1

Cyberbit Range for HR, Recruiters and Training ManagersImprove cybersecurity hiring and training with the leading Hyper Realistic Training Platform

2

Challenges in Hiring and Retaining Cybersecurity Teams

Too Few Candidates with Not Enough SkillsCyberbit provides the most widely used cyber range for higher education. Cyberbit Range is the first hyper-realistic cyber simulation Finding the right candidates to work in a security operations center is a perpetual challenge. There simply are not enough candidates on the market to fill open positions in the security operations center (SOC). In the United States alone, close to 30% of all positions in the cybersecurity workforce are unfilled (Cyber Seek, 2019). The lack of available candidates has created a major issue for SOC Managers and CISOs who need to defend their organization from malicious attackers. 74% of cybersecurity professionals feel that their organization has been negatively impacted by the shortage of skilled analysts (ESG/ISSA, 2019).

Of the candidates that are in the market for a new position, many are simply unqualified for the position they would like. They may have the theoretical knowledge, but many are missing the practical skills required to effectively defend against or resolve a cybersecurity incident. 91% of cybersecurity professionals believe their organization is not prepared and vulnerable to a significant cyber-attack (ESG/ISSA, 2019). Gaining the experience required to effectively work in a SOC is quite hard as most cybersecurity professionals will not encounter their first attack until it is already in progress.

Salary InflationIn 2012 a seasoned cybersecurity professional was hired to join one of the United States largest companies as Chief Information Security Officer for $650,000 per year. At the time he was hired, this was one of the most lucrative offers on the market. In 2019, the company had to fill the position again, but this time it cost them $2.5 Million per year, a rise of 284% in seven years (Bloomberg, 2019).

The reason for the rapid growth in salaries is the gap between supply and demand. As attacks have increased and critical incidents have become more public, the demand for cybersecurity professionals has grown and is now the largest gap between demand and proficiency in computer science related fields. It is completely normal that a cybersecurity professional will have several job offers on the table at the same time, leading to an employer bidding war to offer the most competitive salary that further drives up salaries overall.

(Capgemini, 2018)

User Interface Design

Innovation Strategy

Master Data Management

Big DataData ScienceAnalyticsCloud Computing

Cybersecurity Mobile Application Design &

Development

Web Development

68%

43% 42%

51%

39% 38%45% 41% 42% 40% 39%

65% 64% 64% 62% 61%62% 61% 61% 60%

Employee: Demand Employee: Proficiency

Introduction The cyber skill shortage is quickly becoming one of the most serious threats facing the industry and your organization. According to (ISC)2 research, the shortage of cybersecurity professionals is approaching 3,000,000 globally. The demand for cybersecurity talent is far outpacing the supply and the resulting pressure is making it nearly impossible to hire the quantity and quality of cybersecurity professionals you need. One of the most important parts of your cybersecurity strategy should be addressing the emerging skill gap threat. Establishing your own in-house cyber range training and simulation facility will allow you to onboard new SOC team members faster, deliver ongoing advanced scenario training to your entire security team and offer challenging specialty courses in topics like advanced investigation training and forensics. In short, a cyber range can help you hire, train and retain a highly effective professional, cybersecurity team.

3

Assessing Cybersecurity Skills A candidate walks into the meeting room for their first interview. They sit down and tell you all about themselves, their qualifications and their experience. They sound like a perfect candidate and thus breeze through the process with HR and the hiring manager. They even manage to return the test you gave them in record time, and it is completed flawlessly. Yet, when the candidate begins to work in the SOC, they are not nearly as much of a “rockstar” as they had seemed to be during the interview process. Their grasp of theoretical knowledge is strong but the translation to hands-on skills and proficiency in handling a high quantity and wide variety of SOC alerts, exposes the new hire’s weaknesses. Furthermore, the soft skills such as communication with teammates and other departments in the company couldn’t be assessed at all in the written test used in the interview process.

Assessing cybersecurity candidates is difficult and oftentimes ineffective. Coding tests, presentations, and other traditional testing methodologies do not work for cybersecurity. The only proper way to vet a candidate is to observe their performance inside a SOC which is quite difficult to do without hiring and seeing their skills in action. Determining if a candidate has the right combination of technical and soft skills is necessary when trying to hire the right candidate who can and will perform when under the pressures of a real-world critical attack.

Employee ChurnCybersecurity depends on people, not just technology. The people who use and operate cybersecurity tools are critical to keeping the organization’s data and infrastructure safe from malicious attackers. Your SOC team members are both the first and last line of defense against attackers, and they are constantly being poached by other companies promising higher salaries and better work environments.

