The Cyber Scheme is an organisation accredited by GCHQ/NCSC to deliver training and examinations that meet government standards in Penetration Testing. The NCSC regularly monitors the quality of education provided, ensuring the course reflects the current cyber security trends and threats. If you’re interested in pursuing a career in Pen Testing to help shape the future of the cyber industry, The Cyber Scheme can help you make this a reality.

We’re super excited that The Cyber Scheme is sponsoring the Bristol & Bath Cyber Conference this year – make sure to reserve yourself a place at the event here.

To provide more context on the pathway towards becoming a Pen Tester or an Ethical Hacker, Debi McCormack, Sales and Marketing Director at The Cyber Scheme has put together this guest blog.

What is the cybersecurity pathway?

What is commonly known as the cyber security ‘career pathway’ isn’t a pathway at all – it’s currently a bit of a meandering mess through impenetrable standards, acronyms and confusing training options. These training options result in people taking tests and then finding out they mean nothing in the ‘real world’, which puts them off from entering the cybersecurity industry completely.

There is a common perception that there is a skills gap in this industry, but the reality is that there is a recruitment gap. There are people out there who would be amazingly suited to a career in cyber security, specifically pen testing, if only they could understand the requirements and navigate a simple route through the mess.

The Cyber Scheme is working to close that recruitment gap through a series of initiatives, using our innovative industry sponsorship scheme to gain access to thought leaders and technical experts, using their experience and listening to their needs to influence changes in the way people are recruited.

Demand vs supply

The challenge we face as an industry, and the reason why The Cyber Scheme has expanded its remit in recent months, is that demand for these people is outstripping supply. Graduates entering the industry are often ill-prepared for the practical challenges they will face, and may have to spend 3-6 months being mentored and trained by colleagues who would otherwise be on billable contracts.

This is a huge opportunity cost, especially when you consider that even with this training there is a high failure rate for those attending our CTM team member exams. It’s not unusual for 60-80% of candidates on any given day to fail their exam – an exam that they or their employer has paid for, and without which they are unable to access government-backed work.

The quicker a candidate achieves this accreditation, the sooner they can be contracted out and start to earn the big money, so it’s frustrating that so many candidates arrive unprepared, both for themselves and their employers. It’s a delay that the industry can’t really afford as well, given the rise in demand for pen testing. It’s in everyone’s interest to improve the success rate of these exams.

We are not of course suggesting that the exams themselves should be made easier. This would expose UK companies and leave UK PLC under-prepared in the event of cyber attack. We can however help companies perform a basic skills gap analysis that will help them understand where their greatest weaknesses lie.

We have recently made the entire syllabus of all our exams accessible online on our website as open source material for anyone who wishes to view the required assessment methodology; this is a great starting point for companies and also for candidates who wish to check whether they are ready to undertake this step towards CHECK accreditation.

A series of innovations have been made to meet the needs of those training to become a pen tester. These include face-to-face training with a lead assessor, ensuring core subjects such as network protocols, vulnerability analysis, cryptography, and ethical hacking laws are studied in depth to give candidates well-rounded essential knowledge, small class sizes, mock exams, and the creation of foundation level assessments to improve accessibility into cyber.

In addition to these adaptations, The Cyber Scheme is also developing education and training pathways for school leavers; those who may be perfect for a career in cyber security but don’t yet know it!

During our work with CYNAM, a Cheltenham-centric community aimed at enabling networking and collaboration within the cyber security industry, we established a need to educate not just teenagers but their parents and career advisors in the different pathways open to them.

If a 16 year old is spending all their time in their bedroom coding or gaming it would be fantastic if this highlighted to their caregiver that a career in ethical hacking or vulnerability assessment would be a good choice for them. These kids may not be able to, or may not want to, go to university to study computer science, but this means they are often being channelled into other career choices that may be far less lucrative or rewarding or suitable for them.

We are aiming at building a series of skills workshops, initially within the Cheltenham area but easily scalable beyond this region, where we invite industry leaders and CISO’s to talk with career advisors, parents, teachers and school leavers about the different careers in cyber security. This hands-on approach will hopefully help career advisors especially to steer their students into these careers without the need for them to get into university.

The Cyber Scheme is also very committed to helping military veterans and ex-police to enter the cyber security industry, especially those from engineering, IT and technical backgrounds but also those who work in compliance and governance for less technical roles, whose existing skill sets and work ethic make them ideal candidates.

We are currently working with the MoD, helping to grow awareness of the correct pathway a military Vet can take in order to quickly establish a cyber security career.

Finally, The Cyber Scheme partnered up with The Cyber Trust last year, a non-profit charitable foundation aimed at protecting children and vulnerable communities from online threats. The Cyber Trust incorporates The Cyber Security Challenge, a well-established pathway aimed at finding talented young people through a series of games and tests aimed at sourcing next generation talent, without the need for them to go to university.

We are hoping to support a post-Covid era regeneration of the Challenge, with the aim of increasing exposure to online competitions which help develop technical expertise as well as soft skills such as leadership, communication and teamwork. We are looking at introducing games that include psychometric testing, in order to identify talent without putting them under pressure – a good fit for anyone with a neuro diverse background.

In summary, there are a multitude of pathways that The Cyber Scheme is championing to help career starters get a foothold in this exciting industry.

We have created an informative mini brochure about how The Cyber Scheme is simplifying career pathways into pen testing for anyone who wants to get started – whether you are a new graduate or career transitioner, looking for some exam learning resources, need training or simply want to find out more.