ISACA - CSX-P Cybersecurity Practitioner Certification



Just 3 Days



Classroom / Online / Hybrid

Next date

Next date:

26/6/2023 (Monday)


CSX®-P remains the first and only comprehensive performance certification testing one’s ability to perform globally validated cybersecurity skills spanning five security functions – Identify, Protect, Detect, Respond, and Recover – derived from the NIST Cybersecurity Framework.

This accelerated CSX-P Cybersecurity Practitioner Certification CSX-P course requires that candidates demonstrate critical cybersecurity skills in a live, proctored, virtual environment that assesses their analytical ability to identify assets and resolve network and host cybersecurity issues by applying the foundational cybersecurity knowledge and skills required of an evolving cyber first responder.

At the end of this course, you’ll achieve your CSX-P Cybersecurity Practitioner Certification.

Through Firebrand’s Lecture | Lab | Review methodology you’ll certify at twice the speed of traditional training and get access to courseware, learn from certified instructors, and train in a distraction-free environment.

40% faster

Distraction-free environment


If you are looking to go beyond validating your knowledge of cybersecurity concepts and prove that you have the skills to perform cybersecurity tasks, then the CSX Cybersecurity Practitioner Certification is right for you.

Four reasons why you should sit your course with Firebrand Training

  1. You'll be trained and certified faster. Learn more on this 3-day accelerated course. You'll get at least 12 hours a day of quality learning time in a distraction-free environment
  2. Your course is all-inclusive. One simple price covers all course materials, exams, accommodation and meals – so you can focus on learning
  3. Pass first time or train again for free. Your expert instructor will deliver our unique accelerated learning methods, allowing you to learn faster and be in the best possible position to pass first time. In the unlikely event that you don't, it's covered by your Certification Guarantee
  4. Study with an award-winning training provider. We've won the Learning and Performance Institute's "Training Company of the Year" three times. Firebrand is your fastest way to learn, with 134.561 students saving more than one million hours since 2001


CSX-P Cybersecurity Practitioner Certification

1 Business and Security Environment (ID) 25%

  • 1A Business Environment
  • 1A1 Digital Infrastructure
  • 1A2 Enterprise Architecture
  • 1A3 Data and Digital Communication
  • 1B Security Environment
  • 1B1 Network
  • 1B2 Operating Systems
  • 1B3 Applications
  • 1B4 Virtualization and Cloud

2 Operational Security Readiness (PR) 25%

  • 2A Protection
  • 2A1 Digital and Data Assets
  • 2A2 Ports and Protocols
  • 2A3 Protection Technologies
  • 2A4 Identity and Access Management
  • 2A5 Configuration Management
  • 2B Preparedness
  • 2B1 Threat Modeling
  • 2B2 Contingency Planning
  • 2B3 Security Procedures

3 Threat Detection and Evaluation (DE) 25%

  • 3A Monitoring
  • 3A1 Vulnerability Management
  • 3A2 Security Logs and Alerts
  • 3A3 Monitoring Tools and Appliances
  • 3A4 Use Cases
  • 3A5 Penetration Testing
  • 3B Analysis
  • 3B1 Network Traffic Analysis
  • 3B2 Packet Capture and Analysis
  • 3B3 Data Analysis
  • 3B4 Research and Correlation

4 Incident Response and Recovery (RS&RC) 25%

  • 4A Incident Handling
  • 4A1 Notifications and Escalation
  • 4A2 Digital Forensics
  • 4B Mitigation
  • 4B1 Containment
  • 4B2 Attack Countermeasures
  • 4B3 Corrective Actions
  • 4C Restoration
  • 4C1 Security Functions Validation
  • 4C2 Incident Analysis and Reporting
  • 4C3 Lessons Learned and Process Improvement

Exam Track

At the end of this accelerated course, you’ll sit the following exam at the Firebrand Training centre, covered by your Certification Guarantee:

CSX-P Cybersecurity Practitioner Certification

  • Type of Exam: Online lab-based performance exam delivered via remote proctor through PSI Testing Solutions.
  • Number of Items 20
  • Length of Exam 4 hours (240 minutes) to complete and score the exam.
  • Scoring is immediate.
  • Passing Score 75%
  • Languages English only

Domain 1 - Business and Security Environment (ID) – 25%

Domain 2 - Operational Security Readiness (PR) – 25%

Domain 3 - Threat Detection and Evaluation (DE) – 25%

Domain 4 - Incident Response and Recovery (RS & RC) – 25%

This 4-hour exam contains no multiple-choice questions or simulations.

