Cyber Range - Making it Fun & Valuable
What is a Cyber Range and why is it important?
A cyber range is a simulated environment that is used to train individuals or teams in cybersecurity skills. Cyber ranges can be used to simulate various types of cyber threats and incidents, allowing individuals or teams to practice responding to and mitigating these threats in a controlled environment. Cyber ranges can be physical or virtual and may include a variety of tools and resources such as virtual machines, servers, and networking equipment.
Cyber ranges are often used to train incident response teams, but they can also be used for a variety of other purposes such as testing and evaluating new cybersecurity technologies, developing, and practicing cybersecurity protocols and procedures, and educating individuals about cybersecurity concepts and best practices.
Cyber range training can be a valuable tool for incident response teams as it allows them to practice and improve their skills in a controlled environment. Some specific benefits of cyber range training include:
Overall, cyber range training can help incident response teams become more prepared and effective in their efforts to mitigate the impact of cyber incidents on an organization.
So you say "Scott, it seems like all organizations should have a Cyber Range. Why don't they?" Good question!! Here are the main reasons I hear.
These are all valid and also point to a need for a solution. I have long felt that making Cyber Ranges into games could potentially make them more accessible and engaging for individuals and teams looking to improve their cybersecurity skills. Gamification also makes it easier to track progress and provide a sense of accomplishment as users complete challenges and "level up." Additionally, gamified cyber ranges can be more scalable, allowing more people to access and benefit from the training.
领英推荐
Along with the fun in taking a skill development and making it a game, it is important to ensure that the game-based training is still effective in helping users learn and improve their skills. It is equally important to ensure that the game-based training is realistic and accurately simulates real-world cyber threats and incidents, to provide users with a meaningful learning experience.
I would very much like to hear from you on your thoughts here but before that Id like to share some relative content from a recent meeting I had.
I have worked with clients over the past 3 decades helping them to secure their networks and data. Training has always been there and in most companies is a budgeted item these days. The challenge is content development, keeping it up to date, actionable and most important relevant to your business and environment. Many of you who have known me for a while know that along with leading a cyber security consulting firm, Atlantic Data Security I am also an adviser to several cyber security startups. What you might not know is that I am also a member of ISAN (Israel Security Startup Network). ISAN is run by the Israeli Embassy Economic Mission and Merlin Ventures. ISAN's mission is to help members keep abreast of the latest groundbreaking cybersecurity technologies coming out of Israel. It is through ISAN that I have the great pleasure of sitting down with Yossi Raskas , Director of Business Development and Mark Wellins Director of Customer Success at Cympire an Israel start up founded by Yaniv Schachar and Eran Romano. Their platform combines the gaming aspects along with the scalability to serve many organizations specific requirements both in business practice as well as in technology they are utilizing to protect their data.
During our discussions they reviewed training services that address entry level skill and capacity building to enterprise SOC Team and Executive Management training. The aim here is to increase organizational cyber resilience by continuous training and assessment.
We reviewed how they assist with up-skilling. If you have not heard of the term “up-skilling” you are not alone . Up-skilling is the process of learning new skills or improving existing skills to stay current and competitive in the job market. Up-skilling with in cyber is particularly important as it is a rapidly changing field, new tools and techniques are constantly emerging. It is also useful for an organizations current employee who are looking to move into cyber roles who want to improve or gain cyber skills to increase their job performance and advancement opportunities. It's a lot easier to train and promote from within than hire outside. Their platform conforms to industry frameworks and incorporates many of today’s leading vendor technologies.
Another benefit of the platform is assessing the capabilities and skills of your current team members and the ones you might be interviewing to join the organization. As we discussed earlier hiring and talent acquisition teams are overwhelmed trying to fill cybersecurity open positions. Utilizing Cympire's assessment module allows organizations to assess professional experience and build superior?skills without spending valuable time on written tests or frontal interviews.
The biggest challenge I have seen with these services / platforms is that keeping up with content and making it relevant is costly and is rarely done to success. Cympire has addressed this with a customizable cloud-native Cyber Range for an organization to state and test specific needs that they have as well as provide customized training to their teams.
Their proprietary “Cyber Studio” allows companies to replicate and/or build security networks and architecture, integrate cyber defensive tools, and orchestrate cyberattacks using a unique intuitive drag and drop visual gui that automatically sets up and launches your range in a cloud environment.
I’m extremely grateful for the time with Yossi and Mike and also for the membership I have with ISAN particularly Josh Cohen that allows me to engage early with innovative cyber companies coming to the market. With the service that Cympire is building I could see many applications from vendor evaluations, education (secondary, higher, and corporate), assessments, incident response, cyber insurance evaluations etc. The list is endless. I would be curious to hear your thoughts and responses. What have you seen? What have you been looking for? Where do the need for Cyber Range being the most valuable?
Cybersecurity Crusader??| Breach Battler??| Gulf War Navy Veteran??| Bourbon Drinker??
2 年Fantastic. Making Cyber Ranges easy to access, interesting and fun to do, and effective is a sure fire way to expose more and more people to them.
Changing the future of Employee Experience / Partner Sales Professional / Channel Sales / Relationship builder
2 年Great article and it seems that there is an obvious need for organizations to conduct more Cyber Ranges. It seems the Cympire's Platform will alleviate the majority or their reasons for not doing this and provide a very unique experience while doing so.
Sr. Director, Quokka.io
2 年Scott, Well written! You are Spot on. Cyber Ranges can also help with validating skill sets during the hiring process! Cheers!
Sales, Channel Sales, Partnerships, Channel Marketing, Channel Leader
2 年This is great!