Why Alternatives to Traditional Cyber Training Are Needed Immediately

Reading Time: 4 minutes

Are you looking for a more effective, cost-conscious cyber training tool that actually teaches competencies and cyber skills? We’ve been there. Let us share our perspective on the top cyber training alternatives to complement or supplement your organization’s current training efforts.

Cyber training has evolved over the years but not at pace with the rapid persistence of cybercrime. Cyberattacks impact businesses of all sizes and it’s only a matter of time before your business is next in line. Traditional cyber training has been comprised of individuals sitting in a classroom environment, off-site, reading static materials, listening to lectures, and if you’re lucky, performing step-by-step, prescriptive tasks to “upskill” and “learn.” Unfortunately, this model isn’t working anymore. Learners are not retaining concepts and are disengaged from the learning process. This means by the time they make it back to your company to defend your networks, they’ve likely forgotten most of the new concepts that you sent them to learn about in the first place. Read more on the disadvantages of passive cyber training here.

So, what cyber training alternatives are available for building competency and skill among professionals? More importantly, why do you need a better way to train professionals? We hope this blog helps answer these questions.

Cyber Range Training

Cyber ranges provide trainees with simulated (highly scalable, small number of servers) or emulated (high fidelity testing using real computers, OS, and application) environments to practice skills such as defending networks, hardening critical infrastructure (ICS/SCADA) and responding to attacks. They simulate realistic technical settings for professionals to practice network configurations and detect abnormalities and anomalies in computer systems. While simulated ranges are considered more affordable than emulated ranges, several academic papers question whether test results from a simulation reflect a cyber pro’s workplace reality.

Traditional Cyber Security Training

Courses can be taken in a classroom setting from certified instructors (like a SANS course), self-paced over the Internet, or in mentored settings in cities around the world. Several organizations offer online classes too, for professionals looking to hone their skills in their specific work role (e.g. incident response analyst, ethical hacker). Online or in-classroom training environments are almost exclusively built to cater to offensive-type cyber security practices and are highly prescriptive when it comes to the learning and the process for submitting “answers”/ scoring.

However, as cyber security proves to be largely a “learn by doing” skillset, where outside-of-the-box thinking, real-world, high fidelity virtual environments, and on-going training are crucially important, attendees of traditional course trainings are often left searching for more cross-disciplined opportunities to hone their craft over the long term. Nevertheless, online trainings prove a good first step for professionals who want foundational learnings from which they can build upon with more sophisticated tools and technologies.

Gamified, Cyber Range, Cloud-Based Training

It wouldn’t be our blog if we didn’t mention Project Ares as a recommended, next generation alternative to traditional cyber training for professionals because it uses gamified backstories to engage learners in activities.  And, it combines the benefits and convenience of online, cyber range training with the power of AI and machine learning to automate and augment trainee’s cyber competencies.

Our goal is to create a learning experience that is engaging, immersive, fun, and challenges trainee thinking in ways most authentic to cyber scenarios they’d experience in their actual jobs.

Project Ares was built with an active-learning approach to teaching, which studies show increase information retention among learners to 75% compared to passive-learning models.

Check out the comparison table below for details on the differences between traditional training models and what Project Ares delivers.

Traditional Training
(classroom and online delivery of lectured based material)
Project Ares
(immersive environment for hands on, experiential learning)
Curriculum Design

  • Instructors are generally experts in their field and exceptional classroom facilitators.
  • Often hired to develop a specific course.
  • It can take up to a year to build a course and it might be used for as long as 5 years, with updates.
  • Instructors are challenged to keep pace with evolving threats and to update course material frequently enough to reflect today’s attack surface in real time.
  • It is taught the same way every time.
Curriculum Design

  • Cyber subject matter experts partner with instructional design specialists to reengineer real-world threat scenarios into immersive, learning-based exercises.
  • An in-game advisor serves as a resource for players to guide them through activities, minimizing the need for physical instructors and subsequent overhead.
  • Project Ares is drawn from real-world threats and attacks, so content is always relevant and updated to meet user’s needs.
Learning Delivery

  • Courses are often concept-specific going deep on a narrow subject. And it can take multiple courses to cover a whole subject area.
  • Students take the whole course or watch the whole video – for example, if a student knows 70%, they sit through that to get to the 30% that is new to them.
  • On Demand materials are available for reference (sometimes for an additional fee) and are helpful for review of complex concepts.   But this does not help student put the concepts into practice.
  • Most courses teach offensive concepts….from the viewpoint that it is easier to teach how to break the network and then assumes that students will figure out how to ‘re-engineer’ defense. This approach can build a deep foundational understanding of concepts but it is not tempered by practical ‘application’ until students are back home facing real defensive challenges.
Learning  Delivery

