{"componentChunkName":"component---src-templates-blog-js","path":"/blog/","result":{"pageContext":{"posts":[{"node":{"id":"0c76271d-d81b-505e-919f-e77031011194","slug":"to-buy-or-to-build-a-cyber-range-that-is-the-question","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/09/ryan-quintal-97odosRYZ7w-unsplash-scaled.jpg"},"date":"2020-09-03T20:18:50.000Z","content":"

Distance learning is likely here to stay yet today’s cyber educators still need to find ways to meaningfully connect with their students during these socially-distant times. Cyber educators can effectively enrich student remote learning with hands-on cyber ranges. To actualize these goals to create immersive, engaging learning environments, educators must decide whether to build or buy a cyber range—yet it can be a significant decision to weigh by yourself.

\n

Circadence’s Josh Selfe provided tips and much-needed context on cyber ranges in his presentation at the virtual 2020 Virginia Cyber Education Conference to help answer the question…to buy or to build a cyber range? For teachers, curriculum developers and superintendents grappling with this decision, here are a few highlights from his presentation to help make your decision a little easier.

\n

First off, cyber ranges have many uses.

\n\n

If you’re going to build a cyber range, you need to think about a few important components that are necessary.

\n\n\n\n\n\n\n

If building a cyber range isn’t the best solution for you, there are available cyber ranges to buy that have all these components listed above. Circadence’s Project Ares offers quality, scalability and flexibility with a hands-on, active cyber learning solution. With Project Ares, students can receive all the benefits of training on a cyber range immediately with:

\n\n

Project Ares is designed under a subscription-based model and it addresses all stages of the kill-chain offensive and defensive practices that a real cyber practitioner would use in their day-to-day job duties. A student can participate in team play or individual learning through foundational or specialized scenarios and will be exposed to threat emulations such as phishing, botnets, ransomware, malware and more.

\n

Our scenarios learning outcomes are aligned to NICE/NIST work role framework, which ensures  we are providing industry-standard and best practices

\n

It’s a big decision to make to build or buy a cyber range and we hope some of the info above will help determine your best course of action. If building a cyber range isn’t in the best route for you, but you want a robust cyber learning journey, Project Ares can deliver an easy solution that aligns to your existing cyber course curriculum by layering in a gamified, hands-on learning component that make the remote, hybrid, or in-classroom experience engaging and fun.

\n

For more information check out a demo, or visit some of these videos with more information. 

\n

Josh Selfe Bio: 

\n

Joshua Selfe has more than 14 years of experience successfully tearing down barriers and challenging perceptual limitations in order to make end-users more productive and efficient. He joined Circadence in 2018 to champion the synthetization of knowledge to facilitate company and product vision, execution, culture, team performance and business growth.

\n
\n
\n
\n
\n
Photo by Ryan Quintal on Unsplash
\n
\n
\n
\n
\n","title":"To Buy or to Build a Cyber Range? That is the Question!"}},{"node":{"id":"5a7d5b95-f573-5d8e-b8d0-6896128696dc","slug":"cybersecurity-education-7-tips-for-creating-a-successful-career-pathway","status":"publish","template":"","format":"standard","featured_media":null,"date":"2020-08-19T16:59:34.000Z","content":"

The reality is self-evident: exponential advances in technology, the escalating complexity of systems, society’s increasing reliance on digital devices to manage daily tasks, and the global rise of significant threats posed by malicious actors ensures cybersecurity is here to stay.

\n

Government entities are struggling in their efforts to recruit and retain qualified personnel to staff critical cybersecurity positions. Organizations in the private sector are recruiting talented candidates from local, state, and federal agencies at such a quick pace it is leading to critical shortages in areas directly impacting our infrastructure and national security.

\n

Corporations in the private sector are inundated with new regulatory and compliance requirements for data residing in diverse geographic locations they never knew existed. They are frantically drafting policies, reallocating scarce resources, and staffing for previously “unneeded” capabilities in the midst of a 24/7 media cycle reminding them daily that they may be the next potential target of a massive data breach the cable stations consider to be newsworthy.

\n

Academic institutions, once immune from the pressures of the need for immediacy and a high operational tempo, are no longer enjoying that luxury. Administrators are working tirelessly to develop relevant curricula, hire qualified instructors, and provide high-quality programs of learning for a new wave of students seeking to pursue careers in the discipline of cybersecurity.

\n

Did you spot the one missing (and often forgotten) variable in the prologue? The STUDENT.

