Podcast 🎧 & blog: Tailoring cybersecurity trainings to threats, needs, and skills

11.10.2023 | Federico Plantera

October is cybersecurity month. Not that in the rest of the year we are not supposed to place the same attention to safeguarding our digital spaces – that needs to be constant, ever-present. But moments like this do help us highlight, and stress once more, the importance of cybersecurity as a cross-cutting component of digital development actions and strategies.

In this podcast episode, we do so by focusing on cybersecurity trainings – why do we need them, differences in skills and audiences, the salience of simulating real-life scenarios. With Merle Maigre, Director of the Cybersecurity at e-Governance Academy, and Aare Reintam, Chief Operating Officer of CybExer Technologies.

The necessity of cybersecurity trainings

The significance of cybersecurity trainings can’t be stressed enough. As, however, the necessity to tailor them to a variety of audiences – as many as the sensitive groups and targets there could be in a digital society.

As Reintam highlights, indeed, the skill levels of various training audiences vary significantly. One-size-fits-all training doesn’t suffice, which emphasizes the importance of understanding the specific needs and capacities of different sectors, from the military to the private and public sectors.

It is normal to find disparities between civil and military training audiences. Starting from distinct team structures and hierarchies within these sectors, with the military boasting a well-organized setup. The civilian sector, on the other hand, tends to be more innovative and resourceful due to easier access to internet provider resources.

But in light of such differences, there is much potential for cross-pollination, so to say – where the strengths of both sectors can be harnessed for comprehensive cybersecurity training. Exactly as these activities have shown in the countries such as Moldova, Ukraine, Albania, Montenegro and Georgia where the e-Governance Academy has carried out – and keeps doing with the support of the European Union.

Real-life scenarios, simulated, to enhance readiness

An example of such tailored approach to training is Cyber Range-based practices. Cyber Range exercises are simulated environments capable of emulating real-world scenarios, for both offensive and defensive cybersecurity training. This controlled environment allows participants to experience and respond to simulated cyberattacks in a safe yet realistic setting.

This is the crucial aspects of a Cyber Range, and of effective cybersecurity training beyond the textbooks: it provides hands-on experience and offers real-time feedback on participants’ reactions.

In traditional training, participants learn passively, while Cyber Range exercises offer a collaborative, real-world experience. This difference in approach is crucial for putting participants out of their comfort zones, enabling them to identify and rectify communication and coordination issues within their teams.

Healthy competition as a tool, in Cyber Range exercises

Reintam paints a picture of what it means, in practice, across the various roles and team dynamics within Cyber Range-based exercises. Differently coloured teams take part in the activities, identified with blue, red, white, and green, each with distinct responsibilities.

  • Blue Teams
    These are the defenders, responsible for protecting systems and responding to attacks.
  • Red Teams
    The attackers, they launch simulated attacks to challenge the blue teams.
  • Green Teams
    They create the cyber environment, build simulations, and support the exercise’s logistics.
  • White Teams
    The organizers, who set objectives, measure performance, and provide instant feedback.

Competition in these exercises isn’t about declaring a winner or loser. Instead, it is a mechanism to measure and compare participants’ performance. It encourages teams to improve by providing benchmarks and valuable feedback. As Reintam points out, the objective is not competition but rather collaboration, as teams working together can push each other to achieve better results.

Gaining insight and putting it to good use

But no effective exercise can do without a fitting scoring system. In Cyber Range-based exercises, participants are scored based on various categories, including system availability during attacks, detection capabilities, speed of response, and the quality of situation reports. The goal is to provide an objective assessment of the participants’ performance and offer guidance for improvement.

Visualizing the scoring for participants and observers, in the moment of evaluation, always proves to be crucial. It allows for quick understanding and feedback. It enables teams to see where they stand in comparison to others, and helps them focus on specific areas that require improvement.

Something to treasure even more so, when reporting to higher-level management about cyber incidents. Conveying complex technical incidents effectively is vital, as it enables timely decision-making, enhances public trust, and prepares organizations for potential fallout from cyberattacks.

Practical and hands-on experience in simulated environments can increase the overall readiness of organizations in the face of an evolving cyber threats landscape. Collaboration and constant improvement are put to test, while scoring, visualization, and effective reporting allow a variety of audiences to actually provide and gain insight into what cybersecurity means. Both in military and civil contexts, as it matters to digital societies in the entirety of their contexts and functions.