I took the QSTM training course from Encription at the beginning of the year, and I wanted to put together a quick review. From the outset, I found Ian who was my trainer on the course to be highly professional and technically competent. He had a thorough grasp of the material being taught and was able to answer a whole range of my questions without any difficulty.
My best advice is to come prepared with some basic Linux command line knowledge (I’d recommend the Backtrack/Kali distribution), and an understanding of networking and common protocols. The course itself covers a range of both technical and non technical theory, however practical techniques are taught from the outset and the pace of this increases throughout the course. This course was anything but a ‘death by powerpoint’ seminar! The QSTM itself is a certification provided by TigerScheme, and a portion of the course is dedicated to the requisite understanding of the TigerScheme structure and code of conduct.
Once done, we moved immediately on to the different steps required during a penetration test and started some practical work in the controlled lab environment. The pace picked up quickly from there with each day including some theory followed by lots of practical hands on work ranging from Windows and Linux exploitation to web application and social engineering techniques.
The course itself is relatively entry level and I highly recommend it for junior pen testers as well as developers, system administrators and technical managers looking for a solid foundation in penetration testing. Encription has a relationship with a nearby hotel, and the room, dining and facilities there were more than sufficient. Everything else needed during the week including lunches and materials are included.
The last day of the week’s course was dedicated to the exam, covering a multiple choice, essay based questions, a practical assessment and a viva (spoken). The viva involves discussing the findings of the practical assessment with the assessor and answering his questions to confirm that you have a good understanding of what you’ve done and why during the practical assessment rather than just regurgitating commands. The exam wasn’t tough and I was pleased with my performance.
Once complete, the exam output is sent to the University of Glamorgan for assessment and marking, and there’s a 2-3 week wait for the results. I was pretty confident and fortunately I passed! I can’t recommend the course enough – not only was it educational and a good course to have under my belt, but it was also good fun and highly enjoyable. Encription made me feel very comfortable throughout the course.
I’m currently studying and practicing for the TigerScheme SST (Senior Security Tester) which is significantly more difficult for the QSTM. I’m not sure that I expect to pass first time, although I’m going to go as prepared as possible and give it my best.