Skip to main content

Author: Circadence

Living our Mission: Circadence Collaborates with Academia and Army to Support Cyber Range Virtual Environment Replication and Construction with N/CRAF

Circadence announced in May 2020 the latest development of an automated network mapping tool for IT use, based on collaborative work with Mississippi State University engineers and researchers. Circadence has had a six-year partnership with the university and the Threat Systems Management Office of Redstone Arsenal (TSMO) and has worked on several projects over the years to solve challenges related to National Defense. We sat down with two of our Circadence personnel: Dwayne Cole, the JMN NOSC (Network Operation and Security Center) Operations Manager and Craig Greenwood, Project Manager with Opposition Force/Advanced Red Team Intrusion Capabilities to understand more about the tool and learn about the benefits it provides to the technology community at large.

The Netmapper/Cyber Range Automation Framework (N/CRAF) project started as two separate projects, Netmapper and CRAF. The projects were recently combined to form a new tool integrating two previously independent efforts:

  • Netmapper — Commissioned by TSMO, developed by Circadence in collaboration with Mississippi State University (MSU) Center for Cyber Innovation (CCI). Netmapper is a graphical tool for the scanning and configuration collection of network infrastructure and integration with NOSC automation.
  • Cyber Range Automation Framework (CRAF) — Developed by NOSC engineers to meet mission requirements for rapid and repeatable deployment and configuration of virtual environments. CRAF uses Ansible and other open source tools to instantiate virtual environments.

N/CRAF Netmapper/Cyber Range Automation Framework is the enabling mechanism for effecting physical resource provisioning and virtual environment instantiation in a rapid and repeatable fashion. It supports the full lifecycle of cyber range virtual environment events.

The Netmapper project was born out of the need to improve the accuracy of Cyber Range emulated network environments. Craig noted that before N/CRAF, range environments were built from a subject matter expert’s assumption/belief of what their network looked like but inevitably those assumptions were never 100% correct. The network mapping process previously required a network administrator or engineer to draw a picture/map of the network which became the basis of virtualize environment used in the exercise(s). One can understand how there was room for error in this manual process – at the least, a small level of concern as to whether a network drawing and virtualization of it was indeed as realistic and accurate as possible.

As a result, Craig says, professionals training in the cyber range environments weren’t actually training on networks that were as ‘close to the real thing’ as possible. There was room to improve.

When automation engineers have real-world scanned networks as a reference, they can more accurately emulate the customers environment. Simply put, as Craig notes, “we took the assumption out of network mapping” with N/CRAF. Now the training moves ever closer to real world environment.

“Imagine scanning a network to extract the DNA which can be used to clone and re-build it” Circadence’s Dwayne Cole describes.

Combining the two programs (Netmapper and CRAF) enabled an iterative approach to cyber range environment build out that also drastically improved the end product. The scanning technology helps the automation engineers verify what they have built; it adds a check for the automation framework. It also can be used by the customer to validate the environment. The customer can easily compare the original design or scan versus the final emulated environment hosted on the Cyber Range.

With N/CRAF, it becomes easier for engineers to share their network models with one another and build out high fidelity networks to facilitate technologies assessments. N/CRAF saves everything to a single XML file to include all the configuration data. The tool also supports merging and diff’ing the output files. The merge capability allows the engineer to take parts and pieces from other networks or events to add to the current event. This allows the engineers to build special purpose network sections, like synthetic internet or traffic generation, that can be reused/added to current event. N/CRAF is a force multiplier, it enables repeatable, tedious deployment and configuration tasks and improves the reuse of detailed environments for multiple users to train within.

The tool is currently undergoing an accreditation process and is being demoed within defense departments with the goal to deploy it as a standardized tool across various agencies. The potential for the tool to be used in more commercial applications is promising as well.

To read the project announcement issued by Mississippi State University, read the news release: https://www.msstate.edu/newsroom/article/2020/04/msu-circadence-partner-create-virtual-cyber-defense-tool .

An Educator’s Perspective: The Impacts of Distance Learning and Teaching, a Q&A with Dr. Bradley Hayes

We are continuously reminded of the stark reality that higher education teaching and learning is indeed different today than it was a few months ago. Since Circadence is committed to cybersecurity education and training, we try to stay on top of the latest developments with distance learning so that we can think through how to keep supporting cyber and information security teachers during this unprecedented pandemic time. We often hear from higher education partners and customers how much of a challenge distance learning and teaching can be, so we sat down with our own Dr. Bradley Hayes to hear firsthand what his experience has been like. Brad is the Chief Technology Officer at Circadence, and Assistant Professor in the College of Engineering and Applied Science, Director of the Collaborative AI and Robotics Lab at the University of Colorado, Boulder. We also solicited the perspectives of several other higher education teachers who were willing to share their thoughts on the challenges and opportunities to adapt to this ‘new normal’ of teaching and learning.

