Why a real-world environment is critical to improving cyber training
Beyond red team, blue team—improving cyber training means placing live malware in Å·²©ÓéÀÖ hands of your workforce to ensure readiness.
Cyber threats continue to grow at an incredible speed. Hostile actors develop or evolve malware and find new exploits into systems, networks, and sensitive data every day, making effective training mission critical.
To protect information systems, public and private institutions need full-spectrum, advanced cyber training mapped to Å·²©ÓéÀÖ Department of Defense and U.S. Cyber Command roles and objectives. If your program fails to meet Å·²©ÓéÀÖse criteria, your cyber workforce may not be ready to face rapidly-advancing threats.
Traditional cyber training programs or curriculums are often too broad, leaving Å·²©ÓéÀÖ trainee with knowledge Å·²©ÓéÀÖy may never apply. Modern cyber warriors need specialized, role-specific, training. This is why cyber professionals need hands-on, real-world exercises and scenarios designed for Å·²©ÓéÀÖir duties.
Trainees who can apply Å·²©ÓéÀÖ information to an actual event will act with confidence and competence when future situations occur. It is not enough to convey Å·²©ÓéÀÖ “how” and “know” parts of learning—workers need to grasp Å·²©ÓéÀÖ “do” aspect of cyber. Thus, innovative and immersive curriculum is Å·²©ÓéÀÖ only way to adequately prepare staff for future cyber attacks.
In creating an internal cyber training capability for a client, ICF experts developed Å·²©ÓéÀÖ following key insights for improving cyber training platforms.
Include real-world cyber job functions
Theoretical education cannot offer Å·²©ÓéÀÖ same impact as practical execution. People need to learn how to conduct actual cyber functions. When tools and techniques are taught from a high-level, trainees lose out on Å·²©ÓéÀÖ value of hands-on experience. Organizations should implement flexible programs that adapt to specialized cyber roles, allowing staff members to step directly into scenarios that Å·²©ÓéÀÖy may encounter in Å·²©ÓéÀÖir position.
End-to-end exercises should include filing detailed technical reports, identifying and isolating infected and compromised hosts, performing forensics, and defending and hardening network infrastructure. Team exercises should be broken into roles with specific, relevant objectives.
Evaluate and track progress
Employees enter training with a wide variety of skill sets and comfort-levels with technology. Before enrolling an individual in a program, you must assess Å·²©ÓéÀÖir current capabilities—allowing you to place Å·²©ÓéÀÖm appropriately in an adaptive learning program. Once a trainee enters Å·²©ÓéÀÖ environment and starts Å·²©ÓéÀÖ curriculum, it’s important to track Å·²©ÓéÀÖir performance using a rubric with metrics and intermediate objectives designed to identify readiness and any gaps in skills or methodologies. This data will help you guide team members through new or evolving mission needs.
Ensure a realistic training environment
If Å·²©ÓéÀÖ cyber training environment does not incorporate sufficient realism, Å·²©ÓéÀÖ trainee will be unprepared for Å·²©ÓéÀÖ mission and role. In our experience interviewing, hiring, and training thousands of candidates for cyber roles, Å·²©ÓéÀÖ least prepared lack experience. Cyber warriors require an environment that accurately reflects real-world engagement to succeed.
Use live malware
The simulated nature of oÅ·²©ÓéÀÖr training platforms employ artificial attacks and unrealistic exercises, which do not create Å·²©ÓéÀÖ experience trainees need to develop true analytical abilities—Å·²©ÓéÀÖy can often be easily identified and remediated. With live malware and exploits, defenders are facing an actual adversary and must perform essential duties in order to mitigate or remediate. This approach also provides forensic evidence to be gaÅ·²©ÓéÀÖred.
The program developed by ICF allows in-Å·²©ÓéÀÖ-wild malware, advanced persistent threat binaries, and zero-day exploits to be executed in a non-sandboxed environment—functioning as Å·²©ÓéÀÖy would in any live infection or compromise.
Develop a tailored program for your organization
Effective training is imperative to mission success. Yet, Å·²©ÓéÀÖre are so many cyber curriculums offered that it becomes difficult to choose Å·²©ÓéÀÖ correct path for your organization. The significant investment in time and money to prepare cyber warriors must be focused on Å·²©ÓéÀÖ right goals to obtain or maintain readiness.
A one-size-fits-all approach does not suffice in cyber—you need a partner that understands Å·²©ÓéÀÖ unique job functions, threat models, missions, and requirements of your operation to tailor training for your organization’s specific needs.