A Guide to the Certified Information Security Manager (CISM) qualification


There are now a vast number of courses and qualifications available for IT and cyber security professionals. Some are achievable over only a few days, whilst some may take years to complete. In terms of Information Security, there are a great deal of courses and qualifications out there, but one of the best-known and highly regarded is the Certified Information Security Manager (CISM) qualification, which is awarded by ISACA (the organisation previously known as the Information Systems Audit and Control Association).

The Qualification

The Certified Information Security Manager qualification was first launched in 2002 and is now a globally accepted qualification amongst the IT community.

Who is it for?

The CISM is for IT professionals with a specific interest in IT security. It is awarded to individuals who meet the following requirements:

  1. Pass the CISM exam.
  2. Adhere to ISACA’s Code of Professional Ethics.
  3. Agree to comply with the Continuing Professional Education (CPE) Policy
  4. Have relevant work experience.
  5. Submit an Application for CISM Certification.

The Exam

One of the criteria for certification is passing the main exam. The exam covers the four CISM areas outlined below:

  • Information Security Governance (24% of exam)
  • Information Risk Management and Compliance (30% of exam)
  • Information Security Program Development and Management (27% of exam)
  • Information Security Incident Management (19% of exam)

The exam consists of 150 multiple-choice questions covering the areas above. Candidates have four hours in which to complete the exam.

Since 2017, the exam can now be taken via computer-based testing (CBT) at a number of registered exam centres. This also means that the candidate’s exam score can be displayed straight away.

In order to register for the exam, candidates must first register online with the ISACA, find a testing centre nearby, and pay for the examination in advance.

The fees for this exam are $575 USD (approx. £475) for SACA Members and $760 USD (approx. £625) for non-members.

Required Experience / Qualifications

Those who wish to become qualified must possess a minimum of five years of relevant work experience. This experience must be verified and include at least three years of information security management work in three or more of the specified areas. This experience must have been gained in the 10-year period prior to the application date, or within 5 years from when the exam was originally passed.

There are, however, several certifications and types of experience that can be used towards the 5-year information security work experience requirements (but not toward the 3-year specific requirements).

Certifications and experience that count for two years of the five include:

  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Security Professional (CISSP)
  • Post-graduate degree in either information security or a related field such as business administration, information systems, or information assurance.

Certifications and experience that count for one year of the five include:

  • One year of information systems management experience
  • One year of general security management experience
  • Skill-based security certifications such as CompTIA Security +, SANS Global Information Assurance Certification (GIAC), Disaster Recovery Institute Certified Business Continuity Professional (CBCP), Microsoft Certified Systems Engineer (MCSE), or ESL IT Security Manager.
  • A completed information security management program at a relevant institution (i.e. one aligned with the Model Curriculum).

Continuing Professional Education and Jobs Prospects

A key element in obtaining certification is that the candidate agrees to follow the Continuing Professional Education (CPE) policy. This policy is there to ensure that all certified candidates keep their knowledge current and maintain proficiency in the field. Staying up-to-date means that individuals are better able to provide leadership and value to their organisations. At least 20 hours of CPE are required each year in order to maintain the CISM certification.

Professionals who pass the CISM qualification can go into a wide range of roles including (but not limited to):

  • Information Security Manager
  • Information Security Analyst
  • IT Audit Manager
  • Director of Cyber Security & Information Assurance
  • Cybersecurity Consultant

According to the website IT Jobs Watch, the average (median) annual salary for an ISACA Certified Information Security Manager is £65,000. You can find out more about other cyber security job salaries in this article on our sister site, Cyber Security Jobs.

How to set up a Home Testing Network / Lab

home network lab

Today’s constantly changing cyber security landscape means that keeping your network secure is more essential than ever. A key part of this is penetration testing. You might think that this is a specialist area that needs to be left to the experts, but in fact, you can set up your own network penetration testing lab in house.

Not only is this a good way of securing your systems but it also helps to improve your configuration and security skills so that you are less likely to leave attack routes open in future. Carrying out penetration testing in a lab environment is also much safer, as some of the tools used can cause problems if applied to a live network. Your own lab is also a good way of experimenting with the latest testing tools and techniques.

Physical versus virtual

In the past, you would have needed a physical server as the core of your testing setup. Today, however, you can do it in a fully virtualised environment. You can combine the two, with a single virtual machine offering a number of virtual environments, or you can go for a completely cloud-based solution.

You need to be aware, however, that virtual machines don’t always precisely replicate the characteristics of physical ones, so certain techniques may not yield the same results. Even so, to get started, a virtual environment is probably best. If you need to increase the realism of your tests later, you can look at using old hardware, either surplus within the organisation or purchased second-hand.

The principal advantage of virtual machines in the cloud is scalability. You can easily add capacity as you need it. Infrastructure as a Service (IaaS) allows you to replicate all kinds of network scenarios without the need for expensive hardware. Virtual machines can be used to host a range of different environments, including Windows and Linux.

Inside the lab

Having decided on the environment you are going to use, what does your lab actually contain? At its simplest, all you need is the computer to be tested and the one that is going to carry out the testing. As your needs evolve, the number of machines may increase.

