OSSTMM-Related Certification Training (OPST, OPSA, OPSE, OWSE)

Targeted training and preparation for the certification test using blocks of theory and (in most cases) practical exercises.

OSSTMM certified personnel are in demand around the world as the OSSTMM's influence is growing as a standard for security audits and projects. The well-known German Federal Office for Information Security (BSI) and the US American National Security Agency (NSA) recommend the OSSTMM for technical audits.

These challenging certification trainings are provided worldwide in technical schools, colleges and universities, as well as through training partners, all certified by ISECOM to ensure consistency, quality and focus. For this reason, ISECOM can assure any organisation on a certified person's level of applied security testing knowledge and their exposure to the appropriate and ethical behaviour outlined in the OSSTMM Rules of Engagement.

Courses Offered

The following official certification courses are provided by OneConsult (the links lead to the original descriptions on ISECOM's website):

• OSSTMM Professional Security Tester (OPST): The most popular course. During this very practical course students get to know the fundamentals of the OSSTMM and its practical application from the perspective of a security tester. Various security testing tools are presented and used. It is an intense, broadening horizons course for security auditors, network engineers, system and network administrators, developers, network architects, security analysts, and truly anyone who works in IT from systems to networks.
  Duration: 3-5 days (including exam, depending on prior knowledge)
• OSSTMM Professional Security Analyst (OPSA): This course focuses on the specific security metrics of the OSSTMM. The participants learn how to analyse and interpret test results of security testers according to the OSSTMM in order to calculate for example the risk assessment value (rav) or to detect incorrect results. Thus, technical testing knowledge is a mandatory requirement to pass the exam. In addition, the project management basics of audit projects are introduced. The typical target group of this course consists of CISOs, auditors, compliance managers, CIOs, etc.
  Duration: 3-5 days (including exam, depending on prior knowledge)
• OSSTMM Professional Security Expert (OPSE): The OPSE course is designed for professionals who dispose of little network and security know-how. It is a quick certification which proves that somebody has in-depth knowledge of the OSSTMM, i.e. how it works, what its aim is, why it is used and what its limits are.
  Duration: 2-3 days (including exam, depending on prior knowledge)
• OSSTMM Wireless Security Expert (OWSE): The OWSE certification program is designed for those who want to learn more about the various ways to technically execute a comprehensive and professional wireless security audit within the OSSTMM framework. Fundamental basics are taught, from Radio Frequency (RF) and RF Spectrum Analysis to the salient features of IEEE 802.11 protocol frames and how to analyse information contained in 802.11 packet dumps before arriving at the higher-level 802.11-based security concerns, e.g. how to penetrate wireless LANs. Beyond this, the OWSE covers advanced methods of auditing wireless networks. This course is intended primarily for security testers and experienced network administrators.
  Duration: 3-5 days (including exam, depending on prior knowledge)

All OSSTMM courses end with the optional certification exam (on the last day of the course), which is carried out live on the test systems of ISECOM.

Further Information

The following information is valid for all OSSTMM courses offered by OneConsult:

• Duration: Weekdays, 09.00 - 12.00 and 13.00 - 17.30
• Location, date and training fees (excl. VAT) including training materials, lunch and ISECOM examination fee: see course planning
• ISSS members receive a 15% discount on course fees. Please specify your ISSS membership number (membership will be verified by ISSS) when booking a course.
• Company courses: we will be happy to send you an individual offer.
• Instructor: Experienced security testers of OneConsult
• Language:
  • Course language: English or German
  • Training material: English
  • Online exam: English
• Participants: 5 - 10 people (smaller or larger groups on request)
• DISCLAIMER: Neither OneConsult nor ISECOM can guarantee that students pass the certification exam. Each candidate can retake the exam as often as needed, but has to repay the examination fee for each attempt.
• The course fee must be paid before the course starts. The invoice will be sent to the participants about 45 days before.
• As cancellations prior to the start of the course are concerned, the following applies:
  • until 11 working days: free of charge, any course fees already paid will be refunded
  • 3 to 10 working days: 50% refund
  • 2 to 0 working days or non-attendance: no refund
• Registration: Please register here for a course or send us your inquiries. We are looking forward to hearing from you!

OSSTMM Training Expertise

Former students all passed the exam and found the course very practical and recommendable. Our highly qualified instructors and coaches work as security testers and security consultants every day.

Our staff have conducted more than 450 OSSTMM-compliant technical security audits for our clients since 2003. OneConsult GmbH is ISECOM Licensed Auditor (Platinum Level), ISECOM Partner (accredited trainer) and, based on the number of OSSTMM-compliant security audits, the leading company in Europe.