We hope by sharing his story with you, our readers, it can help ignite conversation and ideas that make teaching cybersecurity better for both educator and student.

How has distance learning requirements impacted you as a professor? Your class? Your teaching style?

Distance learning has been a massive shift for many of us, and certainly requires a different approach: preparing for it and delivering lectures as if it were an in-person class does not work! For many professors, the lack of in-person social cues is the most noticeable change, especially if students aren’t sharing their video. Delivering a lecture to a computer monitor is difficult enough, and removing the implicit feedback mechanisms of in-person instruction can exacerbate issues that wouldn’t normally be problematic in lecture delivery.

I teach a graduate class on the Algorithmic Foundations of Human-Robot Interaction in the Spring, which has been quite different now that there is greatly reduced human interaction (and no human-robot interaction!). I’ve certainly learned a lot, as I had to quickly transition to using robotics simulation environments (instead of having students use physical robotics platforms) and set student project teams up for effective remote collaboration on very short notice. Ultimately, I find that remote instruction is no substitute for in-person instruction, but it does encourage a more scalable mindset to assignments and mentoring that could have real benefit when we resume in-person classes.

Switching to remote lecturing has had substantial impacts on my teaching style as well. The following observations have risen to the top as key learnings:

  1. I tend to be very animated when teaching, which doesn’t particularly work as well over video and I feel has been detrimental to student engagement.
  2. I have found it takes extra effort to engage students with the material, particularly if they’re in an environment that isn’t conducive to focused learning.
  3. Encouraging more hands-on exercises can go a long way toward bringing their focus and attention back to the material, but this takes more advance preparation work than if it were an in-class exercise.

How are your students responding to the remote learning shift?

It’s been difficult for them, but to their credit, they’ve done a great job adapting to it. Social distancing and quarantine guidelines in general have caused a lot of upheaval in their lives, adding stress and instability that may not be outwardly obvious to us as their professors, which has necessitated a recalibration of expectations regarding coursework. One of the most important changes to keep productivity high was the adoption of real-time collaboration tools to facilitate group-work and bring more course material-relevant conversations into a more visible medium for others to benefit from and participate in. Even though most students were able to continue attending class synchronously (i.e., joining the video conference at our normal time), most of the interaction that would’ve traditionally happened in the classroom shifted into our online collaboration tools.

To be an online learner, one needs to be independent, disciplined, organized and communicative with questions, responses and/or if issues exist. What can be a little frustrating is reaching out to students with no response…not knowing how they are doing; being worried about them, hoping they are ok – it is a TEAM approach in all aspects. The students are paying for their education, thus, the importance of high communication and engagement from both student and instructor is paramount. ~ Julie A. Shay, MBA-HIN, RHIA, Program Director for Health Information Technology Programs/Lead Faculty/Professor – Santa Fe College

What was needed to make the transition to full remote teaching?

A chat-based online collaboration tool was absolutely essential, as this became the new forum for conversations that would naturally occur at the conclusion of the lecture when students would typically walk up to the lectern with questions or ideas to discuss.

These informal interactions can be approximated with post-class discussion through collaboration tools, though there’s an additional activation cost that requires priming from the instructor to kick things off. Another important consideration is the space from which you’ll be delivering your lecture: having a professional-looking environment with adequate lighting makes a big difference and can have a positive effect on student engagement.

What challenges came with transitioning to a remote classroom?

Since we go through a decent amount of complex mathematical derivations in my course, I had to weigh the advantages and difficulties of using a virtual whiteboard versus moving everything into slide format.

  • Personally, I’ve found the move away from the whiteboard to be advantageous in terms of clarity for the students.
    • It forced me to explicitly describe each step of what we’re going through in a clear, permanent way on slides that can be easily distributed.
    • Unfortunately, this makes it a lot more difficult to step through equations by letting students lead the process, as the smaller the ‘minimum revealing step’ in each equation is (e.g., do you reveal one character at a time, or one whole term at a time?) the more difficult and time-consuming it is to prepare in advance.

The biggest challenge has been tracking student engagement and understanding of the material. In the absence of social cues, the feedback loop becomes much longer, as assignments or tangible work products from student projects become the only measurable signal. Learning to properly take advantage of remote collaboration tools has also been a difficult process, as many of us are adapting on-the-fly, leading to trial and error that puts additional hardship on the students.