If you are just beginning, it’s best to start simple and build up to something more complex. The key thing is to replicate the target system as closely as possible. For newbie testers, it’s important to understand what it is that makes a system vulnerable. Fortunately, the internet is your friend here and there are a number of places where you can download applications and virtual machines that are pre-configured to be vulnerable. This is a good way of getting started and learning how your testing tools work.

As your skills improve, you’ll want to start adding complexity to your test setup. This means increasing the number of targets, adding machines running different operating systems and different software. This ensures that you gain experience as to how mixed networks look from an attacker’s point of view. You can also expand the potential attack surface by adding services such as FTP, databases, email and so on.

On the machine that’s carrying out the testing, you really need to be able to run both Windows and Linux as there are different tools available for each OS and their capabilities differ. Once again, there are pre-configured testing tools that you can download to help you get started. Alternatively, you can build your own toolkit. There are a number of things you need for this, a set of basic network utilities including FTP and Telnet is essential. You’ll need some packet capture software, a port scanner, and a vulnerability scanner. You may also want to look at getting a password cracker as well as a scripting tool.

It isn’t hard to get started, setting up a testing lab with just a couple of virtual machines and some pre-configured image downloads. You can then add complexity and sophistication as your skills develop.

What is Cyber Security Challenge UK And Should You Take It?

cyber security challenge UK

Are you interested in cyber security but don’t know how to turn it into a career? If so, it’s worth investigating Cyber Security Challenge UK and it doesn’t matter how old you are or what qualifications you have (or don’t have). In this article we take a look at everything you need to know.

What is Cyber Security Challenge UK?

It’s an initiative set up to identify and encourage people with cyber security skills, with the aim of recruiting them into the industry. The programme offers both competitions to test a variety of skills across multiple age groups, together with education at all levels to help students and teachers develop cyber security knowledge and to promote future career prospects in the sector.

The principal competition starts with online qualifying challenges designed to test your skills. These aren’t necessarily all technical; cyber security also requires an aptitude for risk identification, problem solving and understanding psychology. From there, successful participants move on to face-to-face semi-finals and then to the Masterclass grand finale where an annual champion is chosen.

With a significant shortage of skills in the sector already biting, if law enforcement and security agencies can’t recruit suitable talent, the UK won’t be able to combat the rising tide of cyber crime. Cyber Security Challenge UK is looking to solve that potential issue with its competitions and its numerous events in schools, colleges and universities.

How do you enter?

To enter, simply go to the Cyber Security Challenge UK website and register to play. Once registered, you can play online or download the app for a faster, more engaging experience.

You need to be 16 or over, a UK or EU citizen and a UK resident to enter the main competition, although the organisers have the discretion to admit under-16s with exceptional abilities. If you’re under 18 and get to the face-to-face stages, you must attend with an adult. If you currently work in the cyber security industry, you can register for the online competition but you cannot progress to the face-to-face stages.

There are also rules for the frequency with which you can enter. If you win a Masterclass place, you can’t enter any further face-to-face competitions in that calendar year. If you reach two or more Masterclasses or are crowned champion, you can no longer participate in face-to-face events. This is to ensure that as many potential cyber security professionals as possible can reach the semi-final and final stages. You can, however, still play online and attend educational events.

Who’s behind it?

Cyber Security Challenge UK is funded primarily via sponsorship, including the UK Government, the National Crime Agency and GCHQ. As a Not for Profit organisation, it provides a route for both private and public enterprises to find exceptional talent that can defend the UK’s financial institutions, national security and overall digital economy in years to come.

As a result, the range of sponsors reflects the diverse needs of the cyber security industry. Sponsors include universities, defence organisations, government departments, technology companies of all sizes, law firms, together with education and training businesses.

What about the educational events and activities?

Cyber Security Challenge UK is very much about the long term, an integral part of which is working to support and even change mainstream education. Cyber security developments don’t form a major part of any standard educational offering at GCSE and A-level, but the promotion of lesson plans, free summer camps and resources for parents should help to foster an interest in young people and encourage them onto a pathway that leads to a cyber security career.

In universities, the organisation offers a variety of boot camps tailored to both technical and non-technical undergraduates. Again, the emphasis is on finding the right people, unrestricted by age, background, or qualifications, setting them on a path where they are seen by the right recruiters.

Ultimately, if this is a sector that appeals to you, you meet the requirements and you think you have the necessary skills, this is a great starting point. Register, play, and see where it takes you.

Free Learning Resources for the Cyber Security Beginner

As we become more and more dependent on digital ecosystems, cyberattacks grow more sophisticated and frequent year after year; targeting both businesses and individuals with often alarming consequences and resulting costs. Stronger cybersecurity measures are needed to defend against these, with the stakes getting higher as technology becomes more advanced and our reliance on it more fundamental to the global economy and our everyday lives.


As a career, cybersecurity has a very bright future. Luckily, as with most digital skills, there are free courses online that can help you learn this, even if you’re a complete beginner. Here are our top choices.       

Future Learn

Future Learn offers diverse courses from top universities and institutions around the world, all in a step-by-step format and with a flexible schedule. It’s owned by Open University (OU), the largest undergrad university in the UK and a distance learning pioneer.

