Came across this while helping friends who are being made redundant and are in a dilemma about what next. I believe it is open to people NOT in Cyber Security already.
Cyber Retraining Academy – An HM Government programme delivered in partnership with SANS.....
The training programme is fully funded by HM Government and the next Academy will take place in London, beginning January 23rd 2017.
In short FREE Cyber Security Training if selected after assessment.
Click get deal for more info. scroll down and yiu will see options to apply for a place.
Please share with friends etc that are at a cross road.
I hope it helps someone.
Some questions and response back from SANS added in thread.
Forgot to add ..........key part from first response ....there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
Top comments
NCIS
8 Nov 167#1
Tesco Bank could do with this.
dar72
9 Nov 166#15
Get yourself a Linux distro like Black Arch or Kali...or any Linux distro and manually install required tools and learn from tutorials. If you want to learn to secure systems, you need to know how to break into them.
I'd suggest installing Arch Linux so that you learn a bit about how an operating system works, then install the tools from Black Arch repos or AUR as and when you need them based on tutorials you're following. Gentoo is good for learning too but requires compiling everything. If you need to hack servers, firewalls, routers, use KVM or Virtualbox. GNS3 will allow you to run Cisco router firmwares if you want to have a go at those. Recommendations for insecure systems that are easy to hack in order to learn the process are Metasploitable Linux and any version of Microsoft Windows.
If you find yourself using Windows at any point in this process (except for as something to attack) then you're doing it wrong.
There are also "war games" that are playable over SSH (you could even do it from Windows using something like PuTTY). An example is Bandit.
Think you need a certificate to get a job? Then you need to work on your social engineering skills, it's simply a process of manipulation.
saveafew
9 Nov 163#10
Update - sent a few questions over to SANS
1. Funding – what is covered? Course only or more?
2. When is the closing date for applications?
3. It states London – do you run the same course elsewhere in the UK too?
4. Roles not in Cyber security understood. But does the applicant need to have an IT background or some level of proficiency if so to what level
5. Do you plan any online / remote learning by any chance?
Response below
1. In regards to funding, the course training itself is fully funded by the HM Government. Unfortunately we won’t be providing any accommodation for students, so students are expected to support themselves. This being said, there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
2. The final deadline for selection of candidates is set at December 21st. We are looking to put people into the Academy as as soon as possible, but the recruitment process will be ongoing. In summary, I would advise you to apply for the Academy at your earliest convenience.
3. Yes, the Academy will be held in Central London. This programme is currently being run as a pilot but we hope to run further Academies in the future. If this Academy proves to successful we would hope to run multiple Academies across different locations of the UK.
4. As the Academy is being run as a Retraining programme, it is designed to welcome individuals seeking a career transition.The application criteria is broad and encompassing to encourage people from all different backgrounds, not necessary from IT to apply. This opportunity is open to candidates who meet the criteria and have an interest in IT security, no prior knowledge is needed. The candidates will be selected upon their aptitude scores and suitability for the programme.
5. For 8 of the 10 weeks of the Academy, students are required to attend in-classroom training. The other 2 weeks are On Demand and Remote study weeks.
If we don't ask we won't know.
Latest comments (19)
ns6437
11 Nov 16#19
Cheers Dar! Nice to hear your perspective. In reality, I probably have a number of skills relevant already but just need to start actually using Linux and build from that. You've certainly given me food for thought.
Nmap I find useful for hotel wifi. Not that I'm trying to look for a default gateway and or open ports of 80/443/22/23.
It pains me when the dg is not .1 or .254! Bad design is worthy of a nose around!
Cenobite
11 Nov 16#18
Pretty good posts dar72. Had never heard of Arch Black before. Looked up some comparisons between that & Kali. May have a play with it at the weekend. Also had a quick look earlier @ the Bandit stuff. Definitely worth a play with..
Agree that you should be careful with what you post. Do you know of any decent forums where this is discussed more in a professional sense? Feel free to PM. Thanks
dar72
10 Nov 161#17
You don't need programming experience for Linux, I'm not great at programming myself. If you wanted to find vulnerabilities and code exploits then you'd need to learn programming. I've been involved in networking for over 10 years and used the Internet before it was cool.
Yes, that's what metasploit is. In reality, a lot of stuff isn't patched. Metaploit is just one tool and Metasploitable Linux is just a distro which is good for practicing using it as well as other tools. There's many other tools depending on what you want to attack. Heard of nmap? If not then look it up, even if you never use it to hack it will save you a lot of time doing networking stuff....don't know what IP a machine has and can't/don't want to login to the server to check DHCP leases? "nmap -sP -n 192.168.0.0/24"....there's all your pingable addresses on that subnet. Show anything with an open SSH port? "nmap -p 22 --open -sV 192.168.0.0/24"
You can use metasploit or nmap to do things like check for open SMTP relays, test things like insecure versions of SNMP, SSH and all sorts of other things
Nessus is good to run on your network though it's commercial so the free version is a bit restricted, that will tell you all the vulnerabilities, then try exploiting them yourself and then secure them.
Vagrant is very good for getting virtual machines setup quickly to play around with: https://www.vagrantup.com/docs/getting-started/
That's an Ubuntu VM up and running with two commands! There are Windows boxes available but it has the annoyance of licensing and things, most of the publicly available boxes just install the trial/unregistered version. It is however great when I just need to test something on Windows or someone wants me to attend a webinar which uses nasty proprietary software (that is...pretty much all webinar software), once I'm done I just "vagrant destroy".
I haven't used that one personally but it's an example of the type of pre-made lab that's available. It's cross-platform so you can run vagrant stuff on Windows, Mac, Arch Linux, Ubuntu, Red Hat...doesn't matter, all standardised as long as you have vagrant and the associated software.
The future of computing is in virtualisation, automation and SDN so learning things like Vagrant, Docker, Ansible, Puppet etc will be beneficial to you anyway....if not more beneficial than hacking skills from a career point of view.
In the real world most attacks are social engineering attacks. The weakest element of any system is the human element, you can patch your servers all you want but a high vis jacket and a bit of confidence will defeat your security quicker than anything. I have a lot of knowledge in this area of things but in ways it's an entirely different subject.
Hope this helps, PM me if you need pointing at anything more specific. I'm wary of posting things publicly here which would allow people with little experience to do this stuff.
dar72
9 Nov 166#15
Get yourself a Linux distro like Black Arch or Kali...or any Linux distro and manually install required tools and learn from tutorials. If you want to learn to secure systems, you need to know how to break into them.
I'd suggest installing Arch Linux so that you learn a bit about how an operating system works, then install the tools from Black Arch repos or AUR as and when you need them based on tutorials you're following. Gentoo is good for learning too but requires compiling everything. If you need to hack servers, firewalls, routers, use KVM or Virtualbox. GNS3 will allow you to run Cisco router firmwares if you want to have a go at those. Recommendations for insecure systems that are easy to hack in order to learn the process are Metasploitable Linux and any version of Microsoft Windows.
If you find yourself using Windows at any point in this process (except for as something to attack) then you're doing it wrong.
There are also "war games" that are playable over SSH (you could even do it from Windows using something like PuTTY). An example is Bandit.
Think you need a certificate to get a job? Then you need to work on your social engineering skills, it's simply a process of manipulation.
ns6437 to dar72
10 Nov 16#16
I'm certainly interested in this as I'm a network engineer but completely lack in Linux and programming experience. Isn't metasploit a framework for deploying attacks against known exploits? How does this help me long term when most of these exploits should in reality be patched in production environments? Is it just to develop an understanding of an attack vector etc?
It's odd that I work a fair bit with firewalls but still feel overwhelmed at the prospect of developing 'cyber' skills.
How long did it take you or others to break into the field and how did you reach that goal?
quincemeister
9 Nov 16#14
GCHQ gang at the ready!
saveafew
9 Nov 163#10
Update - sent a few questions over to SANS
1. Funding – what is covered? Course only or more?
2. When is the closing date for applications?
3. It states London – do you run the same course elsewhere in the UK too?
4. Roles not in Cyber security understood. But does the applicant need to have an IT background or some level of proficiency if so to what level
5. Do you plan any online / remote learning by any chance?
Response below
1. In regards to funding, the course training itself is fully funded by the HM Government. Unfortunately we won’t be providing any accommodation for students, so students are expected to support themselves. This being said, there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
2. The final deadline for selection of candidates is set at December 21st. We are looking to put people into the Academy as as soon as possible, but the recruitment process will be ongoing. In summary, I would advise you to apply for the Academy at your earliest convenience.
3. Yes, the Academy will be held in Central London. This programme is currently being run as a pilot but we hope to run further Academies in the future. If this Academy proves to successful we would hope to run multiple Academies across different locations of the UK.
4. As the Academy is being run as a Retraining programme, it is designed to welcome individuals seeking a career transition.The application criteria is broad and encompassing to encourage people from all different backgrounds, not necessary from IT to apply. This opportunity is open to candidates who meet the criteria and have an interest in IT security, no prior knowledge is needed. The candidates will be selected upon their aptitude scores and suitability for the programme.
5. For 8 of the 10 weeks of the Academy, students are required to attend in-classroom training. The other 2 weeks are On Demand and Remote study weeks.
If we don't ask we won't know.
Cenobite to saveafew
9 Nov 16#13
Kudos for that update. Pretty much answers the questions I had. Doubt it'll come to Scotland, and I couldn't do 10/weeks full time while having a job. :disappointed:
dancedar
9 Nov 16#12
Students only or someone looking to career-swap into something like this?
saveafew
9 Nov 16#11
Is a bummer - have asked a few questions and added response in thread.
in$anity
9 Nov 16#9
I would attend this in a heartbeat if I lived in London. Unfortunately I don't and can't afford to spend a week there nevermind 10 weeks. Argh!!!
Cenobite
9 Nov 16#8
Good if you live near to it and can dedicate 10 weeks full time.
Would anyone employ you though if you only have 10 weeks of training? Hopefully the people they train will have prior IT experience.
fr3dy77_sp33d
9 Nov 16#7
superb finding. very good post op!
dar72
9 Nov 161#6
I knew this was a government thing as soon as I saw the title...because it has the word "cyber" in it lol!
If you've had to take a course and get a bit of paper to say you can hack, you're probably not very good at it
Blasphemous
8 Nov 161#5
Because everyone lives in/around London and/or can afford board and lodgings there for 10 weeks. North South divide.
ant1g
8 Nov 161#4
This deserves more up votes! Thanks OP for sharing.
dalipsinghno1
8 Nov 161#3
Who can apply?
In order to apply for the Cyber Retraining Academy, candidates must be:
Aged 18 and over
A UK or EU national
Not currently working within a cyber security role
Able to attend the full ten weeks of the Academy
Available for employment following successful graduation from the Academy
Willing to engage with potential government and corporate employers introduced by SANS
Willing to undergo any necessary security clearance checks
It says
Must be available for the full 10 week Academy, starting on the 23rd of January in London.
Hence willing to relocate
What is the date to submit the application by?
Can't find it on either websites. Although the course starts on Mon. 23rd Jan but there has to be a submission date for them to pick the creme de la creme candidates.
Opening post
Cyber Retraining Academy – An HM Government programme delivered in partnership with SANS.....
The training programme is fully funded by HM Government and the next Academy will take place in London, beginning January 23rd 2017.
In short FREE Cyber Security Training if selected after assessment.
Click get deal for more info. scroll down and yiu will see options to apply for a place.
Please share with friends etc that are at a cross road.
I hope it helps someone.
Some questions and response back from SANS added in thread.
Forgot to add ..........key part from first response ....there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
Top comments
I'd suggest installing Arch Linux so that you learn a bit about how an operating system works, then install the tools from Black Arch repos or AUR as and when you need them based on tutorials you're following. Gentoo is good for learning too but requires compiling everything. If you need to hack servers, firewalls, routers, use KVM or Virtualbox. GNS3 will allow you to run Cisco router firmwares if you want to have a go at those. Recommendations for insecure systems that are easy to hack in order to learn the process are Metasploitable Linux and any version of Microsoft Windows.
If you find yourself using Windows at any point in this process (except for as something to attack) then you're doing it wrong.
There are also "war games" that are playable over SSH (you could even do it from Windows using something like PuTTY). An example is Bandit.
Think you need a certificate to get a job? Then you need to work on your social engineering skills, it's simply a process of manipulation.
1. Funding – what is covered? Course only or more?
2. When is the closing date for applications?
3. It states London – do you run the same course elsewhere in the UK too?
4. Roles not in Cyber security understood. But does the applicant need to have an IT background or some level of proficiency if so to what level
5. Do you plan any online / remote learning by any chance?
Response below
1. In regards to funding, the course training itself is fully funded by the HM Government. Unfortunately we won’t be providing any accommodation for students, so students are expected to support themselves. This being said, there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
2. The final deadline for selection of candidates is set at December 21st. We are looking to put people into the Academy as as soon as possible, but the recruitment process will be ongoing. In summary, I would advise you to apply for the Academy at your earliest convenience.
3. Yes, the Academy will be held in Central London. This programme is currently being run as a pilot but we hope to run further Academies in the future. If this Academy proves to successful we would hope to run multiple Academies across different locations of the UK.
4. As the Academy is being run as a Retraining programme, it is designed to welcome individuals seeking a career transition.The application criteria is broad and encompassing to encourage people from all different backgrounds, not necessary from IT to apply. This opportunity is open to candidates who meet the criteria and have an interest in IT security, no prior knowledge is needed. The candidates will be selected upon their aptitude scores and suitability for the programme.
5. For 8 of the 10 weeks of the Academy, students are required to attend in-classroom training. The other 2 weeks are On Demand and Remote study weeks.
If we don't ask we won't know.
Latest comments (19)
Nmap I find useful for hotel wifi. Not that I'm trying to look for a default gateway and or open ports of 80/443/22/23.
It pains me when the dg is not .1 or .254! Bad design is worthy of a nose around!
Agree that you should be careful with what you post. Do you know of any decent forums where this is discussed more in a professional sense? Feel free to PM. Thanks
Yes, that's what metasploit is. In reality, a lot of stuff isn't patched. Metaploit is just one tool and Metasploitable Linux is just a distro which is good for practicing using it as well as other tools. There's many other tools depending on what you want to attack. Heard of nmap? If not then look it up, even if you never use it to hack it will save you a lot of time doing networking stuff....don't know what IP a machine has and can't/don't want to login to the server to check DHCP leases? "nmap -sP -n 192.168.0.0/24"....there's all your pingable addresses on that subnet. Show anything with an open SSH port? "nmap -p 22 --open -sV 192.168.0.0/24"
You can use metasploit or nmap to do things like check for open SMTP relays, test things like insecure versions of SNMP, SSH and all sorts of other things
Nessus is good to run on your network though it's commercial so the free version is a bit restricted, that will tell you all the vulnerabilities, then try exploiting them yourself and then secure them.
Vagrant is very good for getting virtual machines setup quickly to play around with:
https://www.vagrantup.com/docs/getting-started/
That's an Ubuntu VM up and running with two commands! There are Windows boxes available but it has the annoyance of licensing and things, most of the publicly available boxes just install the trial/unregistered version. It is however great when I just need to test something on Windows or someone wants me to attend a webinar which uses nasty proprietary software (that is...pretty much all webinar software), once I'm done I just "vagrant destroy".
There's stuff written by people for you to use that allows you to do much more complicated things:
https://github.com/jhwohlgemuth/pentest-lab
I haven't used that one personally but it's an example of the type of pre-made lab that's available. It's cross-platform so you can run vagrant stuff on Windows, Mac, Arch Linux, Ubuntu, Red Hat...doesn't matter, all standardised as long as you have vagrant and the associated software.
