Living our Mission Blog Series #3: New Learning Curriculum in Project Ares 3.6.4

Reading Time: 3 minutes

We’ve made several new updates to our gamified cyber learning platform Project Ares. We are releasing new battle room and mission cyber security exercises for professionals to continue training and honing skills and competency and have optimized some aspects of performance to make the learning experience smoother.

New Missions and Battle Rooms

To ensure professionals have access to the latest threats to train against, we develop new missions and battle rooms for our users so they can continually learn new cyber security skills, both technical and professional. The following new missions are available to users of the Professional and Enterprise licenses of Project Ares; while the new battle rooms updates are available to users of the Academy, Professional, and Enterprise licenses of Project Ares.

Mission 5 – Operation Wounded Bear

Designed to feature cyber security protection for financial institutions, the learning objectives for this mission are to identify and remove malware responsible for identity theft and protect the network from further infections. Variability in play within the mission includes method of exfiltration, malicious DNS and IP addresses, infected machines, data collection with file share uploads that vary, method of payload and persistence, and a mix of Windows and Linux.

This mission provides practical application of the following skill sets:

  • Computer languages
  • Computer network defense
  • Information systems
  • Information security
  • Command line interface
  • Cyber defense analysis
  • Network and O/S hardening techniques
  • Signature development, implementation and impact
  • Incident response

Mission Objectives:

  1. Use IDS/IPS to alert on initial malware infection vectors
  2. Alert/prevent download of malicious executables
  3. Create alert for infections
  4. Kill malware processes and remove malware from the initially infected machine
  5. Kill other instances of malware processes and remove from machines
  6. Prevent further infection

Mission 6 – Operation Angry Tiger

Using threat vectors similar to the Saudi Arabia Aramco and Doha RasGas cyber attacks, this mission is about responding to phishing and exfiltration attacks.  Cyber defenders conduct a risk assessment of a company’s existing network structure and its cyber risk posture for possible phishing attacks. Tasks include reviewing all detectable weaknesses to ensure no malicious activity is occurring on the network currently. Variability in play within the mission includes the method of phishing in email and payload injection, the alert generated, the persistence location and lateral movement specifics, and the malicious DNS and IP addresses.

Core competencies used in the mission:

  • Incident response team processes
  • Windows and *nix systems administration (Active Directory, Group Policy, Email)
  • Network monitoring (Snort, Bro, Sguil)

Mission Objectives:

  1. Verify network monitoring tools are functioning
  2. Examine current email policies for risk
  3. Examine domain group/user policies for risk
  4. Verify indicator of compromise (IOC)
  5. Find and kill malicious process
  6. Remove all artifacts of infection
  7. Stop exfiltration of corporate data

Mission 13 – Operation Black Dragon

Defending the power grid is a prevailing concern today and Mission 13 focuses on cyber security techniques for Industry Control Systems and Supervisory Control and Data Acquisition systems (ICS/SCADA).  Players conduct a cyber defense assessment mission on a power distribution plant. The end state of the assessment will be a defensible power grid with local defender ability to detect attempts to compromise the grid as well as the ability to attribute any attacks and respond accordingly.

Core competencies used in the mission:

  •  Risk Management
  • Incident Response Management
  • Information Systems and Network Security
  • Vulnerability Assessment
  • Hacking Methodologies

Mission Objectives:

  1. Evaluate risks to the plant
  2. Determine if there are any indicators of compromise to the network
  3. Improve monitoring of network behavior
  4. Mitigate an attack if necessary

Battle Room 8 – Network Analysis Using Packet Capture (PCAP)

Battle Room 8 delivers new exercises to teach network forensic investigation skills via analysis of a PCAP. Analyze the file to answer objectives related to topics such as origins of C2 traffic, identification of credentials in the clear, sensitive document exfiltration, and database activity using a Kali image with multiple network analysis tools installed.