Understand that teaching in a remote environment will require a different leadership style and, in my opinion, that style is Transformational Leadership. In essence, this leadership style will require [the professor] to motivate and transform the mindset of the student to perform at a higher academic level…yet, remotely! ~ Dr. Eric Todd Hollis

What have you learned/observed throughout this distance learning process?

By far, the most important aspect of making distance learning work for students who are used to in-person instruction is to stay in communication with them, soliciting and listening to their feedback. Maintaining student engagement and keeping your students interested in the course material is more difficult from a distance learning perspective, and requires more effort than you may be used to! There is a common tendency to disengage entirely when feeling lost or demoralized by a class that is greatly exacerbated by the distance learning experience — it is critical to budget extra time and put in extra effort to connect with students who are at risk of disengaging.

Since in-class group exercises may not be an option anymore (especially depending on how lectures are being delivered), additional resources, creativity, and preparation are necessary. Specifically, this past semester has really underscored the importance of providing ‘hands-on’ learning experiences to foster engagement in lecture and encourage retention of the material. The addition of a simulation environment that students could interact with was a game-changer not just in terms of making concepts ‘real’, but also in terms of giving students the tools they needed to really apply and experiment with what they were learning. Once there is an opportunity to explore the course material in an interactive environment, I’ve found that students are far more likely to bring up new ideas for discussion or implementation, reinforcing their interest in the course content and leading to better outcomes.

What is one thing you’d advise other educators who are struggling to sustain distance learning for foreseeable future?

Learn how to set up and use established online collaboration tools and learning environments! This will save you a lot of time and headache over cobbling together your own while also trying to develop an adapted curriculum. Establish a cooperative atmosphere by being transparent with your students when trying a new pedagogical approach, and regularly solicit their feedback to refine your strategy.

In conclusion…

We thank Dr. Hayes for taking the time to share his personal successes and challenges with us and the great higher education community of teachers. To hear Dr. Hayes in ‘virtual’ person, we’ve extended this topic of distance learning challenges and tools into a live webinar panel discussion in partnership with Microsoft. Join us June 9, as we dig into the state of distance learning today and introduce technologies that can help educator’s adapt to a blended classroom teaching experience as we head into the Fall semester season.

REGISTER HERE: https://marketing.circadence.com/acton/media/36273/webinar-transform-distance-learning-through-creative-and-practical-technology-focus-on-cybersecurity-education

Photo by Brooke Cagle  on Unsplash

Distance Learning and Teaching for cybersecurity Programs

Distance Learning Today

Practically overnight distance learning has become the ‘new norm’ for academic institutions. Educators worldwide are figuring out what Emergency Remote Teaching (ERT) means for their specific courses and subject matter for summer term and likely fall term 2020. And while the immediate remote learning requirements for pandemic mitigation will eventually recede, there is a growing awareness that online and blended learning options in Higher Education curriculum will likely be a strategic part of the post-pandemic norm.

“Every faculty member is going to be delivering education online. Every student is going to be receiving education online. And the resistance to online education is going to go away as a practical matter,” James N. Bradley, chief information officer at Texas Trinity University, wrote in a LinkedIn post.

Job opportunities in the cybersecurity field

Let’s take a specific look at higher education programs for Information Technology and the related cybersecurity discipline. For starters, they can’t graduate students fast enough to fill the existing job openings in the cybersecurity field. Even before the pandemic, there was a well-documented talent gap between the growing number of open cybersecurity jobs and skilled applicants to fill them. In November 2019, ISC2 calculated that the cyber workforce would need to increase by more than 145% to fill gaps in talent across the U.S. Cyberseek.org tracks this unique employment landscape and states that “the average cybersecurity role takes 20% longer to fill than other IT jobs in the U.S.” because employers struggle to find workers with cybersecurity-related skills.

The dynamics of this gap have probably gotten worse. Today’s stay-at-home world has cybersecurity vulnerability written all over it. Online activities have exploded with remote work access, distance learning, telemedicine, video conferencing, online shopping, gaming, media streaming, and more all happening at once….and creating a world of opportunity for threats to identity, systems and data. And, in the post-pandemic world that we are looking forward to, many of the new and unexpectedly ‘proven’ activities like distance learning and telemedicine will likely stay with us to some extent as part of the ‘new norm’.

