Distance Learning and Teaching for Cyber Security Programs

Distance Learning Today

Practically overnight distance learning has become the ‘new norm’ for academic institutions. Educators worldwide are figuring out what Emergency Remote Teaching (ERT) means for their specific courses and subject matter for summer term and likely fall term 2020. And while the immediate remote learning requirements for pandemic mitigation will eventually recede, there is a growing awareness that online and blended learning options in Higher Education curriculum will likely be a strategic part of the post-pandemic norm.

“Every faculty member is going to be delivering education online. Every student is going to be receiving education online. And the resistance to online education is going to go away as a practical matter,” James N. Bradley, chief information officer at Texas Trinity University, wrote in a LinkedIn post.

Job opportunities in the cyber security field

Let’s take a specific look at higher education programs for Information Technology and the related cyber security discipline. For starters, they can’t graduate students fast enough to fill the existing job openings in the cyber security field. Even before the pandemic, there was a well-documented talent gap between the growing number of open cyber security jobs and skilled applicants to fill them. In November 2019, ISC2 calculated that the cyber workforce would need to increase by more than 145% to fill gaps in talent across the U.S.  Cyberseek.org tracks this unique employment landscape and states that “the average cybersecurity role takes 20% longer to fill than other IT jobs in the U.S.” because employers struggle to find workers with cyber security-related skills.

The dynamics of this gap have probably gotten worse. Today’s stay-at-home world has cyber security vulnerability written all over it. Online activities have exploded with remote work access, distance learning, telemedicine, video conferencing, online shopping, gaming, media streaming, and more all happening at once….and creating a world of opportunity for threats to identity, systems and data. And, in the post-pandemic world that we are looking forward to, many of the new and unexpectedly ‘proven’ activities like distance learning and telemedicine will likely stay with us to some extent as part of the ‘new norm’.

The result is that behind the physical coronavirus crises is the shadow of a virtual cyber virus crisis. And it means that cyber security is quickly moving to the frontlines of mission-critical skillsets for healthcare, higher education, retail, and every employer that enabled work-from-home for the safety of their workforce. Now, more than ever, organizations and institutions need to stop thinking in terms of IF they are breached and start planning in terms of WHEN they are breached.

Does that sound ominous? It is! But buried in the dramatic shortage of cyber skills, is opportunity. Opportunity for STEM/IT focused students (high school and collegiate) to specialize in cyber security and find jobs upon graduation. And opportunity for higher education institutions to ramp up their cyber security program enrollment.

  • In March 2019, Cyber Crime Magazine reported that only 3% of U.S. Bachelor’s Degree graduates had a skill set in cyber security.
  • And in another 2019 report, Burning Tree Technologies learned that while federal data showed the number of postsecondary programs in key cyber security areas had increased 33%, the ratio of currently employed cyber security workers to job openings, had hardly budged since 2015. In other words, the pool of available talent has remained proportionally the same.

 

Developing the cyber security skills that employers are desperate for is a multi-faceted challenge. Employers want to bring in new hires who have both a strong foundation in basic security principles and concepts as well as practical job role specific skills like networking protocols, scripting, regular expressions, kill chain and network defense, etc. And maybe most importantly, employers categorize top talent as those applicants with power skills like strategic thinking, problem-solving, teamwork and collaboration.

Distance learning and the IT / cyber security discipline

At Circadence, we specialize in cyber security learning, specifically through an immersive learning platform that provides hands-on experience and strategic thinking activities for students working towards careers in the field of cyber security.

Today’s educators are looking for engaging student activities that teach designated core curriculum topics to meet learning objectives. And, it is equally critical to assess student comprehension of learned material and measure progress to ensure the effectiveness of the curriculum and teaching approach. These challenges can be met head-on with Circadence’s Project Ares in the online classroom. Project Ares is a browser-based learning platform specifically designed for teaching cyber security in a hands-on, applied manner.

It can help transform existing cyber security curriculum to support current distance learning challenges as well as integrate into future course design.