Their Introduction to Cybersecurity course introduces you to authentication, malware, network security, and risk management while giving you practical skills for recognising and responding to threats. It’s considered part of GCHQ certified training, accredited by the London-based Institute of Information Security Professionals (IISP), and supported by the UK Government’s National Cyber Security Programme. Another helpful course is Cyber Security: Safety at Home, Online, in Life, which presents over three weeks how cybersecurity works in day-to-day life.  


Cybrary is a free platform that was created to make learning cybersecurity accessible to everyone. Once you create an account, you gain access to plenty of resources, which include cybersecurity courses as well as practice labs and assessments. Their courses consist mostly of video classes, with a curriculum that will prep you to be certification-ready. You can search through these by level (beginner, intermediate, and advanced) or by vendor (e.g. Cisco and Microsoft).

For beginners, there are more than ten pages worth of courses, tackling topics such as phishing, network fundamentals, and cybersecurity architecture. If you’re not sure where to start, go with Comptia A+ 902, which will give you a thorough foundation on basic concepts and train you for the CompTIA A+ Certification Exam.     

Heimdal Security

Heimdal Security is an award-winning cybersecurity company that’s also a thought leader providing user education through free online courses and other resources.


Their Cyber Security for Beginners course gives clear, actionable advice for defending your device and data from cyber threats. Lessons are sent via email every two days, lasting for five weeks with twenty lessons in total. A must for anybody who wants to stay safe online, it covers cybersecurity basics and tools, threat detection and prevention, how to help others protect themselves, and making your online data bulletproof. At the end of this email course, you’ll know how cyberattacks work and pick up useful skills such as counteracting virus infections.                          

Sans Cyber Aces

SANS Cyber Aces is a philanthropic project by SANS, the world’s top provider of information security certification and training. Aside from making available the largest collection of information security research documents to the public, they set up Sans Cyber Aces to help anybody interested in a cybersecurity career.


Their courses on cybersecurity fundamentals teach the core principles of the industry and covers the following areas: operating systems, networking, and system administration. In particular, these discuss Linux and Windows 7, networking layers, web scripting, Bash, and PowerShell. Each lesson is presented through a video, and PDF handouts with the video slides and a transcript are included. You can also register for an optional quiz that tests your understanding of the course.


Coursera is another popular online learning platform with thousands of online courses from different universities and companies. While certification is available for a fee, you can view the contents of most of their courses for free. Their Computer Security and Networks category has a plethora of courses that you can choose from, with topics such as cryptography, usable security, and international cybersecurity conflicts.

Cybersecurity newbies can take the Introduction to Security Specialisationby NYU, which doesn’t require any prior knowledge. This consists of four courses, which you can take on their own: Introduction to Cyber Attacks, Cyber Attack Countermeasures, Real-Time Cyber Threat Detection and Mitigation, and Enterprise and Infrastructure Creativity. For those who are already familiar with the fundamentals, you can take the University of Maryland’s Cybersecurity Specialisation instead.   

These courses are geared towards beginners, but you won’t have a hard time looking for more resources once you’ve advanced beyond that! Through consistent studying and practice, you can increase your skills and technical knowledge and progress towards becoming a cybersecurity professional.

Study Tips To Help You Pass Your Cyber Security Certifications

People with cyber security skills are in demand nowadays. According to the Cyber Security Skills and the UK’s Critical National Infrastructure report, despite the UK having the most vibrant digital economies in the world, it’s lacking the cyber security skills base to match.

It goes without saying that getting a cyber security certification will be beneficial to your career as the job market is currently in need of such skills. It is worth noting though that there are a lot of cyber security certifications available out there so you might want to educate yourself about them first, then choose which one is is best suited for you.


1. Be thorough. Understand the prerequisites of the particular certification you want to obtain. After which, go through every domain in the study guides and make sure that you get a good grasp of every term outlined in them. To help you understand and retain the concepts better, come up with practical applications to connect them to.

2. Do not rely on one study guide. If time permits, study more than one reference to ensure that you get everything covered. Be careful not to use too much learning materials though as you may end up getting confused.

3. Enroll in a Certification Prep Course. Taking part of this will provide you with expert instruction and advice that will help you do better in the exams. If you have questions, this will serve as a great venue for you to get your questions addressed and maybe even clarify exam-related concerns that’s on your mind.

4. Network with people who are about to take the exam as well. Apart from interacting with people who are about to qualify for a cyber security certification while in the prep course, you can also join an online group for support. Doing so will allow you to exchange tips with each other as well as provide each other support through study groups, or group discussions. And if you don’t have budget to enroll in a certification prep course, this will be a cost-effective way for you to learn from other people.

5. Manage your time wisely. Chances are you’ll be using various methods to prepare yourself for your certification. If this is the case, make sure to budget your time among reading study guides, taking practice exams, attending group discussions or trainings, accordingly. Most importantly, don’t forget to factor in sleep in your schedule. Remember, your ability to focus and retain knowledge can get affected if you don’t get enough rest. This is particularly important on the night before your exam. You’d want to have a clear mind and be energised during your big day so that you can perform at your optimum.

6. Come up with a plan. Think of how you’ll take on each part of the exam. We all have our waterloo, so make sure you allot enough time for each domain, including the parts that you find the most difficult.

7. Take note of the marking scheme. Make sure that you understand the marking scheme of the certification you are about to take. Knowing the minimum passing score is also helpful. Having this down to pat will allow you to appropriate your time and effort accordingly.

