Many practitioners hone their incident detection and response skills through independent certifications, or even self-learning driven by their own enthusiasm. But with the establishment of a dedicated cybersecurity ‘cyber range’ in Sydney, one security vendor is adding gamification and hands-on training to bring skills development to a new level.
Opened after several months of preparation, the 12-seat Sydney facility is Palo Alto Networks’ fourth Cyber Range globally and its first in the Asia-Pacific region.
The company also operates ranges in Washington, DC and at its headquarters in Santa Clara, California. It opened its European site, in Amsterdam, earlier this year as the first step in taking the initiative global.
“It’s about taking everything we talk about in terms of preparing the security practitioners for the real world,” Pamela Warren, director of government and industry initiatives, told CSO Australia. “It gives them classroom experience with a diversity of threats that might get onto the networks that they manage.”
The facilities, which are available to corporate security teams as free full-day classes, feature a range of equipment and network configurations that allow site administrators to challenge attendees with scenarios including ransomware, advanced persistent threats, the clicking of malicious links, and more.
The opening of the centre is something of a “passion project”, Warren says: “I have always enjoyed breaking down the project silos that have always existed, to get them into a teaming environment and help them talk about how they each view a threat that we’re throwing at them.”
Trainees are normally paired up, ideally with someone in a different operational area to encourage partnership and problem-solving, as well as breaking down functional silos.
“Security is complicated these days and we’re needing to expand the skill sets of the practitioners,” Warren explains. “We’re seeing that in an average enterprise the number of people who have security responsibility is growing. And we’re really trying to keep them trained and sharp.
Previously-opened facilities have been very well received, with companies even flying in staff from overseas to deliver centralised training to geographically-dispersed security teams.
“They love it because it’s a chance to practice without taking down their own networks,” Warren says.
Cyber range facilities have been appearing around the world as security vendors address the need to help customers’ security teams with ongoing skills development and incident-response security best practice.
Israeli firm Elbit Systems, for one, has opened numerous CYBERBIT Range training centres for use in corporate security training – including a site in Australia – while the United States government has laid down a formal cyber range strategy.
Defence contractor Lockheed Martin is building a cyber range for testing and validation of cyber warfare technologies. And security firm Cyberbit, for its part, recently partnered with Japanese security service provider Ni Cybersecurity to open a training range to support cybersecurity development in the leadup to the 2020 Tokyo Olympics.
Given such scenarios – and continually-updated adversaries to put their shoulders to – the sites have proven to be popular with cybersecurity professionals. “They’re like big kids,” Warren laughs.
“They love the gamification element of it. It’s a lot of fun watching them team up, and their reactions to different threats and their new ways of thinking about it and working together.”