Conversations in Risk-Based Security

Practice Cyber Combat on a Cyber Range

Posted by Joseph Wilson on Jun 28, 2018 11:38:36 AM

Cyber security is a skill based occupation.  The only way to improve a cybersecurity expert skill set, is by accumulating hands-on experience.  Similar to fighter pilots, who don’t often face the challenges and threats of the real world , training cybersecurity experts can be effective only  by simulating hyper-realistic scenarios which allows cybersecurity individuals and teams to face a real threat, and improve their skills based on the experiences.

Today’s rapidly evolving cyber threat landscape demands similar (not as potentially lethal) experiences. Research says you forget 90% of lecture material in a week. Long term retention through realistic, immersive cyber range training/war games is 75%.  Replicating actual enterprise environments, these ranges allow cyber fighters to practice with real-world tools, defending against active simulated threats.

Sounds expensive! Why would I want to do this?  Here are four good reasons:

  1. Authenticity-it is critical that cyber security training provides an authentic experience. Rapid changes, demand training be agile and responsive. Live simulations replicate the experience and go beyond lectures. While tabletop drills address an incident in a theoretical sense, cyber ranges allow a team to practice identifying and mitigating threats in a live fast-moving environment, using real tools. True to life representations of network, host traffic, and user activity challenge professionals to hone their skills. The experience ensures a cyber team is ready to act quickly and effectively, because they have practiced what it takes.
  2. Repetition-you know you retain little from lectures. With inter-active learning; doing and repetition, long-term information retention increases to over seven-fold. Security professionals who train on cyber ranges retain significantly more skills, and use them faster and more precisely. They are better prepared for attacks. They have seen and battled them, not just read or talked about it. Save the organization money and perhaps your job.
  3. Scale-even the best courses are of limited value if you cannot train everyone. Long training sessions away from the office, are not as effective as a cyber range which enables security leaders to train up to 20 at a time; conduct full-scale skill building involving competitive teams. Build skills and teamwork. Create lasting impressions and the ability to put their skills to work on demand.
  4. Gamification-games work. What do you think the Air Force’s drone pilots did as teens? Show them their skills growth scores, track abilities to execute, encourage technical prowess and competition. They will want to train and ‘fight’ in the range.  They will talk about it for months! You will see meaningful tracking of their growth and skills progression.

People are your first line of defense. Give your security professionals genuine skills development. Cyber professionals need realistic, immersive and responsive training achieved through cyber ranges.

Hackers don’t take much time off; our skills growth must be constant too! Utilize a cyber range and you can continue to modernize your approach and make yourself a much more hardened and difficult target.

Topics: cybersecurity, cyber range