8. Know your weak areas and focus on them. As you review for your exams, make sure to prioritise the domains that you have a hard time understanding. Spend more time studying and taking practice exams for those areas until you’re confident enough to tackle them.


Cyber security certifications can be hard to acquire, but getting qualified through a recognised provider can open new doors for you in your career. We hope you find these tips helpful as you try to add these certifications to your credentials.

What is the UK’s Cyber Security Challenge And Should You Take It?

The demand for cyber security skills is reaching a crisis point in the country. Considering that UK business leaders see cyber attacks as the “most dangerous” risk for businesses in 2018, there has never been a greater need for more people to develop their skills in cyber security than now.


One of the public initiatives to address this urgent problem is the Cyber Security Challenge UK.

What is the Cyber Security Challenge UK?


The Cyber Security Challenge (CSC) UK is a set of events and programmes held across the country. Its main goal is to encourage more individuals to become cyber security professionals, whether they already have solid core competencies or are completely new to the concept.


It is a not-for-profit organisation supported by the UK government and sponsored by private companies.


The events include online and face-to-face competitions with numerous age and skill brackets, educational boot camps that present possible career development paths, and mentoring programmes.


The organisation also partners with primary and secondary schools to bring more awareness of cyber crime and security to children aged 10 to 18 years old. For college and graduate-level students, it provides qualification and apprenticeship opportunities through programmes like the Extended Project Qualification.

The Cyber Security Challenge UK Today


Since the organisation’s creation in 2009, the lack of hard data tracking–which would prove the programme’s overall value–has been a constant issue despite its success in getting people interested in the field.


Current CEO Colin Lobley has admitted as such, stating that:


“We need to get a lot better at tracking those who we engage with; I don’t think we’ve been very good at tracking and engaging all those people we speak to… The social media outreach is positive and we know we’re having an impact – we just haven’t been good at tracking the data, we need to do more.”


In addition to better performance metrics, Lobley is working on expanding the scope of career paths the organisation helps to develop (e.g. risk management, legal cyber security). The organisation is also looking to add more security information resources, and being more inclusive with their target audience.


One of the latest government programmes in bolstering the country’s cyber security skills is Cyber Discovery, which is run in conjunction with CSC UK. Started in 2017, this programme aims to build a strong foundation of interest in cyber security within the 14- to 18-year-old age bracket.


According to CSC UK Head of Education Debbie Tunstall, “With a critical skills gap looming and the cybercrime threat growing, we need to educate about cyber security while individuals are still young; piquing their interest in future cyber careers and as a result, filling the pipeline of talent.”


She further adds that the CSC UK “has years of experience in dealing with people in this age group and providing fun and educational face-to- face events and we’re delighted to bring our expertise to this innovative programme.”

Why Take the Challenge?


Apart from the skills and career opportunities you can earn from participating in the CSC UK, the competitive, gamified environment is highly conducive to learning, especially in the field of cyber security.


McAfee reports in a 2018 survey that 96% of organisations that implemented gamification achieved tangible benefits. The survey also revealed that 57% of the respondents believe gamification increases awareness and understanding of information security breaches.


The competitions that CSC UK holds incentivises individuals to perform at their best under pressure. They also provide avenues where social interactions are possible, allowing for teamwork and communication skills to be honed. These abilities are crucial to the real-life application of cyber security solutions, and they are not as easily developed in the traditionally passive classroom lecture setting.

Complement Your Cyber Security Education


While the CSC UK presents an innovative learning method to becoming a cyber security professional, it is but one of the many ways.

Take advantage of the shared resources and unique opportunities it offers, especially with integrating yourself into the wider community of IT experts. Do, however, use it to complement your overall educational experience with cyber security courses to further advance in this industry.

5 Free Learning Resources For the Cyber Security Beginner

Starting a career in cyber security can lead to personal financial security. Experis, in fact, reported a four percent year-on-year salary increase coming into 2018, with other analysts reporting a seven percent salary increase for cyber security specialists in 2018 – the biggest for IT professionals in Europe.

If you’re looking to become a cyber security professional but lack practical experience or the finances to take classes in a university, there are plenty of ways you can get into the industry.

Here are five of our top free beginner cyber security resources and course to get you started:

Introduction to Cyber Security

Learn the fundamentals of cyber security to protect private and personal data. Know the basics of authentication, networking, threat identification, cryptography application, risk management, recovery, and the law surrounding cyber security.

The Open University offers this eight-week course through Future Learn, with support from the UK Government’s National Cyber Security Programme and accreditation from GCHQ Certified Training, APMG International, and the IISP.

The free version gives you a 10-week access to all the educational materials, but you’ll have to pay for certification.

Cyber Security: Safety at Home, Online, in Life

Considering how much personal data is stored online through the proliferation of smart devices, social media use, and online shopping, the threat of cyber attacks has increased. With this course, you’ll understand the practical applications of cyber security on the everyday goings-on of the average individual and how that relates to commercial businesses.

Newcastle University offers this three-week course through Future Learn. Enrolling in this course for free gives you access for five weeks. You will have to pay to get certification.

Network Security

Establish foundational knowledge on cryptography, cryptanalysis, and systems security in the context of securing networks. Lessons are taught through seminal papers and monographs that have impacted the industry, developing your security research skills in the process.