Recruiters are constantly trying to snatch away your best cybersecurity team members. As many as 18% of cybersecurity professionals not seeking a new job receive calls daily from recruiters, emphasizing how competitive the market is becoming for cybersecurity talent (ISC2, 2018). If an employee decides that he or she is not happy working in your SOC and changes their status on LinkedIn, they will likely start receiving phone calls from recruiters and prospective employers almost immediately.

NeverLess than once a monthMany times a day A couple of times a monthAbout once a day A Few times a week

50%

60%

70%

80%

90%

100%

40%

30%

20%

10%

0% I have no plans to look

for another jobI am open to new

opprtunitiesI am actively pursuing a

new position nowI plan to begin an active

job search within the next 6 months

8%

16%

37%

5%

8%

8%9%

19%

7%

34%

19%13%

31%

31%

31%19%

6%

15%

11%18%

8%

15%

31%

4

Challenges in Assessing and Training Cybersecurity Teams

Assessing for the UnknownThe cybersecurity attack landscape is constantly shifting and changing. As defensive, development, and threat testing tools evolve, so does the sophistication of attacks to adapt to the changing landscape. However, predicting the skillset and knowledge required for your cyber team is a difficult and challenging process. Increasing the stakes, you need to be able to assess the skills of not just an individual but a team and all the dynamics that come with the multiple personalities and work styles of different people.

Training for the UnpredictableCybersecurity is a hands-on profession. One cannot defend against a cyber-attack in theory only; it takes practical skills and know-how with a wide range of tools, types, and parameters. Cybersecurity is increasingly complex as, for the most part, the first time you get to test your skills is in a real-life situation with major consequences for those who cannot rise to the occasion.

How to identify an effective SOC training program:

Will this training be effective in building the technical skills required to deal with the known, unknown and future threats?

Will this training be effective in building the soft skills required to deal with the unpredictable?

How will I assess the effectiveness of my team training? Does this training include an assessment mechanism?

Can I track progress across multiple training sessions?

Can I customize the training to meet the needs of both the team and the individual?

?

?

? ?

?

When assessing a team, you should ask yourself the following questions:

How do they work together? Do they have a specific dynamic that they lean into?

Do they communicate effectively on a day to day basis? Will they continue to communicate effectively in a stressful situation?

Do they respond better to a strong management style or do they prefer to be independent?

Do they possess the technical skills to fix known vulnerabilities?

Do they possess the soft skills to remain calm and continue to work as a team against unknown attacks?

How quickly can they ingest and analyze data?

How quickly can they turn data into action?

What skills are missing or need to be improved?

?

?

?

?

?

?

?

?

Training for the predictable is difficult enough. Adding in the high stakes that come with working in the SOC and the difficulty compounds. Effective assessment leads to effective training in knowledge and skill areas that your team currently lacks which should ensure success when combating known, unknown, and new attacks that will emerge in the future.

5

CyberbitRange Contributes to HR Success

What is a Cyber Range?A Cyber Range is a simulation platform for training information security professionals, assessing incident response skillsets, and screening potential candidates for cybersecurity positions. A cyber range recreates experiences that your cybersecurity team is likely to encounter on the job, including responding to a critical cyberattack, performing a penetration test, or day-to-day security tool operation. Effective cyber ranges deliver a realistic experience, which prepares trainees to deal with real world incidents; reducing the probability of a security breach happening on their watch. In a highly competitive hiring market, a cyber range can help your organization stand out, by offering candidates and team members immersive, hands-on cybersecurity training.

The Cyberbit Range Platform will allow you to:

Assess Cybersecurity Candidates:

Provide detailed visibility and a more accurate assessment of each candidates’ technical skills and ability to perform in the SOC.

Evaluate a candidate’s soft skills in a team exercise to see if they can effectively communicate, perform under pressure, and ingest large amounts of data rapidly.

Onboard & Train SOC Team Members:

Deliver fast, effective onboarding training for new hires and ongoing skills training for experienced analysts.

Create internal certification processes to track analysts progress over time and motivate them to continually strive for better training results.

Retain Existing SOC Team Members:

To reduce churn, keep SOC team members challenged and engaged by providing ongoing training on the most advanced scenarios on your Cyber Range. Use downtime to upskill employees by making Range training activities available online, 24/7 at their workstations via online cyber range portal.

Essential Training ModelsYour cyber range training simulation platform should provide the necessary content and features to train your organization’s entire security team, regardless of skill level or role. It should provide a curriculum that trains in offensive and defensive techniques and be scalable for large or small teams.

Blue TeamSOC and IR team members of any level learn to better detect, prevent and respond to cyber incidents, ensuring that when “the real thing” happens, they are prepared for whatever comes their way.

Red Team

Red team training allows penetration testers, vulnerability assessment and security architects to get the hands-on training they need to perform their roles better and gives IR and SOC teams the tools they need to think like the enemy.