For cyber security instructors:

•     The built-in learning exercises can augment existing syllabi.

•     Anytime access enables flexible asynchronous delivery to support current circumstances for instructors and students.

•     Self-directed student learning opportunities are supported through hints, Q&A chat bot, and session playback and review.

•     Optional live observation or interaction within the exercises supports tutoring as well as assessment.

•     Immersive, gamified environment sustains student engagement with scores and leaderboards to incent practice and improvement.

•     Global chat enables peer-to-peer community and support for students.

Additional Distance Learning & Teaching Resources

As higher education instructors shift to deliver, proctor and advise online, we anticipate teaching strategies continuing to adapt to use new and immersive tools that enable alternative online courses to positively impact student learning now and into the future. Circadence is excited to be a part of this shift in learning and proud to partner with today’s cyber security educators that prepares tomorrow’s much-needed workforce of cyber defenders.

For more information, check out these resources:

•     Microsoft technology helps enable remote classrooms https://www.microsoft.com/en-us/education/remote-learning?&ef_id=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE:G:s&OCID=AID2000043_SEM_6M11V6Kq&utm_source=google&gclid=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE

•     Circadence White Paper Teaching Cyber Security Remotely: Online Learning with Project Ares https://marketing.circadence.com/acton/media/36273/whitepaper-rise-of-distance-e-learning-in-higher-education

•     Project Ares Curriculum Example. Building an Immersive Cyber Curriculum with Project Ares: A use case from a public research institution in the Western U.S. https://marketing.circadence.com/acton/media/36273/immersive-cyber-curriculum-with-project-ares-use-case  

•     Cyberdegrees.org provides a comprehensive directory of colleges and universities offering cyber security degrees, as well as a wealth of information on career paths within the cyber security field, security clearances, the range of professional security certifications available.

If there is one thing that this pandemic has taught us all, is that out of chaos arises opportunity: Opportunity to be better professionals, better neighbors, better defenders, and overall, better people. We hope each of you continues to stay safe and secure during this time.

 

Photo by Avel Chuklanov on Unsplash

Top Tax Season Scams and How to Avoid Them

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

 

  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.

 

  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.

 

  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.

 

  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

Combatting Tax Scams with inCyt

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

Things to do at RSA 2020 

This year’s RSA Conference is sure to be chockfull of exciting innovations, new technology, and swag galore. As much as we love the excitement of being on the expo floor, it’s always a good idea to take time to explore the conference, meet new people, and unwind with a few good colleagues or newfound friendsThis list of networking gatherings and affiliate events will help you make the most out of your RSA experience! 

 

Events through RSA: 

  • 2/25 6:00 pm to 8:00 pmCyBeer Ops Networking Reception – Craft beer tasting event that doubles as a great networking opportunity.
     
  • 2/27 6:00 pm to 9:00 pm: RSAC After Hours – Enjoy food, drinks, and dancing to a live 80’s cover band.
     
  • 2/25 5:00 pm to 7:00 pm: RSAC Women’s Networking Reception – Relaxed networking event celebrating women’s contributions to science and technology.
     
  • 2/24 5:00 pm to 7:00 pm: Welcome Reception – Kick off the conference with drinks and apps while previewing cyber solutions from over 700 exhibitors.
     
  • Multiple dates and times, registration required: RSAC Engagement Zone – Engage, network, and make personal connections with others who share your interests through Braindate, Birds of a Feather, Cooperative Learning roundtables, and more.
     
  • Multiple dates and times: RSAC Sandbox – Show off your cyber skills through hands-on experiences and mingle with peers at this engaging event.
     
  • 2/26 4:30 pm to 6:00 pm: Expo Pub Crawl – Enjoy complimentary beer, wine, and non-alcoholic beverages while visiting sponsor’s booths and learning about their latest innovations to support your business. 

 

Affiliate events: 

  • 2/24 7:00 pm to 10:00 pm: CYBERTACOS at RSAC – Talk over tacos with members of the local cybersecurity and broader IT community.
     