Core competencies used in the mission:

  • Intrusion Detection Basics
  • Packet Capture Analysis

Battle Room 10 – Scripting Fundamentals

Scripting is a critical cyber security operator skillset for any team. Previously announced and now available, Battle Room 10 is the first Project Ares exercise focus on this key skill.  The player conducts a series of regimented tasks using the Python language in order to become more familiar with fundamental programming concepts. This battle room is geared towards players looking to develop basic programming and scripting skills, such as:

  • Functions
  • Classes and Objects
  • File Manipulation
  • Exception Handling
  • User Input
  • Data Structures
  • Conditional Statements
  • Loops
  • Variables
  • Numbers & Operators
  • Casting
  • String Manipulation

Core competency used in the mission:

  • Basic knowledge of programming concepts

Game client performance optimizations

We made several adjustments to improve the performance of Project Ares and ensure a smooth player experience throughout the platform.

  • The application size has been reduced by optimizing the texture, font, and 3D assets. This will improve the load time for the game client application.
  • 3D assets were optimized to minimize CPU and GPU loads to make the game client run smoother; especially on lower performance computers.
  • The game client frame rate can now be capped to a lower rate (i.e. 15fps) to lower CPU utilization for very resource constrained client computers.

These features are part of the Project Ares version 3.6.4 on the Azure cloud which is available now. Similar updates in Project Ares version 3.6.5 for vCenter servers will be available shortly.

 

How to Launch a Cyber Security Career

Reading Time: 5 minutes

Preparing for a cyber security career is more enjoyable than you may think! The technical challenge, problem-solving, constant change (you’re never bored!), and continuous learning opportunities are positive experiences one can have when entering the field of cyber security.

For any interested student or autodidactic, a cyber career path may seem a little daunting. But with the right cyber security tools and teachings in place, coupled with the latest proficiencies, any person can learn cyber and garner the skills necessary to enter the workforce with confidence and competency.

The earning potential for an individual pursuing a career in cyber is significant. The national average frontline cyber security career salary is $93,000 (on the low end) for a security-related position in the U.S. according to the Robert Half Technology’s 2019 Salary Guide. The industry offers high paying jobs, yet many positions continue to be unfilled with an estimated 3.5 million open cyber positions by 2021. Today, there are more than 300,000 open positions nationwide.

This begs the question: what is the best way to fill the cyber security skills gap with motivated and budding professionals? The answer is multi-faceted but at its core is a fundamental shift in how we prepare and train them with the skills needed to thrive.

Pro Tips for Building a Cyber Security Career Path 

Just like many other career paths, cyber security needs people who possess a mix of academic, theoretical-based knowledge, practical skill sets, and a lot of creative thinking. An aspiring cyber security professional can learn the knowledge, skills, and abilities needed in the industry, seek out internships and/or apprenticeships, and learn of careers in cyber without actually being on the defensive frontlines of cyber attacks. Details of each approach are below.

IDENTIFY INDIVIDUAL CYBER STRENGTHS AND KNOWLEDGE/SKILLS/ABILITIES (KSAs)

The first suggestion for an individual who wants to learns on their own is to match their unique strengths (technical and non-technical) to the kinds of knowledge, skills, and abilities needed to do certain cyber jobs in the workplace. Understand what kinds of jobs are available too. For students, they will likely learn these details in traditional classes and in their coursework assignments. With Google at our fingertips, however, it’s easy to find a variety of online resources to learn cyber security KSA’s including ISACAISC(2)ISSA, and The SANS Institute—all of which provide information about the profession and detail certification and training options. Understanding the kinds of tasks performed in certain work roles and the kinds of behaviors needed to perform certain jobs, an aspiring cyber professional will be better prepared during the interview and job search process. He/she won’t be surprised to learn about what is required to start a job in cyber security.

PURSUE INTERNSHIPS, APPRENTICESHIPS, ALTERNATIVE PATHWAYS

As a self-guided learner, you likely have the go-getting attitude needed to find a cyber security internship, apprenticeship, or alternative trade school to start building your knowledge, skills, and abilities more.