The Georgia Institute of Technology (Georgia Tech) offers this 16-week course through Udacity.

This free course nets you instructor videos and interactive quizzes, but you will not receive any accreditation unless you are part of the Georgia Tech OMSCS program.

Cyber Security for Small and Medium Enterprises: Identifying Threats and Preventing Attacks

While the biggest cyber crimes people hear about concern multinational corporations and industry giants, small- and medium-sized businesses are just as vulnerable to cyber attacks. This course teaches you how to identify risks and prevent threats that SMEs uniquely face when it comes to cyber security.

Deakin University will be offering this two-week course through Future Learn. You can only get credit for this online course if you complete the entire Cyber Security Management program it is part of.

Secure Android App Development

Mobile applications have become an integral part of modern living, with so much confidential information tied to these apps. The freedom and flexibility of app development on Android, however, comes at the price of great cyber security risks. Learn how to identify and solve common security problems in mobile apps that can be fixed in the development stage with the use of HPE Fortify SCA.

The University of Southampton’s Cyber Security Academy offers this four-week course through Future Learn.


Once you have developed these beginner skills, take the next step in your education by looking for advanced cyber security courses through our very own network of providers. If you’re ready for that career defining first job, then check out our sister site, Cyber Security Jobs.

A Guide to HP, Cisco and Microsoft Cyber Security Courses

There are a ton of course out there offered by independent groups like CISMP, CISP and the EC Council, but there are also some incredibly well respected courses offered by some of the leading tech companies. In this guide I want to look at some of those courses, specifically those offered by HP, Cisco and Microsoft.


Hewlett Packard Enterprise

HPE offers vendor-agnostic cyber security education and certification with an organisational perspective and a focus on practical strategy development.

As of this writing, HPE has no scheduled classes and listed pricing for its cyber security courses.

1. Information Security Essentials

  • See how businesses can benefit from information security on a holistic level;
  • Create and integrate a complete information security strategy; and
  • Qualify for the succeeding higher-level HPE courses.

Duration: 3 days

Requirements: A basic understanding of operating systems and networks


2. Information Security Essentials Plus

  • Apply ISO 27001 standards to your organisation
  • Prepare you for the Certified Information Security Management Principles (CISMP) certification

Duration: 2 days

Requirements: Information Security Essentials (HL945S)


3. Information Security Risk Management and Business Continuity Planning

  • Assess and manage risks to avoid breaches or minimise damage
  • Adapt to unexpected situations

Duration: 3 days

Requirements: HPE Security Essentials (HL945S) or equivalent knowledge


4. HPE Security Governance and Policies

  • Create a practical and effective security governance strategy
  • Understand the importance of compliance regulations and industry standard best practices in developing security policies.

Duration: 2 days

Requirements: HPE Security Foundation (HL945S) or equivalent is required; HPE Risk Management (HL946s) is recommended


Cisco provides comprehensive cyber security courses that implement company products for hands-on learning.

TakeCCNP courses to further your understanding of Cisco’s cyber security solutions. These are self-paced training modules with access durations of 365 days.

1. Implementing Cisco Network Security

You’ll gain foundational knowledge of cyber security principles, and learn how to utilise Cisco security products to implement basic security techniques.

Cost: $1,000 (£785.56)

Requirements (recommended, not required):

  • Interconnecting Cisco Networking Devices Part 1 or equivalent
  • Windows OS knowledge
  • Cisco IOS networking and concepts knowledge

2. Understanding Cisco Cybersecurity Fundamentals

Advance your knowledge of security concepts and network applications; allow you to understand basic cryptography principles; and establish your security monitoring fundamentals.

Cost: $1,500 (£1,178.35)

Requirements (recommended, not required):

  • Basic IPv4 and IPv6 addressing
  • Windows and Linux OS knowledge

3. Implementing Cisco Cybersecurity Operations

Learn how a Security Operations Center (SOC) works.

Cost: $1,500 (£1,178.35)

Requirements (recommended, not required):

  • Understanding Cisco Cybersecurity Fundamentals
  • Windows OS knowledge
  • Cisco IOS networking and concepts knowledge


TheMicrosoft Professional Program in Cybersecurity has in-depth lessons on security systems setup, breach detection, and threat response. It costs $99 (£77.77) per course for certification.

1. Enterprise Security Fundamentals

Know what works in enterprise security today and learn how to build a security strategy for your organisation.

Duration: 4 weeks, 2-4 hours per week

Requirements: Awareness of current cyber security ecosystem

2. Threat Detection: Planning for a Secure Enterprise

Taking this course will give you an overview of threat detection and mitigation tools. You’ll also understand why threat detection monitoring is critical.

Duration: 4 weeks, 2-4 hours per week


  • Awareness of the current cyber security ecosystem
  • Analysis of hacks on computers and networks
  • Basic Risk Management

3. Planning a Security Incident Response

Learn how to prepare for a security incident and the proper ways to respond.

Duration: 4 weeks, 2-4 hours per week

Requirements: Awareness of the current cyber security ecosystems

4. Powershell Security Best Practices

Gain a comprehensive understanding of Powershell. You’ll also know how to perform administrative tasks securely.

