There’s never a dull moment at work for Circadence Software Engineer Raeschel Reed. Between learning ways to use new technology, improving coding techniques, and operationalizing cyber innovations, Raeschel is a critical part to the success of the company’s product suite.
She currently works on Orion, a curriculum development application that allows learning coordinators or security managers to customize cyber training exercises based on specific needs. Raeschel has been a part of the Orion development team for over nine months, working on the back-end operations to create the logic behind the functionality. The best part about working on this product is the level of collaboration Raeschel gets to experience.
“We do a lot of pair-programming on Orion, where we work in groups of two or three to move tasks along quickly. Everyone has good ideas to share and suggestions that build on one another and it helps expediate the problem-solving aspect of software engineering,” she said.
Prior to joining Circadence, she served as a senior software developer supporting the Naval Integrated Tactical Environmental System Next Generation and before that, at the Battelle Memorial Institute supporting various government contracts for the Department of Defense and Homeland Security. Those experiences helped her learn critical technical skills and computer languages that diversified her understanding of programming and software development. She’s also an alumnus of George Mason University (master’s degree in Computer Science) and Mary Washington College (bachelor’s in Computer Science).
For Raeschel, the process of working with and applying a new tech stack like Kubernetes, back-end tools like Golang (an open-source programming language), and working in Azure, keep the act of software development truly unique and on the cutting-edge of innovation.
While unique hobbies like soccer, sewing and improv feed her need to try new things, it is the tech industry she keeps returning to for career fulfillment.
“Tech stuff I keep coming back to,” she said. “I have a growth mindset where I want to keep learning new things and trying new things and the field of cyber allows me to do that.”
And if that wasn’t enough for Raeschel to feel inspired and innovative at Circadence, the team she works with is second to none in her eyes.
“Team Orion is the BEST!” she exclaimed. “I feel very fortunate to be here and to have found ‘my people.’ Mondays never feel like Mondays.”
Happy National Cyber Security Awareness Month! We all know that cyber security isn’t just a month-long focus area for businesses and individuals—but this month, we are grateful for the collaborative effort between government entity Department of Homeland Security and the National Cyber Security Alliance that together, place a lens on cyber (as an industry, strategy, and operation). It reminds us that the industry is persistent and impacts us all, and is not siloed into a single time span, or targeted to a specific industry or person. We know this because of data cyberattacks on businesses occurring every day, the continual discussion about the cyber talent “gap” and lack of holistically-trained workforce, and because of the ineffectiveness of passive-learning training models many professionals are exposed to today. Nevertheless, as the world draws its attention around cyber in October and the industry evolves to better serve today’s professionals and businesses, we wanted to communicate the critical idea that cyber really IS for all as we strive to make cyber awareness learning accessible, intentional, and effective.
Making cyber learning accessible
We believe there are three ways to make cyber learning more accessible: providing a comprehensive learning curriculum, making it available via a browser, and using gamification as a tool for ingesting and retaining new information.
Before we dive into each of those areas, let’s get more context about the concept of cyber learning itself. For a long time, cyber security has been thought of as a technical career and while there is a great deal of technical prowess that goes into the day-to-day tasks of a cyber pro, the idea of cyber security being an “anyone can do it” profession hasn’t popularized – and rightly so.
With roots in the military and government (cyber range training), learning cyber security has been a structured, systematic, and data-driven process typically executed in a passive learning setting where students watch or listen and then take a test at the end of the lesson. There is minimal opportunity for hands-on practice in safe and secure environments, making cyber security learning and awareness of its purpose, value, and function a little more ethereal than we in the industry would like.
Comprehensive Learning Curriculum
One way to ensure “cyber for all” (our rally cry this year), is to make cyber training more readily available to reach today’s learner (the next generation of cyber pros) while injecting a touch of personal accountability toward the concept. This should include a learning curriculum that addresses:
– General awareness topics: These are topics that are broadly applicable to all employees of an organization and ones they should know regardless of IT level or expertise. Cyber security awareness topics at this level might include phishing, malware, social engineering, identity theft, removable media security, insider threats, social media vulnerabilities, etc.
– Industry-focused topics: relevant cyber security issues segmented by industry where security is a priority, especially highly regulated sectors like healthcare, government and industry, finance, election security, manufacturing, electricity, etc.
– Executive level topics: more functional/business topic areas where corporate leaders and other high-risk personnel and privilege users are impacted. Cyber security awareness topics at this level might include support/maintenance, consulting, managed services, legislation, risk assessment, etc.
By offering pathways upon which interested cyber enthusiasts or seasoned pros can “walk along,” it gives learners an idea as to how to develop their knowledge and skills. Further, cyber learning and awareness becomes more accessible because there is a route—or cyber learning journey—for everyone to choose.
The other component to ensure learning cyber awareness is accessible is by making the act of learning available to virtually anyone—via a browser. Online trainings today are quite popular for cyber enthusiasts and pros in training who want to hone their skills—and the idea of being able to access a cyber security course or activity online without having to leave the office or home is not only convenient but preferred these days. Some companies (like ours) are taking cyber training a step further by placing it in the cloud (Microsoft Azure) so learning can be scalable, more collaborative, and more customizable to learner needs.
Gamified Cyber Learning
Finally, cyber awareness learning can be attained by making learning fun. We do this with elements of gamification, which engage and inspire learners to train in environments that are not only realistic but also supported by a compelling narrative that invites players to progress through activities. Components like leaderboards, points, badges, and team-based collaboration allow learners to build a sense of “healthy competition” while learning and building skills and cyber competencies. Circadence offers learners of all skill levels various game-based activities from foundational concept learning in games like RegExile to application and analysis in Project Ares’ battle rooms and missions.