  • Wherever a user is in his/her cyber security career path, Project Ares meets them at their level and provides a curriculum pathway.
  • From skills to strategy:   Students / Players can use the Project Ares platform to refresh skills, learn new skills, test their capabilities on their own and, most critically, collaborate with teammates to combine techniques and critical thinking to successfully reach the end of a mission.
  • It takes a village to defend a network, sensitive data, executive leaders, finances, and an enterprises reputation:  This approach teaches and enables experience of the many and multiple skills and job roles that come together in the real-world to detect and respond to threats and attacks….
  • Project Ares creates challenging environments that demand the kind of problem solving and strategic thinking necessary to create an effective and evolving defensive posture
  • Project Ares Battle Rooms and Missions present real-world problems that need to be solved, not just answered. It is a higher-level learning approach.

If you want to learn more about Project Ares and how it stacks up to other training options out there, watch our on-demand webinar “Get Gamified: Why Cyber Learning Happens Better With Games” featuring our VP of Global Partnerships, Keenan Skelly.

  You can also contact our experts at info@circadence.com or schedule a demo to see it in action!

Photo by Helloquence on Unsplash

When cyber security meets machine learning

Reading Time: 2 minutes

What happens when cyber security and machine learning work together? The results are pretty positive. Many technologies are leveraging machine learning in cyber security functions nowadays in order to automate and augment their cyber workforce. How? Most recently in training and skill building.

Machine learning helps emulate human cognition (e.g. learning based on experiences and patterns rather than inference) so autonomous agents in a cyber security system for instance, can “teach themselves” how to build models for pattern recognition—while engaging with real human cyber professionals.

Machine learning as a training support system

Machine learning becomes particularly valuable in cyber security training for professionals when it can support human activities like malware detection, incident response, network analysis, and more. One way machine learning shows up is in our gamified cyber learning platform Project Ares, under our AI-advisor “Athena” who generates responses to player’s queries when they get stuck on an activity and/or need hints to progress through a problem.

Athena generates a response from its learning corpus, using machine learning to aggregate and correlate all player conversations it has, while integrating knowledge about each player in the platform to recommend the most efficient path to solving a problem. It’s like modeling the “two heads are better than one” saying, but with a lot more “heads” at play.

Machine learning as an autonomous adversary

Likewise, machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent during professional training—enabling adversaries to disguise their network traffic or on-system behavior to look more typical to evade detection. Machine learning’s ability to continually model and adapt enables the technology to persist undetected for longer (if it is acting as an autonomous agent against a trainee in our platform). This act challenges the trainee in the platform in a good way, so they begin to think like an adversary and understand their response to defensive behavior.

Machine learning supports cyber skills building

Companies like Uber use machine learning to understand the various routes a driver takes to transport people from point A to point B. It uses data collected to recommend the most efficient route to its destination.

It increases the learning potential for professionals looking to hone their cyber skills and competencies using machine learning.

Now imagine that concept applied to cyber training in a way that can both help cyber pros through cyber activities while also activating a trainee’s cognitive functions in ways we previously could not with traditional, off-site courses.

Machine learning abilities can analyze user behavior for both fraud detection and malicious network activity. It can aggregate and enrich data from multiple sources, act as virtual assistants with specialized knowledge, and augment cyber operators’ daily tasks. It’s powerful stuff!

To learn more about machine learning and AI in cyber training, download our white paper “Upskilling Cyber Teams with Artificial Intelligence and Gamified Learning.”

Photo by Startup Stock Photos from Pexels

Top 10 Cyber Myths

Reading Time: 1 minute

The top cyber security myths CISOs and security professionals fall victim to. Empower yourself with persistent training and skill building instead.

The Internet of Things Ushers in a New Wave of Cybersecurity Needs

Reading Time: 3 minutes

The internet has changed rapidly since its inception in 1983. The way we communicate, consume news and media, shop, and collect data are just a few examples of the way the internet has changed the world. A term you may have heard crop up in recent years is IoT, or The Internet of Things. IoT is about extending the purpose of the internet from use in day to day devices like smartphones and computers to use as a host of connected “things.”

So why would we want to do that? When something is connected to the internet and able to send and receive information, it makes the device smart. The more smart devices we have, the more connected and controllable our environment will become. IoT provides important insights to businesses and people that allow them to be more connected to the world and to do more meaningful, high-level work.