Candidates must complete tasks of varying durations with minimal instruction while navigating between multiple virtual machines and are expected to:

Demonstrate an ability to:

  • Use vulnerability assessment processes and scanning tool sets to identify and document vulnerabilities based on defined asset criticality and technical impacts.
  • Obtain and aggregate information from multiple sources — for example: logs, event data, network assessments – for use in threat intelligence, metrics incident detection, and response.
  • Implement specified cybersecurity controls — for network, application, endpoint, server, and more – and validate that controls are operating as required by defined policy or procedure.
  • Implement and document changes to cybersecurity controls – for example: endpoint security and network security — in compliance with change management procedures.
  • Identify anomalous activity and potential internal, external, and third-party threats to network resources using network traffic monitors or intrusion detection and prevention systems, as well as ensure timely detection of indicators of compromise.
  • Perform initial attack analysis to determine the attack vectors, targets and scope and potential impact. Execute defined response plans to contain damage on affected assets.
  • Possess working knowledge of:

    • CentOS
    • Kali Linux
    • MS Windows 2016 Server
    • MS Windows clients – all beginning with XP
    • Pfsense
    • Security Onion
    • Ubuntu

    Be comfortable working with a variety of applications, operating systems, tools and utilities prior to sitting for the exam:

    • Kibana
    • Lynis
    • Microsoft security features
    • Nmap/Zenmap
    • Network troubleshooting commands
    • OpenVAS
    • Squil
    • Terminal applications
    • Ubuntu
    • Wireshark

What's Included

Your accelerated course includes:

  • Accommodation *
  • Meals, unlimited snacks, beverages, tea and coffee *
  • On-site exams **
  • Exam vouchers **
  • Practice tests **
  • Certification Guarantee ***
  • Courseware
  • Up-to 12 hours of instructor-led training each day
  • 24-hour lab access
  • Digital courseware **
  • * For residential training only. Accommodation is included from the night before the course starts. This doesn't apply for online courses.
  • ** Some exceptions apply. Please refer to the Exam Track or speak with our experts
  • *** Pass first time or train again free as many times as it takes, unlimited for 1 year. Just pay for accommodation, exams, and incidental costs.


No specific training is required for the CSX-P certification, although the CSX-P prep course is highly recommended. CSX-P candidates are assessed on their ability to perform cybersecurity tasks.

Are you ready to get certified in record time?

We interview all applicants for the course on their technical background, degrees and certifications held, and general suitability. If you get through this screening process, it means you stand a great chance of passing.

Firebrand Training is an immersive training environment. You must be committed to the course. The above prerequisites are guidelines, but many students with less experience have other background or traits that have enabled their success in accelerated training through Firebrand Training.

If you have any doubts as to whether you meet the pre-requisites please call (0)8 52 50 01 66 and speak to one of our enrolment consultants, who can help you with a training plan.


We've currently trained 134.561 students in 12 years. We asked them all to review our Accelerated Learning. Currently,
96,48% have said Firebrand exceeded their expectations:

"I've found Firebrand Training Courses to be well organised and structured. The Accommodation and food are excellent."
Edward Lyon, Disclosure and Barring Service. (11/1/2023 (Wednesday) to 13/1/2023 (Friday))

"Incredibly experienced instructor with a plethora of industry knowledge really helped contextualise the course content."
R.R, MoD. (17/1/2023 (Tuesday) to 20/1/2023 (Friday))

"An intense course made bearable by a brilliant trainer."
Jason Halls, ICR. (17/1/2023 (Tuesday) to 20/1/2023 (Friday))

"Great instructor, great course."
Ian Radford, DE&S. (30/11/2022 (Wednesday) to 2/12/2022 (Friday))

"This was well run course which provided a good overview of the course material."
Anonymous. (6/9/2022 (Tuesday) to 9/9/2022 (Friday))

Course Dates





Book now

20/2/2023 (Monday)

22/2/2023 (Wednesday)

Finished - Leave feedback



26/6/2023 (Monday)

28/6/2023 (Wednesday)

Wait list



7/8/2023 (Monday)

9/8/2023 (Wednesday)

Limited availability



18/9/2023 (Monday)

20/9/2023 (Wednesday)




30/10/2023 (Monday)

1/11/2023 (Wednesday)




11/12/2023 (Monday)

13/12/2023 (Wednesday)




Latest Reviews from our students