\n

Whether discussing traditional students in colleges and universities, or non-traditional students changing careers, their questions and concerns tend to remain constant. What is cybersecurity? How can I enter this emerging field? Where should I start? Most importantly, who can I ask and where can I find the people with the answers?

\n

As a cybersecurity professional with one foot in the private sector and the other foot in academia, I will offer a few tips that may serve to assist and support efforts to create a successful cyber career pathway. These tips are not relegated solely to students; educators and administrators new to this discipline who find themselves responsible for creating cybersecurity programs can benefit from these seven tips as well.

\n

Interested in hearing more?

\n

Join our webinar

\n

“7 Steps to Supporting a Successful Cyber Career Pathway”

\n

\n

#1) Research the NICE Cybersecurity Workforce Framework.

\n

The NICE CWF consists of 7 Categories, 33 Specialty Areas, 52 Work Roles, and over 2,000 KSA’s (Knowledge, Skills, and Abilities) and Tasks clearly defining expectations for current and future cybersecurity needs. It was developed by the government, academia, and the private sector to create a common lexicon and understanding for all three verticals to facilitate mutual cooperation and establish programs in support of training and workforce development needs.

\n

#2) Build professional and technical cybersecurity skills.

\n

Innovation happens at the cross-section of disciplines, and technology is only one of those disciplines. Cybersecurity demands the synthesis of many skills including critical thinking, analysis, reporting, compliance, leadership, and many others. Cybersecurity touches every profession at every level. To consider it solely through a technology lens is both self-limiting and self-defeating.

\n

#3) Acquire industry certifications to assist in the job search process.

\n

Cybersecurity certifications are valuable insofar as they provide prospective employers with known metrics and expectations of the body of knowledge possessed by the recipient of the certification. It is not a perfect system – neither certifications nor recipients are all created equal – but it does assist in establishing standards and baselines for practical cybersecurity skills. That has the potential to open doors that would otherwise remain closed to candidates.

\n

#4) Consider enrollment in a formal education program.

\n

While the training afforded by industry certifications tends to be practical and intense, programs offered by academic institutions tend to provide a much broader and in-depth understanding of the foundational concepts and comprehensive knowledge required to be successful in the cybersecurity field. In an age in which people are learning more and more about less and less, a broader base of knowledge has the potential to lead to a wider range of opportunities and successful outcomes.

\n

#5) Gain real-world experience to support a theoretical understanding of the cyber discipline.

\n

It has been said that “those who cannot do, teach.” Although that may possess some element of truth in certain disciplines, it does not apply to cybersecurity. In the military, we employed a three-part teaching methodology: explanation, demonstration, and practical application. In addition to providing soldiers with requisite training, it also built confidence and trust in the instructors’ competency levels. If you find yourself with an instructor stating, “I have never personally done cyber, but I did sleep at a Holiday Inn Express last night,” you may want to consider enrolling in a different class.

\n

#6) Build a broad foundation of knowledge before specializing.

\n

Most people I encounter seeking to enter the cybersecurity field are doing so as a result of a specific interest such as forensics, ethical hacking, vulnerability assessment, and any number of other options. I love their passion and focus but still encourage them to experience (and understand) a wider variety of disciplines before choosing to specialize in one area. This can lead to the discovery of new passions and provide higher degrees of competitive advantage when initially entering the field.

\n

#7) Start small, seek incremental wins, and accept a few losses.

\n

One of the greatest risks associated with unbridled enthusiasm is starting too fast with too much. Begin with the basics and realize that any accomplishment – even ones that fall short of grand dreams and goals – are still incremental wins trending in the right direction. The fact that your first position is processing tickets on a technical help desk, and not the CISO position for which you applied, should not leave you discouraged and questioning your decision to enter the cybersecurity field.

\n

If you are a student, an instructor, or a curriculum developer thinking about entering the realm of cybersecurity – and if you possess the desire, enthusiasm, and determination to start at “ground zero” and learn continuously – your future looks bright and is virtually without limits.

\n

AUTHOR

\n

 

\n

Michael I. Kaplan is the Director of Phase2 Advantage, a cybersecurity training and instructional design company based in Savannah, Georgia. He is also the Chairman of the Cyber Security Advisory Committee at Savannah Technical College. The publishing division of Phase2 Advantage creates cybersecurity textbooks and workbooks listed on Amazon, Ingram’s VitalSource platform, and all major booksellers.

\n

Michael’s technical areas of specialization are Incident Response, Business Continuity / Disaster Response Planning, Information Security Management, and Digital / Network Forensics.

\n

Contact Michael at michael.kaplan@phase2advantage.com.

