Training an Army of Cyber Defenders: The Case for Simulation

Written by

In a rapidly unfolding crisis, every move is critical. When moments of extreme pressure hit, whatever you know, you know. Whatever you don't know will come back to haunt you – if you're still around when the smoke clears.

Doctors, nurses and emergency response teams live this battle every day. Patients code blue, buildings go up in flames and would-be criminals pose threats to the innocent people around them. On a nanosecond's notice, these teams must be ready to respond properly. Emergency response teams spend long hours in traditional classroom settings, but classrooms and textbook education only go so far, doing little to prepare people to effectively respond amid the stress and chaos of a real emergency situation.

In these situations, there is only time to "do" -- and the key to “doing” better lies in actively training for that battle before events hit. To be truly prepared in the face of a real crisis requires a systematic training paradigm in which response teams can practice applying skills in a hyper-realistic, controlled environment, building their ability to react better with each iteration.

Simulation enhances training

Simulation has been used as a training technique since the 1920s, when early aviators recognized the necessity of training new pilots for flight without risk to life and limb. The U.S. Army Air Corps, forerunner to the U.S. Air Force, began allowing pilots to experience low-occurrence but high-risk situations in a safe and controlled environment. This also afforded the military the ability to standardize the settings of each simulation, allowing pilots of varying levels to achieve expertise. The medical world began to take notice in the 1960s, creating training programs in which residents performed emergency techniques on simulated patients, giving rookie doctors the chance to hone and perfect their skill without putting real patients in danger. Now simulation has become a paramount feature in training today’s Air Force pilots, doctors, nurses and emergency responders, helping ensure that their “split second” decisions and actions are the correct ones.

How to train recruits for today's cyber battles

As we increase our reliance on digital technology, securing digital data is an urgent need. Companies face the constant threat of attacks carried out by malicious actors, which increases the imperative to build an army of skilled analysts who understand how to diffuse and mitigate risks. Huge portions of company budgets are often set aside to train employees tasked with keeping corporate assets secure, but there is a problem: cybersecurity talent is hard to come by. To put it simply, there aren't enough skilled analysts to fill the more than 1 million open security positions that exist in 2017; there likely won't be enough to fill the expected 2 million slots that will be vacant by 2020.

Aware of this reality, organizations often hire fresh-out-of-school cybersecurity analysts who have yet to encounter real crisis situations, and have not fully developed the skills needed to perform optimally in the face of danger.

Real-life experience leads to success

Simulating security events in a manner that's as close to real life as possible helps SOC analysts make smarter, more informed decisions – regardless of whether they have been on the job for two months or ten years. Effective simulation training addresses and greatly improves:

1. Teamwork and response coordination

With simulation training, analysts learn to interact and come together as a team. A safe, hands-on environment gives all participants a chance to learn to work together smoothly and coordinate activity in an efficient manner.

2. Training for new recruits

New analysts have a lot to offer: they are often enthusiastic and love to take on new challenges. But regardless of whether they got top grades in school, they don't yet have the skills to perform in the face of a truly urgent situation – a method that generally only comes with time and experience. Simulation puts them in the battle, in a controlled way, so newbies can learn real-world skills without real-life consequences.

3. Veteran employee engagement

Retaining and engaging veteran employees can be a challenge. Simulation training helps keep veteran skills fresh, staying at the forefront of new tech and tools, while giving meaning to typically monotonous routines. The mentoring factor also allows veteran security team members to interact with newer, less experienced analysts, letting them share valued expertise and see they aren't shouldering the burden alone.

4. Tactical performance in real-life situations:

The ever-changing enemy that organizations face today requires a new kind of training, one that:

•             Adapts to fast-changing attack techniques and scenarios;

•             Can be customized to reflect the battles your team will encounter;

•             Uses the exact same tool set as your team uses;

•             Tailored to the specific needs of your organizational niche; and

•             Faces the same set of challenges your team will face.

They say that practice makes perfect, but practice makes security analysts "battle ready." There’s no substitute for experience, but career experience shouldn’t rely on years spent grinding away, waiting for the big one to hit. Cultivating security experience through a framework of simulation training creates an army of cyber warriors who possess the skills, grit and passion needed to support their organizations and face today's threats.

What’s hot on Infosecurity Magazine?