cross-training cybersecurity

The Case for Cross-Training

The practice of security cross-training is a growing trend that has never been more important

It’s long been said that it takes a thief to catch a thief. With cybercriminals continuing to evolve and develop an increasing specialization, can we then presume that the deeper each defenders’ knowledge grows across various cybersecurity skills, e.g., hacking, DoS attacks, SQLi, reverse engineering, threat hunting, and others, the better prepared your entire team will be to detect and contain future attacks quickly?

The practice of cross-training is a growing trend across the security landscape for several reasons. If a well-trained security staff is your best defense, then a multi-skilled, cross-trained team can prove even more effective. Cross-training is most practiced and valued in the military, where each individual is trained to do the work of his team members. This ensures the mission will be completed even if critical members become casualties. In cybersecurity, the practice can prove valuable in avoiding disasters of different proportions. Driven primarily by the ongoing scarcity of IT talent and the consistent lack of a fully funded security budget, cybersecurity cross-training is helping organizations optimize cyber skills and readiness across a variety of threat scenarios.

Cross-training is made easier today with the arrival of online, simulation-based training platforms like RangeForce. RangeForce’s combined specialized training modules and cyber range provide the environment required to identify proficient cyber-pros and cross-train them into additional security specialties. The point of the exercise? As in the military, you can cross-train to optimize the roles covered by each team member at every stage of the attack process, so no one team member or “specialist” is sitting on their hands at any time during a cybercrime incident.

Start with Understanding Existing Skill Levels

Implementing active cross-training starts with individual and team assessments.  Assessments provide insight into how capable your people are, what their top skills are, and what areas might need improvement. Having each member of your security team complete a series of assessments will quickly determine individual strengths and weaknesses, as well as identify who might be likely candidates for a specific role or fill a gap in your existing team. Similar to discovering hard skills, team assessments can also determine softer skills just as critical under the stress of an attack and answer questions such as: where are the gaps in my lines of communications, and where are response times lagging?

Building a Cross-Training Program

Once you understand your strengths and weaknesses at the individual and team levels, you can plan how to implement your cross-training program. A common approach is to benchmark assessment results against industry standards like NIST/NICE or MITRE ATTACK. By looking across an attack lifecycle and overlaying incident detection and response processes and the teams that work in each phase,  security leaders can determine where in the attack lifecycle individual weaknesses, staffing shortages, or inferior methods exist. Training can then be mapped to counter the surfaced issues. For individuals who are missing critical skills, appropriate training modules can be scheduled for completion. For staffing shortages, the team’s most reliable players can cross-train to become subject matter experts (SME) in new areas to backup existing staff. Finally, where weak processes are surfaced, changes can be made and the required training assigned to mitigate weaknesses and upgrade process steps.

 Cross-Training Does Not Stop With the Security Team

Interdisciplinary training is also valuable outside of security. Extending training to web application developers, DevOps, network, and Endpoint IT specialists makes a lot of sense when you look at modern attack methodology. Our customers report success in surfacing and cross-training experienced IT workers in security to act as reserves and reinforcements when a cyberattack strikes. They also report improvements in security coding hygiene and the reduction of application vulnerabilities at launch. One customer even correlated the money paid for bug bounty programs falls dramatically when application developers have been cross-training on security vulnerability avoidance best practices. All of our customers report an improvement in overall security culture when cross-training moves into IT and development. 

Cross-Training and COVID-19

With companies forced to “work from home,” the corporate network is suddenly not the safe haven it once was. The reality of hundreds, even thousands of laptops (now all edge devices) becoming the norm, means endpoint monitoring is critical. Poorly staffed endpoint security teams can become overwhelmed. It makes even more sense now to cross-train network security or other IT staff whose workloads have dropped in endpoint security skills. Most of our customers are also actively upskilling security and IT teams on administering VPN systems to ensure proper multi-layer IP addresses, encryption configuration as well as on endpoint monitoring and threat hunting.

Optimizing Cybersecurity Teams through Cross-Training

One of the industry-wide anomalies related to cyberattacks is that they take so long to detect and contain. According to IBM’s 2019, “The Cost of Data Breach” report, it takes organizations, on average, 279 days to identify and contain a breach. Cross-training is a critical defense strategy that every organization can embrace to improve readiness and front-line defense. Adopting again from in the military, cross-training is valuable in training each individual to do the work of his or her team members so that all resources can be brought to bear during a real-world attack. Cross-training is helping CISOs and security managers to optimize collaboration, reduce the time that it takes to detect and remedy a cyberattack and improve overall team skills and performance.