When we think of soldiers we typically conjure an image of dedicated, well-trained and battle-tested young men and women who bravely do the elite work of defending their nations. 15 years ago, I aspired to become one such defender and enlisted in an elite combat unit without having any idea what I had gotten myself into.
We underwent 12 months of grueling training; boot camp, advanced training, and additional specialty combat training. Each day was worse than the last. It was the most physically demanding and emotionally draining experience of my life. But when we finally completed the course and were sent into combat, I quickly understood and appreciated why our training had been so challenging and extensive.
The more difficult the training the better off you are when facing real combat situations. Pushing soldiers to their mental and physical limits, and beyond, repeatedly, is the only way to truly prepare them for what’s ahead. Each of us learned what we were capable of as individuals and as a team. I think every soldier who has ever been in combat will agree with me that they wouldn’t want to set foot on a battlefield with anything less than the excruciating training programs all elite combat units go through.
So why doesn’t a cyberdefender go through similar training?
Every Seat in the SOC Must be Filled by an Experienced Cyberdefender
Infantry soldiers like us are not going to be the front-line fighters in the next wars. The next wars will be fought and won, by our cyberdefenders from seats inside a security operations center (SOC). Just like infantry soldiers, they must be ready for battle. Today, most or all training a cyberdefender gets will be in a traditional classroom with tabletop exercises and multiple-choice exams. They will be asked to familiarize themselves with incident response playbooks, but most will never get a chance to put those playbooks into action and experience what it’s really like to face down formidable cyber combatants attacking a real network. Every CISSP knows what a ransomware attack is, but do they know how to protect against one? Do they have any experience operating under the immense pressure, confusion and complexity of a real attack?
The answer is too often ‘no’ and this must change.
How to Prepare a Cyberdefender for Battle
The idea of ‘on-the-job’ training for cyberdefenders is unacceptable. It is reckless to put inexperienced people into the SOC and hope that when the big one hits they will magically remember everything they learned in the classroom, make excellent decisions and execute a perfect response. The new wave of cyberdefenders needs to gain as much real experience as possible in the training stage. We can learn from the military’s vast experience preparing soldiers and pilots for battle to develop training programs that will give cyberdefenders the same intense, realistic preparation. The use of simulation platforms can give trainees the experience they need to operate in complex, high-pressure situations and allow them to experience a wide variety of attack scenarios so they will be ready for anything. Only when a new cyberdefender has successfully operated numerous ransomware, DDoS, data leak, etc. attacks can they be considered ready to join the SOC team. A new cyberdefender should have so much simulation experience that by the time they face the real deal, they will make it look easy.
Ongoing Cyberdefender Training Regimen
Training doesn’t stop after graduation. It remains a continuous part of every soldier’s routine throughout their career. Every few months, my team was pulled off the line for a few days of rest followed by a few weeks of training. The training was not like anything we had ever been through before. Different officers, from other units, would be brought in to challenge us with new combat scenarios and teach us new tactics. This allowed us to learn from other units’ experience and keep us on our toes. The same approach needs to be taken with the cyberdefenders. All cyberdefenders must have regularly scheduled training as an integral part of their workload. The cybersecurity training scenarios need to be refreshed from training to training and include all of the latest emerging threats. The attackers are constantly finding new vulnerabilities, we need to constantly practice new ways to defend.
Don’t Be an Easy Target
We know sophisticated, aggressive hackers are constantly working on finding and exploiting new vulnerabilities. We need to be working that much harder on the defenses. The hackers will never give up, but if your organization mounts a formidable defense, they may choose and easier victim. Sometimes being harder to hack then the next guy, is all you need to keep your environment safe. Be the team that is more prepared and assure that your cybersecurity team are elite cyberdefenders, ready for the battles ahead.
Sam Friedman is a Cybersecurity Expert and Regional Director at Cyberbit.