1. Training and Certification Solutions
for Cybersecurity Professionals
Real threats. Real training. Real technical skill development.
2. ISACA helps global professionals lead, adapt,
and assure trust in an evolving digital world by
offering innovative and world-class knowledge,
standards, networking, credentialing and career
development.
Cybersecurity professionals look to ISACA to:
Ensure they have the skills necessary to advance
their careers and stay relevant.
Demonstrate their experience and skills to the
market through credentialing.
Cybersecurity Nexus™ (CSX) is a program
designed to empower cybersecurity professionals
to:
Elevate their skillset.
Take control of their career paths.
2
Cybersecurity Training and Certification from ISACA
5. 5
Cyberthreats Have Evolved Faster than Cybersecurity
Training
Lecture/discussion
doesn't prep for
the real world
Problems with typical training:
Trainees are left in
the dark regarding
new threats
Focuses on what
trainees know instead
of what they can do
US$5–6K per course +
travel expenses + out-of-
office time
Limited Hands-On
Practice
Content Rarely
Updated
Q/A-Style
Exams Only
Cost and
Inconvenience
Not tailored to
individual's or
organization's needs
One-Size-Fits-
All Training
6. ISACA’s Cybersecurity Nexus™ (CSX) training program aligns to existing global cybersecurity frameworks, including the
National Institute of Standards and Technology’s (NIST) Cybersecurity Framework. Our training programs help build
knowledge and skill in the following cybersecurity areas in varying degrees of complexity.
6
Focus on the RIGHT Skills for the Real World
7. Hands-on practical labs in hosted online in a live,
dynamic network environment
Content that’s continually updated based on the
latest real-world threats
Performance-based evaluation through every
step of courses and labs
An assessment tool that measures real technical
skills
Focused, self-paced courses that dive deep into
specialized areas
On-demand training
7
The CSX “Nexus” Training Platform Difference
8. 8
CSX Nexus Difference #1
PRACTICAL, HANDS-ON TRAINING LABS
Online, real-time, live-
network environment
Built using the latest real-
world threats
Designed to build real,
demonstrable technical skills
The industry’s only true lab-
based performance
assessments in a virtual
environment.
9. 9
CSX Nexus Difference #2
SKILLS-BASED EVALUATION AND SCORING
Real-time testing and success
metrics at the end of each lab
and course
Evaluation based on what
trainee can do rather than
what they know
Trainees get actionable
feedback
Managers get valuable insight
10. 10
CSX Nexus Difference #3
CONTINUALLY UPDATED CONTENT
New content addresses latest
real-world attacks
New topics informed by the
latest threats in the cyber
landscape
12. 12
ISACA CSX Certificates and Certifications
ISACA’s Cybersecurity Nexus™ (CSX) is designed to address this global skills
gap head-on, offering continuous, relevant training for every step along your
cyber career path.
PENETRATION
TESTING SERIES
13. Builds your understanding of basic
cybersecurity principals, techniques,
and terminology
High-quality self-paced learning
Training maps to industry standards
like NIST’s CSF, ISO and ISA
Next step toward cybersecurity for IS/IT roles
CPE Credit Hours: 8
Certificate Exam gives you the competitive advantage
of an entry-level credential
13
CSX Cybersecurity Fundamentals
BEGINNER/ENTRY LEVEL
14. Builds on your understanding of basic
cybersecurity principles
Detailed online instruction, guidance and real-
world practice you need in three courses:
CSX Packet Analysis (CPE Credit Hours: 16)
CSX Linux® Application and Configuration (CPE
Credit Hours: 20)
CSX Network Application and Configuration (CPE
Credit Hours: 16)
14
CSX Technical Foundations
BEGINNER/MEDIUM LEVEL
16. A growing selection of specialized
training, labs, and certificates through
CSX Nexus.
16
Specialized Penetration Testing Certificates
INTERMEDIATE/ADVANCED LEVEL
PENETRATION TESTING OVERVIEW CERTIFICATE
ADVANCED EXPLOITATION CERTIFICATE
VULNERABILITY AND EXPLOITATION CERTIFICATE
17. First vendor-neutral
performance certification that
measures and validates skills
and abilities
Build the deep technical skills
required to perform well in key
cybersecurity positions.
Limited-time accelerated certification option*
*prerequisites apply
17
Cybersecurity Practitioner Certification (CSX-P)
EXPERT LEVEL
18. Affirm your information security
management expertise with the globally
accepted standard of achievement in this
area. This management-focused
certification promotes international security
practices and recognizes the individual who
manages, designs, oversees, and
assesses an organization’s information
security.
Gain the critical know-how to include
cybersecurity in your audit plan, reduce
cyber-related risk and put mitigating
controls in place. This audit-focused
certification demonstrates:
Security professionals with a developed
understanding of audit processes; or
IT risk professionals with an
understanding of cyber-related risk and
mitigation controls.
18
Move from Technologist to Management
20. Thank you!
For more information, visit www.isaca.org/csxinfo
Try our Career Roadmap tool: www.cybersecurity.isaca.org/csx-career-tool
Nicholas Spinks
Managing Director
Nicholas.Spinks@Protiviti.com
200 East Broward Blvd.
Suite 1600
Ft. Lauderdale, FL 33301
23. When submitting your CSX Cybersecurity Practitioner Application, you
will need to affirm either:
Your status as a professional certified as a holder of CISA, CRISC, CISM,
CGEIT, ECSA, CEH, LPT, GCIH, OSCP, GPEN, CySA+, CISSP, or CSX
Cybersecurity Fundamentals
OR
Your 3 years’ experience* in 3 or more of the 5 CSX Cybersecurity Practitioner
domains which align with the NIST framework—
IDENTIFY, PROTECT, DETECT, RESPOND and RECOVER
* 3 years’ work experience must be within the last 5 years
23
WHAT ARE THE PREREQUSITES FOR
ACCELLERATED CSX-P?
