The Cyber Scheme, a leader in assessment and a certified delivery partner for tech-training, is introducing a training course aimed at security testers of Internet of Things (IoT)/Industrial Control Systems (ICS). The coursework is designed for beginner-intermediate level security professionals and is set to educate students on techniques for securely testing and assessing connected systems and devices within consumer, industry, and critical infrastructure environments.

The CSII Practitioner Training Course is a comprehensive IoT/ICS hacking course which equips security professionals with the necessary skills to identify, react to, and mitigate vulnerabilities uncovered within IoT or OT protocols. It combines standard hacking/pen testing methodologies with hardware hacking, and introduces elements of practical consultancy within an IoT/OT environment. The course extends beyond just the technical aspects of a test, teaching students a broad spectrum of practical abilities applicable in multiple scenarios.

Charles While, CEO of The Cyber Scheme, spoke on the launch of the training course, "In 2024 IOT/OT security isn't just a nice-to-have. It is now an absolute necessity if we are to protect individuals, organisations, and society as a whole, which underpins the development of the new CSII practitioner training course." While explained that the ramping up of our smart technology dependence necessitates investment in robust IoT/OT security to safeguard the digital innovations society relies upon, and the new CSII training course provides organisations with the means to ensure their security consultants understand the unique challenges posed by securing IoT/OT environments.

The Cyber Scheme aims to cultivate individuals who can enter this new field backed by their existing roles' skills, whether they come from a software or hardware engineering background or are proficient in web-based security testing methods. Their initiative seeks to enable security professionals to pivot their existing skills towards understanding, acting on, and rectifying vulnerabilities unearthed in these specialised environments.

Graduates of the CSII Practitioner training course emerge skilled consultants, capable of operating independently to identify and advise on vulnerabilities absent senior supervision. These IoT/OT experts, whether employed full-time on factory floors or acting as independent consultants, are pivotal to an offensive security team. They offer the capability to exploit and assess infrastructure that is not covered by conventional pen testing services.

The coursework will cover several key areas, including understanding IoT and OT ecosystems, assessing OT environments & special considerations, the devices present within ICS environments, reverse engineering firmware, and more. Various aspects of hacking, like MQTT and Car Hacking, are among the staged practical session topics.

Alex Teague PCSP, the IoT/OT Subject Matter Expert at The Cyber Scheme, will lead the course which adopts a small group format to foster a hands-on learning environment. The technical bias of the programme allows ample time for Q&A sessions, enabling candidates to navigate complex technical subjects.

The practical, classroom-based instruction reflects The Cyber Scheme's vast experience in training candidates in true-to-life situations resembling actual testing environments. The virtual hands-on training labs offered are an excellent resource for learning about unexplored ICS protocols and technologies, serving as a jumping-off point for comprehension of how to exploit and secure these environments.