Despite a skills shortage in the cybersecurity industry, simply having a college degree is no longer enough. It’s still a competitive industry and employers are looking for candidates that are well qualified. Students need an educational program that prepares them for real-world cybersecurity and a successful career path. Unfortunately, traditional training methods just might not make the grade any longer.
So, how do educators provide students with a solid cybersecurity foundation and set them up for success in the real world?
Provide Practical, Hands-On Labs and Exams
The famous U.S. Army General George S. Patton said, “You fight like you train.” Meaning, when the time comes for a real-life battle, you will react in the same way you have trained for such a situation. The same holds true for cybersecurity and the comparison is rather accurate considering the adversarial nature of cybersecurity. When future cybersecurity professionals are asked to perform cyber defense tasks against a real-world cyber attacker, or even participate in a red team exercise, simply understanding concepts via lectures and written exams will not provide them with the skills they will require to succeed. It is too much to ask graduates as well as employers to supplement formal education with additional on-the-job training (OJT) before being ready to handle their professional tasks. Using practical, hands-on labs and exams that simulate the real-world skills and tasks they will be asked to perform is the most effective way to set students up for success.
There are a variety of solutions for providing practical, hands-on labs and exams that range from creating “in-house” labs using the same devices and software the students will be exposed to throughout their career to online cyber range training and capture the flag (CTF) competitions.
Use Immersive Cybersecurity Simulations
Continuing with the concept of “you will fight like you train,” let’s discuss immersive simulations. In addition to providing students with practical, hands-on labs, doing so in an immersive environment will increase the effectiveness of the training. What do I mean by immersive? Rather than just lab exercises where the students perform skill related tasks, make sure the technical environment is as close to real-life as possible. Use storylines that simulate real-world scenarios and in situations where there would be an active incident or adversary, introduce such elements in the storyline and scenarios.
Online cyber ranges have become a very popular training option due to the realism they can provide at an affordable cost. Immersive scenarios and story driven training is still an emerging trend, but it is growing quickly. Many online cyber ranges and CTFs are beginning to include story driven content into their training and competitions. Even if you choose to build your own cyber range, consider story driven content and scenarios to enhance the immersion.
Use Active Adversaries
Cybersecurity isn’t one sided and it’s not “set it and forget it.” To make scenarios and simulations as immersive as possible, they need to include an active adversary that is constantly trying to outwit and out maneuver the student and counter their every move, just as a real-life adversary would. However, providing this aspect to cybersecurity training has historically been proven to be a challenge. Traditionally, training providers have used red team versus blue team training where one team plays the part of the cyber defenders, and another team plays the part of the “hackers”, or adversary. The benefit is that this format simulates real-world cybersecurity scenarios very well. The downside is that it requires significant technical and logistical planning and playing the part of the red team requires existing red team skills. Limited access has a negative impact on frequency of repetition. The more repetition a student has to any given skill, the more likely they will be to learn and retain those skills.
Red team versus blue team training is often more accessible for colleges and universities than it is for most professional training due to the availability of red team curriculums and the number of students learning those skills. Unfortunately, most online cyber range and CTF products on the market today do not offer active adversary simulation. The emergence of game-based simulation solutions, however, could make active adversary simulation more accessible, and have a major impact on the way cybersecurity training is offered.
Use Gamification and Game-Based Cybersecurity Simulation Training
Gamification has been an emerging trend throughout many education verticals for quite a while now, due to its ability to motivate students with features such as points, badges, leaderboards, and competitions. Cybersecurity is no exception. Game-based simulation takes gamification to the next level by using the functional simulations in a gamified manner. Instead of just getting points, badges, and leaderboard rank for going through course material and taking quizzes, game-based simulation allows students to play an interactive game where they use the actual skills they would in real life. Story driven content, another common element with gaming and game-based training, also makes the experience more immersive, engaging, and entertaining. Cybersecurity CTFs and story driven cyber range training are basic examples of game-based simulation training. I say “basic example” because CTFs and cyber ranges combine gamification elements with existing simulation environments.
The real value of game-based simulation shines through when the simulations are built using a gaming engine. This can preserve the realism of the original simulation while also leveraging much more powerful gaming features rather than just adding game-like features such as with gamification. These features include automated storylines, scenarios, and… computer opponents, a.k.a. active adversary. In general, gaming engines provide the ability to increase the depth and immersion of the simulation, and the ability to automate an adversary with a computer opponent makes active adversary simulation much more accessible. This means that students can train against an adversary much more frequently than they could when having to wait for a human-based red team to be available, and truly preparing them to “fight like they train.” Remember, repetition is key and the more frequent the better.
Game-based simulation using gaming engines and computer opponents is on the bleeding edge of cybersecurity education and training, and still very rare to find. But look for this technology to expand as an emerging market very soon.
As the cybersecurity industry becomes more competitive, students need cybersecurity education programs that prepare them with real-world skills before they enter the workforce. Traditional training methods such as lectures, written exams, and simple labs do not provide these crucial hands-on, practical skills. Fortunately, an extremely effective solution can be found by leveraging the power of game-based simulation for hands-on education, labs, and practical exams. It provides students with valuable practical, hands-on skills training and the experience they need to successfully enter the cybersecurity workforce. Additionally, using active adversary simulation training prepares students to respond to real-world adversaries and incidents, making them ready to “fight like they train.”
Game-Based Cybersecurity Training Case Studies
The University of Houston – https://threatgen.com/a-game-to-the-rescue/
Seminole State College of Florida – https://threatgen.com/seminole-state-college-adopts-threatgen-red-vs-blue-gamification/
About ThreatGEN® Red vs. Blue
Founded in 2017, ThreatGEN is “bridging the cybersecurity skills gap” with the ThreatGEN® Red vs. Blue Cybersecurity Gamification Platform. ThreatGEN’s founders and staff have decades of experience in real-world cybersecurity as well as course creation and delivery. The ThreatGEN® Red vs. Blue Cybersecurity Gamification Platform combines this experience with game-based learning and our Active Adversary Simulation™ technology to provide the most advanced cybersecurity training solution on the market.
For more information, visit our company website at https://ThreatGEN.com, follow us on LinkedIn at https://www.linkedin.com/company/threatgenvr/, or follow us on Twitter: @ThreatGEN_RvB.
For further sales information, send an e-mail to firstname.lastname@example.org.
Derezzed Inc. D/B/A ThreatGEN
+1 (833) 339-6753