State government organizations (and the departments within) have a lot to focus on. From public health and safety to transportation to education and the environment, state government departments own and process a lot of data, making each division particularly vulnerable to cyber-attacks. This poses a significant risk since the primary role of state government is to support its citizens through these varying departmental services. With so much sensitive data housed in each department within each state government organization, threats like ransomware and phishing are on the rise since hackers know how to manipulate and exploit state government networks, some of which can be running on legacy systems or managed without all the resources desired to do so effectively. Ensuring state government departments and the cyber professionals employed there have the skills they need to protect all this data requires these organizations to assess its cyber readiness—and it can start with better cyber training.

Training can help cyber professionals in state government grow in knowledge and skill to identify their own gaps and areas to improve in cybersecurity practices. In the grand scheme of things, the better they are at their individual jobs, the better they’re able to protect networks from threats, and the stronger the cyber posture for the department/organization.

Cyber Training Funding Challenges for State Governments

Unfortunately, cyber training is often the red-headed step child of state government investments—a small, albeit non-existent, line item. For states with smaller populations that may have less budget than more populous states, one can understand how some state governments remain at great cyber risk when they don’t have the funding or federal/executive level support needed to harden departmental data. But it’s not just a matter of population when it comes to funding for cyber training for state governments. Recent challenges of pandemic precautions, social unrest, budget cuts, and the upcoming election all contribute to uncertainty for state government’s ability to stay safe and secure, according to an article from Dark Reading . It notes “The combination of reduced tax revenues and the additional costs caused by the pandemic could strain budgets for typical cost centers such as cybersecurity,” so it’s an unfortunate reality that ransomware cybercrime is on the rise since attackers know state governments are not always well-funded.

Other Cyber-Related Challenges for State Government Organizations

• Sustaining employee’s knowledge of technology applications increases breach propensity if solutions are not proactively maintained
• Variability in procurement processes inhibit standardization of cyber training solutions
• Individual systems that house data create inconsistencies in security management
• Weighing shifts to either public or private cloud operations against data security requirements

What to Consider in a Cyber Training Solution for State Governments

So what can CIOs, CISOs, and department leaders do to ensure their data is protected optimally with strong and skilled frontline cyber defenders?

While cyber training may not be a high priority budget item in the grand scheme of investments to make, it’s certainly more cost-effective than experiencing the monetary damages of a breach or ransomware attack.

We encourage state government cyber leaders to explore alternative training options that are:

• More than one-time use (preferably browser-based/online so training is continuous)
• Engaging for trainees (so skills retention is high)
• Authentic and realistic (real virtual machines helps training ‘feel’ real)
• Metrics-driven (leaders should be able to assess gaps in training performance)
• Scalable (so individuals and teams can train together or separately at any time)

Project Ares cyber range training for state government cyber professionals

Project Ares cyber training platform checks these boxes and much more.

Two examples of relevant, engaging cyber training activities pertinent to state government threat scenarios include:

• Operation Water Flash which teaches cyber professionals how to mitigate an attack on an ICS/SCADA system that’s impacting a water treatment plant. For departments like Public Works or Water Utilities in state government organizations, training to combat a threat doesn’t get more ‘real’ than this. And for professionals who don’t secure water treatment facilities the training still resonates because they get a sense of how to defend an attack on a control system, likely not unlike whatever they may be dealing with in their real positions. AND they can use real cyber tools, just like what they use in real defense.

• Operation Crimson Wolf teaches cyber professionals how to use network monitoring tools to stop and remove malicious actor artifacts (in this case, from a hospital’s patient records). For departments in Public Health and Safety or any professional securing citizen records, this scenario training can be particularly valuable.

The platform is structured into three main learning tiers:

1. Build fundamental knowledge of cybersecurity concepts and theory with learning games
2. Use tools, deploy tactics, and hone procedures in foundational exercises called Battle Rooms
3. Culminate knowledge and skills in specialized scenarios called Missions

The platform is offered as a subscription-based model for cyber teams in departments. 

There’s never been a more critical time than now to revisit the positive effects that good cyber training can have on state government entities and the departments within. The threats and risks are not going away, nor are the attacks slowing. It’s time to invest in immersive, hands-on cyber training so state government cyber professionals can protect citizen data – and state governments can get back to serving its citizens in the best ways they can.

Photo credit: sebastien cordat  on Unsplash

National Cybersecurity Awareness Month (NCAM) in October reminds us of the importance of being safer online, in both our professional and personal lives. Easier said than done, eh? Who’s to say the majority of us even know what makes us “safer” online, or for that matter what makes us vulnerable or should raise a red flag?

It all starts with awareness. I’d like to suggest that “IT Literacy” is no longer enough.  “Cyber Literacy” needs to be a year-round, all-encompassing movement. And regardless of whether or not “Cyber-” or “IT-”anything is or will be in your title, cybersecurity must matter to you.

In a recent workshop presentation, I likened our cybersecurity practices to the idea of personal hygiene. Because let’s face it, one’s personal hygiene is something that, a.) you are personally aware of and educated on how to maintain b.) is attended to routinely c.) is well understood in terms its impact on your overall health d.) has a relative impact on everyone around you regardless of direct contact

Cybersecurity can be thought of much in the same way. We must all begin to realize that cybersecurity demands the same kind of personal awareness and attention – it not only impacts us as individuals but also our family, colleagues, department, agency, company.

I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind. For example, you buy a new car and it comes equipped with seatbelts, turn signals, airbags, automatic brakes and locks, etc. The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.

Now, that’s not to say that all technology is inherently unsafe, but my point is, we can’t settle with pre-installed safety protocols because, as we know, technology is ever evolving and failure to frequently update it and use it safely results in vulnerabilities that hackers will exploit for financial, reputational, or economic gain. Just like with personal hygiene, healthy practices and regular routines are necessary for optimal cyber literacy and performance.

The goal behind NCAM is to encourage us take some time to understand the problems resulting from poor cybersecurity practices. Those behaviors will not start to diminish until school counselors, parents, teachers, administrative assistants, nurses, athletes, and everyone become more aware of their cyber posture. There’s a reason why the laptop or PC you’re reading this on asks you to update its internet browser and operating system. And those push notifications you get on your phone to update your apps aren’t coming through to annoy you and eat up your battery and data. These simple practices and others — like resetting passwords and activating double-verification – will improve your cyber hygiene and protect you against ongoing threats to infiltrate the devices and exploit the data of our everyday lives.

So, did you shower today? Did you check your computer updates today?

Ready to learn more? Checkout our new short, fun education videos on our Circadence “Cybersecurity Whiteboards” video playlist.

As National Cybersecurity Awareness Month comes to a close, it’s important that the efforts put forth do not end. The reality is this: as the cost of compute power continues to be driven down by advancements in manufacturing and technology, the resources used by malicious hackers become more accessible. This, combined with the fact that a successful cyber breach gets more and more newsworthy and profitable by the day, means the problem isn’t going anywhere anytime soon. When we take steps together to be stronger individually, we become stronger collectively. We can prove the saying, “A rising tide lifts all boats.” Together, we can lift the intellectual property, national security and private data “boats” if we all commit to be more cyber conscientious and cautious.

In honor of Workforce Development Professionals Month in September, we want to recognize the hard work that workforce development professionals are doing to help companies and organizations keep talent pipelines full with qualified candidates. In the context of cyber training and education, perhaps now more than ever, it’s important to understand the value of hands-on cyber training solutions for companies actively seeking to fill cybersecurity job positions in their respective departments.

Evolving cyber workforce demands and requirements are undoubtedly placing more pressure on companies of all shapes and sizes to hire more cyber experts (and there are a lot of unfilled positions out there). Workforce development organizations can help their clients fill open cyber jobs with qualified candidates by leveraging hands-on cyber range training to give job seekers employable skills for cyber career entry and advancement.

Career and professional development workforce plans are rich with recommendations for companies to deploy but one area that deserves equal attention in a workforce development professional’s playbook for their clients is around cybersecurity professional training. Many companies struggle to fill positions in cyber-related work roles for a variety of reasons yet we also know by making cyber training a part of a company’s year-round workforce development program, hands-on skill building can be a habitual part of a company’s cyber readiness strategy – and not an ‘add on’ anymore.

