CSTM Practitioner Training

Provided by

About the course

The Cyber Scheme runs regular Advanced Practitioner mentoring sessions, for both Infrastructure and Web App, from our purpose built assessment and training centre in Cheltenham.

What is ‘The Advanced Practitioner’?

‘The Advanced Practitioner’ is a series of mentoring sessions with a trainer experienced in all aspects of this exceptionally high standard of penetration testing. The aim of the sessions is to consolidate knowledge and skills, highlight any gaps that might affect subsequent assessment, and create a clear roadmap with the eventual aim of becoming an exceptional, top-tier practitioner.

Applicants should have a minimum of two years of experience as a practitioner before applying, as these sessions are not a training course as such, they are more an exercise in understanding the road to success and understanding how to fill any gaps in knowledge or practical skills. The aim isn’t to pass any particular accreditation; however, many may use the opportunity to work on any identified shortfalls while working towards their next assessment. In essence we offer candidates the support to move from practitioner level to advanced practitioner level, or to revisit areas of knowledge that may have been lost if the candidate has been an advanced practitioner for some time.

What is an advanced practitioner vs a practitioner?

An advanced practitioner will themselves be a mentor to the practitioners they work with, overseeing engagements and leading teams. They will be a source of knowledge which has been gained through experience. An advanced practitioner will be able to clearly communicate with the commissioning client and deal with issues around risk, unforeseen events, and complex IT systems. An advanced practitioner will set an example to the practitioners and uphold the ethics and principles around security testing.

Three days of Mentoring

Each day will start with a series of group discussions around the skills and knowledge required by an advanced practitioner. This will be followed by a varied range of workshops around the issues discussed.

The topics included will vary from session to session, based on the skills and knowledge of who is attending ‘The Advanced Practitioner’. Some example topics are listed below, purely as a guide:

• The basics revisited – low hanging fruit (protocols and enumeration)

• Pivoting and tunnelling

• Reporting and wash up meetings

• Scoping, risk, and the laws according to testers

• Managing a team

• Advanced exploitation

• Privilege escalation

• Enumerating compromised devices

• Remediation advice

• Tools and techniques.

Why choose The Cyber Scheme?

Our trainers and assessors have many years’ experience in creating, developing, and running comprehensive exams aimed at skilled pen testers. We are however concerned that candidates are failing these exams even at an advanced level of practice, and we understand the frustration caused by the need to resit exams. We have created these mentoring sessions in order for these advanced practitioners to reflect on the experience they have gained, and expand on that in order to progress their career to the highest level of pen testing as quickly as possible.

Please note:

In keeping with our code of ethics, working in line with standards set by ISO17024, mentors will have no involvement in the assessing of any exams candidates subsequently take at this level with The Cyber Scheme for a period of two years.

“A great move by The Cyber Scheme… If our industry is to advance correctly with education and technical quality at its core…. this needs to happen”

ANDY SWIFT, SIX DEGREES

 

Related article

The Cyber Scheme will be offering cyber practitioner training courses from May 2022 at their brand-new examination centre