Individual

The training platform should be flexible and scalable enough to cater to even the most tailored needs. Individual training gives professionals the opportunity to customize sessions to strengthen their specific weaknesses and create a personalized training road map.

Capture the Flag Competitions

A Capture the Flag module allows you to add a dimension of gamification and competition to training, keeping exercises exciting and fresh. Moreover, a proper Capture the Flag module can be used for recruiting purposes to create a buzz about employment opportunities at your SOC and drum up interest at hackathons, conferences and academic institutions.

6

Benefits of Training on a Cyber Range

Adding cyber range simulation training capabilities to your security operations allows you to:

Reduce Training Time and Costs: External training is costly both in terms of budget and time. Establishing your own cyber range can cut costs and increase the frequency of training session for the SOC team and all members of the organization.

Onboard New Analysts Faster: The realistic, hands-on experience of a cyber range simulator accelerates the onboarding process for new analysts and gets them ready to start their first shift in the SOC. New analysts will gain valuable experience operating in your network environment, using tools deployed in your SOC. You can be confident they are ready by evaluating their performance in a variety of attack scenarios.

Train on your Enterprise Network: A cyber range should provide an enterprise level network and SOC environment to ensure training is highly effective.

Custom Attack Scenarios: Train on the attack scenarios most important to your organization so you can sleep well at night fully confident your team is ready for the most menacing threats.

Train and Retain Excellent Analysts: Investing in training is your best defense against the cyber skill shortage. Simulation training makes your existing team members more effective and can help reduce churn by providing ongoing challenge and learning that is highly valued by top security analysts.

Improve Hiring Practices

In the world of cybersecurity hiring the right candidate is paramount to the success of your team. Hiring the wrong person can be extremely costly, especially with cyberattacks costing $13 million on average, a 72% increase in the last five years (Accenture, 2019). Using a Cyber Range, candidates can easily be tested across a variety of attack scenarios to see how they would respond in stressful situations. Not only will you be able to accurately determine the level of a candidate’s technical skills, but you will also be able to determine if the candidate has the required soft skills to successfully be a part of your SOC. Using the debriefing platform built into Cyberbit Range, a hiring manager can watch and playback the screen of the candidate to determine if they are taking the right steps, communicating as necessary, and moving as rapidly as required to defend against a specific cyberattack type.

Accelerate Employee OnboardingOn average, it takes three or more months to fill an empty cybersecurity position (ISACA, 2019). However, once a position is filled, it does not mean that the employee is ready to go right out of the gate. Cybersecurity employees must learn the procedures outlined for your company, which may be entirely different from their previous position. They must learn new tools, new response mechanisms, new methodologies, and new response playbooks. Using Cyberbit Range, new employees can be rapidly onboarded to unique company methodologies

and processes by following the outlined procedures in real-life situations. Additionally, they will learn the procedures on the very tools which they will be called upon to use in their day to day job, allowing them to learn the tools, procedures, and playbooks at a more rapid pace.

Using Cyberbit Range to train your team will also help to decrease employee onboarding time. New members of the security team can learn how to work with other members of the team, discover existing team dynamics, and learn who the subject matter expert is for specific attack types. Once an employee has this information, they can more effectively respond to attacks within the current framework and dynamic of your security operations center. This will ensure that a new employee is able to contribute to the cybersecurity team as fast as possible and with minimal friction.

7

Ensure Your SOC Employees Stay Contrary to many opinions, employees care deeply about training opportunities, not just salary. This shouldn’t come as such a surprise. Smart, curious, motivated people want to continue to learn and grow. They also want to feel well prepared to succeed. The idea that cybersecurity starts and ends with the purchase of tools is misguided and dooms a SOC to fail, because it undervalues the importance of the humans operating those tools. According to an ISC2 survey from 2018, cybersecurity employees have strong feelings when it comes to their employers investing in training:

88% rated “Invest in Training and

Certification” as very important75% rated “Trains

employees on cybersecurity” as very important

50% rated “Invests in latest emerging security

technologies” as very important

The Cyberbit Range is the cutting edge of cybersecurity training tools. Not only does the Cyberbit Range prepare employees for professional certifications, it more effectively prepares them for real-world attacks.

Improve Employee DevelopmentA vital part of employee retention is training and professional development. Employees value your investment in their careers and skillset. Cyberbit Range is built to help employees gain new skills, obtain new certifications, and keep up-to-date with technical and soft skills. With a built-in employee progress tracker and LMS integration, Cyberbit Range will ensure that your employees’ professional development is proceeding on schedule and show you where they need to train next. Instructors on the Cyberbit Range should also schedule debriefing sessions with participating employees to ensure that they know exactly where they succeeded or require improvement while participating in a team or individual exercise.

