking space, we will need to see supporting documentation around the condition to allow us to apply for this access for you. No information will be retained or stored once the request is validated.