The result is that behind the physical coronavirus crises is the shadow of a virtual cyber virus crisis. And it means that cybersecurity is quickly moving to the frontlines of mission-critical skillsets for healthcare, higher education, retail, and every employer that enabled work-from-home for the safety of their workforce. Now, more than ever, organizations and institutions need to stop thinking in terms of IF they are breached and start planning in terms of WHEN they are breached.

Does that sound ominous? It is! But buried in the dramatic shortage of cyber skills, is opportunity. Opportunity for STEM/IT focused students (high school and collegiate) to specialize in cybersecurity and find jobs upon graduation. And opportunity for higher education institutions to ramp up their cybersecurity program enrollment.

  • In March 2019, Cyber Crime Magazine reported that only 3% of U.S. Bachelor’s Degree graduates had a skill set in cybersecurity.
  • And in another 2019 report, Burning Tree Technologies learned that while federal data showed the number of postsecondary programs in key cybersecurity areas had increased 33%, the ratio of currently employed cybersecurity workers to job openings, had hardly budged since 2015. In other words, the pool of available talent has remained proportionally the same.

Developing the cybersecurity skills that employers are desperate for is a multi-faceted challenge. Employers want to bring in new hires who have both a strong foundation in basic security principles and concepts as well as practical job role specific skills like networking protocols, scripting, regular expressions, kill chain and network defense, etc. And maybe most importantly, employers categorize top talent as those applicants with power skills like strategic thinking, problem-solving, teamwork and collaboration.

Distance learning and the IT / cybersecurity discipline

At Circadence, we specialize in cybersecurity learning, specifically through an immersive learning platform that provides hands-on experience and strategic thinking activities for students working towards careers in the field of cybersecurity.

Today’s educators are looking for engaging student activities that teach designated core curriculum topics to meet learning objectives. And, it is equally critical to assess student comprehension of learned material and measure progress to ensure the effectiveness of the curriculum and teaching approach. These challenges can be met head-on with Circadence’s Project Ares in the online classroom. Project Ares is a browser-based learning platform specifically designed for teaching cybersecurity in a hands-on, applied manner.

It can help transform existing cybersecurity curriculum to support current distance learning challenges as well as integrate into future course design.

For cybersecurity instructors:

• The built-in learning exercises can augment existing syllabi.

• Anytime access enables flexible asynchronous delivery to support current circumstances for instructors and students.

• Self-directed student learning opportunities are supported through hints, Q&A chat bot, and session playback and review.

• Optional live observation or interaction within the exercises supports tutoring as well as assessment.

• Immersive, gamified environment sustains student engagement with scores and leaderboards to incent practice and improvement.

• Global chat enables peer-to-peer community and support for students.

Additional Distance Learning & Teaching Resources

As higher education instructors shift to deliver, proctor and advise online, we anticipate teaching strategies continuing to adapt to use new and immersive tools that enable alternative online courses to positively impact student learning now and into the future. Circadence is excited to be a part of this shift in learning and proud to partner with today’s cybersecurity educators that prepares tomorrow’s much-needed workforce of cyber defenders.

For more information, check out these resources:

• Microsoft technology helps enable remote classrooms https://www.microsoft.com/en-us/education/remote-learning?&ef_id=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE:G:s&OCID=AID2000043_SEM_6M11V6Kq&utm_source=google&gclid=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE

• Circadence White Paper Teaching Cybersecurity Remotely: Online Learning with Project Ares https://marketing.circadence.com/acton/media/36273/whitepaper-rise-of-distance-e-learning-in-higher-education

• Project Ares Curriculum Example. Building an Immersive Cyber Curriculum with Project Ares: A use case from a public research institution in the Western U.S. https://marketing.circadence.com/acton/media/36273/immersive-cyber-curriculum-with-project-ares-use-case

• Cyberdegrees.org  provides a comprehensive directory of colleges and universities offering cybersecurity degrees, as well as a wealth of information on career paths within the cybersecurity field, security clearances, the range of professional security certifications available.

If there is one thing that this pandemic has taught us all, is that out of chaos arises opportunity: Opportunity to be better professionals, better neighbors, better defenders, and overall, better people. We hope each of you continues to stay safe and secure during this time.

Photo by Avel Chuklanov  on Unsplash

Cyber Ranges and How They Improve Security Training

WHAT ARE CYBER RANGES?

Cyber ranges were initially developed by government agencies looking to better train their cyber operators on new skills and techniques. To do this, a physical range or ranges were installed on-premise. Cyber range providers built representations of actual networks, systems, and tools that helped cyber professionals safely train in virtual, secure environments without compromising the agency’s operational network infrastructure.

Today, cyber ranges are used in the cybersecurity sector to effectively train IT professionals in all industries and help improve defenses against cyber–attacks. As technology advanced, cyber range training advanced as well, both in scope and potential. More on this later.

The National Initiative for Cybersecurity Education reports that cyber ranges provide:

  • An environment where new ideas can be tested safely and teams and work to solve complex cyber problems
  • Performance-based learning and assessment
  • A simulated environment where teams can work together to improve teamwork and team capabilities
  • Real-time feedback
  • Simulate on-the-job experience

Most cyber ranges come in one of two forms: A network environment without pre-programmed content; or a network environment with prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop enriched skill sets beyond what their specific work role may dictate.

UNDERSTANDING & EVOLVING CYBER RANGES IN A BOX

Typically, Cyber range in a box has been a collection of virtual machines hosted on an on-premise system. However, Circadence has taken the concept of a cyber range in a box and placed it the cloud to better scale cyber training. We lovingly call this CyRaaS, or Cyber Range-as-a-Service, which is integrated into our Project Ares cyber learning platform.

Instead of purchasing a physical set of machines to take up space in a room, virtual machines exist in the cloud and can be accessed by more professionals from any location who want to train persistently and develop cyber skills. The cloud is recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure cyber ranges spin up environments quickly, deliver the latest training content, and engage users in productive training activities, accessing cyber ranges in the cloud is the latest and greatest approach for professionals training in ‘sandbox’ environments.

By offering cloud based, cyber range in a box services to support cyber training in Project Ares, we are able to deliver more relevant tools and technologies to help professionals gain the best cybersecurity training possible. The service allows Project Ares to emulate industry-relevant network configurations within learning activities that help trainees practice defensive tactics. Cloud-based cyber ranges also offer hands-on keyboard experience with real world tools and emulated network traffic to reflect the authentic feeling of an actual cyber–attack.

Advances in Artificial Intelligence and machine learning allow us to use cloud ranges to their full potential by tracking patterns in training data to reveal player learning progression with minimal human intervention and oversight. Those patterns are then used to inform the recommendations of an in-game advisor (Athena) that has chat bot functionality so players can get help on cyber range training activities in the platform. Further, cloud-based cyber range training gives security professionals better predictive capabilities when defending and anticipating threats—and according to Microsoft, even “improve the efficacy of cybersecurity, the detection of hackers, and prevent attacks before they occur.”

GAMIFIED CYBER RANGES

Not only have we taken physical cyber ranges and placed them in the cloud but we’ve added in elements of gamification to further drive the effectiveness of cyber training. With many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with sets of gamified elements (e.g. leaderboards, scoring mechanisms, points, badges, levels, etc.). Project Ares has a series of cyber learning games that teach foundational cyber concepts and terms, battle rooms that teach tools, tactics, and procedures, and team-based missions that bring learning full circle when players are tasked with defending against a realistic cyber threat scenario. This level of cyber learning is done in the cloud so professionals can work together from anywhere in the world to collaborate and defeat modern-day attacks.

We hope this post helped you understand the true potential of cyber ranges in the cloud and how they are evolving today to automate and augment cyber workforce training and learning.

Time to Reboot: The I/O Psychology of cybersecurity

The cybersecurity industry is struggling to elevate the workforce, changing corporate behaviors and improving the job environment. Security professionals feel more losses than wins and cultural conflict can be paralyzing. When tools and tech cannot facilitate alignment between security and business strategy, principles of “psychology in the workplace” can be deployed.

By fusing two seemingly unrelated fields, Industrial-Organizational psychology (I-O psychology) and cybersecurity, leaders can improve the relationship, behaviors and communications between the defenders on the frontlines and the business C-Suite.

Annalea has more than 15 years experience in cyber security and building security teams. She is an influential security leader specializing in information security, governance, compliance and technology. Well-regarded for strategic security enterprise planning, analyzing business value, managing teams and developing partnerships, Annalea manages holistic risk, navigates appropriately and provides valuable solutions to protect the security, integrity, and continuity of critical organizational functions. She has experience leading a multitude of audits, contract negotiations and implementation of security solutionsand excels at promoting culture change to improve the security, privacy and compliance status of various healthcare, financial and Federal organizations.

 – FEATURED SPEAKER –

Annalea Ilg
CISO at Involta

Speaker Annalea Ilg of Involta will discuss:

  • Current challenges among cyber leaders as it pertains to organizational resiliency and cyber readiness
  • How cybersecurity leaders build effective teams using organizational models that leverage psychological theory
  • Personal experiences using psychology in the workplace to improve cyber team morale and job performance

What you’ll learn

  • Learn new trends in cyber teaming activities to build high-demand cyber competencies like collaboration, resiliency, versatility and communication
  • Actionable steps to address alignment between business and cybersecurity professionals using the I/O psychology discipline
  • How to use the science of behavior to align cyber professionals to business process

Who should attend

cybersecurity leaders, SOC directors and managers looking to increase opportunities for cyber team professional development and enhance cyber and business alignment across the organization.

