Virtual Training. PHOTO: Cybercrime Magazine.

Cybersecurity And The Super Bowl: What CISOs Should Know

Next generation cyber range tackles the talent crunch

Eli Kirtman

Northport, N.Y. – Jan. 27, 2021

Despite industry-wide efforts to reduce the skills gap, the 3.5 million unfilled cybersecurity jobs in 2021 will be enough to fill 50 NFL stadiums.

Scrambling to arm understaffed security teams, companies often rely on the face value of a job candidate’s resume to quickly hire “the best that they can get.” However, neglecting to thoroughly assess a candidate’s qualifications and consequently recruiting a “bad hire” could deliver a toll far graver than time and money invested in the hiring process. 

That being said, the ability to assess a candidate’s qualifications has not been feasible, until now.

Syncing Cyber Talent with the Evolving Threatscape

Even the qualifications of seasoned cyber pros — as impressive as their curriculum vitae may be — who are scouting for new roles in the industry can be difficult to assess with current hiring practices.

If businesses want to recruit cybersecurity professionals capable of defending the organization, then HR departments and managers must update their hiring criteria to reflect the actual skills required to perform a job and properly align them with the candidate’s true abilities — not just check antiquated boxes on a requirements list that could disqualify otherwise “qualified” candidates, according to Debbie Gordon, founder and CEO at Cloud Range, a leading full-service cyber range solution.

Cybercrime TV: Next Generation Cyber Range

Training cybersecurity teams for success

Mapping the organization’s specific job descriptions to the tasks, knowledge, and skills of the numerous cyber roles outlined in the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework is a critical first step in the right direction.

“It is imperative to accurately sync hiring criteria with the actual skills needed to perform cybersecurity work on today’s threat landscape,” urges Gordon, who works closely with CISOs, HR departments and SOC team managers to properly align with the NICE framework.

But how do we know if the SOC analyst candidate that’s fresh out of college or the seasoned incident responder has what it takes to actually perform the job effectively?

Gordon likes to use a football analogy: Coaches don’t recruit players based merely on stats and scorecards. That’s not an indicator that they can win the Super Bowl. They evaluate star candidates with performance videos and game film that actually show their abilities.

Likewise, the most effective — and safest — way to ensure cyber-defender candidates are ready for combat the moment they have “eyes on glass” is to test them on the required skills using a simulated environment, rather than jeopardize the organization’s assets and sensitive information during a real-world cyberattack.

“Knowing ‘what’ to do and actually ‘doing it’ are two very different things,” stresses Gordon. “Cybersecurity is the only ‘life-safety’ profession that hasn’t had standard requirements for candidates to test their abilities using simulation before they start defending our lives, businesses, and countries — police do it, firefighters do it, and soldiers do it.”

Now, businesses have the opportunity to incorporate the same standards for hiring their cyber-defenders.

Cloud Range’s FastTrak Candidate Assessments are available for most cybersecurity work roles defined in the NICE Cybersecurity Workforce Framework. Each assessment is administered remotely using Cloud Range’s Next Gen Cyber Range.

This game-changing simulation platform allows job candidates to go through live, simulated cyberattacks that require candidates to demonstrate the specific skills and abilities necessary to successfully perform their future roles in the organization. Dozens of scenarios are available.

“When security candidates are going through these exercises, they’re using industry-leading SOC tools, including SIEM, firewalls, EDR, etc.,” says Gordon. “They’re revealing the critical thinking and the processes necessary to quickly, properly and efficiently detect and respond and remediate cyberattacks.”

Relief for Security Leaders and Job Seekers

Gordon encourages businesses to recognize the gravity of the risks they impose by not properly testing candidates. Given that the indispensable tools to do so did not exist until today, businesses can now be confident that they are hiring the right people to protect the enterprise. Even if someone is not fully skilled, the assessments allow employers to identify opportunities for growth and ongoing skills development. 

Not only do simulation-based assessments provide an objective and measurable evaluation of the candidate’s actual ability to perform the job under pressure, but they also provide a safe and continuous practice environment to keep their skills sharp, ultimately reducing turnover and improving the company’s security posture.

Cloud Range aims to solve one of the greatest challenges the world faces today: the cyber skills shortage. 

“This hasn’t been done before now,” says Gordon. “Enterprise security teams and MSSPs are overcoming the skills gap while ensuring that their teams are truly prepared for cyber combat.”

Game on!

Eli Kirtman is a freelance writer based in Cincinnati, Ohio.

Sponsored by Cloud Range

Cloud Range exists to ensure that our customers and partners build and maintain a successful cyber range and simulation program within their organizations.

Cloud Range Cyber is led by a leading group of security executives and engineers who identified the need for military-grade simulation training for enterprise security teams. By developing a flexible training solution, enterprise security teams and MSSPs can overcome the skills gap while ensuring that their teams are truly prepared for cyber combat.

Our mission is to make simulation training a standard part of cybersecurity certifications and education, no different than other professions that require hands-on skills development before becoming a functioning practitioner. This allows companies to ensure that their security teams have the opportunity to train, practice, and implement security defense techniques in their organizations before they happen.