Cyber Ranges – Developing Cyber Team Readiness for Global System Integrators

Global System Integrators (GSIs) and consulting firms manage large-scale teams as part of their cyber security practice. The teams provide managed security services to their clients, in an MSSP model. Services may include managed incident response, managed SOCs, and more.

Consulting firms and GSIs must keep their MSSP teams at peak performance. The teams must be up to date with the most recent threats, knowledgeable about leading cloud and on-prem infrastructure and security tools, and work flawlessly as a team.

This is critical for GSIs and consultancies for the following reasons:

1. Brand Reputation – GSIs must train their MSSP teams continuously to provide optimal SOC and IR services to their clients and maintain a positive brand reputation.
2. Competitive Positioning and Differentiation – GSIs that employ skillful MSSP teams have an advantage over their competitors. In addition, training SOC and IR teams in a specific field (i.e., cloud security) differentiates them from their competitors.
3. Customer Retention – Providing top-notch SOC and IR services improves client satisfaction and is proven to reduce client churn.
4. Complying with SLA – Maintaining the readiness level of MSSP teams is crucial for compliance with service level agreements (SLA). For example, inefficient or slow IR teams may violate SLA terms, resulting in fines and lost revenue.

However, keeping large-scale incident response teams can prove to be challenging for various reasons:

1. Hiring – Hiring cybersecurity employees on a large scale is highly challenging for GSIs who don’t conduct a proper screening process.
2. Assessing and measuring capabilities – Measuring the skills of hundreds of cybersecurity employees can be difficult if not done in an objective, automated and well-organized manner.
3. Ramp up and onboarding – Onboarding processes can be lengthy especially when it comes to upskilling new hires in large-scale incident response teams.
4. Staying up to date – Large-scale MSSP teams are not necessarily up to date with the latest threats and techniques which could prove harmful when dealing with multiple cyber-attacks that affect several clients.

Cyberbit collaborates with all leading global GSIs and consulting firms to manage readiness programs for their cybersecurity practices. This post will showcase an example of a GSI program in which Cyberbit helped a customer meet the skill development needs of its managed SOC team by means of a cyber range driven program. This model can be used or replicated for other large-scale teams.

The customer is a leading Fortune 500 global professional services company and one of the leading providers of managed security operations center (SOC) services. As such, the company employs one of the largest managed SOC teams in the world.

The Challenges

As its managed SOC team grew, the customer realized that it must change its approach to skill development and create a new program that would ensure the team reaches optimal performance in minimal time and maintains it continuously. The customer was interested in forming an elite incident response team that meets the demands of its MSSP customers. The new program was required to accommodate an incident response workforce of over 1000 employees, with more detailed training levels beyond the traditional Tier 1, 2, and 3 hierarchy.

Cyberbit’s Solution

To overcome these challenges, the company looked for a full-spectrum cybersecurity skill development solution that would provide foundational knowledge in theory, security tools, and attacker tactics and allow its new and existing cybersecurity employees to practice in realistic environments, including live-fire attack simulations. The solution had to accommodate the scale, diverse experience levels, onboarding, and upskilling needs of an organization with a cybersecurity staff numbering over one thousand. Furthermore, they were looking for a partner to help them design and run the program.

The company chose Cyberbit’s cloud-based, on-demand cyber skill development platform as their preferred solution. With the assistance of Cyberbit’s Customer Success Team, experienced in developing large-scale cybersecurity skill development programs, the companies designed a new program which ensures that the new targets were met. This included creating courses customized for varying levels of experience, specific incident response team roles, scalability, and an improved more effective, and faster onboarding process. Cyberbit and the customer leveraged the following Cyberbit platform capabilities:

• Live-fire exercises (LFEs) for providing hands-on experience in a hyper-realistic environment with real-world cyberattacks. LFEs allow trainees to develop their skills in a safe and controlled environment, while also gaining experience in responding to real-world threats.
• Hands-on labs in a live, virtual environment for building multiple foundational skills. The hands-on labs give trainees a deep understanding of the concepts and techniques they will need to be effective in their roles.
• Theoretical learning modules to establish and fortify a strong foundation in cyber theory. These included video and text-based learning modules which develop a comprehensive understanding of the cyber threat landscape and the tools and techniques used by attackers.
• Assessment labs to evaluate skills and assess performance according to roles, MITRE ATT&CK tactics, and techniques. The assessment labs allow managers to screen and benchmark new hires and determine the course levels appropriate to their experience levels.

With the support of the Cyberbit team, the following courses were defined:

Outcomes of Cyberbit’s Integration into The Program

With the Cyberbit skill development platform integrated into its cybersecurity training program, the company was able to meet and exceed its goals and today, the Cyberbit platform is integrated into the company’s internal cyber academy, for workforce-related training and industry certifications.

Looking Back at The Process

The main considerations for the customer were scaling their cyber skill development program to meet the needs of its expanding cybersecurity workforce for its managed SOC services and accommodating the wide range of experience levels among its cybersecurity staff.

Cyberbit was able to overcome these challenges by customizing the skill development program courses to provide full-spectrum skill development from novice to expert. The SOC Foundation course, an intense preparatory course for novices, overcame the dual challenge of upskilling new hires and lengthy onboarding by preparing them for their roles on a SOC team as Tier- 1 analysts in only two weeks.

Trainees were immersed in a hyper-realistic environment on the Cyberbit cyber range, which included a virtual SOC, commercial security tools, enterprise grade networks, and live-fire, real-world cyber-attack scenarios.

To scale the program, Cyberbit worked with the customer to build a comprehensive quarterly agenda supported by a substantial amount of cyber range instructors. Combined with a highly scalable platform which supports a large number of concurrent courses and exercises, the customer was able to rapidly upskill a team of over 1000.

By meeting its cybersecurity skill development needs, the customer was able to maintain its position as a leading managed SOC service, obtain an advantage over its competitors, and deliver its team a set of specialty skills such as cloud security that differentiated its MSSP offering, reduced client churn, and avoided SLA violations.

Experience the Cyberbit Approach to Skill Development with a Demo.