Cyber Ranges and How They Improve Security Training

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed by government agencies looking to better train their cyber operators on new skills and techniques. To do this, a physical range or ranges were installed on-premise.  Cyber range providers built representations of actual networks, systems, and tools that helped cyber professionals safely train in virtual, secure environments without compromising the agency’s operational network infrastructure.

Today, cyber ranges are used in the cyber security sector to effectively train IT professionals in all industries and help improve defenses against cyberattacks. As technology advanced, cyber range training advanced as well, both in scope and potential. More on this later. 

To schedule a demo of Circadence’s cyber range platform, visit https://www.circadence.com/request-a-demo/

The National Initiative for Cybersecurity Education reports that cyber ranges provide:

  • An environment where new ideas can be tested safely and teams and work to solve complex cyber problems
  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience

Most cyber ranges come in one of two forms: A network environment without pre-programmed content; or a network environment with prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop enriched skill sets beyond what their specific work role may dictate.  

UNDERSTANDING & EVOLVINGCYBER RANGES IN A BOX 

Typically, Cyber range in a boxhas been a collection of virtual machines hosted on an on-premise systemHowever, Circadence has taken the concept of a cyber range in a box and placed it the cloud to better scale cyber training. We lovingly call this CyRaaS, or Cyber Range-as-a-Service, which is integrated into our Project Ares cyber learning platform.

Instead of purchasing a physical set of machines to take up space in a room, virtual machines exist in the cloud and can be accessed by more professionals from any location who want to train persistently and develop cyber skills. The cloud is recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure cyber ranges spin up environments quickly, deliver the latest training content, and engage users in productive training activitiesaccessing cyber ranges in the cloud is the latest and greatest approach for professionals training in ‘sandbox’ environments. 

in-game-screeenshot-of-network-map

By offering cloud based, cyber range in a box services to support cyber training in Project Ares, we are able to deliver more relevant tools and technologies to help professionals gain the best cyber security training possible

The service allows Project Ares to emulate industry-relevant network configurations within learning activities that help trainees practice defensive tactics. Cloud-based cyber ranges also offer hands-on keyboard experience with real world tools and emulated network traffic to reflect the authentic feeling of an actual cyberattack.  

Advances in Artificial Intelligence and machine learning allow us to use cloud ranges to their full potential by tracking patterns in training data to reveal player learning progression with minimal human intervention and oversight. Those patterns are then used to inform the recommendations of an in-game advisor (Athena) that has chat bot functionality so players can get help on cyber range training activities in the platformFurther, cloud-based cyber range training gives security professionals better predictive capabilities when defending and anticipating threats—and according to Microsoft, even  “improve the efficacy of cyber security, the detection of hackers, and prevent attacks before they occur.” 

GAMIFIED CYBER RANGES

Not only have we taken physical cyber ranges and placed them in the cloud but we’ve added in elements of gamification to further drive the effectiveness of cyber training. 

With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with sets of gamified elements (e.g. leaderboards, scoring mechanisms, points, badges, levels, etc.). Project Ares has a series of cyber learning games that teach foundational cyber concepts and termsbattle rooms that teach tools, tactics, and procedures, and team-based missions that bring learning full circle when players are tasked with defending against a realistic cyber threat scenario.  This level of cyber learning is done in the cloud so professionals can work together from anywhere in the world to collaborate and defeat modern-day attacks.  

We hope this post helped you understand the true potential of cyber ranges in the cloud and how they are evolving today to automate and augment cyber workforce training and learning.  

REQUEST A DEMO

Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

Photo by Alexandre Debiève on Unsplash

Photo by Marvin Meyer on Unsplash

Living our Mission: Project Ares Takes Full Flight with Cloud-Native Architecture

According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure.  This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.

This transition to cloud infrastructure will yield immediate impacts to our current customers.

  • Increased speeds to launch cyber learning battle rooms and missions
  • Greater ability to onboard more trainees to the system from virtually any location
  • More access to cyber training content that suits their security needs and professional development interests

Proven success at Microsoft Ignite

At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform.  Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack.  The new version of Project Ares sustained weeklong intensive usage while delivering on performance. 

So what’s new in the new and improved Project Ares?

Curriculum Access Controls for Tailored Cyber Learning

One of the biggest enhancements for Project Ares clients is that they can now control permissions for  training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.

Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:

  • Cyber skill-building exercises and complex missions within Project Ares for cyber professionals
  • Cyber foundation learning with Cyber Essentials tools for the IT team
  • Security awareness training with inCyt for general staff

Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.

“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.

Greater Scalability and Performance in Cyber Training

With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform.  The combination of  content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size.  Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.

Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.

“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence

The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.

Other performance improvements made to this version of Project Ares include:

  • Quicker download speeds of cyber exercises
  • Use of less memory on user’s computers, and resulting longer battery life for users, thanks to lower CPU utilization.
  • These behind-the-scenes improvements mean that training can happen quicker and learning, faster.

New Cyber Training Content

One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.

  • Mission 15, Operation Raging Mammoth, showcases how to protect against an Election attack
  • Battle Rooms 19 and 20 feature Splunk Enterprise installation, configuration, and fundamentals
  • Battle Room 21 teaches Powershell cmdlet (pronounced command-lets) basics

Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election.  In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.

Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.

Battle Room 21 teaches cmdlet lightweight commands used in PowerShell.  PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier.

Embracing Cloud Capabilities for Continual Cyber Training

Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.

As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.

Living our Mission Blog Series: How Tony Hammerling, Curriculum Developer, Orchestrates a Symphony of Cyber Learning at Circadence

Circadence’s Curriculum Developer Tony Hammerling wasn’t always interested in a career in cyber—but he was certainly made for it. In fact, he initially wanted to be a musician! While his musical talents didn’t pan out for him early in his career, he quickly learned how to create unique harmonies using computers instead of instruments…After joining the Navy in 1995 as a Cryptologist and Morse Code operator, he transitioned to a Cryptologic Technician Networks professional where he performed network analysis and social network/persona analysis. It was there he learned more offensive and defensive strategies pertinent to cyber security and was introduced to network types and communication patterns. He moved to Maryland to do offensive analysis and then retired in Pensacola, Florida. The world of cyber grew on Tony and he enjoyed the digital accompaniment of the work it offered.

For the last few years, now settled in Pensacola, Florida, Tony is a critical part of Circadence’s Curriculum Team, working alongside colleagues to develop learning objectives and routes for players using platforms like inCyt, Project Ares, and other cyber games like NexAgent, Circadence’s immersive network exploration game. Currently, Tony and his team are focused on building out learning of network essentials in NexAgent, and “…are bridging the gap between what new IT professional’s learn in NexAgent and getting them onto more advanced learning pathways in Project Ares,” says Tony.

“We’re starting to introduce new content for [Project Ares] battle rooms so users coming out of NexAgent can have an understanding of the tools and techniques needed for more advanced learning of cyber defense—and actually apply those tools and techniques in realistic scenarios.”

As the technical subject matter expert for cyber curriculum, Tony digs into the details with his work—and that’s where he shines. Tony and his team ensure that user learning is reflective of today’s cyber attacks and vulnerabilities. In the next iteration of NexAgent, users will be able to focus on network segmentation using election security as the theme for game-play. From separating election polling servers to working with registration databases to designing networks to prevent election fraud, learning becomes much more interesting for the end-user.

The most exciting part about Tony’s job is the diversity of material he gets to work on every day. One day he could be helping end-users of Project Ares identify fraudulent IP addresses in a battle room and another day he could be working on a full-scale technical design of a SCADA system modeled after a cyber incident at a Ukrainian power plant.

By understanding corporate demands for new content, Tony and his team have more direction to build out cyber learning curriculum that aligns to customer’s needs. He believes the technical training he’s able to support with learning material in Circadence’s platforms complements traditional cyber learning paths like obtaining certifications and attending off-site classes. The variety of learning options for users of all cyber ability levels (both technical and non-technical), gives professionals the opportunity to be more thoughtful in their day-to-day lives, more critical and discerning of vulnerabilities and systems, and more creative in how they address threats.

“Knowing that people are able to come into a Circadence product and learn something that they didn’t know before or refine specific knowledge into an application/skill-based path is exciting. I don’t think too much of the greater impact my work provides—but perhaps 10 years down the line when we can say ‘we were the first to gamify and scale cyber training,’ it will mean so much more.”

We are grateful for the unique talents Tony brings to the Circadence family of products and how he’s able to craft learning “chords” that when orchestrated, provide a symphonic concerto of cyber learning activity—empowering cyber professionals across the globe with relevant, persistent, and scalable cyber training options to suit their security needs.

Photo by Marius Masalar on Unsplash

Photo by Alphacolor on Unsplash

 

Operation Gratitude: 5 Reasons to Give Thanks for Cyber Security

With daily breaches impacting business operations and security, it’s easy to forget about the good ways that cyber security keeps us safe behind the scenes. This holiday season, we’re giving thanks to cyber security and all that it does to make our lives easier and more secure with what we’re calling Operation Gratitude (inspired by our Project Ares missions, uniquely titled “Operation Goatherd” or “Operation Desert Whale”). #OperationGratitude is a rally cry for security professionals and business leaders to remember the positive aspects of cyber security and share those positive thoughts with each other. Too often we live in fear from cyber attacks and persistent threats, and while, there is always cause for concern, we must remember how advances in the field have equally made aspects of our digital life easier. We’re thankful for these advances in cyber security:

  1. Two-factor authentication – This tool helps to keep you secure by requiring two different credentials before allowing you to gain access to sensitive information online. One example of this would be when you log in to check your bank statements and it prompts you to not only enter your username and password, but also to check your phone and enter a verification code that was texted to you. You will normally see this security precaution used when logging into an account from a new device. The great part about it is, it’s widely known and used by everyone from CISOs to high school kids.
  2. HTTP(S) – You’ve likely seen this appear when visiting a URL online, usually showing up just before the “www” and website name. Http means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web, which defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands. The “S” is for security, and this little letter means that all communication between your browser and your website is encrypted for your protection. This means that sites utilizing https are prioritizing your safety while performing sensitive transactions online!
  3. Personal digital responsibility – These days the average consumer is more connected than ever. With our lives relying on smartphones, computers, tablets, and a multitude of IoT devices, we are entrenched in cyber every single day. This reliance requires us to practice personal digital responsibility, or often called digital citizenship—that is, the ability to participate safely, intelligently, productively, and responsibly in the digital world. Just because we are more connected does not necessarily mean that we are more aware of cyber risks, however, initiatives such as Cyber Security Awareness Month (in October) are helping to increase awareness by promoting cyber citizenship and education. Circadence is proud to contribute to the security awareness and digital responsibility effort with the soon-to-be-available inCyt, a security awareness game of strategy that helps bring cyber safe practices into the workplace and cultivates good cyber hygiene for all (and you don’t have to be a technical expert to use it).
  4. Corporate security awareness trainings – Given that 25% of all data breaches in the U.S in 2018 were due to carelessness or user error, it is critical for companies of all sizes to engage their employees in persistent cyber training. Thank goodness there is an increase in organizations such as the National Cyber Security Alliance (NCSA) that provide risk assessments and security training to organizations across the U.S.
  5. Increased security collaboration – With more than 4,000 ransomware attacks alone occurring daily, no one business can mitigate the increasing amount of cyber risks present in today’s threatscape. It is more important than ever for businesses to share knowledge from breaches they have experienced and stand together to fight cyber crime, which is exactly what they’re doing! Nowadays these partnerships are being formed not only to share information, but to conduct live fire cyber readiness exercises. One such initiative is DHS’s National Cybersecurity and Communications Integration Center(NCCIC) – a 24/7 cyber situational awareness, management and response center serving as a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC also shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.

So, as you prepare your Thanksgiving meal from recipes pulled up on your tablet, with holiday music playing from your smart phone, and timers set by Alexa to ensure the juiciest turkey and tastiest pies, remember to give thanks for cyber security. We certainly are!

 

Photo by Simon Maage on Unsplash
Photo by Pro Church Media on Unsplash

Living our Mission Blog Series: Hitting a Home Run with Circadence’s Security Management, thanks to TS Reed, Cybersecurity Engineer

The journey to cybersecurity engineer has been an exciting one for Circadence’s TS Reed. The former baseball pro turned security tech expert found his passion for problem solving at Circadence. After completing an undergraduate degree in criminology at Cal State Northridge, he pursued a master’s degree in mechanical engineering at CSUN and then a master’s in cybersecurity engineering from the University of San Diego.