Internships are available through many community colleges, technical colleges, and universities, each of which have well-oiled practices of connecting students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation.

Apprenticeships are a “learn while you earn” kind of model and are incredibly beneficial for both the company offering the apprenticeship and the student.

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

The Department of Homeland security created a Cyber Corp Scholarship program to fund undergraduate and graduate degrees in Cyber Security. Students in this program agree to work for the Federal Government after graduating (with a one year service for every year of scholarship).

These types of opportunities are especially advantageous for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field.

Alternative pathways are also quite accessible for the college graduate or self-driven learner seeking a career in cyber security. One cyber career pathway is via “stackable” courses, credits, and certifications that allow learners to quickly build their knowledgebase and get industry-relevant experience. These kinds of courses are available in high school (taking collegiate-level courses) and at the college level. Another type of alternative pathway is via cyber competitions and hackathons. Learners can gain practical skills in a game-like event while meeting fellow ambitious professionals. Participating in these events also makes for great “extracurricular activities” on one’s resumé too.

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriotCarnegie Mellon’s picoCTFMajor League Hacking, and the National Cyber League.

Cyberseek.org also has a detailed and interactive roadmap for hopeful professionals to learn more about how to start and advance their careers in cyber security. This interactive cyber security career pathway map breaks it all down. For example, if you’re interested in a software development role, you’ll want to build skills in Java or Python, databases, code testing, and software engineering, as well as, build cyber skills in cryptography, information assurance, security operations, risk management, and vulnerability assessment. You may also consider certifications in Certified Ethical Hacking (CEH), Security+, Network+, Linux+, Offensive Security Certified Professional (OSCP), CISSP, and GIAC in addition to having real-world experience and training.

Cyber Security Career Requirements

We recommend three types of experience when considering a career in cyber security:

·     Degree experience for basic understandings of cyber theory and practice

·     Technical experience to demonstrate learned knowledge translates to skill sets acquired

·     Real-world training experience, either via an internship/on-the-job opportunity or via realistic cyber range training

Many entry-level cyber security job descriptions will require at least a bachelor’s degree or 4 years’ experience in lieu of a degree. Higher-level positions will require the academic degree plus some technical experience and/or real-world training.

It’s important to note that there are two types of cyber training available: A traditional classroom-based setting and an on-demand, persistent training option. Both are great in their own ways and can complement each other for holistic cyber learning. The classroom-based learning presents information to learners via PowerPoints, lectures, and/or video tutorials. Learners can take that knowledge and apply it in a hands-on virtual cyber range environment to see how such concepts play out in real-life cyber scenarios.

Since cyber security is an interdisciplinary field, it requires knowledge in technology, human behavior/thinking, risk, law, and regulation—to name a few. While many enter the field with the technical aptitude, many forget the “soft skills” to cyber security. To communicate effectively with a cyber team, problem-solve, analyze data, identify vulnerabilities, and understand the “security story” of the employer, a young professional needs to possess and demonstrate those social skills to thrive in their job.

The Variety of Cybersecurity Fields are Endless

There’s more to cyber security than being a network analyst or incident response manager. Interested, aspirant professionals can work in cyber security through other departments beyond security and IT. Cyber careers in human resources, marketing, finance, and business operations are all available sectors that allow a learner to “be in cyber” without doing the actual day-to-day frontline security defense tactics. It is important to know about the other careers individuals can pursue in cyber security because it is not just for the IT department to “manage” within a business. Furthermore, cyber security roles don’t have to be pursued at technology companies – there are many healthcare, banking, energy, and enterprise companies seeking cyber security professionals in their organizations. So, if a certain industry is of interest to you, you can explore cyber in that specific industry. In the age of digital transformation, practically every sector has a security need that needs hardened.

For young graduates entering the cyber security field, a multi-faceted approach to learning cyber security skills is recommended. The good news is that motivated learners have lots of avenues and resources available to them to pave a career path that best fits their needs and interests.