Should I Become a Cybersecurity Practitioner (CSX)?

There are a lot of different security certificates one can achieve in order to increase their knowledge in the cybersecurity field. Since cybersecurity is a young, still-growing field, there are a lot of new certificates still being created. One of the more recent certificates is the Cybersecurity Practitioner (CSXP) by ISACA. It is different from many of the other exams in the security field, because it is a real-time, hands-on exam where the candidate has to prove their knowledge by dealing with different incident response scenarios in a virtual environment.

Basic Information About CSX Practitioner Certification

The Cybersecurity Practitioner (CSXP) exam is a vendor-neutral, performance-based certification from ISACA. It is a real-world, live, virtual lab environment designed to test the practical knowledge of a candidate. There are no multiple choice questions. The time limit for the exam is 3.5 hours. There will be few instructions and the candidate will be expected to switch between multiple virtual machines while multitasking. ISACA also offers a lab preview for demonstration purposes.

The exam will test for knowledge in domains of prevention, detection, and response in relation to a cybersecurity incident. It is focused around the role of a first responder, and is designed to demonstrate experience with firewalls, patching, anti-virus, vulnerability scans with basic analysis, and the ability to implement common security controls. It assumes knowledge of Kali Linux, Microsoft Windows Server and Workstation, as well as Ubuntu Linux. It is the second new exam in the ISACA library of certificates, immediately following the Cybersecurity Fundamentals Certificate, which is designed to demonstrate fundamental knowledge of cybersecurity.

Fees and Training

Breakdown of knowledge domains

  • Protect: 33-37%
  • Detect: 21-24%
  • Respond: 16-18%
  • Identify: 13-15%
  • Recover: 10-12%

Familiar tools and techniques

  1. Linux system administration (entry level)
  2. Md5deep64
  3. Microsoft Windows Domain Administration (entry level)
  4. Microsoft Security Essentials
  5. Network troubleshooting commands
  6. Nmap/Zenmap
  7. Pfsense
  8. Security Onion
  9. Snorby
  10. Snort
  11. Tcpdump
  12. Terminal applications
  13. Wireshark


Although training will not be required to sit for this exam, ISACA does offer their own training labs, which cost $500 per lab with six months of total access. ISACA also offers bootcamps and training at conferences, for a fee. The author could find no other training outside of ISACA at the time of this writing.

Exam fees

  • ISACA members: $540
  • Non-members: $725

Testing Locations

Testing locations are proctored by Prometric. Once a candidate purchases an exam voucher, the candidate is allowed to sit for the exam within the next seven months. Candidates can find testing locations at Exams are only available in English at the time of this writing.

More Information

ISACA provides a PDF with more information, for those serious about sitting the CSXP exam. Candidates can also view the ISACA website for more detailed information than this article provides. One can also find more information on maintaining the CSXP certification there, as well. This certification shows that a candidate has hands-on, practical experience and knows how to protect a network and resolve security-related issues. Since this certification is a real-time, practical exam it stands out from most of the other multiple choice exams in this space. It is definitely a certification worth considering.



  1. John Johnson · · Reply

    CSXP is a joke: only two job ads request it today 8/16/17 on Indeed. Get a CISSP, CEH or SANS.

    Liked by 1 person

    1. Thank you for commenting! Sorry it took me so long to approve.

      I ask that we all please remember there is little call for it right now because it is new. It’s the chicken or the egg dichotomy. Eventually, more job postings will include it; just give it time.

      I also feel the number of job listings should not be a qualifier as to this exam’s quality. We will need more people to take the test in the InfoSec community and give their feedback before we can make a call. It’s not about the demand for the certification, it is about the knowledge gained. If this exam teaches you valuable knowledge and skills (because it is practical) then it was worth taking it!

      I made this blog to share new things and what I’m learning. That’s what marches our community forward.


  2. Jason B · · Reply

    I would want a person on my team that passed a practical certification over a multiple choice test 10 out of 10 times. I would take a person who had an OSCP over a CEH. Some goes for this CSX P

    Liked by 1 person

    1. Well, I have to say that while similar, the CEH and OSCP are two very different types of exams. They are geared towards different audiences. CEH is basic and fundamental, where OSCP is far more advanced. In a way, what you’re saying is you want someone with more experience and more hands-on skills.

      It also highlights the difference in knowledgebases. There are many people who have obtained the gold standard CISSP that would be lost in the OSCP. Yet, when discussing managerial level positions most people would find the CISSP more applicable. It’s all about the role you want to play and the job you want to hold. Technical? Ttay with practical exams. Managerial? Take higher level exams, such as the CISSP.

      In the end, these choices are great for the community, because they allow us to expand. Get as many as possible, because in the end you are always learning. I’ll be having my first SANS in a few months, on that note. I look forward to it.

      This doesn’t degrade any certification, it just shows that the reason we have so many certifications is because we have so many difffernet needs in this field.


Express your opinion

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: