Is cyber training all the same old? Shift your perspective and get stuck in

We all know that sitting in front of a 50-slide PowerPoint under the guise of security training is ineffective. There’s no sugar coating it. When I was at university, it was full of equations on a blackboard – essentially an analogue PowerPoint deck. It was no fun at all and shows how methods of training haven’t evolved in the slightest.

When you teach adults, it’s very different than how you work with children or younger learners. The more experiential the learning, the better. As an ex-lecturer, this is something I was, and still am, passionate about. Getting your cyber smarts only from books or presentations just isn’t going to cut it anymore – the only way we can get ahead of the cyber criminals is to get into their heads; learn how they act, how they think, discover their methods and motivations. You can only achieve this by doing and changing your way of thinking.

Shall we play a game?

Hands-on training provides both budding and existing cyber security professionals with an opportunity to practice the skills they need in a simulated environment. This type of training allows them to gain experience in real-life scenarios without putting an organisation at risk. They can test their skills, see what works and what doesn’t, and learn from their mistakes. This experience is invaluable when it comes to dealing with actual cyber threats. One way that we’re helping both secure Nominet and keep abreast of new attack vectors and criminal behaviour is a relatively new concept known as purple teaming.

In a purple team exercise, the red team consists of offensive security experts who try to compromise an organisation’s cyber security measures. The red team attacks, and the blue team defends and blocks. In this exercise, two teams of highly skilled cyber security professionals compete against one another, with a crucial feedback loop between the two.

It’s been fantastic for us. Not just for securing the organisation but building the skills of our people. It introduces the concept of new or emerging threats, and gathering intelligence around what cyber criminals are doing, and what tools, techniques and processes they follow. This exposes those types of adversarial ideas and mindsets to my team. When we build a series of simulated attacks, you’re able to identify and understand the problem and what you need to do to detect it, mitigate it, and ensure that we’ve got the correct processes, logs and analytics in place, and everything needed to defend the business.

Getting hands-on experience in this way empowers security teams to be more aware of the wider attack landscape, develop new skills and ways of thinking, and flex their analytical muscles. It’s not just about the tech, it’s also about how we, as defenders, think like the attacker to have the best form of defence.

The importance of this cannot be overstated. Cyber criminals are getting smarter and more advanced in their tactics, and they are constantly coming up with new ways to infiltrate our systems. To combat this, we need to be able to anticipate their moves and think like them. This is not an easy task, but it is necessary if we want to protect our sensitive information and systems.

Get cognitive with it

DevSecOps is one of the most sought-after set of security skills currently and to get ahead we, as a security community, must upskill. It’s incredibly hard to find these people as you must have the holy trinity of technical experience for the role – development, security, and operations.

One way I’m looking to grow these skills within my teams is focusing on detection engineering with hands-on learning. For instance, tracking the entire life cycle of an alert from the detection centre through to the action we take to resolve it. The whole process of detection engineering goes hand-in-hand with the developing the skills in security operations. We’re also funding our team to go into immersive education. But the next level, again, is not just understanding how to do the engineering – it’s about viewing the problem like an attacker and thinking freely.

For instance, if you’re on a computer system, you might think to attack this computer. But who is operating it? Is it Kelly in finance, Sohail in marketing, Emma in IT? Therefore, how do you attack the human, and how do you attack the process around the human? The end goal is to always approach things in this way.

While I feel that training on DevSecOps is an important feather in any organisation’s cap, the skills of the future are no longer necessarily about being just technically proficient. It’s about being cognitively proficient too.

Apply yourself

Security courses or training should no longer just be about sitting in front of a presentation or reading pages and pages of technical content. Granted, a lot of courses still feature this, but they are more about the application of this knowledge and how to approach the problem, rather than just being taught how to use a box. This is evidenced by a lot of the learning materials that surround specific security training.

While theoretical knowledge is crucial, hands-on training is essential. It provides us with practical experience, builds essential soft skills, keeps us all up to date with the latest developments in the field, and helps build confidence. And by getting inside the mind of a cybercriminal, simulating cyberattacks, and staying vigilant, we can stay one step ahead of the hackers and ensure that our information remains secure. Especially as you become more senior in this industry, it is the application of knowledge that becomes more important – rather than just being trained how to do something.

To train our workforce to get ahead of the bad guys, we all have to muck in and think like the baddies.

Leave a Reply

Your email address will not be published. Required fields are marked *