If the pandemic and remote work has taught companies and institutions anything about virtual work and learning, it is that cybersecurity impacts everyone. For cyber/IT professionals doing security work a little differently now, having the skills and competencies to keep pace with malicious attackers is critical to keeping companies and employees safe.

According to the Center for Management and Organization Effectiveness , some of the top challenges that workforce development and learning development professionals face include:

1. Dealing with change
2. Developing leaders
3. Engaging learners
4. Delivering consistent training
5. Skills application
6. Conflict management
7. Tracking and post assessment
8. Improving learning effectiveness
9. Demonstrating value to leadership
10. Adapting training to Millennials

While cyber training solutions can’t reasonably address all these challenges, Circadence’s Project Ares cyber learning platform can alleviate a few out of these 10.

Engaging Learners

Project Ares training scenarios are gamified, which means elements like player scoring, leaderboards, chat feature, and ‘training videos’ set context for what the user is tasked to do and learn in the platform. These components create a sense of ‘healthy competition’ for users who can engage in the training exercises individually or as part of a team.

Delivering Consistent Training

Project Ares is a browser-based platform running on Microsoft Azure, so training can be scaled up or down and accessed at any time.

Skills Application Users in Project Ares can easily build cyber skills at the rate and pace they desire. Not only does the platform provide 100+ hours of cyber material to read and absorb, but users have the chance to put knowledge to the test in skill-building, hands-on activities. Players can build skills in areas like network recon, phishing and exfiltration, ransomware, and confronting botnets, for example. They can also learn fundamental skills like how to use Splunk and Wireshark tools, learn ports and protocols, or regular expression practices.

Tracking and Post Assessment

The Project Ares Trainer View allows cyber team leaders to see how his/her team is using and progressing through the training activities.

Depending on the subscription tier, there are two trainer views:

1. One for mission coaching where trainers can observe single or team mission play in real time or in session playback
2. Second one for Team or Class performance analysis to assess skill gaps and build ROI.

Improving Learning Effectiveness

Learning cybersecurity becomes fun and enjoyable in Project Ares because it is gamified and has a visually stunning interface that invites interaction among users in the platform. Hands-on (or active) learning that is provided in the platform makes learning ‘sticky’ so learning retention rates will increase compared to more passive learning techniques like video watching and lectures.

Adapting Training to Millennials The next generation of cyber professionals grew up with video games, so it makes sense that any training or skills development application tool leverage gamification to make learning attractive and engaging to aspiring professionals.

The value of hands-on cyber experience in workforce development

cybersecurity is becoming a part of every professional’s and student’s lives, especially now with pandemic requirements shifting to more remote, virtual work. This means cyber risks are escalated for enterprises and they need more cyber personnel. And employers need to fill lots of open positions, so students need to graduate with the cyber skills needed to be ready to work. Workforce development plans that have a professional competency and training section should include details on cyber competency assessment and evaluation strategies.

Nearly 80% of organizations will need more technical security staff in the next 12 months, according to data from ISACA.

The best way to evaluate current and future cyber workforce needs is to explore solutions that provide professional training and assessment. Doing so will allow cyber leaders or SOC directors to ‘see’ where the gaps are in their team and where to improve within the larger readiness strategy. It becomes much easier for workforce development professionals to recommend next steps that are attainable and practical for their clients, too.

If a client is at all prioritizing cyber training and professional development within their organization, you’ll want to identify strategies, tools and platforms that can address the following:

• Cyber workforce risk (exposure and tolerance)
• Cyber workforce skills gaps and proficiency levels
• Training needs
• Hiring targets (if the client needs to fill vacancies or initiate recruiting)

By layering the Project Ares hands-on platform into cyber professional development and career progression strategies, workforce organizations serving enterprises and academic communities can better support their client’s workforce development goals.

Project Ares is an award-winning, gamified cybersecurity learning platform that helps students and professionals alike build and keep skills sharp against evolving cyber threats. Practice and progress in the hands-on platform with foundational, intermediate and advanced cyber learning content. Its patented cyber range-as-a-service technology delivers authentic virtual machine-based exercises so cyber preparation is as true-to-life as it gets.

Unlike other cyber training solutions, real virtual machines and real tools are used in gamified scenarios to make training as realistic (and engaging) as possible for users. Workforce development professionals who are seeking increased needs from clients to hire/retain cyber talent, will find that Project Ares can support their client’s talent assessment and skill-building needs effectively.

The platform is structured into three main learning tiers:

1. Build fundamental knowledge of cybersecurity concepts and theory with learning games
2. Use tools, deploy tactics, and hone procedures in foundational exercises called Battle Rooms
3. Culminate knowledge and skills in specialized scenarios called Missions

The platform is offered as a subscription-based model for organizations and workforce development professionals who are interested in recommending the platform to their clients.

Providing clients with ample cyber skills development opportunities will be essential as hackers become more advanced in their criminal activity and targeting capabilities. Organization’s seeking to not only fill cyber positions but engage and retain talent need more than quick fixes to stay protected and hardened. A new ISACA “State of Cybersecurity 2020” report suggests that 73% of security teams seek hands-on experience as a key job qualification. There’s never been a better time to help companies harden their cyber posture – and it so often starts and ends with the people behind the frontline networks defending data and maintaining cyber integrity.

Photo by Amy Hirschi  on Unsplash

Distance learning is likely here to stay yet today’s cyber educators still need to find ways to meaningfully connect with their students during these socially-distant times. Cyber educators can effectively enrich student remote learning with hands-on cyber ranges. To actualize these goals to create immersive, engaging learning environments, educators must decide whether to build or buy a cyber range—yet it can be a significant decision to weigh by yourself.

Circadence’s Josh Selfe provided tips and much-needed context on cyber ranges in his presentation at the virtual 2020 Virginia Cyber Education Conference to help answer the question…to buy or to build a cyber range? For teachers, curriculum developers and superintendents grappling with this decision, here are a few highlights from his presentation to help make your decision a little easier.

First off, cyber ranges have many uses.

• Testing –Test that critical production systems are not vulnerable in an isolated and safe way.
• Research – Conduct research on various types of cyber threats such as malware
• Evaluation – Take a hard look at various cybersecurity solutions and compare their performance
• Learning – Support remote cyber learning and growth of cyber skills using active, hands-on exercises in ranges

If you’re going to build a cyber range, you need to think about a few important components that are necessary.

• Infrastructure: A data center or access to your organization’s public cloud tenant
• A team to Manage Your Infrastructure: A mix of expertise in networking, data storage, security, virtualization, containerization, cloud architecture, resource capacity planning, logging & analytics, etc.
• Front-and-Back End Developers: Provide a seamless registration and log-in experience for your students to access learning securely and with ease. Also, you’ll need to integrate the range into your Learning Management Solution (LMS).
• Support Desk: Bugs and defects happen. You will need a systematized process to capture defects, communicate resolutions, and maintenance downtimes.
• Cybersecurity Experts: They must know everything an IT or cloud architect knows + the vulnerabilities associated with the technologies. Additionally, experience in scenario design is a must to create net new learning activities for users.
• Instructors for Feedback & Grading: When students are executing tasks, they need guidance and the ability to receive immediate feedback.

If building a cyber range isn’t the best solution for you, there are available cyber ranges to buy that have all these components listed above. Circadence’s Project Ares offers quality, scalability and flexibility with a hands-on, active cyber learning solution. With Project Ares, students can receive all the benefits of training on a cyber range immediately with:

• lesson plan topics built-in
• an active and engaging learning experience via gamification
• goal achievement with leaderboard tracking
• task completion
• increased learning retention

Project Ares is designed under a subscription-based model and it addresses all stages of the kill-chain offensive and defensive practices that a real cyber practitioner would use in their day-to-day job duties. A student can participate in team play or individual learning through foundational or specialized scenarios and will be exposed to threat emulations such as phishing, botnets, ransomware, malware and more.

