Cybersecurity Education and Training

Table of Contents

1. Frontmatter

2. Chapter 1. Introduction

   Razvan Beuran

   Abstract

   This chapter discusses the motivation for this book, which is to assist the cybersecurity education and training efforts that are required to bridge the existing workforce gap. Then, the two-part book structure is explained, with the first part focusing mainly on technical cybersecurity training, whereas the second part analyzes actual cybersecurity training platforms. This is followed by an outline of the main characteristics of the existing literature related to cybersecurity education and training, which mostly concentrates on teaching practical low-level cybersecurity skills. The key contributions of this book are then described, indicating that it provides enough theoretical background and concrete details to serve as a comprehensive guideline to effectively address all the issues related to planning and conducting cybersecurity education and training activities. Finally, the intended audience of the book is discussed, with the main audience being cybersecurity education and training practitioners and professionals, both in the academia and industry.

3. Cybersecurity Education and Training Methodologies

   1. Frontmatter

   2. Chapter 2. Cybersecurity Education and Training

      Razvan Beuran

      Abstract

      This chapter discusses first the manner in which we use in this book the concepts of education and training in the context of cybersecurity, with education referring to the act of imparting knowledge, and training referring to the use of practice to bring participants to a target level of proficiency. Then, an overview of the two main categories of training, technical cybersecurity training and cybersecurity awareness training, is provided. Technical cybersecurity training is aimed at improving the technical skills of the participants. Therefore, it often includes hands-on activities that rely on training environments built for cybersecurity training purposes, named cyber ranges. Cybersecurity awareness training is intended for the wide public of regular IT users, as well as for those IT professionals who do not require advanced security skills. Instead, such users must acquire basic knowledge about IT and cybersecurity, so that they are able to avoid security issues during their daily use of IT technology. The chapter ends with a comparison of technical cybersecurity training and cybersecurity awareness training that analyzes the main characteristics of each training category.

   3. Chapter 3. Technical Cybersecurity Training

      Razvan Beuran

      Abstract

      This chapter discusses in detail the topic of technical cybersecurity training. First, we define a taxonomy of cybersecurity training programs that is based on several characteristics, such as training purpose, training approach, as well as other features of the training. This underlines the complex dependencies that exist between the training method, the target skills, training scenario, and environment types. We also discuss several frameworks in relation with cybersecurity workforce skills, such as the NICE Framework. Then, the effectiveness of training programs is analyzed by formulating a set of requirements for ensuring the effectiveness of a program, and discussing how these requirements can be mapped into actual training platform implementation features. Lastly, Hardening Project is presented, which is a competition with many benefits in terms of training approach that, for example, makes it possible to address all types of cybersecurity skills. This discussion also represents a case study of applying the taxonomy we introduced to an actual training program, thus illustrating how this taxonomy can be used in practice.

   4. Chapter 4. Attack Training

      Razvan Beuran

      Abstract

      This chapter discusses in detail the attack training form of cybersecurity training. An overview of the attack training methodology is provided first, focusing on the interdependency with respect to the other forms of cybersecurity training, namely forensics and defense training. The two main attack training types, fundamental attack training and pentesting training, are presented next, examining in detail the various methods used to teach or learn basic attack skills, as well as pentesting skills. A set of additional resources is also provided, such as knowledge bases (ATT&CK, CAPEC, CWE, etc.) and security testing guidelines, as well as attack training tools (Nmap, Metasploit) and platforms. Finally, the main advantages of attack training, as well as potential issues that may arise, are discussed, both from the trainee and organizer perspectives.

   5. Chapter 5. Forensics Training

      Razvan Beuran

      Abstract

      This chapter discusses in detail the forensics training form of cybersecurity training. An overview of the forensics training methodology is provided first, focusing on the interdependency with respect to the other forms of cybersecurity training, namely attack and defense training. The two main forensics training types, fundamental forensics training and forensic methodology training, are presented next, examining in detail the various methods used to teach or learn basic forensic skills, as well as the actual forensics process. A set of additional resources is also provided, such as forensic methodology guidelines by NIST and ISO/IEC, as well as forensics training tools (ExifTools, Ghidra, Volatility, Wireshark) and platforms. Finally, the main advantages of forensics training, as well as potential issues that may arise, are discussed, both from the trainee and organizer perspectives.

   6. Chapter 6. Defense Training

      Razvan Beuran

      Abstract

      This chapter discusses in detail the defense training form of cybersecurity training. An overview of the defense training methodology is provided first, focusing on the interdependency with respect to the other forms of cybersecurity training, namely attack and forensics training. The two main defense training types, fundamental defense training and defense methodology training, are presented next, examining in detail the various methods used to teach or learn basic defense skills, as well as the overall defense methodology. A set of additional resources is also provided, such as knowledge bases (D3FEND, Engage, CAR, etc.) and defense methodology guidelines, as well as defense training tools (iptables, OpenVAS, Snort) and platforms. Finally, the main advantages of defense training, as well as potential issues that may arise, are discussed, both from the trainee and organizer perspectives.

   7. Chapter 7. IoT Security Training

      Razvan Beuran

      Abstract

      This chapter examines first the challenges associated with IoT security training compared with the general cybersecurity training, such as IoT device diversity and specific risks. This is followed by a discussion of other distinctive issues, both from a developer perspective (low barrier to entry and time to market pressure), and an end user perspective (user interface limitations, perception inertia and short life span), as well as possible solutions for these issues. The main IoT security training approaches are presented next, starting with those including hands-on practice that are available in academic and commercial backgrounds, and followed by hardware-based training systems. Then theoretical training approaches are discussed, including online courses and tabletop exercises, accompanied by a comparison of all the IoT training approaches that were examined. Lastly, a detailed case study of two IoT training systems, IoTrain-Sim and IoTrain-Lab, is presented to illustrate the various issues mentioned in the other sections. The characteristics of these two simulation and testbed-based training approaches are also compared.

