With a projected shortage of almost 2 million cybersecurity professionals by 2019, is it time we started looking past the four-year CompSci degree and professional certification for new talent?
Cybersecurity start-up Immersive Labs thinks so. Founder CEO James Hadley told Pamela Weaver about the company’s plans to transform cybersecurity skills and help businesses build the talent they need for the threats they face today and in the future.
You’ve spoken in the past about “the cyber skills myth” – what do you mean?
The industry cites a skills shortage and the need to increase diversity, yet most medium to large businesses are looking for exactly the same type of individual. Namely 2:1 Computer Science with a raft of professional certifications based on outdated testing methods.
If the industry truly cares about increasing the breadth and depth of talent available, it needs to modernise the view of what a cyber skilled candidate looks like and consider more robust, hands-on training and testing techniques. That’s where we come in.
“If the industry truly cares about increasing the breadth and depth of talent available, it needs to modernise the view of what a cyber skilled candidate looks like.”
Cyber threats are evolving at an incredible pace – how can any organization skill-up to match?
In terms of both exploitation methods and tradecraft, the attacks change every week. Traditional cyber skills training courses are often written 6 to 12 months previously – they quickly become out of date and are no longer effective. At Immersive Labs we address this by creating new hands-on labs based on current threats each week, enabling organisations to validate that their team’s skills are up to date and can address the latest attacks.
What sort of scenarios does your platform offer?
Our cyber labs are broken down by discipline. We have basic cybersecurity knowledge including how attacks manifest themselves, through to advanced hands-on exercises including Security Analysis, Malware Analysis, Reverse Engineering, Ethical Hacking, Secure Coding and even IoT/Firmware security labs.
For example, in a Security Investigation lab the user must recover data following a real ransomware infection on a Windows server. In another scenario, an administrative user is suspected of abusing their administrative rights to review their appraisal and the user takes on the role of an investigator to help provide evidence in the case.
We also have scenarios where a user takes on the role of a Security Operations Centre (SOC) analyst, and must review security event logs, identify malicious activities and classify the type of attack as part of the lab.
Who are the labs aimed at? Technical staff only or those looking for potential cybersecurity talent in the accounts department?
Our focus is on the technical teams, for example, first-line IT support through to cybersecurity teams, but we cater for all skills levels. Cybersecurity expertise can be developed by end users without an IT background using our Tech Refresh labs, which cover basic operating system and networking. One of the key benefits of the Immersive Labs platform is that it allows businesses to plug gaps using existing resources by identifying hidden talent with an interest in cyber.
A lot of companies are offering gamification for cybersecurity skills, what makes this technique so effective – and what’s different about Immersive Labs’ platform?
Gamification is a powerful and effective technique because it taps into the basic human nature of wanting to compete. Earning badges and points motivates us to keep learning. Existing offerings use these techniques but the learning is based on multiple choice questions that can be Googled, making the user’s experience less involved and engaging. At Immersive Labs, we address this by creating real-world cyber tasks inside our labs, requiring hands-on access to the end user with no multiple choice solutions. The hands-on nature combined with points, badges and leaderboards means teams can compete in a healthy manner against their peers while keeping their cyber skills up to date.
“Gamification is a powerful and effective technique because it taps into our basic human nature of wanting to compete.”
You talk about taking a ‘business view’ to enable organisations to identify the skills gaps within their businesses. How does that approach work? How do you research for that?
When a customer joins our platform we agree on and set a series of cyber skills metrics that reflect the maturity and coverage required by their business. We provide a business-wide dashboard where managers can see, in real time, the current status of skill levels within the company vs their requirements. This allows organisations to identify current risks to their business and address them instantly.
You’re launching a digital cyber academy in September. Tell us more about that?
To help countries plug the cyber skills gap our Digital Cyber Academy™ (DCA) when launched will be free to every academic institution in the US, UK, Australia and Singapore. Students from any academic background will be able to develop practical, hands-on cyber skills across our entire suite of labs. Our customers can then fill cybersecurity roles based on validated hands-on skills as opposed to academic background or security certifications, leading to a better skilled cyber workforce and greater diversity in the field.
Immersive Labs has designed and built an online cyber skills development platform for businesses. It streams cybersecurity labs to end users and uses social features and gamification to help businesses identify hidden talent within existing teams, identify business risks through skill gaps and prevent skill decay. It is part of CyLon’s dedicated cybersecurity accelerator programme.