CSII Training - IoT/ICS

Provided by

About the course

CSII Training - IoT/ICS

This comprehensive course is set over four days and is aimed at developing skilled practitioners working within IoT/OT/ICS environments. It includes practical sessions and is suitable for testers, software and hardware engineers and manufacturers aiming to protect industrial settings.

IoT security in 2024 isn’t just a nice-to-have; it’s an absolute necessity to protect individuals, organisations, and society as a whole.

As our reliance on smart technology continues to grow, investing in robust IoT/OT security becomes more and more essential in preserving the digital innovations we’ve come to depend on.

Organisations need to ensure their security consultants are capable of understanding the specific challenges around securing industrial environments – to be able to both take advantage of the opportunities, and to mitigate the threats.

The Cyber Scheme are committed to developing a talent pool of individuals able to cross into this field using the skills they already bring to their job, whether they’re from a software or hardware engineering background, or are skilled at web-based security testing methods. The skills we instil can be applied to existing roles, creating well-rounded testers capable of understanding, and acting on, vulnerabilities found within these specialised environments.

Whether you’re a tester or engineer looking to upskill in specific technologies, or an organisation keen to capitalise on the growing need for IoT Security Specialists, the new IoT/ICS hacking course from The Cyber Scheme will teach a range of practical and consultative skills which can be used in multiple scenarios.

Learn essential practical skills with this groundbreaking course

The Cyber Scheme’s new CSII Practitioner Training Course has been developed as a comprehensive IoT/ICS hacking course, teaching candidates the skills to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure environments.

It is designed for beginner-intermediate level security professionals, whether they are engineers, technicians, analysts, or penetration testers. It is assumed that attendees will have little or no knowledge of ICS, SCADA, or IOT.

This four day, in-person course covers the range of expertise and the skill sets needed to fully understand, and act on, vulnerabilities found within an IoT or OT environment, and teaches a range of practical skills which can be used in multiple scenarios. It offers a concise combination of traditional hacking/pen testing methodology and the hacking of hardware as well as a focus on the practicalities of consulting within an IoT/OT environment, rather than solely concentrating on the technical aspects of a test.

Candidates will complete this course as self-sufficient, billable consultants, able to detect and advise on vulnerabilities independently of senior consultants. Having an IoT/OT expert on hand, whether as a full time employee on the factory floor or as an independent consultant, is an essential addition to an offensive security team, providing the ability to exploit and/or assess infrastructure not covered by traditional pen testing services.

Topics to be covered include:

  • Understanding IoT & OT Ecosystems
  • Edge Devices
  • Legal and ethical considerations In IoT
  • The Cyber Kill Chain
  • Common Vulnerabilities in IoT and OT Technologies
  • CAN Protocol
  • Assessing OT Environments & Special Considerations
  • The Devices Found Within ICS Environments
  • Assessment and Exploitation of exclusive Virtualised Factory
  • Hardware Overview
  • UART
  • JTAG
  • Reverse Engineering Firmware


Practical sessions:

  • MQTT
  • Cyber Kill Chain – staged practical session incorporating scanning, weaponisation, delivery, exploitation, installation, command & control and actions
  • Car Hacking
  • Exploitation of virtualised factory.


Recommended Reading:

There are many helpful introductions to ICS and IoT resources on YouTube. Please take the time to familiarise the subject, as well as read all the resources we have provided here, before attending the course.

In addition, we recommend that you read the NIST Guide to Operational Technology Security here.

Why choose The Cyber Scheme?

We have many years’ experience of assessing and training technical candidates in real-world situations that mimic actual testing environments as closely as possible.

We have translated this experience into our IoT/OT course; it has been created by subject matter experts with experience in both traditional hacking techniques and those employed specifically in IoT/OT environments. We use real hardware, and real techniques; we believe it would be impossible to self-learn these techniques and skills due to the wide areas of expertise covered, and we include supervised practicals mentored by course leaders.

“The virtual hands-on training labs are a great way to learn about different ICS protocols and technologies that IT security professionals might not be so used too, and is a great starting point for understanding how to exploit and secure these environments.” Marc Geggan, Mazars

Please visit our website to enquire further or confirm a booking.

Enquire

There are currently no new dates advertised for this course

Related article

The Cyber Scheme will be offering cyber practitioner training courses from May 2022 at their brand-new examination centre