One student who played our RegExile cyber learning game in his cyber security course at CU Boulder said:
“I played the RegExile game today and I have to say I have hated regex till now, but when I learned it through the game, I actually liked it. It was really fun. I liked the concept of how a false sense of impending danger from the robots can make you think better and learn more. I was typing out my regex and actually thinking quite hard on how it could work and what I could do to make sure it was right as I did not want to lose the shield. I learned more through this game on regex than what I had in my undergrad class.” ~ Student at CU Boulder Cyber Security Course
Make Cyber Learning Intentional
Cyber learning has to be intentional. In order for students and existing cyber pros to get the most out of their training, they need a curriculum path that is not only diverse (based on skill needs), but also one that addresses all phases of learning: knowledge, comprehension, application/analysis, and synthesis/evaluation.
Can we insert an image that illustrates the “learning phases” of knowledge, comprehension, application/analysis, and synthesis/evaluation?
After understanding what cyber concepts are and how they impact our professional and personal lives (knowledge and comprehension), a learner needs to be able to build their cyber literacy and knowledge “essentials” by developing baseline cyber skills (application/analysis). Then, they can apply those skills in objective-based activities that synthesize concepts (evaluation).
“I personally found Project Ares to be a great learning experience and thought the mission environment was seamless.” ~ Chris N. UNCW Cyber Security Operations Club
Making Cyber Learning Effective
For IT Security Specialists and professionals, cyber learners can advance their competencies via recurring role-based trainingcombined with continuing education and real-world experience trainings. Cyber learning needs to be rooted in best practice, industry-defined frameworks and there’s no better model to follow than the framework set forth by the NIST/NICE organization.
By aligning learning curriculum against work roles, learning concepts and skills inherently becomes more effective because it is RELEVANT for people. They learn concepts, how to apply them and can draw connections to how those concepts apply to their own jobs or jobs they aspire to. Further, the learning permeates into individual’s personal lives as well, enhancing cybersecurity at home.
We have built-in five NIST/NICE work roles that are present in Project Ares for trainees to work toward including:
– Cyber Defense Infrastructure Support Specialist
– Information Systems Security Manager
– Threat Warning Analyst
– Systems Security Analyst
– Cyber Defense Analyst
Intentional cyber learning following this framework focuses on a particular technical topic, such as Incident and Event Management, Identification of Privilege Escalation Techniques, or Elections and Voting Security. This type of work role specification helps make learning cyber a reality.
Summing it up
While there’s no switch to turn on every part of this “cyber for all” plan, we hope it helps shed light on ways security leaders and HR directors can begin to cultivate an inclusive cyber culture in their own workplace, among their own teams. As we celebrate National Cyber Security Awareness Month (NCSAM 2019), it’s important for us to resurface conversations around what it means to actually be aware and how we can manifest that meaning into something that really makes an impact on business’ security posture. We hope this post is one inspiration to start initiating those conversations around shared responsibility to ensure all Americans stay safe.
What is immersive, gamified cybersecurity learning? The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit the mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited. The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But gamification is more than a buzz word. Companies have seen gamification work for them in cyber team training—so we thought it wise to take what is working and apply it at the earlier stages of career development—in the classroom.
At Divergence Academy, we are proud to offer a curriculum that embraces blended cyber learning to cultivate students and transitioning professionals who are ready to enter the workforce and stop today’s cyber threats.
We offer data science, cybersecurity, and cloud computing immersive learning programs that enable students to gain the knowledge and skills needed to work in any of those fields. Many of our courses offer a mix of concept-driven learning and application-driven learning so that students understand new knowledge and, in turn, apply that knowledge in skill building, project-based activities. Through working with messy, real-world data and scenarios, students gain experience across the entire technology spectrum.
Studies find when learners engage in active learning, hands-on activities, their information retention rates increase from 5% (with traditional, lecture-based methods) to 75%. The millennial generation presents radically different learning preferences than previous generations. Thus, educational institutions across the country should consider gamification as a pedagogical technique in the classroom. A study from the University of Limerick notes:
Gamified learning activities could become an integral part of flipped teaching environments. Their social, asynchronous nature can be used to prompt students to engage with pre-prepared content, while gamified learning activities can be used in the classroom to prompt student interaction and participation.
In watching our students engage with gamified activities, we see team-building blossom before our eyes. We see instant collaboration and problem-solving and critical thinking emerge. Those kinds of soft skills can’t always be taught in a traditional lecture-based setting and because of that, it is critical that we continue to offer a healthy mix of concept-driven learning with gamified learning opportunities to our students so that they can enter the workforce with a more holistic understanding of the industry.
Cybersecurity has become a captivating and engaging subject matter for students, which is fantastic as those words aren’t typically associated with the technical field.
“Wow, today we were introduced to Project Ares. Captivating is the best description I can think of. It is like ‘Call of Duty’ for cybersecurity.”
~ Divergence Academy Student, 24 years old
Fellow professors and instructors are looking for ways to make cybersecurity more interesting and attractive to students and we believe at Divergence, the gamified learning approach can help. It is an approachable way for students to engage with a field they may be completely unfamiliar with and it supports instructors by offering a course that students WANT to take.
“We notice an increase in student engagement in the classroom with the introduction of Project Ares. Gamification brings an element of intrigue and satisfaction to the learning experience.”
~ Beth Lahaie, Program Director
We hope our adoption and proven success of a blended learning approach is the nudge other institutions around the globe need to consider its power in building the next generation of cybersecurity professionals.