The 'How to' Blog

Jul 31 2015   12:40PM GMT

Build your cybersecurity skills with ISACA’s new CSX certifications

FirebrandInstructors Profile: FirebrandInstructors


Cyber-attacks are considered one of the top 10 threats to businesses in 2015, a survey from AON solutions revealed this week. This follows shocking news that cyber-criminals have now attacked 90 per cent of major British companies – costing the economy tens of billions of pounds.

A top official at the GCHQ spy agency warns the country will continue to face ‘chronic, advanced and persistent’ threats every day. It’s therefore unsurprising this year has seen the release of new and advanced cyber security training certifications, created to arm the industry with new skills and neutralise this ever present and escalating threat.

Earlier this year Cisco launched the threat detection and mitigation focussed Cybersecurity Specialist credential. (ISC)2 recently followed the launch with their Certified Cloud Security Professional certification built in partnership with the Cloud Security Alliance. Now ISACA has joined the party with the new Cybersecurity Nexus (CSX) program.

In this post we’ll take a closer look at the CSX certification track, discovering where it sits within the cyber security training and certification landscape.

What is the Cybersecurity Nexus?


The Cybersecurity Nexus, CSX for short, is ISACA’s brand new skills-based cyber security training and performance-based certification path. It was created on the principal that having knowledge is no longer enough in this increasingly complex and ever-evolving cyber security landscape, it’s about developing and proving the technical skills required to do the job from day one.

At face value it’s easy to draw comparisons with the advanced CISSP certification from (ISC)2. The CSX certification path, much like the CISSP, takes a holistic approach developing a series of security skills in different domains, but that’s largely where the similarities end.

The CSX program deserves recognition as its own unique entity. Unlike most traditional certifications, which test knowledge in a question and answer format, the CSX training and exams take place in a live, virtual ‘cyber’ environment – validating actual technical skill, ability and performance akin to doing the day job.

The CSX certification path is split into three levels – Practitioner, Specialist and Expert – let’s take a closer look.

CSX | Practitioner

Earning the CSX Practitioner certification demonstrates you have the skills to act as a first responder, following established procedures, defined processes and working mostly with known problems on a single system. You’ll develop firewall, patching and antivirus experience whilst demonstrating you can implement common security controls, perform vulnerability scans and analysis.

The Practitioner is broken into 3 separate courses focussing on individual skill sets:

  • Identification and Protection
  • Detection
  • Respond and Recover

If you’re looking to build a strong foundation of cyber security skills, it’s recommended you do all 3.

At this level, there is only one CSX Practitioner exam which does not require you to take the courses. However, the practical skills and knowledge tested will be based on content from the courses. The exam is expected to land any day now.

CSX | Specialist

Once attaining the prerequisite CSX Practitioner certification, you can move on to the CSX Specialist series. This level is split into five independent certifications and exams focussed on individual speciality areas – allowing you demonstrate a deep technical knowledge and ability in that domain.

The five specialist certifications are:

  • Identify – develop skills to identify threats and vulnerabilities
  • Protect – prove you can protect your systems from outside threats
  • Detect – demonstrate the skills to detect threats and system vulnerabilities
  • Respond – build knowledge to respond to, and mitigate cyber incidents
  • Recover – find out how to recover from incidents and disasters

Like the CSX Practitioner, the courses are not required to take the exams, though it’s highly recommended. The CSX Specialist exams are due for release July – September 2015.

Earning one, or more, of these certifications will provide a serious boost to your cyber security skills enhancing your employability.

CSX | Expert

The final and most advanced certification is the CSX Expert. Attaining this certification will establish you as a master-level security professional. You’ll develop and demonstrate the skills to identify, analyse, respond to and mitigate most cyber security incidents.

You’ll set yourself apart as the authoritative source for all cyber security matters within the organisation. Sitting on the same level as the Certified Information Security Manager (CISM) certification, you’ll be tested on knowledge from all domains learned during the Practioner and Specialist pathways.

Unlike the other levels there is only one course, the CSX Expert course that is aligned to the CSX Expert exam. Like all CSX levels, the course is not required to take the exam. Expect this exam to arrive August – September 2015

Certify your Cyber Security career with CSX

In the likely event the CSX certifications follow in the footsteps of the globally recognised CISA and CISM certifications, you may want to think about working towards the knowledge required to attain them.

At present, there are no commercially available courses for the CSX. However, ISACA are already working with training partners (Firebrand is one of them) to create an official training schedule across the globe in multiple offerings including online, classroom and self-study formats.

Keep your eyes peeled for dates.

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: