Tiger Scheme QSTM

I opted to complete an intermediate qualification for penetration testing engineers, called the Tiger Scheme QSTM (Qualified Security Team Member), as part of my Personal Development Plan at ITSUS Consulting.

The QSTM consists of a two hour practical test, where candidates are expected to achieve specific objectives on a dedicated test environment, followed by a half hour viva exam where candidates are asked to explain and discuss their methods and findings.

The QSTM consists of a two hour practical test, where candidates are expected to achieve specific objectives on a dedicated test environment, followed by a half hour viva exam where candidates are asked to explain and discuss their methods and findings.

ITSUS facilitated my study for the qualification during work hours and I was also given weekly lectures by their Senior Research Technologist, Rhys Jeffs. I needed to place emphasis on developing my practical penetration testing skills, so I created a virtual lab which included some intentionally vulnerable virtual machines (Metasploitable and OWASP vulnerable web). I decided to dedicate the initial few days to brushing up on the first two stages of penetration testing, Reconnaissance and Scanning, before practicing the last two stages, Exploitation and Post Exploitation.

During lectures with Rhys he discussed the recommended tools and techniques for each of the four stages of penetration testing, along with practical exam day tips. Having someone who is experienced in the Computer Security industry has been invaluable in assisting with my training for the QSTM.