  • 2/24 7:00pm to 10:00 pm: Ignite – With live music, snacks, cocktails, and dancing, this is THE place to be Monday night.
     
  • 2/25 5:00 pm to 9:00 pmOptiv After Party – Thirsty Bear Organic Brewing Company will have great beer on tap while you network the night away. 
  • 2/25 6:00 pm, registration requiredVMware Carbon Black Networking Reception – This exclusive happy hour at the W San Francisco is sure to be the event you need to kick off your RSA experience just right. Register now as space is limited.
     
  • 2/25 6:00 pm to 9:00 pm: Non-Profits on the Loose – Meet and mingle with industry, policy, and government leaders in security and privacy at this soirée.
     
  • 2/26 11:30 am to 1:00 pm: Meet & Greet at RSA Conference 2020  Join the Executive Women’s Forum and meet the most amazing women at the RSA Conference.
     
  • 2/26 5:30 pm to 8:30 pmICMP Networking Social RSA 2020  – Network with members, friends, and guests of the International Consortium of Minority Cybersecurity Professionals.
     
  • 2/26 6:30 pm to 9:30 pmArctic Wolf Happy Hour – Sips and savors at TRES Tequila Lounge and Mexican Kitchen is the perfect mid-week way to unwind.
     

Stay up to date on any additional affiliate events as they get added by checking out this calendar provided by the conference, and be sure to swing by our booth #6480 to see what we’ve been working on and add to your swag collection

To get a sneak peek at our latest cyber training platform, inCyt and be sure to register for our webinar, inCyt: Inside the Human Element of Cyber. We can’t wait to see you at the conference and have some fun! 

Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

Photo by Alexandre Debiève on Unsplash

Photo by Marvin Meyer on Unsplash

Living Our Mission: Building a Roadmap to Bring Product Vision to Reality with Circadence’s Raj Kutty

This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.  

Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.

Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.

“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”

Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.

Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.

“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”

The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.

“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”

Photo by John Lockwood on Unsplash

Photo by Bogdan Karlenko on Unsplash

New Year, New Threats: Top Cyber Threats Anticipated to Hit Big in 2020 for Enterprise Companies

As we enter the New Year, one thing is certain: cyber attacks aren’t going anywhere. Enterprise companies have been tasked with defending their networks from unyielding cyber crooks who want a piece of the pie for themselves. What’s on the horizon for enterprise security threats in 2020? We’ve got a few predictions.

  • DeepFakes

    Deep Fake technology can create fake but incredibly realistic images, text, and videos. Computers can rapidly process numerous facial biometrics, and mathematically build or classify human features, to mimic a person or group of individuals for public manipulation. Bloomberg reports the tech is becoming so sophisticated, detecting a DeepFake video from a real one, is getting harder and harder to differentiate for viewers.

    While the technical benefits are impressive, underlying flaws inherent in all types of Deep Fake models represent a rapidly growing security weakness, which cyber criminals will exploit. It will be critical for businesses to understand the security risks presented by facial recognition and other biometric systems and educate themselves on the risks as well as hardening systems that require/use facial recognition.

  • API and Cloud vulnerabilities 

    An application programming interface (API) is an interface or communication protocol between different parts of a computer program intended to simplify the implementation and maintenance of software. APIs are an essential tool in cloud environments, acting as a service gateway to enable direct and indirect cloud software and infrastructure services to cloud users.

    A recent study showed more than three in four organizations treat API security differently than web app security, indicating API security readiness lags behind other aspects of application security. The study also reported that more than two-thirds of organizations expose APIs to the public to enable partners and external developers to tap into their software platforms and app ecosystems. Threat actors are following the growing number of organizations using API-enabled apps because APIs continue to be an easy – and vulnerable – means to access a treasure trove of sensitive data. Despite the fallout of large-scale breaches and ongoing threats, APIs often still reside outside of the application security infrastructure and are ignored by security processes and teams.

  • 5G Threats

    With the rollout of 5G continuing in 2020, we will see an increase in the volume and speed of data theft. The AT&T Cybersecurity Insights Report: Security at the Speed of 5G, shows that larger enterprises are not prepared for the security implications of 5G. The top cyber security concerns that came back in this report were:

  • Larger attack surface due to the massive increase in connectivity
  • Greater number of devices accessing the network
  • The extension of security policies
  • Authentication of a larger number and wider variety of devices.

As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats.

  • Ransomware attacks evolve

    Ah, ransomware, seemingly every hacker’s favorite extortion tool. According to McAfee Labs 2020 Threat Prediction Report, the increase of targeted ransomware has created a growing demand for compromised company networks. This demand is met by criminals who specialize in penetrating company networks and sell complete network access in one go.

“I expect that the ransomware used will continue to become more advanced. I am concerned that some threats have just become more stealthy, or are working toward that, and that readily available ransomware will enable even novice criminals to maintain stealth. Organizations are spending more resources to defend against ransomware, which might drive out a few of the lesser players, but any organization with resources will still see ransomware attacks happen as a fast and easy way for financial gain, so hackers will continue to pursue advancements.” ~ Karl Gosset, VP of Content Development at Circadence

It’s clear that the threat landscape will continue to grow and become more sophisticated in the coming year, which means it’s time for businesses to step up their security game.

Circadence believes that the best way to do this is through cyber learning games themselves! Our flagship product, Project Ares, delivers real-world attack scenarios in a safe, online range environment and allows users to practice and hone their cyber skills through the use of games. With missions specific to enterprise threats, such as Operation Crimson Wolf and Operation Desert Whale, Project Ares will ready your organization for any looming threats like these. By using a gamified cyber learning platform like this for your security teams in 2020, you can readily pop some champagne and dance the night away, knowing your enterprise is better protected in the new year.

Photo by Robynne Hu on Unsplash

Photo by Bud Helisson on Unsplash

Living our Mission: Project Ares Takes Full Flight with Cloud-Native Architecture

According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure.  This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.

This transition to cloud infrastructure will yield immediate impacts to our current customers.

  • Increased speeds to launch cyber learning battle rooms and missions
  • Greater ability to onboard more trainees to the system from virtually any location
  • More access to cyber training content that suits their security needs and professional development interests

Proven success at Microsoft Ignite

At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform.  Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack.  The new version of Project Ares sustained weeklong intensive usage while delivering on performance. 

So what’s new in the new and improved Project Ares?

Curriculum Access Controls for Tailored Cyber Learning

One of the biggest enhancements for Project Ares clients is that they can now control permissions for  training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.

Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:

  • Cyber skill-building exercises and complex missions within Project Ares for cyber professionals
  • Cyber foundation learning with Cyber Essentials tools for the IT team
  • Security awareness training with inCyt for general staff

Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.

“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.

Greater Scalability and Performance in Cyber Training

With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform.  The combination of  content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size.  Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.

Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.

“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence

The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.

Other performance improvements made to this version of Project Ares include:

  • Quicker download speeds of cyber exercises
  • Use of less memory on user’s computers, and resulting longer battery life for users, thanks to lower CPU utilization.
  • These behind-the-scenes improvements mean that training can happen quicker and learning, faster.

New Cyber Training Content

One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.

  • Mission 15, Operation Raging Mammoth, showcases how to protect against an Election attack
  • Battle Rooms 19 and 20 feature Splunk Enterprise installation, configuration, and fundamentals
  • Battle Room 21 teaches Powershell cmdlet (pronounced command-lets) basics

Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election.  In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.

Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.

Battle Room 21 teaches cmdlet lightweight commands used in PowerShell.  PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier.

Embracing Cloud Capabilities for Continual Cyber Training

Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.

As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.