Duration: 4 weeks, 2-4 hours per week

Requirements (prior experience):

  • Windows networking
  • Windows Server administration
  • Windows PowerShell

5. Managing Identity

Understand why and how identity decides what security systems you can implement.

Duration: 4 weeks, 2-3 hours per week


  • Windows Client administration, maintenance, and troubleshooting
  • Introductory level knowledge of Active Directory
  • Accessing and using simple Windows PowerShell commands

6. Security in Office 365

Know how to utilise Office 365’s security features; identify what threatens your organisation’s data.

Duration: 5 weeks, 2-4 hours per week


  • Understanding of cloud-based service concepts, Office 365 and its services
  • Background knowledge in security requirements and threats in IT communications

7. Securing Data in Azure and SQL Server

Learn user authentication and authorisation in an SQL Server; audit and secure databases in related platforms.

Duration: 4 weeks, 2-3 hours per week


  • Familiarity with database concepts and basic SQL query syntax
  • An Azure subscription if you want to do the hands-on elements.

8. Microsoft SharePoint 2016: Authentication and Security

Implement SharePoint security features; manage user profiles and permission sets.

Duration: 9 weeks, 3-5 hours per week


  • Knowledge of Windows Server 2012 R2 roles and features
  • Foundational knowledge of SQL Server

9. Windows 10 Security Features

Get a comprehensive look at Windows 10’s security architecture and features.

Duration: 4 weeks, 2-4 hours per week

Requirements (an understanding of the following):

  • Windows client administration, maintenance, and troubleshooting
  • Windows networking technologies
  • Active Directory
  • Windows Server administration

10. Windows Server 2016 Security Features

Learn to safeguard data centers with the new Windows Server 2016 security features. Then, learn about Desired State Configuration (DSC).

Duration: 5 weeks, 2-4 hours per week

11. Microsoft Azure Security Services

Maximise Azure’s security services to protect cloud data; familiarise yourself with Microsoft Intune for Windows, iOS, and Android devices.

Duration: 4 weeks, 2-4 hours per week

Requirements (an understanding of):

  • On premises TCP/IP networking
  • Mobile device management
  • General cloud principles

If you’d like more information on some of the course out there, have a browse through our current listing to see some of the upcoming courses. Alternatively drop us an email or a call to find out more about any of the courses above.

Cyber Security University Courses UK

Statistics from the Office for National Statistics show that business cyber crime in the country is up by 63% in 2017. However, the shortage in cyber professionals continues to grow worldwide, leaving plenty of UK businesses vulnerable to attacks.

With high demand and low supply, more and more companies are willing to invest in cyber professionals to protect their personal and sensitive data. This gives plenty of hopefuls the chance to earn more in this industry.

But given the responsibilities you would need to take on, especially the higher you go up the ladder, having an undergraduate degree becomes increasingly important in opening doors. These courses will give you the theoretical and practical foundations you would need to handle the various aspects of cyber security, and be a valuable addition to any business.

Below are GCHQ-accredited cyber security courses across various universities in the country that you can choose from:

1.     University of Oxford: MSc in Software and Systems Security

With an outstanding global reputation as one of the top universities in the world, the University of Oxford’s MSc in Software and Systems Security lays the foundation for systems security by highlighting software, information technologies, and security properties.

Designed for those in full-time employment, you’ll learn how to better apply these principles to real-world situations and stay updated with the latest best practices in the industry—taught by world-class experts in 10 different subject areas.


  • Duration


Part-time module (roughly three courses per year), 2 to 4 years.



  • Requirements



Undergraduate degrees with honours (or equivalent) in related subjects like informatics, engineering, or computer science. You are also required to have at least two years of professional experience.

Those without formal training can still apply, as long as you have extensive experience and/or qualifications.


  • Fees


This programme is priced per module. For those living in the UK/EU, registration fee costs £8,660, while each module costs £2,170. For those outside the UK/EU, registration fee costs £14,785, while each module costs £2,170.

For a total estimated fees, go to their department’s website.


  • Careers After Graduation


Since this programme is for full-time employees, most students return to their current jobs to aim for higher/more specialised positions.

2.     Lancaster University: MSc in Cyber Security

Lancaster University’s MSc in Cyber Security takes on a multi-disciplinary approach by merging technical skills with other disciplines (e.g. economics, risk management, psychology, and social science).

This programme focuses on four Information Security modules. You’ll also learn about network and systems security, as well as cybercrime. An individual project—requiring 200 hours of work and a 40,000-word dissertation—is required to hone your expertise and apply it to the world outside the classroom.


  • Duration


Full-time course for 12 months, or a part-time course for 24 to 36 months.


  • Requirements


A degree (or equivalent) in computer science, computer security, or other similar degrees. Previous modules on security, network and systems, programming, and cybercrime are also required. Relevant experience may be considered.


  • Fees


Full-time course for UK/EU residents cost £9,500 per year, while it costs £20,500 for overseas students per year.

Part-time students from the UK/EU would need to pay £4,750 per year. Part-time course isn’t available for overseas students.


  • Careers After Graduation


This programme aims to prepare you for a career in cyber security, application and software security, and cyber law enforcement.

3.     Cranfield University: Cyber Defence and Information Assurance MSc/PgCert/PgDip

Cranfield University’s Cyber Defence and Information programme provides a unique learning blend of residential and online teaching.

