This article covers everything you need to know about the CSOM exam: how it works, how it's graded, and what happens if you need to resit.
Getting Started
Clients enrolled in the Certified Security Operations Manager course can start the exam at any time within their access period. The CSOM exam is a hybrid assessment, combining a theoretical exam and a practical Management Lab, designed to test both your strategic knowledge and your ability to apply it in a real-world SOC environment.
Before sitting the exam, we recommend completing all course materials, including lessons, quizzes, and labs, to ensure you're fully prepared.
Proof of Experience
To gain access to the Certified Security Operations Manager exam, clients must provide evidence that they meet the minimum experience requirement of 2 years' cumulative full-time experience working in a defensive cybersecurity role.
This requirement is in place to maintain the integrity of the CSOM designation and ensure those holding the certification meet the standard it represents.
Important:
- Evidence must be submitted and verified before exam access is granted
- Acceptable evidence typically includes employment verification, or supporting documentation from your employer
- Clients who do not meet the requirement at the time of purchase can still complete the training, but exam access will only be granted once eligibility is verified
Exam Format
The CSOM exam is split into two distinct components: a Practical Assessment and a Theoretical Exam. There is no required order, you can choose which part to sit first.
1. Practical Assessment
A hands-on scenario where you take on the role of a Security Operations Manager and demonstrate your ability to make executive decisions within a simulated SOC environment.
- Format: in-browser lab with 20 practical questions focused on operational management scenarios
- Topics Covered: capability development, incident handling at the management level, resource and team management, communication, and SOC maturity in practice
- Marking: task-based, with feedback provided on incorrect answers upon submission
2. Theoretical Exam
A rigorous test of your knowledge across the strategic and operational management of a Security Operations Centre, delivered as a written report.
- Format: 3 tasks completed within a single written report, submitted through the platform
- Topics Covered: governance, frameworks, legal and regulatory considerations, strategic management, team leadership, SOC maturity, and reporting to stakeholders
- Marking: human-marked by our Exam Team for accuracy and consistency
Important:
- The use of AI tools (including but not limited to ChatGPT, Claude, Gemini, Copilot, or any similar AI assistant) is strictly prohibited
- Seeking help from AI or other individuals is considered cheating and may result in disqualification
- For full exam rules, please review the CSOM Exam NDA before sitting
Flexible Setting and Open-Book Format
Both parts of the exam are designed to be taken without traditional proctoring constraints. You can take the exam from anywhere, whether at home or at work.
Submission and Grading
Each part of the exam is marked separately:
- The Practical Assessment is graded automatically upon submission, with feedback provided on incorrect tasks
- The Theoretical Exam report is human-marked by the Exam Team, with results returned within the published SLA
Rewards on Passing
Your overall result is calculated as the average of your Practical Assessment and Theoretical Exam scores.
- A combined average of 70% or above is required to pass and earns you the silver challenge coin
- A combined average of 90% or above on your first attempt earns you the gold challenge coin
Example:
- Theoretical Exam: 100%
- Practical Assessment: 85%
- Overall score: 92% → gold challenge coin
For full details on how submissions are marked, see Exam Result Review Policy & Marking Timeframes.
Important:
- The Practical Assessment is eligible for manual review under our standard review policy
- The Theoretical Exam is fully assessed by our human team and is not eligible for additional review
Resit Policy
The Practical Assessment and Theoretical Exam are treated as two separate exams for resit purposes:
- Two Exam Attempts Included: each CSOM purchase includes a total of two exam attempts per component (Practical and Theoretical)
- Second Attempt (Retake): if you fail either part, you're eligible for a second attempt of that specific part at no additional cost
- Independent Resits: you only need to resit the part you failed, not both
- Resit Restrictions: you must wait at least 10 days after a failed attempt before resitting
For full details on exam access and extensions, see Certification and Exam Access.
Still need help?
Submit a support ticket and our team will be happy to help.