News
The Cyber Scheme launches training course for IoT/ICS security testers
February 2024 by Marc Jacob
The Cyber Scheme has announced availability of a new CSII Practitioner Training Course that has been developed as a comprehensive IoT/ICS hacking course. The aim of the course is to teach candidates all the skills they need to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure environments. It is designed for beginner-intermediate level security professionals, whether they are engineers, technicians, analysts, or penetration testers.
The in-person course covers all of the expertise and the skill sets needed to understand, find, and act on, vulnerabilities found within an IoT or OT environment. It teaches a range of practical skills that the candidate will be able to use in multiple scenarios. It has a combination of traditional hacking/pen testing methodology and the hacking of hardware as well as a focus on the practicalities of consulting within an IoT/OT environment, so it doesn’t just focus on the technical aspects of a test.
“In 2024 IOT/OT security isn’t just a nice-to-have. It is now an absolute necessity if we are to protect individuals, organisations, and society as a whole and this is why we developed the new CSII practitioner training course, “said Charles While, CEO of The Cyber Scheme. “Our reliance on smart technology continues to grow, which means investing in robust IoT/OT security is now essential to preserve the digital innovations we’ve all come to depend on. Our new training course helps organisations to ensure their security consultants understand the specific challenges around securing IoT/OT environments, so they are able to take advantage of the opportunities, while mitigating the threats.
The candidates who complete the CSII Practitioner training course will be self-sufficient, billable consultants, able to detect and advise on vulnerabilities independently of senior consultants. Having an IoT/OT expert on hand, whether as a full-time employee on the factory floor or as an independent consultant, is an essential to an offensive security team, providing the ability to exploit and/or assess infrastructure not covered by traditional pen testing services.
Notes for Editors:
More about the CSII Practitioner training course
Topics covered include:
• Understanding IoT & OT Ecosystems
• Edge Devices
• Legal and ethical considerations In IoT
• The Cyber Kill Chain
• Common Vulnerabilities in IoT and OT Technologies
• CAN Protocol
• Assessing OT Environments & Special Considerations
• The Devices Found Within ICS Environments
• Assessment and Exploitation of exclusive Virtualised Factory
• Hardware Overview
• UART
• JTAG
• Reverse Engineering Firmware
Practical sessions:
• MQTT
• Cyber Kill Chain – staged practical session incorporating scanning, weaponisation, delivery, exploitation, installation, command & control and actions
• Car Hacking
• Exploitation of virtualised factory.
Why choose The Cyber Scheme for IoT/OT training?
This practical, classroom-based course is run by The Cyber Scheme’s IoT/OT Subject Matter Expert Alex Teague PCSP.
Alex began his career in Web Development and UX/UI Design and Application Development, progressing to a role in HM Government and subsequently focussing on Operational Technologies, with a particular focus on Automotive Applications. Alex is also a trained and approved Assessor for the Cyber Scheme, and a Principal Registrant with the UK Cyber Security Council.
Alex will teach each and every candidate to be a confident, skilled, well rounded IoT/OT professional with proven and tested skills in commercial and industrial theatres. The small group format has a practical and technical bias, and allows lots of time for Q & A, helping candidates navigate complex technical topics.
The Cyber Scheme has many years’ experience of assessing and training technical candidates in real-world situations that mimic actual testing environments as closely as possible. It uses real hardware, and real techniques. The Cyber Scheme believes it would be impossible to self-learn these techniques and skills due to the wide areas of expertise covered, and we include supervised practicals mentored by course leaders.
The Cyber Scheme is a leading assessment body and an NCSC Certified Delivery Partner for technical training and exams. The assessments they offer are simply the best available; consultants who pass them demonstrate competence and skill at the highest level defined by the UK’s National Technical Authority for Cyber Security (NCSC).
They also offer training and mentoring to complement the assessments, from entry to expert level, meeting the growing needs of industry as threats evolve.
