The CSFL (Cyber Scheme Foundation Level) is an entry level technical training course and assessment designed to bridge the gap between entry level and industry ready practitioner. This practical training with corresponding exam is designed to help someone leaving formal education to get that first job, whether within a Check consultancy (with the aim of becoming a CSTM as quickly as possible), or to brush up on technical skills with the aim of become a well-rounded cyber security professional.
The training takes place over two and half days, followed by a two hour exam on the final afternoon. Both the training and exam take place at our purpose-built training and assessment centre in Cheltenham.
Over the training session candidates will cover the following modules:
- The Laws and Ethics Associated with Security Testing
- Building and Maintaining a Security Testing Device
- Fundamental Linux CLI for the Purpose of Security Testing
- Fundamental Linux Scripting for the Purposes of Security Testing
- Fundamental Python Coding for Ethical Hackers
- Fundamental Windows Operating System Commands
- Computer Networking Fundamentals
- Packet capturing for Security Testing and Ethical Hacking
- Web Application Fundamentals
- Vulnerability Analysis Fundamentals.
The CSFL training teaches the practical stepping stones needed to become a junior security tester. Whilst this qualification has been developed utilising content from CHECK, candidates do not need to be working towards becoming a CHECK practitioner to benefit from this course. The CFSL provides a technical introduction into cyber security in general; the training will highlight and enhance the skills and knowledge required at this beginner level, whilst the exam will measure competence. The CSFL is currently being mapped to CyBOK and is positioned at RQF level 4.
Who is CSFL for?
The CSFL is an entry level course and qualification, suited to those at the start of their security testing careers. This can be anyone from those leaving full-time education to people who want to change careers to include technical cybersecurity (perhaps from am IT support role, or a technical position within the military, for example). There are no prerequisites, all that is required is some basic knowledge on the subject and a drive to learn. This qualification is aimed at those looking for or already in an entry level cyber security role.
The training course and assessment can be booked independently by candidates, but would also be suitable as part of a company’s onboarding process. Whilst the CSFL training is delivered in a face-to-face setting, the knowledge and skills required to be successful in the exam can also be obtained through self-study and experience, and it’s possible to book the training and exam, or choose to undertake just one element to suit.
Essentially, this qualification is achievable regardless of cyber security education or academic background.
Why has The Cyber Scheme created the CSFL?
One of the reasons The Cyber Scheme have created the CSFL is to help close the cyber security skills gap, by increasing the number of appropriately qualified people entering the industry and supporting industry needs for practical expertise even at beginner level jobs.
CSFL provides candidates with a meaningful starting qualification from an industry leading assessment body. Procurement and hiring teams will be able to identify candidates with the CSFL qualification as having the foundational skills needed to be on their way to becoming a security testing practitioner.
We as an industry have become increasingly frustrated by the issues caused by the cyber security skills gap. We have repeatedly heard from our sponsor community about issues this is causing when trying to fill their available job roles. The cost of hiring a completely new candidate is currently very high due to inflated salary expectations and recruitment fees. By instead utilising this budget to upskill existing staff companies can develop security testing practitioners who are fully aligned to their needs.
Working together both as an industry and a community, we can help give those new to the industry the best introduction into cyber security with clear defined career pathways. This in turn will help the industry train and retain practitioners and shorten the length of time it takes for them to contribute fully to security testing projects.