Editor's Notes
Today we’d like to talk about ISACA—an organization that is a recognized world leader in professional training and certification. They have been providing CPE support for over 50 years, to help keep professionals current. Many of you have no doubt earned your CISSA certification with ISACA and continue to rely on them for CPEs.
Cybersecurity, as you can all imagine, is becoming an increasingly-important field. Things change rapidly, so those in the industry need to not only get the skills, but have a reliable way to be ready to reduce risk for their organizations as new threats emerge.
First, I’d like to briefly touch on training, which can really develop the skillset your employer or potential employers are looking for…
In a 2019 survey of employers, the findings clearly indicated that:
The skills gap continues to widen.
Open positions are not being filled promptly—it can take up to 6 months to find qualified candidates
and the majority of those applying for positions don’t have experience or qualifications to do the job.
That’s why certification is becoming more and more important. Job candidates need to LEARN the knowledge, and then CERTIFICATION can demonstrate that knowledge to a potential employer or when seeking a promotion in the industry.
TRAINING for cybersecurity needs to be nimble. And it can’t rely on traditional teaching/methods with a lecture/discussion and a simple Q&A-style exam. Travel to take courses as the security landscape changes and new threats evolve becomes costly and disruptive to day-to-day operations.
To help develop cybersecurity skills, ISACA aligned with the National Institute of Standards and Technology’s Cybersecurity Framework. By focusing on the key areas—
Protect
Detect
Respond
Identify
(and) Recover
The training programs help build the RIGHT skills.
I’d like to talk about How the CSX Nexus addresses the gaps head-on. It’s the first and only on-demand cyber security training solution of its kind. It provides the real-world, hands-on experience your team needs to bridge the cyber security skills gap and protect your organization against advanced cyberthreats. Let’s take a closer look at some specific features and benefits.
The interactive labs really set these courses apart. You will go through complex cybersecurity scenarios based on recent, real-world scenarios and are given live incidents to detect and mitigate.
55% of employers surveyed indicated that hands-on experience is the most important qualification for a cybersecurity candidate
Yesterday’s cyber security training won’t stop tomorrow’s threats—with the CSX platform, you can stay sharp at all times.
Now that we have that understanding of how the hands-on training approach really helps develop the right skillsets, I will cover the certificates available that help document the acumen, and set you apart.
Whether you’re just out of college, or been working in an IT field and looking for a career path into cybersecurity, the CSX Fundamentals course will help you build the strong foundation of principles, techniques and terminology. Once you complete the 8-hour course, you can take the certificate exam to get that entry-level credential that will set you apart from other job-seekers.
If you’ve been in the field and gotten a basic understanding of cyber, and are ready to take it to the next level, ISACA offers CSX Technical Foundations. This is where training gets more technical and more hands-on, to position you for career advancement…
The Packet Analysis course is beginner-level, and you’ll learn about packet and protocol analysis in real network environments. You’ll analyze different communication types, their components, and real packet captures—and you’ll create network topologies, device characterizations and more.
The Linux course will introduce you to the Linux operating system, from key commands to creating objects, to establishing network connections. You’ll interact with live systems in a real environment as you learn the secrets of the Linux terminal.
And finally, the Network course will build your understanding of network connections, protocols and routing—and learn to establish and secure networks from scratch. In a live environment, you’ll direct, moderate and deny traffic as it flows through a network of your own creation.
Three “Technical Foundations” courses prepare you for certificates that document your new proficiency. There are three separate exams, represented here on the left.
Network Application Configuration Certificate
Linux Application and Configuration Certificate
Packet Analysis Certificate
Once each of those has been successfully completed, the overarching CSX Technical Foundations Certificate is awarded, acknowledging expertise in all three courses.
Penetration testing (or “PEN” testing) is a more advanced skillset. ISACA has an overview course that will help you learn You'll work with real systems in real environments to understand methodology, essential hacking tools, key Linux commands and the overall concepts guiding penetration testing from a practical, hands-on vantage point.
For those with 1-5 years of experience, there is a 40-hour course that incorporates even more challenging labs to build deep technical skills required to perform well in key cybersecurity positions. The Practitioner certificate, or CSX-P is the exam that you would take after completing this course.
For a limited time, there is an Accelerated CSX-P option that allows you to complete 10 practice labs, complete a one-hour online challenge assessment and submit the certificate application. There are some pre-requisites to be eligible for this program.
There are a couple of paths to move into a management role.
The CISM is a management-focused certificate
Cybersecurity Audit certificate is more audit-focused
If you’d like to get started on a path to a career in cybersecurity, or take your skill set up a notch, visit cybersecurity.isaca.org/csx-career-tool for a really cool assessment tool.
Thank you for your time today. I’d be happy to answer questions, if you have them, now.
If you’d like more information, or would like to get started with some of the courses and certification exams that we’ve talked about today, you can visit the websites on the screen. If you have a QR code reader on your phone, you can just scan the code on the screen and bookmark the page.
NOTE: if the QR code isn’t scanning for people, page down into the Appendix for a larger version that will probably scan better