The Cyber Scheme launches training course for IoT/ICS security testers

2 mins read

The Cyber Scheme has announced the availability of a new CSII Practitioner Training Course that has been developed as a comprehensive IoT/ICS hacking course.

The course aims to teach candidates all the skills they need to securely test and assess connected systems and devices in consumer, industrial, and critical infrastructure environments.  It is designed for beginner-intermediate level security professionals, whether they are engineers, technicians, analysts, or penetration testers.

The in-person course covers all of the expertise and the skill sets needed to understand, find, and act on, vulnerabilities found within an IoT or OT environment. It teaches a range of practical skills that the candidate will be able to use in multiple scenarios. It has a combination of traditional hacking/pen testing methodology and the hacking of hardware as well as a focus on the practicalities of consulting within an IoT/OT environment, so it doesn’t just focus on the technical aspects of a test.

“In 2024 IOT/OT security isn’t just a nice-to-have. It is now an absolute necessity if we are to protect individuals, organisations, and society as a whole and this is why we developed the new CSII practitioner training course, “said Charles While, CEO of The Cyber Scheme. “Our reliance on smart technology continues to grow, which means investing in robust IoT/OT security is now essential to preserve the digital innovations we’ve all come to depend on. Our new training course helps organisations to ensure their security consultants understand the specific challenges around securing IoT/OT environments, so they are able to take advantage of the opportunities, while mitigating the threats.

“The Cyber Scheme is committed to developing a talent pool of individuals who are able to cross into this field using the skills they already bring to their job, whether they’re from a software or hardware engineering background, or skilled at web-based security testing methods. The skills we instil can be applied to existing roles, creating well-rounded testers capable of understanding, and acting on, vulnerabilities found within these specialised environments.”

The candidates who complete the CSII Practitioner training course will be self-sufficient, billable consultants, able to detect and advise on vulnerabilities independently of senior consultants. Having an IoT/OT expert on hand, whether as a full-time employee on the factory floor or as an independent consultant, is an essential to an offensive security team, providing the ability to exploit and/or assess infrastructure not covered by traditional pen testing services.

More about the CSII Practitioner training course

Topics covered include:

  • Understanding IoT & OT Ecosystems
  • Edge Devices
  • Legal and ethical considerations In IoT
  • The Cyber Kill Chain
  • Common Vulnerabilities in IoT and OT Technologies
  • CAN Protocol
  • Assessing OT Environments & Special Considerations
  • The Devices Found Within ICS Environments
  • Assessment and Exploitation of exclusive Virtualised Factory
  • Hardware Overview
  • UART
  • JTAG
  • Reverse Engineering Firmware

Practical sessions:

  • MQTT
  • Cyber Kill Chain – staged practical session incorporating scanning, weaponisation, delivery, exploitation, installation, command & control and actions
  • Car Hacking
  • Exploitation of virtualised factory.

To find out more about the course available follow the link below.