Building an Immersive Cyber Curriculum with Project Ares. A use case from a public research institution in the Western U.S.

Prepare them to enter the workforce with real-world cyber training to assesses student learning against established course objectives. When incorporated into a holistic cyber curriculum, Project Ares can take your class to the next level.

Don’t take our word for it.
Download this info sheet to:

  • See a sample cyber curriculum leveraging Project Ares hands-on platform
  • Understand how a gamified cyber range enhances student learning objectives.
  • Learn why gamification is an effective way to engage learners in cyber skill building.

Download Whitepaper

Gamification for the Greater Good: Why We Need More Diverse Learning Approaches for the Workforce

“Gamification” is a term that has been popularized by the modern cultural and consumer demand of video games. It is the application of design elements (e.g. leaderboards, scoring, points) to an activity or set of activities, made popular by video games. Today, it has made its way into software programs as a way to increase engagement and productivity. Yet when we think about gamification today, we don’t generally think of its application in educational settings, let alone in the business world. After all, when was the last time Ubisoft had a press conference about how gamified Assassin’s Creed is? So what are we talking about? We’re talking about the challenge of engaging adults in professional training and development while being sensitive to their learning preferences. The reality is, it’s hard to get adult learners excited to go back to the classroom to learn something for their job. But there exists a potential for gamification to lower the barriers to learning for adults. Today’s professionals are a prime target for using gamification in a more meaningful way—to break through the “sheer fun and games” if you will, and leverage gamified elements for a greater, more significant purpose. Gamification is really all about education, and it’s alleviating the age-old struggle of how to teach effectively and remain relevant.

Before breaking down the benefits of gamification in learning, let’s review more common learning approaches. Less thrilling “cousins” of gamification often used in teaching and tasked-based activities include displays like tutorials, lectures, slide shows, watch-only videos, and text-based material. These are used in educational settings and are part of what researchers define as “passive learning,” techniques—a method of teaching where students receive information from a source to internalize and regurgitate. Studies show this approach is highly ineffective at helping learners retain information (and even worse when it comes to applying learned information to an actual experience or task). Gamification can help overcome these challenges—especially when we leverage it within the context of business training and professional employee development. The types of training professionals might undergo include trainings on customer engagement and retention, sales processes, use of specific software applications, etc. If professionals can conduct those trainings in gamified settings, their propensity for completing (and enjoying!) training increases. We’ll discuss “how” this actually happens later. As a result, they might be better collaborators among colleagues, drive more sales, or foster greater customer satisfaction.

Entertainment with a Social Benefit

We’re constantly on the hunt for the “perfect” way to teach, one that resonates and is impactful. The difficulty here is that people are unique, each with their own motivations, modes of learning, and literally the way our brains are wired to absorb information. Gamification isn’t the first attempt at a perfect solution, television and radio had their time as well. Before we dive deeper into how gamification enables professional, adult learning, let’s understand how history has taught communities.

Before video games entered the market in a big way, TV and radio held the spotlight as primary modes by which information was relayed and stories were told. What you might not know is that the channel’s reputation to deliver information to the masses (eventually ‘to entertain’ the masses) was actually grounded in socio-psychological theory. Miguel Sabido aptly named the “Sabido methodology” to define ways in which social attitudes and behaviors were positively changed due to information (aka: a stimulus) delivered from television and radio. Sabido pioneered the use of telenovelas to teach about social issues in the 1970s and 80s, when he was Vice President of Research at the Mexican television network Televisa.

His complex narratives allowed audiences to relate to his characters who were often positioned as positive, negative, and neutral role models. The characters addressed relevant social issues of the times (e.g. women’s status, child slavery, environmental protection, HIV/AIDS) and audiences became emotionally attached to them as they made good or bad decisions within the storyline. Why? Because the topics covered and the character behaviors resonated with viewers.

What Sabido uncovered in this narrative communication method (complete with relatable characters and compelling storyline) was a new way to teach people about important issues they otherwise might not care to educate themselves on. Over the next decade, Sabido produced six serial dramas that touched on issues of HIV/AIDS and safe sex practices—coincidentally (or not), Mexico experienced a 34% decline in population growth rate during that same time frame. Perhaps the way in which he addressed social issues that were important to his viewers, resonated after all.

We can learn a lot from Sabido’s efforts here. According to Population Media , “The major tenet of the Sabido methodology is that education can be compelling and that entertainment can be educational. Sabido originally termed his approach ‘entertainment with proven social benefit,’ and since then, many communication professionals and scholars have applied the term ‘entertainment-education’ to the Sabido approach.” Sabido helped pioneer a new kind of learning that adults were attracted to and interestingly enough, we see similar “entertaining education” strides made today when teaching is done using gamification.

Learning Styles, Information Overload, and Misconceptions of Gamification

It’s not shocking that the interactive media and gaming industry has followed this “entertainment-education” pathway. As technology evolves, we naturally find new ways of putting it to work for us in a way that is not only useful and functional but appealing. Sabido’s use of serialized dramas and engaging characters have shown to be extremely effective in igniting social change and shifting social attitudes among viewers/consumers of information—and as professionals in business, we should learn from his work and mission. Consider gamification the latest teaching approach we have at our fingertips. It offers a new way of learning that hasn’t been employed to its fullest potential in other media/education models.

There are three generally recognized learning styles: Visual, Auditory, and Kinesthetic. Kinesthetic learning (learning by doing), wasn’t really an option for Sabido (watching TV was passive information consumption, visual and auditory). However, gamification and interactive media is a reflection of that third learning category, kinesthetic. For the first time, we can take a student to Mars in a virtual environment, or have them interact with a neuron the size of a house leveraging Kinesthetic learning technology. The training and educational possibilities are endless (especially when we layer in elements of gamification) and we’re just scratching the surface.

But learning is only as effective as the approach we deploy to learn. When it comes to assessing the effectiveness of gamification in an educational application, learners tend to evaluate it from two lenses, asking: “How do I learn” and “How do I play?” To answer these questions, we can review various game mechanics and features that make up each of the three learning styles. More on that later. However, we’re missing a large piece of the purpose of gamification if we don’t also ask “Why do I play?” This is equally the most challenging question to answer when it comes to using gamification to teach today’s professionals.

If we are to truly leverage gamification as a learning mechanism for business in professional training and development, we first need to understand how adults process new information. Researchers note “…our problem as adults are that we want to take new knowledge and compare and contrast it to what we already have. Our brains natively know that they can only process so much at a time, so they try to analyze incoming input to identify key material that must be retained, and then immediately file that information alongside relevant contexts. That processing imposes a significant amount of overhead, and it’s why acquiring new knowledge and skills is so much harder for an adult.”

Compare that learning style against the physical act of teaching a child, and we see stark differences. When teaching a child a concept, it is relatively straightforward: preach at them, and they’ll absorb it. For the most part, author Don Jones notes, “they’ll believe it because they tend to lack the context to dispute it.”

Now apply how adults learn to their professional and personal environments. As adults, we’re constantly bombarded, now more than ever, with new information at every moment. Opening up your phone in the morning usually bears forth a host of notifications to sift through, between messages, news headlines, and advertisements. Our brains are constantly working to filter what we care about, and what we don’t. Adults do this natively and unintentionally, as much as we’d like to just absorb all the information we’re presented with… our brains just don’t function that way anymore. We’d be on overload!

Should businesses adopt gamification as a learning strategy to enable professionals in their day-to-day jobs, we must first be cognizant of their perception of “playing a game,” (especially now that we understand how they learn and filter information). Imagine an adult that’s being asked to learn something new on the job by using a gamified platform where they have to play a “video game” to do it. That adult learner may very well bemoan the thought of “going back to school” or “playing a game” to learn something about their job. Unfortunately, video games aren’t something adults take seriously (because up until recently, they haven’t been really applied to support business-like functions and serve a greater good). There’s a perception that playing games is all fun and not meaningful–but gamification has to overcome these misconceptions. When teaching adults, we must remember to communicate the “why”…

Jones also notes, “I often provide the ‘why do I care about this?’ answer upfront, in the form of a problem statement, where my key point becomes the solution. I then immediately illustrate or demonstrate how the key point solves the problem, providing reinforcement and confirmation to the students’ brains.”

Leaders interested in deploying gamified learning in professional training programs need to communicate the “Why do I play?” to their trainees. The answer isn’t merely to ensure the learner understands the point of the lesson, it’s much more about understanding what drives and engages their brain to interact with a gamified environment in the first place. There are driving motivational factors in gamification that make it a powerful tool for professional training and learning. Given that we all are wired differently, we must understand how to make gamification work best for us, as individual learners.