TS started as an intern at Circadence and was quickly onboarded as a full-time employee for his technical prowess, adaptability, and knowledge of modern security functions and processes. For the past three years at Circadence, TS has monitored the company’s network security, tested the security of its products (including Project Ares) and learned how and what to look for to stay one step ahead of attackers.

“It’s impossible to be bored in this job. Security is always changing: the way people build it, the way people attack it. You have to continuously learn and teach yourself the latest and greatest practices,” said TS.

But cybersecurity management wasn’t always in the stars for TS. Prior to joining Circadence, TS coached division one baseball at the University of San Diego and was also an assistant coach and recruiting coordinator at the University of Arkansas Fort Smith. A Cal State Northridge Alum, TS was a well-respected baseball player, hitting home runs in the athletic industry (named a CIF California Player of the Year and a Division 1 All-American at CSUN) with the fourth highest batting average at the 2008 Big West Conference. After college he went on to play one year of professional baseball in St. Louis for the Gateway Grizzlies of the Frontier League.

He traded in his baseball cleats for cybersecurity after discovering the inherent problem-solving nature of the field—a part of the job that greatly intrigued TS to dive into a completely new field of study and long-term career trajectory.

For TS, one of the best ways to “win the game” in the security field is to think like a hacker. By understanding what vulnerabilities they look for to exploit and why, security engineers like TS, know how to harden systems and deploy preventative measures beforehand. And while open forum online communities help TS and other security professionals “understand the mind of a hacker” there is always a level of uncertainty he has to deal with.

“Hackers are attacking constantly and finding new ways to infiltrate networks,” said TS. “We have to stay as close to them as possible,” he adds.

While TS’ professional journey has been unconventional at best, he has noticed many lessons from his baseball career that have translated into the cyber arena.

“Teamwork is huge; I learned early on in baseball that every teammate receives things differently. You have to take the time and care enough to figure out how your team members communicate. [In cyber security], everyone communicates differently too. Both in receiving communication and externally communicating. Step one is always getting a feel for that in order to be as effective as possible when communicating with teammates/team members.”

Likewise, TS learned that in baseball, a player’s own skill level and performance weren’t the sole indicator of how “good” a teammate was. The greatest measure, he says, is how effective one is at making others better and serving them.

“To be good at and handle your job is one thing but whenever you have a team involved, the greatest measure of a player or cyber employee is the capability to lift up those around them and make them better,” he advises. Empowering teammates, teaching them, and learning from them is the approach he lives by at Circadence.

We are proud to have TS as part of the Circadence family and know while he’s not hitting balls out of the park at the stadium, he’s hitting home runs with Circadence, hardening its cyber security posture.

Photo by Joey Kyber on Unsplash

Living our Mission Blog Series: Supporting Cyber Red Teams, with Consultations and Pen Testing from Josiah Bryan

While Circadence is proud to be a pioneer that has developed innovative cyber learning products to strengthen readiness at all levels of business, there’s one professional area at Circadence that doesn’t tend to get the limelight, until now. Meet Josiah Bryan, principle Security Architect for Circadence’s security consultation services, aptly called Advanced Red Team Intrusion Capabilities (ARTIC for short). For almost two years, Josiah has provided support and services to Red Teams around the country, those leading-edge professionals who test and challenge the security readiness of a system by assuming adversarial roles and hacker points of view.

Josiah enjoys doing penetration testing and exploit development with Red Teams at a variety of companies to help them understand what a bad actor might try to do to compromise their security systems.

But Josiah wasn’t always on the offensive side of cyber security in his professional career. He was first introduced to the “blue team,” or the defensive side of cyber, when he began participating in Capture the Flag competitions across the U.S. during his time as a computer science student at Charleston Southern University. Those competitions also exposed him to the offensive side of security training and he never looked back.

After graduation, he took a job in San Diego with the U.S. Navy as a DoD civilian, finding vulnerabilities in critical infrastructure, which were then reported up to the Department of Homeland Security.

“Learning how the DoD operates internally and how they conduct penetration tests/security evaluations was an extremely valuable skill and great background for my current job at Circadence,” he says.

In addition to consulting with Red Teams, Josiah uses a variety of tools to show and tell companies about existing vulnerabilities. For example, badge scanners that let people gain access to a facility or room are quite common devices for Josiah and his team to test for customers. He might also use USB implants that provide full access to workstations and wireless signal identification devices.

“We show people how easy it is to get credentials off of someone’s badge and gain access to an area,” he says. “They never believe we will find vulnerabilities but when we do, they realize how much they need to do to improve their cyber readiness,” he adds.

But, ultimately Josiah’s favorite part of his job is the level of research and analysis he gets to do. “We are a research team, first,” he says. “We are pushing the boundaries in cybersecurity and discovering new ways that bad actors might take advantage of companies, before they actually do.  It’s a great feeling to help companies and Red Teams see the ‘light’ before the hackers get them,” he adds.

Whether circumventing a security measure or patching a system, Josiah’s contributions to the field are significant.

“Finding new ways to help people understand the importance of strong cyber hygiene is fulfilling,” he says. “We can’t stress it enough in today’s culture where attacks are so dynamic and hackers are always looking for ways to take advantage of companies.”

To stay on the cutting edge of Red Team support, Josiah follows Circadence’s philosophy to persistently learn new ways to protect people and companies. “Any company is only as good as the least trained person,” Josiah says.

 

Help Wanted: Combating the Cyber Skills Gap

Recent news headlines frequently communicate about the massive cyber security skills shortage in the industry so we wanted to dig deeper into this phenomenon to find out why there’s a cyber security talent gap and what can be done about it. Cyberattacks are permeating every commercial and government sector out there yet industry and analyst reports indicate there isn’t a large enough talent pool of defenders to keep pace with evolving threats. When data is compromised and there aren’t enough cyber security staff to secure the front lines, we ALL are at risk of identity theft, monetary losses, reputational damage, fines, and operational disruption. cy

Statistics on the Cyber Skills and Talent Gap

With more than one in four organizations experiencing an advanced persistent threat (APT) attack and when 97 percent of those APT’s are considered a credible threat to national security and economic stability, it’s no wonder the skills shortage is on everyone’s mind.

A report from Frost & Sullivan found that the global cybersecurity workforce will have more than 1.8 million unfilled positions by 2020 (that’s next year!) while some sources report a 3.5 million shortfall by 2021.

It begs several questions:

  • What’s causing the shortage of cybersecurity skills? According to a Deloitte report, the lack of effective training opportunities and risk of attrition may be to blame.
  • Is there really a shortage of talent? Hacker, security evangelist, and cyber security professional Alyssa Miller thinks there is more of a cyber talent disconnect between job seeker’s expectations of what a job entails versus what employer’s demand from a prospective candidate.
  • How do we fill these cyber positions? A study of 2,000 American adults found that nearly 80% of adults never considered cyber security careers. Why? Sheer unawareness. Most had never even heard of specific cyber job roles like a penetration tester and software engineer and others were deterred by their lack of education, interest, and knowledge about how to launch a cyber career.

Strategies to Minimize the Cybersecurity Skills Shortage

Given the pervasive nature of cyber attacks, businesses can’t afford to wait around for premiere talent to walk through the door. Companies need to take a proactive and non-traditional approach to hiring talent—and, yes, it takes effort. Closing the corporate cyber-operations talent shortage may even take a company culture overhaul.

Miller suggests that recruiters “must learn to engage security professionals through less traditional avenues. The best security recruiters have learned how to connect with the community via social media. They’ve learned how to have meaningful interactions on Twitter and are patient in their approach.”

Whether looking to fill a position in digital forensics or computer programming or network defense or even cyber law, the skills required for those positions can be taught with the right tools. Companies should learn to be flexible with those requirements as many are now filling unopened positions by hiring and then teaching and training professionals on preferred cyber skills and competencies. Recruiters need to adopt a paradigm shift during the talent search and be more comfortable hiring for character and cultural fit first, then, training for skills development.

Fill the talent pipeline

Consider hiring people with different industry backgrounds or skill sets to bring new ideas to the table. Sometimes, getting an “outside” perspective on the challenges firms are facing sheds a new light because they notice nuances and inconsistencies that internal teams, who are in the day-to-day, may not see immediately. Look for passionate candidates with an eagerness to learn.

Companies today are prioritizing skills, knowledge, and willingness to learn over degrees and career fields because they know that some things cannot be taught in a classroom such as: curiosity, passion, problem-solving, and strong ethics.