Our scenarios learning outcomes are aligned to NICE/NIST work role framework, which ensures we are providing industry-standard and best practices. 

It’s a big decision to make to build or buy a cyber range and we hope some of the info above will help determine your best course of action. If building a cyber range isn’t in the best route for you, but you want a robust cyber learning journey, Project Ares can deliver an easy solution that aligns to your existing cyber course curriculum by layering in a gamified, hands-on learning component that make the remote, hybrid, or in-classroom experience engaging and fun.

For more information schedule a conversation with us. We’d love to talk about how a cyber range can meet your needs.

Photo by Ryan Quintal  on Unsplash

Real world, experiential learning helps students develop knowledge, skills, and abilities that they can take directly from the classroom to the workplace.

This direct connection from learning to earning is important to all students, but none more so than adult learners who have gone back to school, often while continuing to work full-time. Maybe their goal is to grow in their current job role or career. Maybe they are ramping up for a job or career change. Maybe they are exploring new interests. Regardless of motivation, after juggling the many demands of working while going to school, most adult learners expect to graduate with skills that they can immediately apply in the workforce or other direct activity.

To say that the cybersecurity industry is seeking skilled job candidates is an understatement. Cybersecurity Ventures predicts that there will be 3.5 million (that’s million) unfilled cybersecurity jobs globally by 2021. The interactive Cyber Seek website shows over 500,000 U.S. cybersecurity job openings as I write. With gaps of this magnitude between open jobs and applicants, cybersecurity is a perfect discipline for educators to focus on and provide experiential learning that students can directly apply outside the classroom.

Capella University, an online university headquartered in Minneapolis, Minnesota, recently did just that by adding a hands-on lab component to the capstone course for its BS in Information Technology, Information Assurance and Cybersecurity program. One of their over-arching design goals was to make the course as close as possible to the “real world” of cybersecurity work. We are proud that they chose Project Ares by Circadence to deliver this critical element.

In a recent Circadence webinar , Dr. James W. Barker, Adjunct Faculty in the School of Business and Technology spoke in detail about the process the team at Capella went through to integrate Project Ares into their capstone course. Project Ares enabled them to address three objectives:

1. Give students hands-on practice using their cyber skills against a variable adversary
2. Provide authentic learning scenarios that students could report on to demonstrate their knowledge of the attack and recommendations for future prevention
3. Create an opportunity for teamwork and collaborative problem solving, which are essential skill requirements for cyber teams and hiring managers

“By the end of the second week of the course,” said Dr. Barker, “almost to an individual, students stated that this is the most realistic, engaging, and challenging course that they have taken. One group was so engaged and motivated by working on the Project Ares platform that they completed their final group mission two weeks early.”

From his faculty point of view, Dr. Barker is pleased that Capella has delivered the equivalent of a formal cybersecurity internship and cannot envision a better means of exposing their learners to “real world” security work. And Capella isn’t stopping here; they are considering plans to incorporate Project Ares learning exercises into other courses at the undergraduate and graduate level.

Check out the webinar where Dr. Barker shares more about how he set up the course syllabus and learn more about the power of Project Ares as an on-demand and hands-on learning platform ​that uses cyber range-as-a-service technology to deliver Virtual Machine-based cybersecurity training exercises.

Photo Credit: Thanks to Joshua Ness for sharing their work on Unsplash.

It’s reasonable to correlate the quality of the talent acquisition process to the quality of employees in the company– which is tied to the success of the company. Yet, there is currently a shortage of qualified experts in field of cybersecurity and there has been for quite some time. And while tech companies have pulled back the reins on hiring tech talent due to the economic consequences of the coronavirus outbreak, reports CBNC , more emphasis is being placed on preserving team member jobs and revitalizing the hiring process as we all prepare to re-open and heal. Out of the chaos of recent events comes opportunity and tech companies are showing more resilience than ever as tech leaders identify pragmatic ways to staff up. We’ve got three foundational tips to help hiring managers and senior cybersecurity / IT leaders fill their cyber talent and candidate pools with qualified professionals who not only look good on paper, but can demonstrate their qualifications.

But before we dig into those recommendations, let’s establish some context first.