   8. Chapter 8. Cybersecurity Awareness Training

      Razvan Beuran

      Abstract

      This chapter discusses first several issues related to cybersecurity literacy, which is the type of education internet users need to minimize the cybersecurity risks they are exposed to. Then, various approaches used for cybersecurity awareness training are presented, such as reading materials, training videos and e-learning. A discussion of more advanced methods follows, such as phishing simulation, and the use of gamification in the context of cybersecurity awareness training, with several illustrative examples in each case. A comparative analysis of the discussed approaches is then conducted to examine their characteristics, and their respective advantages and disadvantages. Lastly, the cybersecurity awareness training platform CyATP is introduced as a case study of applying the discussed principles into practice, including features such as concept map-based learning, content generation, and gamification via a crossword puzzle quiz.

4. Cybersecurity Training Platforms

   1. Frontmatter

   2. Chapter 9. Cybersecurity Training Platform Overview

      Razvan Beuran

      Abstract

      This chapter provides an overview on the main characteristics of cybersecurity training platforms. A model is first introduced that defines the common elements used in most training platform architectures. These elements are grouped into two classes. The core components, Training Content, Training Environment, Training Manager, and Data Storage are essential for all training platforms. In addition, some training platforms may include support components, namely Portal, Education Functions, and Monitoring. Training content is discussed next from the point of view of the content types encountered in most training platforms, and how various education aspects can be addressed via training content. Lastly, we examine training environments and the main ways in which they can be implemented, including the advantages and disadvantages of each approach.

   3. Chapter 10. Capture the Flag Platforms

      Razvan Beuran

      Abstract

      This chapter discusses one of the most important types of cybersecurity training platforms in terms of public perception, namely the Capture The Flag (CTF) platforms. First, we examine the two main types of CTF content, which are Jeopardy style and attack-defend, and discuss their respective advantages and disadvantages. Then we present in detail two categories of CTF platforms, online and open-source ones, with several representative examples of actual platforms in each category. The examples we discuss are classified in Jeopardy-style platforms and hybrid ones, which also support attack-defend style competitions. The main characteristics of each platform are then analyzed in a comparative manner for each platform category. Finally, we discuss some important aspects that should be considered in relation with CTF platforms, such as their potential disadvantages, security issues, etc.

   4. Chapter 11. Cyber Ranges

      Razvan Beuran

      Abstract

      This chapter discusses cyber ranges, which are dedicated network environments used for cybersecurity training purposes. We first provide an overview of this type of training platforms, emphasizing the significance of their use during training, as well as the two main categories of cyber ranges. The first category, general cyber ranges, refers to those training platforms employed for generic cybersecurity training. For this category, we provide several examples classified based on the organizations that operate them, namely government, private sector, or academic institutions. The second category, specialized cyber ranges, includes those training platforms that are dedicated to specific application areas. The examples we provide for this category relate to the domains of IoT, ICS/SCADA, critical infrastructure, as well as healthcare. For each of the two categories of cyber ranges, we conduct a comparative analysis of the main characteristics of those cyber ranges and discuss several issues that are particular to each category.

   5. Chapter 12. Detailed Case Study: CyTrONE

      Razvan Beuran

      Abstract

      This chapter examines in the form of a detailed case study the cybersecurity training framework named CyTrONE. The motivation and target for conducting such a case study on CyTrONE are explained in the beginning. An overview of the framework is presented next, mentioning first details about its architecture, followed by a discussion of the manner in which architecture can be mapped on the training platform model introduced in Chap. 9. The training content and training environment representation are thoroughly analyzed next in order to illustrate how these aspects can be addressed in practice. For this purpose, we start by describing the corresponding representation syntax and then examine several illustrative examples for each case. Finally, the most important lessons learned from designing and implementing CyTrONE are reviewed, with the goal of providing a practical reference for future training platform developers.

   6. Chapter 13. Training Platform Capability Assessment

      Razvan Beuran

      Abstract

      This chapter discusses a capability assessment methodology for cybersecurity training platforms. We first provide an overview of capability assessment, presenting the motivation and background for this approach, as well as defining the relevant stakeholders and their perspectives. The actual capability assessment methodology is introduced next, with a detailed description of the assessment criteria—which are grouped into three categories, training content representation, network environment management, and training activity facilitation—and explain the assessment procedure. Last, we present the capability assessment results for the CyTrONE training framework, which has a total capability level of 71%, examining in detail the results for each criterion category. We also illustrate the interpretation and potential manners of using the capability assessment results from the perspective of the stakeholders defined previously.

   7. Chapter 14. Conclusion

      Razvan Beuran

      Abstract

      This chapter summarizes the content of the book by highlighting the main contributions of each chapter. In Part I we discussed mainly topics related to technical cyber security training, followed by a presentation of other forms of training. In Part II we reviewed a set of actual CTF and cyber range platforms, followed by a detailed case study on the CyTrONE training framework. Key takeaways are provided next in order to emphasize the most significant insights of the book. At the end of the chapter, we discuss a set of trends and future prospects with regard to cybersecurity education and training.