Look for individuals with real-world experience

If you happen to have candidates in your pipeline that have industry knowledge, ask about their real-world experience. Inquire about the kinds of things they’ve learned in their previous position and get them to share how they remedied attacks. Create a checklist of skills you desire from a candidate that may include identity management, incident response management, system administration, network design and security, and hacking methodologies, to name a few. Learning how they dealt with real situations will reveal a lot about their personality, character, and skill set.

Re-examine job postings

Often a job posting is the only thing compelling a candidate to apply for a position. If the job posting is simply a laundry list of skills requirements and degree preferences, it may deter candidates who have those skills but also seek to work for a company that values innovation, creativity, and strategic vision. Read descriptions carefully to determine if they portray the culture of your organization. If a cultural vibe is lacking, it may be time to inject a sense of corporate personality to attract the right candidates.

Provide continuous professional development opportunities

With advances in technology, professionals need to be on top of the latest trends and tools to succeed in their job. That is why it is vital to re-skill and persistently train cybersecurity professionals so they can prepare for anything that comes their way—and you can retain your top talent. Conferences, webinars and certifications are not for everyone—so it is important to find growth opportunities that employees want to pursue for both their personal as well as their professional benefit.

Create a culture of empowerment for retention

CISOs can set expectations early in the hiring process so candidates understand how their specific role impacts the organization. For example, during the interview process, notify candidates of your expectation that they be “students of the industry” such that they are expected to stay on top of security news and happenings.

Gartner advocates for a “people-centric security” approach where stacks of tools are secondary to the powerful human element of security. Additionally, send out quarterly or bi-monthly roundups of the latest cyber security news and events to keep your team abreast of current affairs. Making it as easy as possible for them to be “students of the industry” increases the likelihood that they will remain current on industry developments and engaged in their role.

Invest in Cyber Training to Cultivate Talent

Executives are demonstrating their support for strong info security programs by increasing hiring budgets, supporting the development of info security operation centers (SOCs) and providing CISOs with the resources they need to build strong teams.

With the right talent, you will have a better chance of successfully defeating attackers, staying aware of current threats, and protecting your team, your company—and your job. These strategies will go a long way in preventing future attacks and preparing staff and systems to respond when things go awry. The cyber security staffing shortage is no longer just a cyber security department issue—it’s a global business risk issue.

 

Living Our Mission Blog Series: Building Hyper-Scalable Cyber Training Experiences with Randy Thornton, Enterprise Architect at Circadence

A newly minted Engineering Fellow, Randy Thornton has dedicated his craft to software development for over 30 years. His passion for learning and using new technologies is evident in Circadence’s cyber range platform, Project AresÒ.

Randy joined Circadence in 2005 when the company was selling its WAN Optimization product, MVOÔ. His background in scientific computing software for CAD/CAM, telecom, and seismology have all been brought to bear to transform Project Ares from a mere cool idea that met unique market demands, to now, a full-fidelity, hyper-scalable range training tool for cyber security professionals used worldwide.

Randy and Circadence: Then and Now

In the beginning, there were about four Circadence employees working on the Project Ares prototype, which was eventually adopted by government and military agencies who were looking for better ways to train their cyber operators. Fast forward to today, Randy is leading the Project Ares team to redesign the architecture to scale within Microsoft Azure.  The goal is to provide private sector enterprises the same cutting-edge opportunity to train their cyber teams of any size and location on a gamified range—persistently, authentically, with flexibility and relevant to their specific cyber readiness needs. And Randy has been there through it all!

Today Randy mentors the engineering team at Circadence and helps them identify and collate standards around how the company’s products’ code is written and tested. He also helps identify what technologies to use and evaluates the technical feasibility of using new tech in the products themselves.

“Researching and learning new technology and staying on the cutting-edge is one of the most exciting parts of my job,” said Randy. “I see so much potential for Project Ares…so much promise…and being able to build out complicated networks in the cloud is a welcomed challenge for me.” he added.

Fellow Designation Reflected in Technical Capabilities within Project Ares

Randy’s contributions have been celebrated with a promotion to an Engineering Fellow, a significant career milestone that honors his achievements, expertise, and technical leadership to Project Ares, Circadence, and the cyber security industry as a whole.  The well-deserved recognition clearly stems from the fact that Randy never stops learning! He recently completed his Azure architecture certification exam, which helps him contribute to transitioning Project Ares to run on Microsoft Azure intelligent cloud.