While the Internet of Things holds incredible potential for the world, it also means opening up more avenues of vulnerability for hackers to tap into our infrastructure, our homes, and our businesses. On a large scale, the development of “smart cities” are cropping up, promising better usage of resources and more insights from data among other things. On the other hand, this could allow hackers higher access to critical infrastructure leading to potentially crippling instances of national and industrial espionage. On a smaller scale, things like parking meters can be hacked in order to cheat the system for free parking.

The rise in IoT security must match the explosive growth rates for these devices, which means that a new era of cybersecurity is being ushered in. Nearly half of U.S. companies using an IoT network have been hit by a recent security breach, and spending on IoT security will reach more than $6 billion globally by the year 2023.

Where does this leave us in a world with a seemingly bright technological future that holds such dark potential? As IoT continues to grow and evolve, it’s hard to say what specifics need to be put in place in order to keep it secure. However, there are some good general practices that can mitigate your personal and professional risk of being a victim of a breach.

  • Be aware when it comes to downloading apps. Always read the privacy policy of any apps you’re thinking of downloading to see how they plan to use your information and more.
  • Do your research before you buy. Smart devices collect a lot of personal data. Understand what’s being collected, how it’s being stored and protected, and the manufacturer’s policies regarding data breaches.
  • It seems obvious, but use strong and unique passwords for your device accounts, Wi-Fi networks, and connected devices (and update them often).
  • Use caution when utilizing social sharing features that can expose your location information and could let people know when you’re not at home. This can lead to cyberstalking and other real-world dangers.
  • Install reputable security software on your devices and use a VPN to secure data transmitted on your home or public Wi-Fi.

All these tips are focused on educating yourself as a responsible user of the internet and sharer of all things personal and professional. To protect yourself (and others around you), keep learning safer internet and cybersecurity practices. Cyber is always changing, just like the internet, and if we overlook a privacy policy or share a little “too much” on social media, we place ourselves at risk of exploitation and danger. It is up to us, the individuals who use this technology day in and day out, to create safer spaces online to communicate and continue to enjoy the internet in all its glory.

Eventually, there is hope that the IoT industry is able to revolutionize cybersecurity for itself, as compliance and regulation never seem to catch up to the pace required by cyber defense technologies. Since this is still such a new industry and constantly evolving, utilizing the aforementioned tips and tricks will help you stay safe while IoT security gets its footing. There is a lot to look forward to as IoT continues to revolutionize the way the world works, it’s just a matter of time before cyber teams are ready to take on this new wave of security needs.

Photo by Domenico Loia on Unsplash

Hope for Cybersecurity: Cyber Teaching Challenges & New Horizons for Cyber Learning

Reading Time: 3 minutes

The statistics are dismal. An estimated 3.5 million unfilled cyber positions by 2021 and today, we have over 300,000 openings in the U.S. alone. According to a New York Times article, “filling those jobs would mean increasing the country’s current cybersecurity workforce of 715,000 people by more than 40 percent,” according to data presented at the National Initiative for Cybersecurity Education Conference. If you’re a student in cyber or are just undeclared, there hasn’t been a better time to consider cybersecurity as a professional career. The field has come a long way from the stereotypical hoodie-wearing, Mountain Dew sipping worker in a dark room performing tedious coding tasks.

Cybersecurity is so much more than that—and it’s exciting! Don’t believe us? At Divergence Academy, we are preparing the next generation of cyber professionals to enter the workforce and alleviate the skills gap through gamified learning. If more institutions adopted such an approach, we as educators would be more successful at not just engaging our students in teaching relevant concepts and theory, but successful at helping them build skills needed in today’s workforce.

Cyber Teaching and Learning Challenges

But before we get into the “hopeful” part of this article, we need to understand the challenges in teaching cyber in the first place. The way that cybersecurity has been taught throughout the years often include lectures, PowerPoint presentations or online models that students complete on their own. Inherently there is nothing wrong in teaching new information in this way. However, the opportunity exists to help students learn how to apply this knowledge to a real-world setting. The act of doing and creating the needed experience is the single most important quality job candidates can bring to an employer and this is the gap Divergence Academy is hoping to close.

When students sit in a classroom, information can be presented in a systematic way, where in real life this may not always be the case, especially in the world of cybersecurity.

When you think of teaching someone how to think like a hacker, you are fundamentally teaching them how to be creative in how they approach a situation.

The concept of teaching someone to think like a hacker is easier said than done, which is why diversifying the way students can process information is crucial. Not every student learns in the way same.