Living our Mission Blog Series: How Tony Hammerling, Curriculum Developer, Orchestrates a Symphony of Cyber Learning at Circadence

Circadence’s Curriculum Developer Tony Hammerling wasn’t always interested in a career in cyber—but he was certainly made for it. In fact, he initially wanted to be a musician! While his musical talents didn’t pan out for him early in his career, he quickly learned how to create unique harmonies using computers instead of instruments…After joining the Navy in 1995 as a Cryptologist and Morse Code operator, he transitioned to a Cryptologic Technician Networks professional where he performed network analysis and social network/persona analysis. It was there he learned more offensive and defensive strategies pertinent to cyber security and was introduced to network types and communication patterns. He moved to Maryland to do offensive analysis and then retired in Pensacola, Florida. The world of cyber grew on Tony and he enjoyed the digital accompaniment of the work it offered.

For the last few years, now settled in Pensacola, Florida, Tony is a critical part of Circadence’s Curriculum Team, working alongside colleagues to develop learning objectives and routes for players using platforms like inCyt, Project Ares, and other cyber games like NexAgent, Circadence’s immersive network exploration game. Currently, Tony and his team are focused on building out learning of network essentials in NexAgent, and “…are bridging the gap between what new IT professional’s learn in NexAgent and getting them onto more advanced learning pathways in Project Ares,” says Tony.

“We’re starting to introduce new content for [Project Ares] battle rooms so users coming out of NexAgent can have an understanding of the tools and techniques needed for more advanced learning of cyber defense—and actually apply those tools and techniques in realistic scenarios.”

As the technical subject matter expert for cyber curriculum, Tony digs into the details with his work—and that’s where he shines. Tony and his team ensure that user learning is reflective of today’s cyber attacks and vulnerabilities. In the next iteration of NexAgent, users will be able to focus on network segmentation using election security as the theme for game-play. From separating election polling servers to working with registration databases to designing networks to prevent election fraud, learning becomes much more interesting for the end-user.

The most exciting part about Tony’s job is the diversity of material he gets to work on every day. One day he could be helping end-users of Project Ares identify fraudulent IP addresses in a battle room and another day he could be working on a full-scale technical design of a SCADA system modeled after a cyber incident at a Ukrainian power plant.

By understanding corporate demands for new content, Tony and his team have more direction to build out cyber learning curriculum that aligns to customer’s needs. He believes the technical training he’s able to support with learning material in Circadence’s platforms complements traditional cyber learning paths like obtaining certifications and attending off-site classes. The variety of learning options for users of all cyber ability levels (both technical and non-technical), gives professionals the opportunity to be more thoughtful in their day-to-day lives, more critical and discerning of vulnerabilities and systems, and more creative in how they address threats.

“Knowing that people are able to come into a Circadence product and learn something that they didn’t know before or refine specific knowledge into an application/skill-based path is exciting. I don’t think too much of the greater impact my work provides—but perhaps 10 years down the line when we can say ‘we were the first to gamify and scale cyber training,’ it will mean so much more.”

We are grateful for the unique talents Tony brings to the Circadence family of products and how he’s able to craft learning “chords” that when orchestrated, provide a symphonic concerto of cyber learning activity—empowering cyber professionals across the globe with relevant, persistent, and scalable cyber training options to suit their security needs.

Photo by Marius Masalar on Unsplash

Photo by Alphacolor on Unsplash

 

Will Artificial Intelligence Replace Cyber Security Jobs?

The cyber security workforce gap continues to grow, and the availability of qualified cyber professionals is predicted to decrease in the coming years. In fact, a Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million in the cyber workforce by 2022. Some resources even claim upwards of a 3.5 million worker shortfall within the next two years. While this can feel like impending doom and gloom for the industry, AI, or artificial intelligence, can help to quell the concerns while empowering existing cyber workers.

While many other industries have seen robotic systems replacing the need for human workers, this doesn’t appear to be the case in cyber security. Humans are able to accomplish more when supported by the right set of tools. Allowing AI to support and react to human behavior allows cyber professionals to focus on critical tasks, utilize their expertise to analyze potential threats, and to make informed decisions when rectifying a breach. Autonomous cyber security doesn’t mean cyber security without humans.