State of the cybersecurity talent in the tech sector

The role of the cybersecurity professional continues to develop and gain more authority and responsibility as the security landscape and the integration of business and technology evolves.

When we look at the current climate of cybersecurity jobs in the U.S., we see bleak yet in-demand overtones. Finding qualified cyber talent and candidates is very much like searching for a needle in a haystack for hiring managers and recruiters.

• It takes an average of 3-6 months to fill a cybersecurity job position (Dark Reading )
• In 2019, there were over 700,000 unfilled IT jobs in the U.S. (CNBC )
• Employment of computer and information technology occupations is projected to grow 12 percent from 2018 to 2028 (Bureau of Labor Statistics )

While all companies likely struggle to find qualified cyber talent, the technology sector has its own unique set of challenges that are important to discuss and be aware of. Emerging technology, disruptive tech, the sheer evolution and the fast-paced nature of the industry make it hard to find candidates who have experience and knowledge in specialized areas of technology­–many of which are just now becoming adopted into businesses.

• Systems and cybersecurity analysts are the leading tech occupation jobs in the U.S. today, sitting at over 740,000 (U.S. Bureau of Labor Statistics, EMSI, and CompTIA; estimates for 2019 ).
• The skills gap for cyber professionals is most clear in the technology sector, reports Forbes .
• IT employment dropped 5,300,000 jobs, the single largest month drop since March 2009 (TechServe Alliance ).

IT, security managers, operators and human resource leaders realize that:

1. they need to focus on filling positions with quality candidates who can demonstrate their skills in a skills-deprived landscape
2. to achieve that objective, more can be done in the recruitment and hiring phase.

Okay, let’s talk about those recommendations now. And if you have more suggestions based on what’s worked with your company, let us know!

Promote from within

The first logical step in filling a cyber position is to promote from within the company. It saves on time and cost to recruit. There may be IT generalists in your company who desire to take their career to a new level in cybersecurity and you’re just not aware of it (…and may have the aptitude and willingness to learn).

If an IT generalist is interested in filling a needed cybersecurity position (e.g. information security engineer, network architect, systems analyst), consider giving them a project to test their skills and ambition and see how they do. More on this in a second.

To promote from within, ensure you’ve communicated the requirements of the position clearly to the company across all departments. People in cybersecurity positions come from all walks of life: computer science, history, military, political science, yes, even fields like philosophy. Yet they all have one thing in common: They share a deep and abiding interest in how technology works, notes Cyber Degrees .

So find those individuals who are looking to grow into a new position within the company and interview them. You may be surprised to learn there are passionate people willing to learn and grow, right in your own company ‘backyard.’

Test skills during the interview process

Allow candidates the opportunity to demonstrate what’s on their resumé. Online cyber training platforms like Project Ares can help HR managers and decision makers ‘see’ how a prospect might tackle a realistic cybersecurity issue.

· Evaluate candidate skills in real-time against resumé credentials

· Assess cyber competencies against other candidates and co-workers

· Identify strengths in cyber technique, tactics, and procedures

By completing a set of tasks or activities that put skills like digital forensics, Linux skills, ports and protocols, and regular expressions work, candidates can show employers what they know and how they work before they even move on to a second or third interview. It’s one thing to talk about your experience, it’s another to actually apply it in a realistic setting.

Use Project Ares to support internal hiring processes

Circadence’s Project Ares platform helps HR decision makers assess candidate skills and competencies in various aspect of cybersecurity. And the platform can work for both internal recruitment and external recruitment. If promoting from within and you identify interested candidates who may or may not have a rich cyber background, you can use the platform’s cyber learning games and foundational scenarios to learn aspects of cybersecurity and security operations in ‘safe’ cyber range environments. If candidates demonstrate a willingness to learn in the platform, that is a good sign. If they are able to follow the guidance and instructions and apply critical thinking to complete the scenarios in the platform, even better. Hiring mangers can literally ‘see’ how an internal candidate responds to the act of learning and one can glean a lot about a candidate’s fit for the position simply through this effort of cyber aptitude testing.