\n

Blog post originally appeared on: https://www.phase2advantage.com/cybersecurity/cybersecurity-education-7-tips-for-creating-a-successful-career-pathway/.

\n","title":"Cybersecurity Education: 7 Tips for Creating a Successful Career Pathway"}},{"node":{"id":"3e3acdd2-8b21-5578-8511-3a370f973ebf","slug":"how-cyber-professionals-can-adapt-to-shifts-to-the-cloud","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/07/c-dustin-K-Iog-Bqf8E-unsplash-scaled.jpg"},"date":"2020-08-17T18:13:07.000Z","content":"

If your SOC team is gearing up for a shift to the cloud in any capacity, it’s going to require a new way to think about and deploy cyber security practices. Securing physical data takes on whole new meaning when transferred to the cloud and IT professionals need to understand what the cloud IS, how it is structured, and the impacts to day-to-day cyber security roles and responsibilities.

\n

VP of Content Development Karl Gossett shared these ideas and tips for cyber training with the Motor City ISSA Michigan Chapter membership recently.

\n

WATCH ON-DEMAND NOW

\n

\"cyber

\n

Karl asked several thought-provoking questions that might be the same questions you’ve wondered about as well. It’s important to work through what these questions are so that we can gain more clarity on the complexity and ambiguity of the cloud and how it can impact you and fellow IT professionals.

\n\n

While the promise of the cloud is great, there are many nuances and details that impact IT professionals’ abilities to keep data safe in new environments like that.

\n

“Transitioning to something new is always uncomfortable but I think it’s even more uncomfortable here because learning new technologies can be something that isn’t as enjoyable anymore since it’s in-demand by your company and you know that if you fail, that actually matters.”

\n

Karl emphasized that if you can’t build components from scratch for the cloud, you’re likely going to be making a transition and it’ll be really challenging; not to mention complicated by an underlying architecture that you don’t control, with security that you don’t control, and in some cases don’t have visibility or understanding of how the architecture is protected. However, Karl concludes that while the cloud seems daunting, the grounding force of persistent cyber training is critical to keep information security professionals afloat during turbulent times.

\n

 

\n","title":"How Cyber Professionals Can Adapt to Shifts to the Cloud"}},{"node":{"id":"ef3a8d3e-1053-5c3a-a2e0-0f194366d195","slug":"transforming-distance-learning-technology-and-tools-for-todays-educators","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/08/nesa-by-makers-BVr3XaBiWLU-unsplash-1-1-scaled.jpg"},"date":"2020-08-05T15:28:50.000Z","content":"

From pre-school to Ph.D. programs, education is undergoing a sea-change.  Due to the immediacy of pandemic defense, it was necessary to jump into online meeting apps in March 2020 for everything from storytime with the librarian to class lectures to dissertation defense. But the experiences of the last few months have shown us that ‘distance learning’ must continue to evolve to be more intuitive, more engaging, and more accessible for instructors and students across the education spectrum.

\n

Three trends are already clear:

\n
    \n
  1. Hybrid and multi-modal learning are here to stay.
    2. \n
  2. Students are asking for customized learning experiences to include career building and community interactions
    3. \n
  3. Learning Management Systems for instructors must quickly expand to Learning Experience Systems that unite multi-modal learning for instructors AND students into digital hubs that deliver engagement and collaboration.
    4. \n
\n

Circadence and Microsoft shared insights about technology and distance learning solutions in a recent Circadence hosted webinar.  Experts talked about how Circadence’s Project Ares (specific to cyber security education) and Microsoft’s Teams for Education and Azure Labs (both applicable across learning disciplines) deliver solutions that address the three trends mentioned above.

\n\n

“It’s more important than ever to sustain engagement.  Collaborative environments like Microsoft Teams and Circadence Project Ares are necessary to replace many things that we take for granted with ‘in person’ education. Using dashboards to see student progress and then reaching out for 1:1 communication in email or chat apps or video meetings helps to foster engagement beyond just the video lecture. “  ~ Dr. Brad Hayes, University of Colorado – Boulder and Circadence.

\n

Teaching online is not easy and it is not as simple as giving the same lecture in a meeting app as you would in a classroom.  Sustaining real and meaningful connection between instructors and students who are now all physically distant is the new normal.

\n

Educators are realizing that they will need to teach in remote or hybrid environments for a longer timeframe than they originally expected (and probably prefer). As a result, they are working with fellow colleagues and technology procurement decision-makers to understand how (if at all) technology can support their remote teaching pedagogy in a way that is unifying and collaborative, not divisive and barrier building. With these intentions in mind, we thought the below quote from C.S. Lewis captured the mindset for technology adoption in distance learning best.

