Case Study
Information Risk Management (IRM)
See how our range of experienced training consultants increased the capability of IRM’s CHECK Pentesting Team.
Introduction
Graeme Evans, Head of Technical Consultancy at IRM, approached North Green Security to discuss the challenges they were having with their team obtaining the Cyber Scheme Team Leader qualification. This was having a detrimental impact on the amount of penetration tests they were able to conduct simultaneously.
The crux of the issue was a lack of opportunity to train prior to the exam in a realistic environment and develop the key skills that are required to be demonstrated. As such, North Green Security were chosen due to our proven track record, and the practical nature of our training. Since engaging with us, IRM have seen a significant increase in the number of consultants passing exams first time and has brought us on as a formal training partner.
The challenge of building IRM’s CHECK Team
IRM (part of Capgemini), is a cyber security consultancy that provides expert advice across the entire cyber landscape. With a 20 year history to build upon; penetration testing and GRC consultants provide vital advice and consultancy for their clients to ensure environments are secure. While an award winning SYNERGi platform is able to reduce the complexity of GRC and allow organisations to manage compliance and risk.
As a long term player in the cyber security industry, IRM fully understands the value in both formal and non-formal training along with industry recognised qualifications that provide validation of the teams skillset. As one of Cheltenham’s biggest consultancies, the technical team is made up of approximately 20 – 30 penetration testers conducfting assessments for both public and private sector organisations of all sizes across a range of disciplines.
IRM needed to increase the number of their consultants that held CHECK Team Leader status, to be able to increase the number of individual penetration tests that could be conducted simultaneously. This meant that consultants were sitting Cyber Scheme or Crest exams at the CTL level.
These exams require candidates to demonstrate a high level of skill across a range of tasks in an exam environment.
If a candidate does not meet the required standard on their first attempt (which is not uncommon), companies have the negative outcome of having to pay for retakes, and also must adhere to a mandatory wait period of 8 weeks before a consultant can retake the exam. This causes significant pressure on both companies and individuals.
Why North Green
IRM approached North Green Security due to our founder, Dan Cannon’s, experience in creating and delivering penetration testing training courses. North Green Security has a track record of being able to deliver training in a clear and effective way and has been recognised by The Cyber Scheme as an approved training partner due to the quality of material, exercises, and delivery of courses.
While other training providers were available, North Green Security’s trainers have extensive experience working as part of a CHECK team and have demonstrated the skills required to work with The Cyber Scheme as assessors. This ensured that IRM could be confident that any training would be appropriately aligned to develop the skills needed for real world engagements and exams.
The response
We were delighted to work with IRM and support the development of their team. We first discussed the scale and timeframe of their plans and were able to book senior consultants onto appropriate training courses. Consultants attended our 4 day Advanced training courses that focus on developing and refining the skills needed to obtain CHECK Team Leader status and were able to apply new techniques against our custom built lab environment to prepare for their exams.
Feedback has been positive from all the consultants we’ve worked with and we have been able to show each and every one of them new techniques or tools available to help refine their own individual testing methodologies.
Exam pass rate
Prior to engaging with North Green Security, IRM was seeing their consultants take an average of just over 2 exam attempts to be able to obtain CHECK Team Leader status. This in turn meant that for each consultant to become a CTL, IRM were investing £3,200+ per consultant, 6+ billable days used for revision, and a timeframe of 8+ weeks required to become qualified.
After working with North Green Security, the average fell to just over 1 exam attempt required to obtain CTL status. This saved the company both time and money and meant that only 4 billable days were used for training and the timeframe to become qualified was significantly reduced.
The overall result
By working together, we were able to ensure that consultants had all the required skills needed to succeed with their exams and were able perform at the desired level. With the success of our initial training, North Green Security is now the preferred training partner for IRM. We work closely with Graeme Evans to ensure all members of his team, preparing for both CHECK Team Member and CHECK Team Leader exams, have the support and training they need.
Due to this success and the positive impact we have been able to contribute to the IRM team, we have been able to have discussions about completely customised training plans and courses that can be created and implemented throughout the team.
What people are saying…
NGS are a great training provider who will help you get on the path towards becoming a recognised penetration teste
NGS are a great training provider who will help you get on the path towards becoming a recognised penetration tester. The skills and knowledge gained will help my team improve their abilities to find vulnerabilities but also help understand external reports to better fix them and improve our security po…
Marc Dowie
Extremely knowledgeable, friendly, and patient
Extremely knowledgeable, friendly, and patient. I will be recommending Dan and North Green Security to my team, and I wouldn’t hesitate to recommend to anyone else
Christian Chislett
Delivered by an instructor with deep technical knowledge who could link all content and questions to real-life scenarios
The “Pentest Practitioner” was exceptionally well put together, with high quality and easily digestible material. It was also delivered by an instructor with deep technical knowledge who could link all content and questions to real-life scenarios, which certainly helped understand the relevance to t…
Jason Kalwa
The content of the course filled in gaps in my understanding and provided a solid logical framework
This has been the best training class for web application that I have attended in 13 years of pentesting. The content of the course filled in gaps in my understanding and provided a solid logical framework for finding and exploiting vulnerabilities. The quality of this training was better than anyth…
John McMullan
Highly recommend. A+++
‘Dan was highly professional trainer who is clearly knowledgeable and was meant to be a teacher. The Course helped my confidence in app testing and will set me up for life. Highly recommend. A+++
Karl Rygol
I would recommend this course to all
The course is delivered well and done at a good pace and provides things that even the most season tester could learn from. I would recommend this course to all
Chadwick Jam
Top quality training delivered by knowledgeable and approachable instructors
Top quality training delivered by knowledgeable and approachable instructors who are active Pen Testers in this field. Out of all the courses I have been on, this is by far the best
Darryn Day
I think this course is perfectly pitched for the targeted certification pathway’
I think this course is perfectly pitched for the targeted certification pathway
Simon Cundy
The amount of knowledge gained from the North Green Security course has proved to be invaluable
The amount of knowledge gained from the North Green Security course has proved to be invaluable. It has given me an insight into how hackers attack systems which has been a real eye opener. The skills and techniques learnt have given me the ability
to confidently address vulnerabilities within my ow…
Mark Reynolds
Thank you for a fun and professional experience from which I learnt a lot!
A great course, delivered by a very knowledgeable and approachable tutor. Thank you for a fun and professional experience from which I learnt a lot!
Karl Weatherhead
Get in touch
If you want to hear about how we can work with your team to increase their technical capability and provide them with 1-to-1 workshops, get in touch now at hello@northgreensecurity.com