The entire programme is designed for leaders—those who want to assess and defend against cyber threats at an organisational level. By the end of the course, you’ll be able to come up and execute responses to emerging and current threats.


  • Duration


All programmes are on part-time basis. MSc students will be able to graduate in 5 years, PgDip students in 4 years, and PgCert students in 3 years.


  • Requirements


You need to have any of the following: a first or second class honours degree; a third class degree but with experience; a pass degree with five years of experience; or HND/c with seven years of experience.

Those without degrees but have 10 years of experience will also be considered, given that you were involved in information security, information operations, information risk, or any related role.


  • Fees


For both UK/EU and overseas students, MSc fee is £31,000, PgDip fee is £21,100, and PgCert fee is £10,550.


  • Careers After Graduation


Managerial job roles, especially those who currently or aspire to be CIO or CISO. Upon graduation, you’ll learn how to assess and communicate cyber issues to senior management and/or the executive board.

4.     University of Birmingham: MSc in Cyber Security

The University of Birmingham’s MSc in Cyber Security aims to set the foundation for their students who want to pursue careers in software industry or research. Upon graduation, you’ll be able to design and build secure computer systems and processes.

Combining both theory and practice, this programme’s modules involve cryptography, network security, forensics, and secure programming. You’ll also have plenty of optional modules to choose from like penetration testing, advanced cryptography, and intelligent data analysis, among others.

Big industry players like Microsoft, Vodafone, and IBM often visit the campus to talk to students.


  • Duration


This is a full-time course, to be completed in 1 year.


  • Requirements


A 2:1 Honours degree in a related subject like computer science. Knowing data structures and algorithms is a plus.


  • Fees


UK/EU students are charged £9,250, while international students are charged £22,500. Both are annual tuition fees.


  • Careers After Graduation


After graduation, you can start forging your career in various cyber security roles like secure software development or cyber security consultants. You can also continue your studies and get a PhD. The university boasts of graduates who gained employment in Accenture, IBM, PriceWaterHouseCoopers, BT, and Delcam.

5.     Edinburgh Napier University: MSc in Advanced Security and Digital Forensics

Edinburgh Napier’s MSc in Advanced Security partners computer security with digital forensics and incident response.

This course focuses on network security, audit and compliance, malware analysis, cryptography, and host and mobile digital forensics. A dissertation project is required towards the end of the programme to enhance your specialism.


  • Duration


Full-time module lasts for 1 year; part-time for 2.5 to 4 years; and distance learning for 2.5 to 4 years.


  • Requirements


A bachelor’s degree in any computing discipline (e.g. computer science, computer networking, etc.) or other IT discipline. The university is open to considering those with less qualification, provided that there is sufficient experience in the industry.


  • Fees


Tuition would depend on your chosen module.

Full-time module for those from the UK or the EU would cost £5,850, while those from overseas would need to pay £15,150.

Meanwhile home/EU-taught modules cost £890, and home/EU-dissertation module costs £530. Overseas-taught modules cost £2,250, while overseas-dissertation module would cost £1,550.


  • Careers After Graduation


This programme can lead you to the following job positions: Security Consultant/Analyst

Penetration Tester, Network Security Analyst, Forensic Investigator, Audit/Compliance Consultant, Security Certification Engineer, Incident Response Analyst, Sys Admin, and Network Engineer.

6.     Royal Holloway: MSc in Information Security

Royal Holloway launched the first MSc in Information Security in the world back in 1992. This programme covers cryptography, security management, network security, computer security, security technologies, and secure business architectures.

The university’s close ties to industry employers in the country proves to be advantageous for students, as it would help you prepare for high-level information security positions.


  • Duration


The entire programme can be completed in 1 year if you do it full time. For part-time students, duration of the course is 2 years.

Those in the Continuous Professional Development programme will take 3 to 7 years to complete, while distance learning students can expect to graduate in 2 to 4 years.


  • Requirements


A UK 2:2 (Honours) or equivalent is required. Industry experience may also be considered, if it’s sufficient.


  • Fees


Tuition fee for UK/EU students is £11,300 per year, while international students’ tuition fee is £18,500 per year.

Part-time students are charged a pro-rata tuition fee (typically half of the full-time costs).


  • Careers After Graduation


You’ll be able to land a high-level position in the cyber security industry or move to more postgraduate studies. Your advanced knowledge after graduation will allow you to do data handling, analysis, research, problem solving, and many more for plenty of industries here and abroad (e.g. banking, telecommunications, civil service, etc.)

7.     University of York: MSc in Cyber Security

University of York’s MSc in Cyber Security aims to provide its students a strong foundation in cyber security by covering malware, cryptography, identity, trust and reputation, and risk management. You will also learn forensic analysis and developing secure systems.

This programme is composed of eight modules, with each including lectures, problem classes, practical classes, and personal study time. You will then undertake an individual project and dissertation which involves an academic staff member and an external organisation.


  • Duration


Full-time students can complete the programme in 1 year, while part-time students can do it in 3 years.


  • Requirements


A computer science (or related) degree is required and a background in software engineering, computer science, or IT. An upper second class honours degree (or equivalent) is also required.


  • Fees


Full-time students in the UK/EU will be asked to pay £8,580, while those from overseas will need to shell out £21,640.