AI can do the legwork of processing and analyzing data in order to help inform human decision making. If we were to rely completely on AI to manage security risks, it could lead to more vulnerabilities because such systems have high risks for things like program biases, exploitation, and yielding false data. Nevertheless, if utilize and deployed correctly for cyber teams, AI has the ability to automate routine tasks for processionals and augment their responsibilities to lighten the workload.

Learn more about AI’s role in cyber security professional training in our on-demand webinar!

So, is AI going to take over the jobs of seasoned cyber pros? The answer is no; however, AI will drastically change the kinds of work cyber engineers are doing. In order for IT teams to successfully implement AI technologies, they will need a new category of experts to train the AI technology, run it, and analyze the results. While AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insights or understanding of the field. There are some data points that require a level of interpretation that even computers and algorithms can’t quite support yet.

AI can help to fill the workforce gap in the cyber security sector, although it may create a need for new skillsets to be learned by humans in the industry. AI and the human workforce are not in conflict with one another in this field, in fact, they complement each other. The future is bright for AI and humans to work in tandem at the front lines of cyber defense.

For more information, check out our white paper on AI and gamification!

 

DOWNLOAD WHITEPAPER

Photo by

Christian Wiediger on Unsplash
Photo by Mimi Thian on Unsplash

 

Why Cybersecurity is Important for Higher Education Institutions

It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cyber Security Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cyber security safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.

This industry faces some unique cyber security challenges:

  • Historically, this industry is based on the free exchange of information, i.e the philosophy that information should be readily available to all. The use of computers and internet in education has allowed information to be stored and accessed in many different ways, creating vulnerabilities in storage, network security, and user error which leaves systems susceptible to hacks.
  • Students and staff may have limited technical skills and prowess to know how to stay safe online.
  • Online education systems are highly distributed across multiple schools in a district or across state lines, making it easier to infect one system to gain access to all.
  • Computer systems used by schools often lack a single application, or “source of truth” to safely manage student and employee identities.
  • There’s a significant change in the user population every year due to students graduating and new students enrolling, making it difficult to track who is using certain resources and who has access to them.
  • Remote access is often required, with students and parents accessing systems from home computers and smartphones. When you access an online resource repeatedly from potentially vulnerable or unsecure networks, it creates more opportunity for hacks.

So how can educational institutions better protect themselves against looming cyber threats?

  • Shift the focus to prevention instead of mitigation – by making the focus on securing data before an attack happens rather than after, organizations will be better prepared to protect students and staff against a breach.
    • IT directors and security operators within educational institutions would be wise to consider persistent training solutions for their teams to optimize existing cyber skills so they don’t go “stale” after a period of time.
    • Likewise, perform a security audit and work across departments to understand all the digital systems in place (financial, teacher, student portals, etc.) and where vulnerabilities might exist.
    • HR departments of institutions should consider updating or adopting employee security awareness training to ensure every education-employed professional working on a computer understands the basics of cyber security and how to stay safe online.
  • Minimize internal threats – Verizon’s 2019 Data Breach Investigations Report found that nearly 32% of breaches involved phishing and that human error was the causation in 21% of breaches. Proper and continued training and awareness around security issues is key in preventing possible attacks.
  • Make cyber security a priority in IT budgeting – Schools and other educational institutions need to recognize the growing cyber threatscape and prioritize allocating funds to training tools, IT teams, and continued education for internal staff.

Circadence is here to help. Cybersecurity in the education sector is more important than ever, and our immersive, gamified cyber learning platform, Project Ares, can help ensure that your cyber team is ready to defend against malicious attacks. Our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cyber security tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cyber security for the education sector!

If you’re still looking for more information on education and cyber security, check out these handy references:

DOWNLOAD WHITEPAPER

Photo by Vasily Koloda on Unsplash