ISO 21434 Certification and Examination

TÜV Nord ISO 21434 CSCAE 

TUV Nord's 5-day ISO 21434 CSCAE Training covers topics on Cybersecurity Management, Security Engineering, Verification, Security Testing, and Validation of CPSs and measures after SOP activities.


CyberSecurity Certified Automotive Engineer (CSCAE) 



Learn More Now!


Security by Design (ISO/SAE 21434). Cybersecurity Governance, general concepts and Risk Evaluation. Requirement by UN ECE Objectives and requirements for overall cybersecurity management are delivered, as well as examples for implementation, organizational responsibilities, and a definition of a CSMS (Cybersecurity Management System in Engineering) according to ISO/SAE 21434 – Safety by Design and other applicable standards during Embedded and Software Engineering). 


Prerequisite for participation: 
  • Good understanding of embedded systems and their communication equipment (e.g. CAN or other protocols); experience in the use of (RTOS) operating systems and mission critical systems

  • Experience in developing systems with respect to modern engineering standards (e.g. ISO 26262, IEC 61508, ASPICE; CMMI)

  • General understanding of testing in the area of embedded systems 

  • Studies in the field of STEM subjects or adequate engineering expertise in embedded electronic system

Day 1

Cybersecurity Management during Product Engineering (Cyber Physical Systems) 

We will show objectives and requirements for a project dependent cybersecurity management including examples in correlation with overall cybersecurity management.

Further, the interaction with Functional Safety will be explained. Ongoing activities like cybersecurity monitoring, event management, vulnerability analysis and management will be discussed. Nevertheless, examples how to achieve goals for continuous cybersecurity activities will be delivered.

Introduction to TARA (Threat Analysis and Risk Assessment) and introduction to cybersecurity analysis methods, like attack tree analysis and others. You will also get familiar with valuation tables for attack feasibility and estimation of damage, the creation of a risk matrix, parameter and content of attack feasibility, and different terms like damage scenario, threat scenario, and attack path. Examples of performing a TARA are given. The different steps of the risk analysis will be illustrated with exercises.

Days 2 and 3

Security Engineering - Security Development Lifecycle and Design Methods

The "security by design" principles that must be integrated into the entire development and product life cycle, starting with the initial idea to the achievement of the "end of life" of a product will be discussed. Further, we will discuss in detail the aspects of the cybersecurity engineering activities.

  • Security Engineering Process for Embedded Systems
  • Development of the Cybersecurity Concepts
  • Technical Measures and Strategies implementing Cybersecurity in Embedded
  • Systems covering HW and SW related Aspects
  • System related Design Patterns
  • Software Design Process in Cybersecurity of Embedded Systems
  • Introduction to Cryptography for Embedded Systems
  • Secure Communication
  • Management of Tools and Confidence in Tools
  • Introduction to Verification and Methods in Cybersecurity Engineering during Engineering


Day 4

Verification, Security Testing and Validation of CPSs and Measures after SOP Activities

An important requirement for any cyber physical system is the effectiveness and security of the design and implemented techniques, measures and controls.

We call special attention to verification and testing methods and address techniques like penetration testing and other methods in context of communication systems and other interesting system parts. The training contains examples and strategies on how to analyze finding and using them during testing to improve optimization of the system, hardware and software design further to develop validation strategies and techniques.


Meet Your Presenters

Avatar-Kelly Stephenson-1500x1500

Kelly Stephenson

Solutions Architect, Cyber Security

Kelly is a Solutions Architect in Cyber Security with over 30 years of engineering experience in automotive and industrial IoT products. Kelly is an innovative security engineer with extensive cybersecurity and software development experience within automotive design markets.

Avatar-David Ha-1500x1500

David Ha

Senior Embedded Cyber Security Engineer

David Ha joined LHP in 2021 as a Senior Embedded Cybersecurity Engineer with over 20 years of experience in cybersecurity product development, systems integration, verification, debugging, and failure analysis. He is also proficient in project management in all phases of development, from system design to requirements definition for the security of embedded devices (SoC, IoT, automotive, smart card), and system headend/backend cybersecurity.


Location: Pontiac, MI

The CSCAE is a 4-day program with the certification exam on the 5th day.

Pontiac Training Dates:

  • July 16, 2024 – 25, 2024 (Virtual, 8 half days)
    • Exam will be in Pontiac, MI on August 2 
  • Custom Dates Available






Location: Columbus, IN

The CSCAE is a 4-day program with the certification exam on the 5th day.

Columbus Training Dates:

  • February 5 – 9, 2024
  • Custom Dates Available


Location: Anaheim, CA

The CSCAE is a 4-day program with the certification exam on the 5th day.

Anaheim Training Dates:

  • Custom Dates Available




Our Training Funnel



Pricing + Locations:

Multiple Options

Contact Us

  • Individual Pricing Options
  • Group Pricing Options
  • Multiple Locations

Registration Includes:

Training + Certification Exam

Contact Us

  • ISO/SAE 21434 Training
  • Certification Exam
  • Training Manual