NCSP Boot Camp - Foundation & Practitioner

This 5 day, instructor-led NCSP Boot Camp course combines both the Foundation and Practitioner courses and includes a single multiple-choice exam paper for full NCSP Practitioner certification. There are no prerequisites for this course.


Accredited through APMG International and listed as qualified cyber training by DHS CISA in the U.S. and GCHQ NCSC in the UK, the NCSP accredited training program teaches organisations how to rapidly engineer, operationalise and automate the NIST-CSF informative reference controls and management systems required to deliver the business outcomes expected by executive management, government regulators and industry auditors.

This 5 day, instructor-led NCSP Boot Camp combines both the Foundation and Practitioner courses and includes a single multiple-choice question exam for full certification.


Course content

  • Framing the Problem: Discusses the context of the introduction on the NIST-CSF and adaptation using the Controls Factory Model.
  • The Controls Factory Model: A closer look at the Controls Factory Model, including the three areas of focus; the Engineering Centre, the Technology Centre and the Business Centre.
  • Threats and Vulnerabilities: Using the Cyber Attack Chain Model, attendees will be shown an overview of cyber attacks, focusing on the top 15 attack methods and the most common vulnerabilities.
  • Assets and Identities: Detailed discussions of asset families and key architecture diagrams. This chapter also includes an analysis of business and technical roles, along with a discussion of governance and risk assessment.
  • The Controls Framework: A practitioner-level analysis of a controls framework based on the NIST Cybersecurity Framework and how it is applied.
  • The Technology Controls: A detailed analysis of the technical controls involved in the establishment of a cybersecurity framework. This will be based on the Center for Internet Security 20 Critical Security Controls©, including the controls objective, controls design, controls details and diagrams of all the controls.
  • The Security Operations Center (SOC): Attendees will undergo a detailed analysis of Information Security Continuous Monitoring (ICSM) purpose and capabilities. This includes analysing people, processes, services and technologies provided by a well-functioning Security Operations Center.
  • Technical Program Testing and Assurance: A high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). This includes an analysis of all 12 requirements of the DSS.
  • Business Controls: An analysis of the business controls based on the ISO 27002:2013 Code of Practice (including the goals of preserving confidentiality, integrity and availability). This chapter includes the controls clauses, objectives and implementation overview.
  • Workforce Development: An overview of current cybersecurity workforce demands and standards based on the NICE Cybersecurity Workforce Framework (NCWF).
  • The Cyber Risk Program: A review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Develops attendees’ understanding of the 9 Description Criteria Categories and the 31 Description Criteria.
  • Cybersecurity Program Assessment: Highlights the key steps organizations can follow to conduct a Cybersecurity Program assessment. This will also look at recording assessment results including a technical scorecard based on the 20 critical controls. Also covers executive reports, gap analyses and implementation roadmaps.
  • Cyber-risk Program Assessment: Discussion on the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework

Learning Outcomes

The NCSP Boot Camp program teaches delegates how to:

  • Develop a program to rapidly operationalise the NIST Cyber Security Framework controls and management systems
  • Design and engineer a solution to be used across the organisation and its supply chain, identifying key weaknesses and how to resolve them.
  • Organise a Security Operations Centre (SOC) which will regularly monitor the cyber health of the organisation and respond accordingly.
  • Implement solutions that will automate the risk assessment, threat update reporting process
  • Establish a continuous learning program for all Technical and Business employees

Target Audience

Suitable for all individuals and members of an organisation in need of a deeper understanding of the NIST Cybersecurity Framework, the Boot Camp training will help protect the online defences of any business in line with national standards.

Originally created as a common framework to be used by government and businesses to assess cyber threats, the NIST Cyber Security Framework has value for staff in almost every department of an organisation’s structure.

Some examples of potential training groups:

  • Candidates looking to enhance their understanding of the NIST framework and how to apply it practically in a business context.
  • IT and network engineers, for an understanding of best practice when creating and implementing a security framework
  • Operations, Business Risk and Compliance professionals who will benefit from more information about common cyber security risks and how organisations should be managing them.
  • IT and Cyber security specialists such as Developers, Penetration Testers and Auditors. This group will gain knowledge of how to apply the NIST framework practically and how to ensure an organisation is compliant with the common expectation for businesses.
  • Business professionals, such as lawyers and accountants or sales, marketing and HR departments. Staff who regularly interact with personal data will also benefit from understanding how to ensure cyber security best practice at all times


There are no prerequisites for attending this training. The aim is to provide staff with a better understanding of how to apply the NIST Cybersecurity Framework and establish a national common framework for preventing cyber attacks.

Exam, Certification & Awards

This course prepares you for the closed-book, 150 minute, 90 multiple-choice question exam leading to the NCSP Practitioner Certification. This exam is administered by APMG International. You must attain a passing mark of 60% (54 marks) to be awarded the certificate

Candidates who attend and complete the NCSP Foundation Certificate course are eligible to sit the associated APMG certification exam along with applying for CPE, PDU and CEU continuing education credits from PMI, ISACA, CompTIA and other professional certification bodies.

Course Material

Material for this course will only be provided as downloadable soft copy files that can be viewed on a variety of devices. 

Interested in attending? Have a suggestion about running this course near you?
Register your interest now