NEWS: we are organising 5 Auditor trainings between now and the spring of 2026, 4 of which are “open”. Note that the fees differ as we calculate per training with little overhead, following the not-for-profit principle.
The Open CSIRT Foundation (OCF) organises the following official 3-day trainings to become a Certified SIM3 Auditor (conducted in English unless otherwise noted):
- 4-6 Nov 2025 close to Paris, France. Language: French.
- 10-12 Nov 2025 in Latin America: closed training for the OAS community.
- 17-19 Nov 2025 in São Paulo, Brazil.
- 15-17 Dec 2025 in Egmond aan Zee, The Netherlands.
- 18-20 Mar 2026 in Kraków, Poland.
The OCF shepherds the further development of the SIM3 maturity model, that is used by FIRST for their new membership applications, by TF-CSIRT for Certifications in Europe, by ENISA for national teams in the EU, by the NCA (Nippon CSIRT Association) in Japan for 500+ teams, and furthermore by the ITU, the OAS and many more.
Certified Auditors play an important role in making it possible that SIM3 is used in a professional and objective way, and also contribute to further improving SIM3 in the near future.
Trainers:
> Olivier Caleff (Paris training), SIM3 Trainer and Auditor
> Miroslaw Maj (Kraków training), SIM3 developer, Senior Trainer and Auditor
> Don Stikvoort (all trainings except Paris), SIM3 original developer, Senior Trainer and Auditor
Precise Location:
> Paris (FR): in the La Défense quarter – details will be shared after registration
> São Paulo (BR): CERT.br/NIC.br Training Facilities, Av. das Nações Unidas, 11541, 4th Floor 04578-000 – São Paulo – SP
> Egmond aan Zee (NL): Hotel Zuiderduin – easy to reach from Amsterdam airport
> Kraków (PL): Hotel Polonia, next to the old city centre
Schedule: all three days from 09:00-17:00. You need to book your own hotel, except for Egmond aan Zee (see fee details below).
Language: Slides, training and exam are in English. Except for the Paris training, which is conducted in French, with English slides.
Pre-requisites: Applicants need to have demonstrable knowledge *and* at least a few years of experience in cyber security incident/threat management (CSIRT work; or similar SOC, ISAC or PSIRT experience); they also need to have inside experience in the CSIRT/SOC/ISAC/PSIRT community (e.g. via national or regional collaboration, or membership in FIRST, TF-CSIRT, LACNIC CSIRT, OAS CSIRTAmericas or other fora), in order to be eligible to participate. When there is good reason, we also allow in e.g. professors in cybersecurity, or professional IT auditors. In case of doubt, get in touch!
Fee: The fee includes access to the training, e-access to the training materials (no paper materials), and (during the training) tea/coffee/water/cookies – and during and after the training, easy access to the trainers for questions and discussions: (all fees with VAT excluded*)
> Paris (FR): € 1500
> São Paulo (BR): € 350 – thanks to the kind sponsoring by CERT.br/NIC.br we can offer this 3-day Certification training for this relatively low amount!
> Egmond aan Zee (NL): € 1650 including 2 nights stay 15-17 Dec (including breakfast), 3 lunches and 1 dinner. The one dinner we take jointly, on the first evening. If you also want to stay the night of 14-15 Dec, and/or the night of 17-18 Dec that’s € 86.50 extra per night, including breakfast – just ask us.
> Kraków (PL): € 1350 if you register before 15 December 2025 – late registration fee is € 1450.
Registration: Click the training of your choice to go to the registration pages:
> Paris (FR)
> São Paulo (BR)
> Egmond aan Zee (NL)
> Kraków (PL)
The fee also includes the right to take the auditor’s certification exam at the end of the training. Providing the student has enough relevant experience, and providing the student pays proper attention during the training, they will normally speaking be able to pass the exam. Passing the exam is however not part of the fee, this is the student’s own responsibility (any special needs related to the training or exam, please bring to our attention timely). We do exercise due care: see the “auditor certification clause” below.
- Cancellation clause: cancellation for the training is possible without charge no later than 2 months before training start. If cancellation takes place between 2 months and 1 month before training start, 50% of the full amount will be due. In case of cancellation within 1 month of the training start, or a no-show, 100% of the full amount will be due. In clear cases of absence due to “Act of God” the payment obligation remains, but OCF will seek to provide due care, e.g. offering access to the next training at only marginal cost.
- Auditor certification clause: OCF will provide due care to prepare the trainees for the auditor’s certification exam at the end of each training. Following successful certification, the first year of being certified will be at zero cost, and the certified auditor will get access to special auditor rights and materials, as well as be listed on the OCF website (opt-out possible). However if (1) a trainee is absent during parts of the training (unless after explicit consent of the OCF head trainer), or (2) fails or misses the exam on the 3rd day, certification will not take place, nor any re-fund. In the case of failed exams only, OCF will allow a time-slot of 6 months in which, at no additional cost, the trainee will receive a task to fill any knowledge/experience gaps, and after successful completion of that task, will either pass or get a verbal repeat exam (this can be done via videoconferencing) – and providing this is completed successfully, certification will then take place. (In case of repeated failure, OCF has no more obligations towards the trainee and/or the organisation who paid for their participation.)
* Inside the EU (with the exception of The Netherlands), only organisations/companies with an ‘EU valid’ VAT number pay 0% VAT. We regard a VAT number only then as ‘EU valid’ when it successfully passes the EC’s ‘VIES VAT number validation’, see https://ec.europa.eu/taxation_customs/vies/