Making Gamification Work for All Learners

Yu-kai Chou created a framework for gamification and behavioral analysis that he calls “The Octalysis Gamification Framework .” Within he does a fantastic job breaking down driving factors and motivators for different types of gamers and learners—and we can use this model as a foundation to build out professional learning programs and activities in our own businesses. The Octalysis Framework is extremely deep, yet it’s easier to understand Chou’s eight Core Drivers in human behavior, in the circular graph.

When we consider Chou’s driving factors, through the lens of “How we Learn” and “How we Play,” in-game mechanics—with the understanding of the three learning styles, it becomes easier to see the potential for gamification as a mechanism to complement other learning styles. By examining the motivating factors that contribute to whether or not something is considered “gamified,” those doing the teaching can clearly see where kinesthetic learning fits within the overall game mechanics structure in relation to auditory/visual representations found in the mechanics.

Notice in figure 2, game mechanics prioritize competitive drivers over collaborative efforts, community over exploration (as indicated by the quantity of learning style icons).

As much as we celebrate the experiential elements of kinesthetic learning in educational literature… there’s much work to be done in gamification to ensure hands-on learning styles are better represented on this model so that more inclusive learning can be had.

Further, game components like “Levels” and “Missions” are incredibly broad terms and they can be as varied as the subjects they attempt to illustrate, yet I would argue that these mechanics determine if a product truly feels like a game more than features like the ability to share accomplishments socially or obtaining a badge.

The reality is, we’ve had a much longer history teaching to auditory and visual learning pillars, more so than teaching and training staff with gamification. If anything, this may illustrate that it’s easier to develop products and software that align with the visual and auditory-based learners versus developing products to meet the needs of those who want more hands-on experiences in a game-like setting. This is why we mostly hear about digital badging, leaderboards, and “leveling up” in the context of video games instead of in training programs for business professionals.

While incorporating gamification elements into a professional development training program can be done, do we need to check off all these game mechanic boxes in order for a product to be considered “Gamified?” Arguably no. It’s all about your demographics and what will drive them to learn most effectively.

We have reflected upon the history of “engaging educational learning” in the context of telenovela programming, deepened our understanding how we process and retain learned material in an overly interconnected culture, and sought new ways for learning to “stick,” one thing becomes clear: gamification is an untapped learning resource for today’s professionals. Dare I say, the diamond in the rough we’ve been searching for in business training and professional development. If your professional demographic is at all varied (I bet it is), then your teaching strategies will likely have to be as well. It’s time businesses think beyond the passive learning styles of yesteryear, and embrace a new gamified approach to adult training and development—something that better fosters driving factors like collaboration and exploration equally to that of competition, community, and achievement. Only then, will we really have a learning approach that meets everyone where they are.

Living our Mission: Project Ares Takes Full Flight with Cloud-Native Architecture

According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure. This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.

This transition to cloud infrastructure will yield immediate impacts to our current customers.

  • Increased speeds to launch cyber learning battle rooms and missions
  • Greater ability to onboard more trainees to the system from virtually any location
  • More access to cyber training content that suits their security needs and professional development interests

Proven success at Microsoft Ignite

At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform. Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack. The new version of Project Ares sustained weeklong intensive usage while delivering on performance.

So what’s new in the new and improved Project Ares?

Curriculum Access Controls for Tailored Cyber Learning

One of the biggest enhancements for Project Ares clients is that they can now control permissions for training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.

Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:

  • Cyber skill-building exercises and complex missions within Project Ares for cyber professionals
  • Cyber foundation learning with Cyber Essentials tools for the IT team
  • Security awareness training with inCyt for general staff

Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.

“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.

Greater Scalability and Performance in Cyber Training

With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform. The combination of content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size. Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.

Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.

“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence

The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.

Other performance improvements made to this version of Project Ares include:

  • Quicker download speeds of cyber exercises
  • Use of less memory on user’s computers, and resulting longer battery life for users, thanks to lower CPU utilization.
  • These behind-the-scenes improvements mean that training can happen quicker and learning, faster.

New Cyber Training Content

One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.

  • Mission 15, Operation Raging Mammoth, showcases how to protect against an Election attack
  • Battle Rooms 19 and 20 feature Splunk Enterprise installation, configuration, and fundamentals
  • Battle Room 21 teaches Powershell cmdlet (pronounced command-lets) basics

Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election. In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.

Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.

Battle Room 21 teaches cmdlet lightweight commands used in PowerShell. PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier .

Embracing Cloud Capabilities for Continual Cyber Training

Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.

As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.