Symantec buys training firm to boost VR answer to skills shortage

Symantec has acquired two training firms to accelerate its virtual-reality platform that lets employees see the world through a hacker’s lens.

A week after selling Veritas, Symantec has acquired two related security firms — Blackfin Security and its hacker training unit Hacker Academy — to help it engage with enterprise customers that are feeling the pinch of the security skills deficit.

Blackfin Security provides phishing simulation and user awareness training, while delivering technical security training through Hacker Academy. Meanwhile, its ThreatForge platform provides training, skills assessments and simulation to IT and security pros.

Symantec said Blackfin Security will help it accelerate its gamification-led training efforts under “security simulation services”, which it uses to help customers become “cyber battle” ready and sharpen their incident response times following a breach. Symantec’s “virtual, live-fire environment” attempts to challenge players’ problem-solving skills as they familiarise themselves with the motives, tactics and tools of hacktivist, criminal, and nation state attackers.

Symantec hasn’t disclosed the value of the acquisitions, but Samir Kapuria, vice president and general manager of Symantec’s Cyber Security Services, said Blackfin will help it develop its virtual reality cyber programs to address the global shortage in security professionals.

“By expanding the Symantec team with Blackfin’s security talent and technical expertise, including their industry recognized Hacker Academy, we are positioned to advance the industry with new, forward-looking virtual-reality cyber programs focused on bridging the cyber skills gap for companies and countries,” he said.

As Kapuria explained, Symantec has taken a leaf from other high-risk industries like medicine and aviation, which have developed immersive learning through simulation to improve safety.

“By applying that same approach to cybersecurity,organizations will gain the advantage of having security practitioners ready to face a broad array of attacks, attackers, and operational security scenarios that exist in the wild. Otherwise, the current gap of cyber readiness ultimately increases incident response time and business impact for an organization when they are actively attacked,” he said.

“Fewer than two-thirds of organizations believe they have the staff or skillset necessary to address today’s growing cybersecurity challenges. Enterprises, universities, war colleges, government and industry leaders all need an ecosystem to build their security IQ and grow the cyber talent pool,” Kapuria added.

Symantec flagged the launch of its managed simulation training services and managed incident response services in Australia last year alongside a $12 million investment in new office space in Sydney.

As for the skills shortage that Symantec hopes will draw in customers, numerous studies have shown there has been a sustained shortfall of security professionals over the past five years, which has shown up in rising wages and governments being unable to fill growing cyber security programs.

Cisco has estimated there are one million security jobs vacancies worldwide. In Australia, the issue is expected to be canvassed in the Prime Minister and Cabinet’s now long overdue Cyber Security Review.

Symantec isn’t the first to look at gamification for security training. Salesforce last year reported some success in helping staff cut down on clicking phishing links and boosting reports of phishing email after it gamified security awareness training.

As Ira Winkler, president of Secure Mentem, explained, gamifying security awareness training usually means awarding points to employees who display good behaviours such as reporting things like phishing emails, social engineering attacks, or USB sticks found on the ground.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list. 

Get newsletters, updates, events and more right here