\n

“You never know what you can do until you try, and very few try unless they have to.” –C.S. Lewis

\n

We honor all the dedicated educators who find themselves in ‘have to’ mode and are working hard to learn new skills, new tools, new teaching techniques, and new communication methods to deliver the very best educational experience they can for their students in these changing times.  We send an enthusiastic ‘Thank you’ to all educators!

\n

Check out the webinar

\n

to learn more about online tools that can keep your teaching on track AND help bridge the ‘engagement gap’ with your students.

\n

\n","title":"Transforming Distance Learning: Technology and Tools for Today’s Educators"}},{"node":{"id":"aa12dc7a-16d6-5634-8e49-3b14f2ec4de9","slug":"starting-a-cyber-security-career-a-presentation-for-summer-discovery","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/07/photo-1579379424253-5aa0a5e1f110.jpg"},"date":"2020-07-28T21:34:09.000Z","content":"

Our VP of Strategy Josh Selfe recently presented to a cohort of students from the Summer Discovery program online.  With more than 500,000+ cyber security job openings across the U.S. today (CyberSeek.org) and only 3% of bachelor’s degree graduates have cyber-related skills, there is a clear need to communicate the routes to starting a cyber security career path to today’ students.

\n

Josh discussed several key points related to pursuing a career in cyber security. Namely:

\n\n

Watch the entire presentation below and let us know what steps you took to enter into a cyber career that the future workforce may find helpful.

\n
\n
\n

 

\n

Other resources

\n

How to launch a cyber career 
\nWhat you need to know about a cyber career
\nKickstarting a cyber career (webinar)

\n","title":"Starting a Cyber Security Career: a Presentation for Summer Discovery"}},{"node":{"id":"00f06662-9357-5689-b15d-0ce3819ffe79","slug":"cyber-learning-during-the-pandemic-online-training-and-networking","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/07/yusuf-evli-Y82YTEmID68-unsplash-scaled.jpg"},"date":"2020-07-21T13:21:55.000Z","content":"

We’re living and working in a virtual world these days since the pandemic halted the traditional and routine in-person activity. For cyber professionalsyou may feel challenged more than ever to work and learn remotely. Yet those challenges shouldn’t stall your ability to learn. Learning can happen anywhereand as we’ve all experienced, out of times of chaos and uncertainty, can emerge opportunity. There’s never been a more ideal time to advance in the cyber security profession than now. 

\n\n

So we’re taking this article to speak to all the cyber analysts, IT managers, network security administrators, and like-minded cyber professionals to say: you have great opportunity to upskill and retool virtually – you just have to know where to look.   

\n

It’s possible to stay active in the industry and continue to advance skills with professional IT/cyber groups, online trainings, engagement with cyber game activities and more. Here are a few opportunities you’ll benefit from 

\n

Online Cyber Training  

\n

There’s an increase in cyber-attacks since the pandemic with more professionals working remotely (some on their own personal devices). New threats are becoming more prevalent and the need to protect company data has heightenedAs a cyber professional, you need the flexibility and access to upskill on your terms, so you know how to tackle the hottest problems in your company’s cyber security arena.  

\n

This means you need the ability to “break things” in virtual environments, test out new cyber defense tactics and learn new tools and procedures. Right?  

\n

Luckily, online cyber training platforms make it easy, accessible and fun for cyber professionals to learn new skills from anywhere, at a pace that works for them.  

\n

Circadence’s Project Ares hands-on training platform allows you to build skills via engaging, specialized scenario activities. Gamification and intelligent tutoring helps attract and sustain your attention while real virtual machines and real content teach foundational and specialized cyber practices you’d experience in the workplace. It gives practitioners like you the ability to address real, current cyber threats across multiple industry settings, providing a comprehensive level of knowledge and practical experience.  

\n

Learn more about Project Ares subscription plans

\n

Available for both Individual Learning (Academy & Professional Subscriptions) & for Organizations/Academic Classrooms (Academy Plus & Enterprise Subscriptions)

\n

Network with InfoSec and Cyber Experts Online 

\n

Cyber professionals are in high demand right now. According to a report from cyber security nonprofit (ISC)2 there are currently about 2.8 million cyber security professionals around the world, but that workforce volume would need to increase by 145% to meet the global demand. Since cyber careers are in high demand, it’s important for cyber professionals to network and put themselves out thereonline. A few underrated ways professionals can use digital channels to learn are:  

\n

 

\n\n\n

 Keep Learning, Connecting, Growing, Protecting  

\n

Dramatic changes in cyber threat frequency, remote working, system access and online meetings are impacting how and where cyber professionals like yourself train and upskill. It’s important for all of us to continue to take part in being cyber-safe personally and professionally, but also to do our part in keeping the companies we work for, and the broader economy, safe from the increasing prevalence of costly cyber-attacks.

