Cyber Security -The Value and Need for Practical Training
July 7, 2023
Whenever we are trying to master a new skill, we have all heard about the importance of practise.
The associated attention, rehearsal and repetition leads to the acquisition of new knowledge or skills that can later be developed into more complex skillsets. This sentiment has been seen throughout history, where some of the world’s most masterful people have shared a similar philosophy that is still true today:
- Bruce Lee - “Practice makes perfect. After a long time of practising, our work will become natural, skillfull, swift and steady”
- Abraham Lincoln - “Give me six hours to chop down a tree and I will spend the first four sharpening the axe.”
- Japanese Proverb – “Tomorrow’s battle is won during todays practice”
- Vincent Van Gough – “As practise makes perfect, I cannot but make progress, each drawing one makes, each study one paints is a step forward”
- Marshawn Lynch - “When you get to practice against the best, it brings the best out of you.”
- Martha Graham – “Practice means to perform, over and over again in the face of all obstacles, some act of vision, of faith, of desire. Practice is a means of inviting the perfection desired”
- Unknown - “Don’t practise until you get it right, practice until you can’t get it wrong”
Others might disagree slightly:
- Vince Lombardi – “Practise does not make perfect. Only perfect practise makes perfect”
So, the message is clear, to master a skill, we need to practise but we need to practise against the best and in the best most realistic possible environment. In terms of cybersecurity, as the cyber threat environment grows more intense, cyber defence groups require more and more skilled professionals to help with the onslaught of cyberattacks. However, they are finding it increasingly difficult to recruit and hire trained security professionals as having a degree in cybersecurity is usually not enough to give an individual the skills required for mitigating sophisticated attacks. For Cyber Security professionals, the required practise involves realistic breach scenarios or cyberattacks. These breaches or cyberattacks are any attempt to gain unauthorized access to a computer, computing system or computer network with the intent to cause damage. The aim to disable, disrupt, destroy or control computer systems or to alter, block, delete, manipulate or steal the data held within these systems. Day-to-day work in cybersecurity offers few opportunities for such training on the job, resulting in the required practise being an extremely difficult thing to achieve. When you think about it, cyberattacks are seemingly in the news every day, which seems to contradict my previous statement. However, the results of a cyberattack can range from causing inconvenience to dire consequences. A cyberattack on critical infrastructure and/or healthcare sectors don't just affect data or computer systems, they can wreak havoc in the physical world. This was seen all too well in Ireland in the not so distant past. So, cyberattacks are prevalent but the consequences mean we aim to prevent as many breaches as possible and reduce the impact, contain and eradicate any attack that exploits a system. There lies the problem, cyber security professionals require realistic breach scenarios and cyberattacks to train and become sufficiently skilled but cyber professionals are consistently working hard to prevent such attacks in the real-world. So the question is, “how do we train cyber security professionals to deal with the challenging ever-changing cyber environment?”. The answer is a Cyber Range!
A Cyber Range provides a secure, sandboxed virtual interactive training environment that can simulate real-world feel scenarios and environments, including complex IT environments and attacks on IT infrastructure, networks, software platforms and applications. As a result, a cyber range infrastructure provides the required training and practise elements of realistic breach scenarios and cyberattacks. A Cyber Range enables students to practice newly acquired cybersecurity knowledge and develop that knowledge into real-world applicable skills by handling specific real-world scenarios, including the latest threats. The Cyber Range enables the leaner to experience real-world threats in a virtual environment, where the experiments are controlled, meaning students can safety make mistakes, learn, repeat and learn again. As we know, there is real value in making mistakes, which under normal circumstances in cyber security could have drastic consequence, but in the cyber range, learners can gain the valuable knowledge from their mistakes. By learning from mistakes, the learner can get to know what works and what doesn't for each attack scenario. Without mistakes, we lose countless opportunities to gain valuable knowledge and learn lessons, which is yet another valuable advantage of using a cyber range. As a result, with each repetition, the learner can deepen their knowledge, add more tools to their toolbox and increase their skillset.
Using this safe training environment and the most up to date attacks (and traditional cyber-attacks) learners can determine and experience the parameters associated with different attacks, learn how to recognize and handle threats and importantly, repeat the process for that all important practise. Learners can be put into simulated attack situations and develop skills to react effectively to a breach or cyberattack. Additionally, the cyber range offers the ability to assess the effectiveness of defence procedures/strategies and to test new technologies before deploying them. In essence, a cyber range enables the learner to become skilled across cyber security areas including infrastructure setup and security hardening, cyber security incident response, digital forensic investigation, application security, attack detection, cyberattacks and cyber defence. From a research perspective, a cyber range allows researcher so understand new and existing threats and to develop novel methods of detection, containment and eradication.
Cyber Skills benefits from the first of its kind world-class cloud-based next-generation Cyber Range where students train with real tools, real attacks, and real scenarios. This cloud based Cyber Range is used as the basis for Cyber Skills’ labs, assignments, lecture demonstrations and practice environments. These elements are used to reinforce the content from the lectures so students can practice and learn how to detect and mitigate cyber-attacks using similar equipment and tools they will have on the job. A full range of scenarios will provide the opportunity to test the vast array of techniques required to keep ahead in this challenging ever-changing environment.
Cyber Skills also offers a world-class mobile Cyber Range which is an integration and simulation platform for IT/OT systems. The mobile Cyber Range can build complex virtual and physical systems, replicate activities representative of typical organization operations, simulate realistic scenarios including real cyber-attacks and can interface with external equipment to develop hybrid models. The mobile unit has the ability to test real-world systems as one of its multiple use cases which also includes pre-production tests, operational qualification, training and exercises, including capture the flag events. The cloud based cyber range provides learners with the ability to learn skills, interact with tools, develop their own “cybersecurity toolbox”, develop defence strategies and experience the characteristics of a real-world attack situations. The mobile unit builds on this knowledge/skillset/toolbox by enabling the learner to test what they have learned on a real-world infrastructure. These two Cyber Ranges make the cyber security training and upskilling at Cyber Skills a truly holistic approach, where students are trained in realistic scenarios using real tools on real attacks.
At Cyber Skills we have several Cyber Security courses to help you up-skill flexibly, at your own pace and at Industry standard, where each one takes advantage of the Cyber Range to enable students to get real-world practical training.
As practise really does make perfect, Cyber Skills offer the best possible Cyber Security training environment where students can test themselves against the latest and most advanced cyber threats. So in the words of the great Michael Jordan, "Practice like you've never won, play like you've never lost!".
See Cyber Skills Pathways HERE