Back
CertFirst is an independent, vendor-neutral cybersecurity education and certification provider dedicated to advancing cybersecurity knowledge through ethical, legal, and responsible education. Our mission is to prepare cybersecurity professionals to defend and protect individuals, businesses, governments, and critical infrastructure from cyber threats.
The cybersecurity courses, laboratories, software, demonstrations, scripts, frameworks, utilities, tools, techniques, methodologies, exercises, and educational materials provided by CertFirst and its instructors, authors, certification partners, publishers, licensors, and training partners are intended solely for lawful educational, defensive, research, compliance, auditing, vulnerability assessment, penetration testing (with authorization), and cybersecurity awareness purposes.
Educational Purpose Only
All training offered by CertFirst is designed exclusively to teach cybersecurity professionals how to:
  • Protect their own digital assets.
  • Protect systems they own.
  • Protect systems owned by their employer or clients with proper written authorization.
  • Improve cybersecurity defenses.
  • Detect, prevent, investigate, respond to, and recover from cyber incidents.
  • Meet professional, regulatory, and compliance requirements.
The objective of CertFirst training is to strengthen cybersecurity—not to facilitate offensive or unlawful activities.
Ethical Use Requirement
By enrolling in, accessing, or participating in any instructor-led, virtual live, hybrid, self-paced, on-demand, laboratory, certification, webinar, workshop, coaching, mentoring, or educational program offered by CertFirst, you agree that you will use the knowledge, techniques, software, tools, laboratories, and instructional materials solely for ethical and lawful purposes.
You agree that you will never use the knowledge obtained through CertFirst training to:
  • Gain unauthorized access to any computer, network, cloud environment, application, database, account, or device.
  • Attack, disrupt, disable, damage, exploit, interfere with, or compromise any information system.
  • Develop, deploy, distribute, or facilitate malware, ransomware, spyware, viruses, botnets, or other malicious software.
  • Conduct phishing, credential theft, identity theft, fraud, cyberstalking, social engineering, denial-of-service attacks, or unauthorized surveillance.
  • Steal, modify, encrypt, destroy, or exfiltrate data.
  • Violate intellectual property rights, privacy rights, confidentiality obligations, or contractual agreements.
  • Engage in any activity that violates local, state, federal, or international laws.
Authorized Use Only
Many cybersecurity tools demonstrated during training are powerful professional tools that have legitimate defensive and administrative purposes.
You agree to use such tools only:
  • On systems that you personally own; or
  • On systems for which you have explicit written authorization from the owner.
Possessing cybersecurity knowledge does not authorize you to test, scan, monitor, exploit, attack, or access any third-party system.
Open Source and Third-Party Software
Many of the software applications, utilities, frameworks, scripts, operating systems, penetration testing tools, forensic utilities, vulnerability scanners, AI tools, cloud utilities, and other technologies demonstrated during CertFirst courses are open-source, commercially licensed, or publicly available software created and maintained by independent third parties.
These tools are widely available throughout the cybersecurity industry and can often be downloaded directly from their original developers or publishers.
CertFirst does not develop, own, publish, control, or maintain many of these third-party tools and merely demonstrates their legitimate professional use within an educational setting.
Individual Responsibility
Each participant is solely responsible for how they use any knowledge, software, techniques, or tools learned through CertFirst.
CertFirst cannot monitor, supervise, or control how students use information after training has concluded.
Accordingly, each participant accepts full legal and personal responsibility for all actions taken before, during, and after completion of any CertFirst course.
Assumption of Risk
You acknowledge that cybersecurity education includes learning techniques that, if misused, may cause damage or violate applicable laws.
You voluntarily assume all risks associated with your use of the knowledge, software, laboratories, tools, demonstrations, and instructional materials provided by CertFirst.
No Authorization
Nothing contained within any CertFirst course, certification, book, laboratory, webinar, presentation, publication, video, website, or educational material shall be interpreted as granting permission to perform unauthorized security testing or other activities against any person, organization, or system.
Written authorization from the lawful owner is always required.
Limitation of Liability
To the fullest extent permitted by applicable law, CertFirst, its owners, officers, directors, employees, instructors, contractors, authors, publishers, affiliates, licensors, certification partners, training partners, vendors, resellers, distributors, volunteers, consultants, successors, and assigns shall not be liable for any direct, indirect, incidental, consequential, exemplary, punitive, special, or other damages, claims, losses, liabilities, costs, expenses, penalties, judgments, or legal actions arising from or related to:
  • The use or misuse of any knowledge acquired through CertFirst training.
  • The use or misuse of any cybersecurity tools demonstrated during training.
  • Unauthorized activities performed by any participant.
  • Any criminal or civil conduct committed by a participant.
  • Actions taken by participants after completion of training.
  • Third-party software or open-source tools referenced during training.
Indemnification
By enrolling in any CertFirst course, you agree to defend, indemnify, and hold harmless CertFirst and its owners, officers, employees, instructors, contractors, affiliates, certification partners, publishers, licensors, vendors, distributors, and training partners from and against any claims, lawsuits, investigations, damages, liabilities, settlements, judgments, fines, penalties, costs, and reasonable attorneys’ fees arising from:
  • Your violation of this policy.
  • Your unlawful or unauthorized activities.
  • Your misuse of cybersecurity knowledge or tools.
  • Your negligence or intentional misconduct.
  • Your violation of any applicable law or regulation.
No Endorsement of Illegal Activity
CertFirst expressly condemns and prohibits hacking, cybercrime, unauthorized access, ransomware, malware deployment, identity theft, fraud, phishing, denial-of-service attacks, data theft, extortion, and every other form of unlawful or unethical cyber activity.
Instruction involving offensive security techniques is provided exclusively so that cybersecurity professionals can better understand, detect, prevent, investigate, and defend against real-world attacks.
Right to Refuse or Terminate Access
CertFirst reserves the right to suspend or permanently terminate any student’s access to courses, laboratories, certifications, examinations, learning platforms, memberships, or other services if CertFirst reasonably believes that the participant has violated this policy or engaged in unlawful, unethical, abusive, or malicious conduct.
Governing Responsibility
Each participant acknowledges that they alone are responsible for complying with all applicable laws, regulations, employer policies, contractual obligations, licensing requirements, and professional ethical standards.
Any civil, criminal, administrative, or regulatory liability resulting from misuse of the training rests solely with the individual responsible for those actions and not with CertFirst or its training partners.
Acceptance of Agreement
By registering for, purchasing, accessing, attending, or participating in any CertFirst training program, certification, laboratory, webinar, workshop, mentoring session, coaching engagement, online course, self-paced course, instructor-led class, examination, or educational service, you acknowledge that you have read, understood, and agreed to be legally bound by this Cybersecurity Training Disclaimer, Acceptable Use Policy, Assumption of Risk, and Limitation of Liability Agreement.