“Project Ares’ ability to scale across regions is even more prevalent now thanks to Microsoft Azure,” said Randy. “The usability, the functionality, and its capability to connect across multiple locations and look like one single installation will be very beneficial to enterprise and government entities looking to scale their cyber training efforts effectively.”

A professional motto that drives Randy’s belief in continuous innovation in Project Ares is “Every time we change code, we should improve it.” It is this technical philosophy that has kept Randy and the Circadence engineering team on their toes and moving at pace to meeting market demands for scalable cyber training experiences.

Evolving Cyber Training to Scale for Customers

Randy’s current project lies in Project Ares.Next, an evolution of Project Ares from an on-premise application to a true cloud native SaaS platform that fully exploits the advantages of the cloud computing model.  Many of the cloud native improvements for Project Ares will be “under the covers”.  But customers will see performance improvements in mission virtual machines and new cyber curriculum will be able to be added to the platform more expeditiously. Project Ares users who want to train their teams from anywhere in the world will be able to do so persistently, without compromising user experience and impacting mission load times, etc.

As Project Ares evolves, we start to adapt to Go and Google standards and Kubernetes standards,” said Randy. “We’ve been working closely with Microsoft engineering teams on how we use the Azure Cloud most effectively and efficiently,” he adds.

The work of Randy and his teams is technical in nature and we greatly appreciate the level of knowledge and expertise they have to ensure Project Ares stays on the cusp of cyber training market demands using the latest technology to automate and augment the cyber workforces of tomorrow. We are grateful for their work to make Project Ares better every day as they use their talents to inform what our customers experience in the platform.

Learn Project Ares, including recent mission and battle room updates!

Photo by Markus Spiske on Unsplash
Photo by John Schnobrich on Unsplash

When cyber security meets machine learning

What happens when cyber security and machine learning work together? The results are pretty positive. Many technologies are leveraging machine learning in cyber security functions nowadays in order to automate and augment their cyber workforce. How? Most recently in training and skill building.

Machine learning helps emulate human cognition (e.g. learning based on experiences and patterns rather than inference) so autonomous agents in a cyber security system for instance, can “teach themselves” how to build models for pattern recognition—while engaging with real human cyber professionals.

Machine learning as a training support system

Machine learning becomes particularly valuable in cyber security training for professionals when it can support human activities like malware detection, incident response, network analysis, and more. One way machine learning shows up is in our gamified cyber learning platform Project Ares, under our AI-advisor “Athena” who generates responses to player’s queries when they get stuck on an activity and/or need hints to progress through a problem.

Athena generates a response from its learning corpus, using machine learning to aggregate and correlate all player conversations it has, while integrating knowledge about each player in the platform to recommend the most efficient path to solving a problem. It’s like modeling the “two heads are better than one” saying, but with a lot more “heads” at play.

Machine learning as an autonomous adversary

Likewise, machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent during professional training—enabling adversaries to disguise their network traffic or on-system behavior to look more typical to evade detection. Machine learning’s ability to continually model and adapt enables the technology to persist undetected for longer (if it is acting as an autonomous agent against a trainee in our platform). This act challenges the trainee in the platform in a good way, so they begin to think like an adversary and understand their response to defensive behavior.

Machine learning supports cyber skills building

Companies like Uber use machine learning to understand the various routes a driver takes to transport people from point A to point B. It uses data collected to recommend the most efficient route to its destination.

It increases the learning potential for professionals looking to hone their cyber skills and competencies using machine learning.

Now imagine that concept applied to cyber training in a way that can both help cyber pros through cyber activities while also activating a trainee’s cognitive functions in ways we previously could not with traditional, off-site courses.

Machine learning abilities can analyze user behavior for both fraud detection and malicious network activity. It can aggregate and enrich data from multiple sources, act as virtual assistants with specialized knowledge, and augment cyber operators’ daily tasks. It’s powerful stuff!

To learn more about machine learning and AI in cyber training, download our white paper “Upskilling Cyber Teams with Artificial Intelligence and Gamified Learning.”

Photo by Startup Stock Photos from Pexels