There’s Hope for Cybersecurity: Continuous Skills Acquisition and Application

As cyber educators and instructors, we know there is no “one-way” to teach and that’s the good news! While certifications and technical degrees are a starting place for cybersecurity readiness and workforce development, instructors must think of new methods that provide persistent access to cyber education.

This statement can best be described with an analogous story. If an aspiring baseball player was training for the major leagues and went to practice to hone his/her skills, they would certainly learn something. However, if that aspiring baseball player then applied for the major leagues a year or so later, without attending training leading up to that point, he/she would be a little rusty, wouldn’t you say? The same situation can be applied to cybersecurity. You wouldn’t attend a class or even complete a full degree in cybersecurity and then apply for a job and say you were a “seasoned cybersecurity professional,” would you? Of course not. There is no “final inning” in cybersecurity signaling a professional’s peak of learning and skills acquisition.

Threats evolved day by day and if a student graduates thinking about phishing or malware detection one way and ends up in a work environment where that knowledge isn’t applicable anymore, we won’t be able to help the next generation of cyber pros be successful in their jobs. To keep current students and alumni actively engaged in critical learning, persistent access to cybersecurity training must be employed. In this industry, the only constant in cybersecurity is change, and for that reason (in addition to the multitude of attacks businesses every day), educational institutions can be vigilant in putting learning to work for the businesses and workplaces we rely on to support our daily functions.

As technology and interconnectivity evolve with each passing day, steps must be taken immediately to adopt a pedagogy that values and emphasizes continuous learning to best prepare our students for the career they want. With gamified learning at the helm of a new teaching approach for cybersecurity, we can be on our way to minimizing the cyber skills gap and empowering today’s students in a more effective way.

For more information about our gamified learning cyber courses, visit https://divergenceacademy.com/.

 

 

 

Guest Blog: Embracing Immersive, Gamified Cybersecurity Learning, Featuring Divergence Academy

Reading Time: 2 minutes

What is immersive, gamified cybersecurity learning? The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit the mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But gamification is more than a buzz word. Companies have seen gamification work for them in cyber team training—so we thought it wise to take what is working and apply it at the earlier stages of career development—in the classroom.

At Divergence Academy, we are proud to offer a curriculum that embraces blended cyber learning to cultivate students and transitioning professionals who are ready to enter the workforce and stop today’s cyber threats.

We offer data science, cybersecurity, and cloud computing immersive learning programs that enable students to gain the knowledge and skills needed to work in any of those fields. Many of our courses offer a mix of concept-driven learning and application-driven learning so that students understand new knowledge and, in turn, apply that knowledge in skill building, project-based activities. Through working with messy, real-world data and scenarios, students gain experience across the entire technology spectrum.

Studies find when learners engage in active learning, hands-on activities, their information retention rates increase from 5% (with traditional, lecture-based methods) to 75%. The millennial generation presents radically different learning preferences than previous generations. Thus, educational institutions across the country should consider gamification as a pedagogical technique in the classroom. A study from the University of Limerick notes:

Gamified learning activities could become an integral part of flipped teaching environments. Their social, asynchronous nature can be used to prompt students to engage with pre-prepared content, while gamified learning activities can be used in the classroom to prompt student interaction and participation.

In watching our students engage with gamified activities, we see team-building blossom before our eyes. We see instant collaboration and problem-solving and critical thinking emerge. Those kinds of soft skills can’t always be taught in a traditional lecture-based setting and because of that, it is critical that we continue to offer a healthy mix of concept-driven learning with gamified learning opportunities to our students so that they can enter the workforce with a more holistic understanding of the industry.

Cybersecurity has become a captivating and engaging subject matter for students, which is fantastic as those words aren’t typically associated with the technical field.

“Wow, today we were introduced to Project Ares. Captivating is the best description I can think of. It is like ‘Call of Duty’ for cybersecurity.”
~ Divergence Academy Student, 24 years old

Fellow professors and instructors are looking for ways to make cybersecurity more interesting and attractive to students and we believe at Divergence, the gamified learning approach can help. It is an approachable way for students to engage with a field they may be completely unfamiliar with and it supports instructors by offering a course that students WANT to take.

“We notice an increase in student engagement in the classroom with the introduction of Project Ares. Gamification brings an element of intrigue and satisfaction to the learning experience.”
~ Beth Lahaie, Program Director

We hope our adoption and proven success of a blended learning approach is the nudge other institutions around the globe need to consider its power in building the next generation of cybersecurity professionals.