Accelerating Experience to Address the Skills Gap

Due to the much-talked-about skills shortage in cybersecurity, organizations often cannot recruit qualified and experienced staff. One answer to this problem could be the old adage: do more with less. I’m not talking about adding more technology—this has been the approach for a very long time and yet the problem is getting worse, not better. No, I am talking about efficiency. 

One definition of efficient is “an adjective that describes the ability to accomplish a task or achieve a goal with the least amount of effort, time, or resources, while maximizing productivity or effectiveness. It refers to the ability to use resources effectively, avoid waste, and optimize processes to achieve desired results in a timely and cost-effective manner.”

Efficiency comes from experience, and experience comes from the knowledge, skills, and expertise gained through practical application. It is acquired over time through hands-on practice, exposure to real-world situations, and learning from successes and failures.

As noted above, recruiting experienced staff is proving very difficult. Recruiting junior staff without experience could be an option, but the lack of experience would not necessarily drive efficiency. To bridge the gap, you need to accelerate their experience. 

How can you accomplish that? Junior staff need more exposure to attacks to be able to recognize the telltale signs of an initial compromise; instinctively know what the next step the attacker is likely to take; and be able to rapidly formulate a response to disrupt and remediate the situation. 

So the answer is obvious: Open up your firewalls, turn off your 2FA and anti-malware tools and let your staff deal with all of the attacks to quickly accelerate their experience through vast amounts of exposure. Right!?

If you are still reading, you have hopefully realized that my comment above was not a serious suggestion. So, if you can't use that “approach” to accelerate your staff's experience, how do you provide years of experience in a shortened period? This is where the RangeForce time machine comes in. 

Unfortunately, RangeForce doesn’t have a time machine, but what it can provide offers similar benefits as if you could fast-forward through time. The platform provides your cybersecurity staff the opportunity to:

  • Gain exposure to all kinds of attacks
  • Learn how to spot these attacks
  • Understand what the next attack steps are likely to be
  • Discover how best to respond to, disrupt and remediate the attack

...all in a safe and controlled environment. From learning about kill chains, MITRE tactics, and IOC’s in a safe and interactive environment, to working as a team to defend against a ransomware attack propagating a network, the time machine you need to accelerate experience is right there.

Team threat exercises also play a key role in hastening experience. These exercises allow teams to perfect not just technical skill,  but also soft skills such as cooperation, delegation, and leadership.

The experience gained throughout these activities advance experience for cybersecurity pros by providing the chance for hands-on exposure much more frequently than is (hopefully) available in the real world, while maintaining a high level of realism to ensure relevancy.

All of this experience will inevitably lead to a more efficient team, reducing the mean time to detect (MTTD), mean time to respond (MTTR), and mean time to contain (MTTC). The upshot of this is the ability to do more with less, reducing the need to recruit more staff in a challenging market.