Cyber ranges: Who are they for and how can they help
Why do you need hands-on training?
The field of cybersecurity has a number of great books and references. Whether general overviews, deep dives into particular skill sets, or certification preparation material, these resources provide a lot of great information.
However, this information is mainly theoretical. It can explain the fundamental principles of cybersecurity, describe cybersecurity best practices and processes, and even provide walkthroughs on using common tools via screenshots.
However, this does not substitute for actual experience in using these tools or dealing with particular challenges in cybersecurity. A practitioner who has only read about using a particular tool won’t know how to do anything not explicitly covered in the text (and may not remember the contents of the text either). Similarly, while a description of how a particular threat was handled can provide a great reference, it does not provide experience in adapting to address other situations.
Hands-on training, like that provided in a cyber range, provides the student with experience in actually solving cybersecurity challenges and using cybersecurity tools. This provides a much more useful learning experience and increases retention of the content.
Who needs a cyber range?
A cyber range is designed to be a guided, hands-on experience in a cybersecurity topic. This enables the student to gain valuable experience with certain situations, tools or processes in a safe environment.
As a result, cyber ranges provide benefits to a variety of different parties. Cybersecurity professionals learn concepts and skills that are valuable to them, educators can use cyber ranges to supplement their existing curriculums, and organizations can take advantage of cyber ranges to fill crucial cybersecurity skills gaps within their workforces.
In the field of cybersecurity, continuing education is essential. The cyber threat landscape and organization’s digital ecosystems are constantly evolving, creating new attack vectors, tools and techniques to address them. Cybersecurity professionals need to continue to advance their skills and expertise to remain current.
A cyber range, with hands-on instruction, can provide benefits for cybersecurity professionals in any stage of their career:
- Fundamental knowledge: For new professionals and those wishing to brush up on the basics, cyber ranges can cover fundamental concepts of cybersecurity and commonly used tools. This helps to gain the knowledge and experience required to land a job or break into the field.
- Skills maintenance: As organizations’ digital infrastructure evolves, cybersecurity professionals need to work to maintain their skills. Cyber ranges can provide experience with new platforms or technologies such as cloud computing, blockchain or the Internet of Things. This helps experienced cybersecurity professionals learn and adapt to the new environments where they are now working.
- Specialization: Often, cybersecurity curriculums are designed to provide a general knowledge of cybersecurity, but the field has a number of different specializations. Cyber ranges can help a cybersecurity professional learn specialized skills — such as malware analysis, digital forensics or cloud security — that are in growing demand.
Many cybersecurity classrooms are designed to focus more on theory and traditional forms of learning than hands-on engagements. While a cybersecurity professor may create a few lab exercises and environments, they often lack the resources to develop more comprehensive hands-on learning opportunities.
While this is understandable, it limits the ability of students to learn the material. Many students are hands-on learners and benefit from the ability to test out tools and techniques in realistic environments. However, in the field of cybersecurity, it can be difficult to do so since the use of many tools outside of a lab environment (i.e., on real-world targets) is illegal.
Cyber ranges enable educators to provide a hands-on learning experience without the need to develop and maintain these lab environments on their own. The educator can provide the theory and demonstrations within the classroom, then allow students to apply their knowledge via a practical cyber range. This promotes better retention of the material and provides students with the hands-on experience that they will require to be effective in future cybersecurity roles.
The cybersecurity industry is currently experiencing a skills shortage. Many organizations are struggling to fill critical roles, and cybersecurity professionals with specialized skills sets and expertise can be even more difficult to find.
For example, almost all organizations have migrated some of their infrastructure to the cloud. However, 63% of cybersecurity professionals struggle to understand the cloud shared responsibility model, a fundamental concept of cloud security. As a result, many organizations are operating with unsecured cloud deployments.
Cyber ranges provide organizations with the opportunity to teach employees the skills sets that are crucial for the organization’s cybersecurity. This enables their existing cybersecurity staff to acquire any critical skills that they are lacking and for other employees to reskill to fill open cybersecurity roles within the organization.
Hands-on cybersecurity training benefits everyone
A cyber range is designed to teach certain skills via a hands-on experience. This type of guided learning helps to improve knowledge retention and builds a foundation for future learning or adapting concepts to new situations.
The cybersecurity industry is fast-paced, and the attack surfaces and ecosystems of organizations are expanding and growing more complex. Cybersecurity professionals require hands-on experience in a number of different specializations and environments in order to effectively protect their organization. Cyber ranges enable them to acquire the necessary skills and expertise within a safe environment.