The future of computing is in virtualisation, automation and SDN so learning things like Vagrant, Docker, Ansible, Puppet etc will be beneficial to you anyway....if not more beneficial than hacking skills from a career point of view.
In the real world most attacks are social engineering attacks. The weakest element of any system is the human element, you can patch your servers all you want but a high vis jacket and a bit of confidence will defeat your security quicker than anything. I have a lot of knowledge in this area of things but in ways it's an entirely different subject.
Hope this helps, PM me if you need pointing at anything more specific. I'm wary of posting things publicly here which would allow people with little experience to do this stuff.
I'd suggest installing Arch Linux so that you learn a bit about how an operating system works, then install the tools from Black Arch repos or AUR as and when you need them based on tutorials you're following. Gentoo is good for learning too but requires compiling everything. If you need to hack servers, firewalls, routers, use KVM or Virtualbox. GNS3 will allow you to run Cisco router firmwares if you want to have a go at those. Recommendations for insecure systems that are easy to hack in order to learn the process are Metasploitable Linux and any version of Microsoft Windows.
If you find yourself using Windows at any point in this process (except for as something to attack) then you're doing it wrong.
There are also "war games" that are playable over SSH (you could even do it from Windows using something like PuTTY). An example is Bandit.
Think you need a certificate to get a job? Then you need to work on your social engineering skills, it's simply a process of manipulation.
It's odd that I work a fair bit with firewalls but still feel overwhelmed at the prospect of developing 'cyber' skills.
How long did it take you or others to break into the field and how did you reach that goal?
1. Funding – what is covered? Course only or more?
2. When is the closing date for applications?
3. It states London – do you run the same course elsewhere in the UK too?
4. Roles not in Cyber security understood. But does the applicant need to have an IT background or some level of proficiency if so to what level
5. Do you plan any online / remote learning by any chance?
Response below
1. In regards to funding, the course training itself is fully funded by the HM Government. Unfortunately we won’t be providing any accommodation for students, so students are expected to support themselves. This being said, there will be a number of scholarships available for students of the Academy. Sponsorships are available to assist students with accommodation and subsistence. Details will be released to all individuals that pass the Aptitude Assessment phase.
2. The final deadline for selection of candidates is set at December 21st. We are looking to put people into the Academy as as soon as possible, but the recruitment process will be ongoing. In summary, I would advise you to apply for the Academy at your earliest convenience.
3. Yes, the Academy will be held in Central London. This programme is currently being run as a pilot but we hope to run further Academies in the future. If this Academy proves to successful we would hope to run multiple Academies across different locations of the UK.
4. As the Academy is being run as a Retraining programme, it is designed to welcome individuals seeking a career transition.The application criteria is broad and encompassing to encourage people from all different backgrounds, not necessary from IT to apply. This opportunity is open to candidates who meet the criteria and have an interest in IT security, no prior knowledge is needed. The candidates will be selected upon their aptitude scores and suitability for the programme.
5. For 8 of the 10 weeks of the Academy, students are required to attend in-classroom training. The other 2 weeks are On Demand and Remote study weeks.
If we don't ask we won't know.
Would anyone employ you though if you only have 10 weeks of training? Hopefully the people they train will have prior IT experience.
If you've had to take a course and get a bit of paper to say you can hack, you're probably not very good at it
In order to apply for the Cyber Retraining Academy, candidates must be:
Aged 18 and over
A UK or EU national
Not currently working within a cyber security role
Able to attend the full ten weeks of the Academy
Available for employment following successful graduation from the Academy
Willing to engage with potential government and corporate employers introduced by SANS
Willing to undergo any necessary security clearance checks
Link to Sans
Proper job!!!
It says
Must be available for the full 10 week Academy, starting on the 23rd of January in London.
Hence willing to relocate
What is the date to submit the application by?
Can't find it on either websites. Although the course starts on Mon. 23rd Jan but there has to be a submission date for them to pick the creme de la creme candidates.