Use Project Ares to support external hiring processes

The same applies for external hiring of cybersecurity professionals. Hiring managers and cybersecurity leaders can use Project Ares foundational and specialized scenarios to teach certain cyber skills they are looking for. If you’re looking to fill a position that aligns to a NIST/NICE work role, several exercises in the platform can address those specific skill sets. Further, the Assessment Reports can help HR professionals evaluate candidate strengths and compare those results against other candidates who have engaged in the platform to identify the best company cultural fit and skills fit.

· Nurture qualified candidates in the platform

· Retain top talent with professional skills development efforts in the platform

A Wall Street Journal article , sums up the ‘what’s next?’ to these challenges, succinctly:

Tom Gimbel, CEO of LaSalle Network Inc., a technology staffing and recruiting firm, said that once the crisis fades he expects a rebound in tech hiring as businesses seek out technology tools to cut costs and eke out efficiencies during a prolonged economic recovery.

“While new product implementations will slow down, we will see strong hiring of corporate IT, infrastructure, development and security roles,” Mr. Gimbel said.

cybersecurity threats and preventive measures go hand-in-hand. Yet cybercrime continues to impose threats on the financial industry. Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack,” according to a report by the Boston Consulting Group . These threats can arise at any time and occur through various sources (external sources such as hackers, and internal sources such as staff members and contracted employees). Some financial companies have developed action plans with steps to take if a cyber-attack strikes, but cybersecurity best practices also includes establishing and initiating threat prevention methods. One example of a threat prevention method is person-centered cyber training.

Statistics show that cyber threat prevention is an immense pain point for many financial companies. In a survey of 400 security professionals in financial services, it was observed that financial institutions are better at detecting and containing cyber-attacks and less efficient at preventing them. Almost 56% of financial institutions are useful in detection, and only 31% are good at prevention.

Financial services institutions must understand how to prevent cyber threats, which may require a ground-up approach.

Financial institutions can take immediate measures to engage in threat prevention methods with person-centered training. This type of training allows an IT or cyber professional to practice and hone skills by learning specific cyber lessons pertinent to the financial sector and applicable to their job role. The more upskilled the professional, the more they will be able to protect the company and company assets. A current platform that offers specific job role training is Project Ares.

Person-Centered Training with Project Ares

Circadence’s Project Ares is a browser-based learning platform designed for teaching cybersecurity in an engaging and hands-on applied method. This platform offers gamification and AI to train employees on the latest cyber threats and attacks. Project Ares is made up of foundational and specialized scenarios in the form of battle rooms and missions that address current cyber threats in the financial sector. The lessons within Project Ares are developed with specific job roles in mind.

For example, various scenarios are developed with the theme of a financial service, so the trainee can learn the skills needed to prepare for a cyber threat. In these specific financial missions, the trainee will learn how to disable botnets, identify and remove suspicious malware, and protect the financial institution.

• Mission 1 – Operation Goatherd “Disable Botnet” – Acting as a cyber mission force member, the trainee will access the command and control server of a group of hackers to disable a botnet network that is designed to execute a widespread financial scan triggering the collapse of a national bank.
• Mission 4 – Operation Arctic Cobra “Stop Malicious Processes” – The cyber trainee will analyze network traffic and stop a malicious exfiltration process.
• Mission 5 – Operation Wounded Bear “Protect Financial Institution” – The trainee identifies and removes malware responsible for identity theft and protects the financial network from further infections.

This individual or team-based mission training delivers collaborative skill-building experiences aligned to NIST/NICE work roles, ensuring the trainee meets specific cyber competencies. This kind of immersive, hands-on training gives learners the ability to practice various forms of threat prevention, which will benefit the company’s overall security posture in the long run.

The more trained cyber professionals are for their job roles, the more likely they will be able to safeguard against threats—and take proactive measures to better prevent cyber threats. If cyber professionals are prepared and well-informed with the right knowledge and skills in their toolbox, threat prevention will be more attainable and achievable for professionals on the frontlines of defense. Professionals will be able to spot a cyber threat, but also prevent cyber threats from breaking the bank.

Photo by Austin Distel  on Unsplash