By Keenan Skelly, Vice President of Global Partnerships and Security Evangelist at Circadence

“THE CYBERSECURITY SKILLS GAP” It is written about so much in the cyber industry that it seems predetermined, not to mention full of doom and gloom about never-ending, ubiquitous breaches.  Yes, predictors say that there will be 3.5 million unfilled cybersecurity jobs by 2021, which is up from 1 million openings last year.  But that’s not the whole story. It does NOT mean that cyber readiness is unattainable or that the bad guys have won.

At Circadence, we see that stat as a headlight – providing illumination for a rich career opportunity and stimulation for new approaches to cyber preparedness.   There’s unlikely to be a dull moment in a cyber career as defenders work every day to keep pace with technology advancements and organization digital transformation, as well as keeping an eagle eye out for how threat actors create new exploitive circumstances. So, it is continuously critical for cyber warriors to test, train, simulate, emulate and keep learning.  And while we can’t train our way out of the skills gap problem one class or video at a time, we can use technological advances, in Artificial Intelligence and Machine Learning, for example, to automate and augment the security toolsets, the tasks and processes, and the training platforms.  With a focus on the human element that is at the heart of the adversarial relationship, we can redesign the playing field and hopefully give defenders the home field advantage going forward.

Why do we need a new approach to cyber training?

Today’s organizations ARE seeking more cyber staff, but they equally need an inventive and accelerated training approach that engages cyber professionals to build and retain skills and competencies to keep positions “filled”. That’s where new advances in artificial intelligence and gamified learning come into play and create new types of hands-on learning environments.  For example, in our Project Ares learning environment, AI generates adversaries, which require critical thinking and collaborative problem solving to deter.  We put the simulation into a gamified context where badges, scores and friendly competition motivate progress through learning exercises and cyber challenges.

News headlines remind CISOs and business leaders of the impact of breaches, from financial to reputational damage and loss of trust. The cybersecurity industry needs a new approach to help adapt to the speed of cyber threats today through better enablement for incoming and seasoned cyber professionals. The importance of strengthening organizational security posture often starts with a company’s digital vanguard defending corporate assets. These team members are juggling a lot of day-to-day priorities as they proactively protect company assets while trying to stay up-to-date with evolving risks.  The end result of this juggling act is a cyber workforce that is strained, stressed, and often depleted. In fact, a whopping  93% of respondents to a May 2019 survey agreed they need to keep up with their skills or their organization will be at risk, yet 66% of respondents in the same study also said it’s hard to keep up with cybersecurity skills given the demands of their job.  The difference between the business security requirement and the actuality of cyber readiness is indeed a wide gap.

Typically, a professional’s cyberlearning journey begins with traditional lecture-style learning, maybe sitting in a classroom absorbing outdated videos and slideshows, and often at a location that is away from the office requiring travel budget to attend. However, research shows that when the traditional classroom approach is paired with a gamified environment that provides hands-on practice in cyber range environments, student learning retention improves by up to 75%. Add to that research showing that employees say gamification makes them feel more 89% more productive and 88% happier at work. Gamified learning can boost motivation and retention, generating upwards of a 60% increase in learner engagement and 43% enhancement in employee productivity. This applies not only to new cyber professionals learning basic concepts and skills but also cyber professionals currently in the workforce looking to mature their cyber skills and learn more advanced cyber tactics. In addition, cybersecurity leaders can partner with HR and use gamified platforms to test and assess their current staff to identify gaps in security knowledge and application, establish improved recruitment goals, and even test new recruits.

Using AI and gamified training to augment the cyber workforce

Inside a gamified learning platform, artificial intelligence (AI) is being employed more often to improve the delivery of education exercises.  AI is used to emulate human cognition (e.g. learning based on experiences and patterns rather than inference) and deep machine learning advancements enable solutions to ‘teach themselves’ how to build models for pattern recognition. This becomes particularly valuable in cyber skills development where Natural Language Processing (NLP), a sub-category of AI, can communicate with a human during cyber exercises and aid in their progression through activities. An example of how NLP works within a gamified learning environment is through cybersecurity learning platform Project Ares®. The in-game advisor, Athena, uses NLP to communicate with players in a “chatbot” format providing guidance to players so they can complete cyber asks and meet learning objectives for certain work roles. Athena generates a response from its learning corpus, using machine learning to aggregate and correlate all the player conversations it has plus integrating knowledge about how users progress through exercises. The pattern recognition helps Athena recommend the most efficient path to solve a problem or scenario. Similar to the “two heads are better than one” motto, but machine learning needs lots of “heads” (aka: data) to generate the best solution for the problem at hand.

AI is also used to create the adversary in Project Ares missions. These missions are developed from real-world cyber threats using either a defensive or offensive approach. The player is challenged to solve problems through critical thinking and actions and as they begin to think like the unauthorized user, their understanding of defensive behavior also improves.  This capability provides greater learning potential for users who are not only using defensive techniques with AI but also using offensive techniques with data AI provides. Cyber professionals can engage in a learning platform that offers relevant cyber exercises to build skill and competency with the support of artificial intelligence, NLP and hands-on machine learning all within a gamified range environment.

A new era of cyber training                       

For organizations that are stymied by the skills gap and struggle to hire the right skills in cyber organizations, take a look at the challenge from a different angle.  Through the benefits of AI in gamified training, cyber professionals can learn advanced ways to offensively and defensively protect their companies, build new skills, and develop problem-solving tactics in real-world scenarios. This advanced method of training takes cyberlearning to new heights by improving retention with hands-on learning that can take place anywhere versus at off-site cyber training courses. With new training options such as gamified training now available to companies, seasoned and prospective cyber professionals have all the critical tools needed to prepare themselves for future cyber threats—and companies have the resources necessary to persistently harden their cyber readiness posture. For more information on gamified training, visit www.circadence.com.

About Circadence

Circadence Corporation is a market leader in next-generation cybersecurity readiness. Powered by a culture of innovation and the demands of an evolving cyber landscape, Circadence offers award-winning cyber range solutions and cybersecurity learning platforms, running on Microsoft Azure, that leverage artificial intelligence and custom content to address critical security challenges for enterprise, government and academic institutions. Circadence’s solutions deliver persistent, immersive and true-to-life experiences that match and adapt to contemporary threat environments. For more information, visit www.circadence.com.

Author the Author

Keenan Skelly, Vice President of Global Partnerships and Security Evangelist at Circadence.Keenan Skelly has more than 20 years of experience providing security and management solutions across a wide array of platforms to include personnel, physical, and cybersecurity. She brings over ten years of government service with a focus on National Security. Skelly served in the U.S. Army as an Explosive Ordnance Disposal Technician and went on to work for the Department of Homeland Security where she served as Chief for Comprehensive Reviews in the Office for Infrastructure Protection.

 

Cites:

https://searchsecurity.techtarget.com/news/252463186/Effects-of-cybersecurity-skills-shortage-worsening-new-study-says?track=NL-1820&ad=927520&src=927520&asrc=EM_NLN_112933934&utm_medium=EM&utm_source=NLN&utm_campaign=20190515_Shortage%20of%20cybersecurity%20skills%20puts%20business%20at%20risk