Graeme Evans, Head of Technical Consultancy at IRM, approached North Green Security to discuss the challenges they were having with their team obtaining the Cyber Scheme Team Leader qualification. This was having a detrimental impact on the amount of penetration tests they were able to conduct simultaneously.
The crux of the issue was a lack of opportunity to train prior to the exam in a realistic environment and develop the key skills that are required to be demonstrated. As such, North Green Security were chosen due to our proven track record, and the practical nature of our training. Since engaging with us, IRM have seen a significant increase in the number of consultants passing exams first time and has brought us on as a formal training partner.
The challenge of building IRM’s CHECK Team
IRM (part of Capgemini), is a cyber security consultancy that provides expert advice across the entire cyber landscape. With a 20 year history to build upon; penetration testing and GRC consultants provide vital advice and consultancy for their clients to ensure environments are secure. While an award winning SYNERGi platform is able to reduce the complexity of GRC and allow organisations to manage compliance and risk.
As a long term player in the cyber security industry, IRM fully understands the value in both formal and non-formal training along with industry recognised qualifications that provide validation of the teams skillset. As one of Cheltenham’s biggest consultancies, the technical team is made up of approximately 20 – 30 penetration testers conducfting assessments for both public and private sector organisations of all sizes across a range of disciplines.
IRM needed to increase the number of their consultants that held CHECK Team Leader status, to be able to increase the number of individual penetration tests that could be conducted simultaneously. This meant that consultants were sitting Cyber Scheme or Crest exams at the CTL level.
These exams require candidates to demonstrate a high level of skill across a range of tasks in an exam environment.
If a candidate does not meet the required standard on their first attempt (which is not uncommon), companies have the negative outcome of having to pay for retakes, and also must adhere to a mandatory wait period of 8 weeks before a consultant can retake the exam. This causes significant pressure on both companies and individuals.
Why North Green
IRM approached North Green Security due to our founder, Dan Cannon’s, experience in creating and delivering penetration testing training courses. North Green Security has a track record of being able to deliver training in a clear and effective way and has been recognised by The Cyber Scheme as an approved training partner due to the quality of material, exercises, and delivery of courses.
While other training providers were available, North Green Security’s trainers have extensive experience working as part of a CHECK team and have demonstrated the skills required to work with The Cyber Scheme as assessors. This ensured that IRM could be confident that any training would be appropriately aligned to develop the skills needed for real world engagements and exams.
We were delighted to work with IRM and support the development of their team. We first discussed the scale and timeframe of their plans and were able to book senior consultants onto appropriate training courses. Consultants attended our 4 day Advanced training courses that focus on developing and refining the skills needed to obtain CHECK Team Leader status and were able to apply new techniques against our custom built lab environment to prepare for their exams.
Feedback has been positive from all the consultants we’ve worked with and we have been able to show each and every one of them new techniques or tools available to help refine their own individual testing methodologies.
Exam pass rate
Prior to engaging with North Green Security, IRM was seeing their consultants take an average of just over 2 exam attempts to be able to obtain CHECK Team Leader status. This in turn meant that for each consultant to become a CTL, IRM were investing £3,200+ per consultant, 6+ billable days used for revision, and a timeframe of 8+ weeks required to become qualified.
After working with North Green Security, the average fell to just over 1 exam attempt required to obtain CTL status. This saved the company both time and money and meant that only 4 billable days were used for training and the timeframe to become qualified was significantly reduced.
The overall result
By working together, we were able to ensure that consultants had all the required skills needed to succeed with their exams and were able perform at the desired level. With the success of our initial training, North Green Security is now the preferred training partner for IRM. We work closely with Graeme Evans to ensure all members of his team, preparing for both CHECK Team Member and CHECK Team Leader exams, have the support and training they need.
Due to this success and the positive impact we have been able to contribute to the IRM team, we have been able to have discussions about completely customised training plans and courses that can be created and implemented throughout the team.