Part-time students in the UK/EU will be asked to pay £2,863 the first year, while those from overseas will need to shell out £7,213. Fees for subsequent years are subject to confirmation by the university.


  • Careers After Graduation


Possible careers include counter-terrorism, cryptography, cyber and digital forensics, development and code analysis, incident response, intelligence operations, law, legalities and compliance, network security, and penetration testing.

You can also go the routes of policy and strategy, research and new developments, secure software, security architecture, security auditing, and vulnerability assessment.

Take Your Education To The Next Level

While there are many ways to break into the cyber security field, getting a bachelors and/or a master’s degree would give you a leg up against other applicants. In a lot of cases, a more advanced degree matters, depending on the position you are aiming for and what the company requirements are.

Do note that employers value education, certifications, and industry experience separately. One should not be seen as a replacement for another.


For more cyber security graduate courses, take a look at the latest courses that we offer. If you have any questions, feel free to reach out to us via our contact page.

If you’re already qualified and are looking for a job in cyber security, or an employer looking for candidates, then check out our sister site, Cyber Security Jobs.

What does an Ethical Hacker do?

There is a stigma attached to the word ‘hacking’ and for very good reason. Hacking is associated with the malicious and unauthorised intrusion into a computer or network from an outside party or system with the express aim of stealing, sabotaging, damaging, compromising systems, software or data. As individuals who can undertake such an operation, often without leaving any trace of their identity or origin, hackers are highly experienced and skilled, often with a background in coding and programming.

In this article, we’re going to take a look at the area of cyber security known as ethical hacking (also referred to as penetration testing), what ethical hackers do and exactly when and why hacking can ever be ethical.

When is Hacking Ethical?

Hacking becomes ethical when its purpose is to identify the risks and vulnerabilities of a given system or network to outside attack. By attempting to bypass a system’s security measures, ethical hackers can expose inherent flaws and then deploy effective countermeasures and fixes to improve the system’s overall cyber security. For this reason, ethical hackers must be able to put themselves into the shoes of a would-be cybercriminal or cyber terrorist in order to best try to outwit the target system’s security.



what does an ethical hacker do


Because ethical hackers use the same techniques as malicious hackers, many are often themselves reformed hackers, who have been headhunted by security agencies or the IT security departments of large companies. In this sense, ethical hacking is inherently the same as malicious hacking in its methodology and practice. Crucially though the end goal is one of exposure and not exploitation.

How does an Ethical Hacker help improve Cyber Security?

An ethical hacker’s first task is to seek to understand and learn how a system operates and its underlying cyber security measures. They will then research and meticulously document their attempts at bypassing that system’s security, before discussing their findings with those responsible for designing the IT security infrastructure, as well as senior management. The results of the investigations are then used by the organisation to fix any backdoors or vulnerabilities in their system. They will then work closely with the teams responsible for implementing these fixes, often to re-test them and identify any remaining vulnerabilities or unintended consequences.

In creating their methods and investigations, an ethical thinker must penetrate a system from a hacker’s perspective. While doing so, they must also keep in the back of their mind the real-world consequences of the possible cyber security attacks. ‘What would an attacker do? Bypass first-level security? Make illegal wire transfers? Steal customer information? How can the system not only prevent but quickly identify and recover from such malicious attacks?’

The ethical hacker must perform his hacking through an open process where managers and the IT team collaboratively know their system’s vulnerable points and how to counteract high-skilled malicious attacks.

Information security, the industry where ethical hacking belongs to, is still young and developing. There is a significant lack of knowledge of what ethical hacking is and what its results should include. Because of that, the roles, responsibilities, and tasks of an ethical hacker can vary greatly from day to day.

How to become an Ethical Hacker

The job market for ethical hackers continues to grow, along with the cases of cybercrime that organisations are subjected to. It can go by the titles of Information Security Analyst, Security Consultant, or simply Ethical Hacker. In the UK the average annual salary of an ethical hacker / penetration tester is £37,442.

Whilst there are no mandatory qualifications for becoming an ethical hacker, successful candidates will have a strong background in coding and programming and several years’ experience working in IT or IT security.


certified ethical hacker course


For those wishing to pursue a career in penetration testing, it is recommended that a foundation course in IT security like the CompTIA Security+ and Network+ qualification, ISO27001 Foundation courses. For those with experience in IT security, the Certified Ethical Hacker course is very relevant but more general cyber security courses can lead to a role in penetration testing such as the Certified Information Systems Security Professional (CISSP). You may then consider specialising in ethical hacking by obtaining a more advanced certification such as the OSCP or Kali Certified Penetration Tester qualification.




One of the most important factors to become a good ethical hacker is to learn how a hacker thinks. Hacking is not all about technical knowledge. It involves tactical and strategic thinking, problem solving and a certain degree of creativity. As controversial as it might be to say it, the reason that some of the best ethical hackers in the world are former cybercriminals is that they have more experience than most of thinking like a criminal.

It’s likely if you’re reading this though that you don’t have a background in cybercrime and if that’s the case, then one way to demonstrate your propensity for penetration testing is to build your own testing environment in which you can practice and document your results. This will also help you learn in a simulated real world environment, giving you the vital experience that it is very hard to learn in a classroom.