Bridge the Gap Between Knowledge and Skill

There are times when employees have a very strong grasp on the theoretical knowledge of what is going to happen during a cyber-attack. They understand conceptually how a network is built, how attacks penetrate the organization, and how they are executed. However, the same employee may not be able to defend against an attack. They may be lacking practical knowledge as to how to do log investigations, how to isolate an endpoint on a network, and how to use specific software appropriately.

Cyberbit Range helps to create this bridge by ensuring that employees are training on the enterprise network using the same tools they would encounter on a daily basis in the SOC. Attack scenarios show employees not just how an attack will enter the system, but also how it will progress and what steps must be taken to remediate the attack. Theoretical knowledge can easily be translated into practical skill when training on a hyper-realistic platform.

8

Create Tailored Courses for Your Organization

New Analyst Skill Development ProgramsHelp new hires get the skills they need with training programs tailored specifically to their needs. The hands-on experience provided in a Cyber Range setting allows less-experienced analysts to develop their skills in a safe and controlled environment. With custom tracks created specifically with their skill level in mind, you can ensure that they come out with the competencies they need to defeat real-life threats in far less time than traditional methods.

Expert Skill Enhancement Courses

Provide experienced analysts (and other security professionals) with specifically tailored courses that allow them to advance their abilities across any skill set, such as malware forensics, network security, pentesting and IR. Not only do these courses enhance skills, they help seasoned professionals remain engaged in a workplace that can become otherwise monotonous.

Team and Individual Training Courses

A truly customizable platform is one that’s entirely scalable. A cyber range must be suitable for training large teams together as a unit or even one professional at a time using hyper realistic scenarios.

Certification Courses

Due to the cyber skill shortage, every SOC manager is facing an enormous challenge to hire and train enough qualified analysts. When a new analyst is hired they must go through an onboarding process in which they learn everything about the enterprise SOC, its architecture, traffic, security tools and procedures. Develop customized SOC Analyst Onboarding Certification that is tailored to your SOC and gets new hires up to speed quickly and efficiently. A cyber range can also be used to administer a final ‘check out’ exam before the new analyst is assigned their first shift in the SOC. You can also offer special advanced courses for more experienced professionals in topics like security incident investigation and forensics.

Building and Testing Soft SkillsImperative in the success of a SOC is the ability of the team to communicate effectively, rapidly ingest large amounts of data, and perform under pressure whilst under a critical attack. Unfortunately, it is extremely hard to predict how a team will react to critical attacks and if they will perform to their highest potential. Using the Cyberbit Range, employees are placed into a hyper realistic environment thus allowing managers, instructors, and executives to see exactly how they will perform when faced with the realities of a real-world attack.

Employees who train on the Cyberbit Range are exposed to attacks that directly affect their soft skills. By complicating attacks with benign traffic, log deletion, and other factors you will be able to see how employees perform when faced with a scenario that they are not familiar with. These soft skills will ultimately determine how your SOC team will perform and if they are truly prepared beyond raw technical skills for the realities of a real-world attack.

Aligned with the NICE Cybersecurity FrameworkCyberbit Range is completely mapped and aligned to the NICE Cybersecurity Workforce Framework. The alignment ensures that you’re SOC team members are aligned to industry standards and best practices in terms of their education and employment training. The NICE Cybersecurity Workforce Framework ensures that all employees who are working in cyber security speak a common language and are aligned when it comes to titles and job roles. The Cyberbit Range library of attack scenarios can be searched by job role with scenarios being assigned to specific employees trying to earn a specific job role, attain specific skills, or advanced specific gaps in knowledge.

What to Look for in a Cybersecurity Candidate

Passion for Continuous Learning

Persistence and Determination

Curiosity and Perceptiveness

Strong Analytical Instincts

Well Rounded Skillset

Strong Communication Skills

Attention to Detail

Think Like a Blackhat

Ability to Perform Under Pressure

Strong Memory Skills

Cyberbit is the world-leading provider of cyber ranges for cybersecurity training and simulation and is the first company to provide a consolidated detection and response platform that includes: security orchestration, automation and response (SOAR), OT security, and endpoint detection and response (EDR). This unique portfolio enables

detection and response across the organization’s entire IT and OT attack surface. Since founded in mid-2015 Cyberbit’s products have been rapidly adopted by enterprises, governments, higher education institutions and MSSPs. Cyberbit was founded in 2015 and has offices in the US, Europe, and Asia.

ABOUT CYBERBIT™

sales@cyberbit.com | www.cyberbit.com

Cyberbit Proprietary All rights reserved | Copyright 2019 © CYBERBIT