Why a real-world environment is critical to improving cyber training

Why a real-world environment is critical to improving cyber training
By Aron Hubbard and Ron Arnold
Jun 5, 2019

Beyond red team, blue team—improving cyber training means placing live malware in the hands of your workforce to ensure readiness.

Cyber threats continue to grow at an incredible speed. Hostile actors develop or evolve malware and find new exploits into systems, networks, and sensitive data every day, making effective training mission critical.

To protect information systems, public and private institutions need full-spectrum, advanced cyber training mapped to the Department of Defense and U.S. Cyber Command roles and objectives. If your program fails to meet these criteria, your cyber workforce may not be ready to face rapidly-advancing threats.

Traditional cyber training programs or curriculums are often too broad, leaving the trainee with knowledge they may never apply. Modern cyber warriors need specialized, role-specific, training. This is why cyber professionals need hands-on, real-world exercises and scenarios designed for their duties.

Trainees who can apply the information to an actual event will act with confidence and competence when future situations occur. It is not enough to convey the “how” and “know” parts of learning—workers need to grasp the “do” aspect of cyber. Thus, innovative and immersive curriculum is the only way to adequately prepare staff for future cyber attacks.

In creating an internal cyber training capability for a client, ICF experts developed the following key insights for improving cyber training platforms.

Include real-world cyber job functions

Theoretical education cannot offer the same impact as practical execution. People need to learn how to conduct actual cyber functions. When tools and techniques are taught from a high-level, trainees lose out on the value of hands-on experience. Organizations should implement flexible programs that adapt to specialized cyber roles, allowing staff members to step directly into scenarios that they may encounter in their position.

End-to-end exercises should include filing detailed technical reports, identifying and isolating infected and compromised hosts, performing forensics, and defending and hardening network infrastructure. Team exercises should be broken into roles with specific, relevant objectives.

Evaluate and track progress

Employees enter training with a wide variety of skill sets and comfort-levels with technology. Before enrolling an individual in a program, you must assess their current capabilities—allowing you to place them appropriately in an adaptive learning program. Once a trainee enters the environment and starts the curriculum, it’s important to track their performance using a rubric with metrics and intermediate objectives designed to identify readiness and any gaps in skills or methodologies. This data will help you guide team members through new or evolving mission needs.

Ensure a realistic training environment

If the cyber training environment does not incorporate sufficient realism, the trainee will be unprepared for the mission and role. In our experience interviewing, hiring, and training thousands of candidates for cyber roles, the least prepared lack experience. Cyber warriors require an environment that accurately reflects real-world engagement to succeed.

Use live malware

The simulated nature of other training platforms employ artificial attacks and unrealistic exercises, which do not create the experience trainees need to develop true analytical abilities—they can often be easily identified and remediated. With live malware and exploits, defenders are facing an actual adversary and must perform essential duties in order to mitigate or remediate. This approach also provides forensic evidence to be gathered.

The program developed by ICF allows in-the-wild malware, advanced persistent threat binaries, and zero-day exploits to be executed in a non-sandboxed environment—functioning as they would in any live infection or compromise.

Develop a tailored program for your organization

Effective training is imperative to mission success. Yet, there are so many cyber curriculums offered that it becomes difficult to choose the correct path for your organization. The significant investment in time and money to prepare cyber warriors must be focused on the right goals to obtain or maintain readiness.

A one-size-fits-all approach does not suffice in cyber—you need a partner that understands the unique job functions, threat models, missions, and requirements of your operation to tailor training for your organization’s specific needs.

Meet the authors
  1. Aron Hubbard, Senior Director, Cyber Operations
  2. Ron Arnold, Lead Analyst, Cybersecurity

Subscribe to get our latest insights