Evolving Cyber Threats Require Evolving Training

Frank Downs

Frank Downs, Senior Manager, Cyber/Information Security, ISACA

Today’s cyber security professional is an amalgamation of haphazard professional experience, rapid-fire bootcamps, and smatterings of dynamically defined academic programs. 

This has created a vibrant field, full of individuals with creative takes on issues and unconventional approaches to problems that are difficult to predict. However, as the field matures and the online attackers ratchet up their skill sets, the traditional solution becomes less effective.

This isn’t to say that professional experience isn’t helpful. In fact, the adage “there’s no substitute for experience” rings truer now than ever before. Yet, the training mechanisms through which cyber security professionals sharpen their skills must also evolve to match the new nefarious foes and develop a more robust cyber security workforce.

What is needed in cyber security training isn’t a stodgy textbook full of outdated references to Stuxnet and Conficker, nor a five-day firehose learning experience, which pummels students with information before wishing them luck on their sedately static question and answer exam. Instead, today’s cyber security field requires an always updating, perpetually relevant laboratory and assessment environment that offers students a chance to learn what today’s threats are and how to defeat them.

It is important to understand that there will always be a place for certifications and formal education in the realm of cybersecurity. However, MORE is required – specifically, a shot to the arm full of vitamins I, P, D, Rp and Rv. Readers might know these vitamins as Identify, Protect, Detect, Respond, and Recover –the five pillars of cyber security, as identified in the globally recognized NIST Cybersecurity Framework.

Students need a place where they can learn lessons from those who have gone before them in an interactive, real-time environment where it is okay if they fail. This environment should include labs made from events that occurred within the same year, or even better, within the same quarter. This environment should also allow students to receive their grades and continuing education units immediately upon completion of their labs.

ISACA has taken the first step toward this future of cyber security training with the Cybersecurity Nexus™ (CSX) Training Platform. The platform allows learners to create an account and take live labs anytime, anywhere, requiring only an Internet connection and a browser. Every lab is up-to-date, developed with leading industry partners in the field, to ensure that each lab is relevant to every practitioner.  Currently, the platform has more than 100 hours of content, including labs, courses and a virtual bootcamp.

These are modern scenarios brought to life from requirements generated by current threats in network operations centers and security operations centers around the world. Each lab is a live network with live systems – nothing is emulated. Every set of labs, refreshed each quarter, is performance-based and graded on the spot, with students receiving a grade immediately upon completion. Training leads are presented with holistic views and metrics to determine student skill sets and measure improvement.

Students also are provided with an overall view of their performance, with the ability to generate PDF transcripts to provide to all certifying organizations. Finally, the CSX Training Platform presents a one-of-a-kind cyber security assessment capability for enterprises and organizations to ascertain the skills of potential hires and internal personnel, allowing managers to make better informed decisions about how to structure their teams.

All of this is a key step in moving cyber security training forward. By providing real-world training in a dynamic platform, ISACA is addressing the urgent training needs of cyber security professionals and their enterprises head-

Original blog sourced from ISACA Now Blog  https://www.isaca.org/Knowledge-Center/Blog/default.aspx

Tags: ISACA, Stuxnet, NIST

Show Comments