\n

While you may be feeling overwhelmed with existing workloads, ill-equipped to address new threats, or simply feeling shut off from the rest of the world, know there are options in our expansive virtual world to connect with colleagues, build useful skills, advance in your career and help your company thrive during these uncertain and unprecedented times. You got this! 

\n

 

\n
\n
\n
\n
\n
Photo by Yusuf Evli on Unsplash
\n
\n
\n
\n
\n","title":"Cyber Learning During the Pandemic: Online Training and Networking "}},{"node":{"id":"2c003c3d-86f3-59f6-bfa2-45942f8e885d","slug":"real-world-cyber-security-experience-from-learning-to-earning","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/07/joshua-ness-bEZ_OfWu3Y-unsplash-scaled.jpg"},"date":"2020-07-06T14:49:32.000Z","content":"

Real world, experiential learning helps students develop knowledge, skills, and abilities that they can take directly from the classroom to the workplace.

\n

This direct connection from learning to earning is important to all students, but none more so than adult learners who have gone back to school, often while continuing to work full-time. Maybe their goal is to grow in their current job role or career. Maybe they are ramping up for a job or career change. Maybe they are exploring new interests. Regardless of motivation, after juggling the many demands of working while going to school, most adult learners expect to graduate with skills that they can immediately apply in the workforce or other direct activity.

\n

To say that the cyber security industry is seeking skilled job candidates is an understatement.  Cybersecurity Ventures predicts that there will be 3.5 million (that’s million) unfilled cybersecurity jobs globally by 2021.   The interactive Cyber Seek website shows over 500,000 U.S. cybersecurity job openings as I write.  With gaps of this magnitude between open jobs and applicants, cyber security is a perfect discipline for educators to focus on and provide experiential learning that students can directly apply outside the classroom.

\n

Capella University, an online university headquartered in Minneapolis, Minnesota, recently did just that by adding a hands-on lab component to the capstone course for its BS in Information Technology, Information Assurance and Cybersecurity program.  One of their over-arching design goals was to make the course as close as possible to the “real world” of cyber security work. We are proud that they chose Project Ares by Circadence to deliver this critical element.

\n

In a recent Circadence webinar, Dr. James W. Barker, Adjunct Faculty in the School of Business and Technology spoke in detail about the process the team at Capella went through to integrate Project Ares into their capstone course.  Project Ares enabled them to address three objectives:

\n
    \n
  1. Give students hands-on practice using their cyber skills against a variable adversary
    2. \n
  2. Provide authentic learning scenarios that students could report on to demonstrate their knowledge of the attack and recommendations for future prevention
    3. \n
  3. Create an opportunity for teamwork and collaborative problem solving, which are essential skill requirements for cyber teams and hiring managers
    4. \n
\n

“By the end of the second week of the course,” said Dr. Barker, “almost to an individual, students stated that this is the most realistic, engaging, and challenging course that they have taken.  One group was so engaged and motivated by working on the Project Ares platform that they completed their final group mission two weeks early.”

\n

From his faculty point of view, Dr. Barker is pleased that Capella has delivered the equivalent of a formal cyber security internship and cannot envision a better means of exposing their learners to “real world” security work.  And Capella isn’t stopping here; they are considering plans to incorporate Project Ares learning exercises into other courses at the undergraduate and graduate level.

\n

Check out the webinar where Dr. Barker shares more about how he set up the course syllabus and learn more about the power of Project Ares as an on-demand and hands-on learning platform ​that uses cyber range-as-a-service technology to deliver Virtual Machine-based cyber security training exercises.

\n

 

\n

Photo Credit: Thanks to Joshua Ness for sharing their work on Unsplash.

\n","title":"Real World Cyber Security Experience: From Learning to Earning"}},{"node":{"id":"1b5e18cb-6e72-506d-a866-4d47a4fdcd10","slug":"3-ways-tech-companies-can-improve-the-talent-acquisition-process","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/06/christina-wocintechchat-com-vzfgh3RAPzM-unsplash-scaled.jpg"},"date":"2020-06-23T15:37:42.000Z","content":"

It’s reasonable to correlate the quality of the talent acquisition process to the quality of employees in the company– which is tied to the success of the company. Yet, there is currently a shortage of qualified experts in field of cyber security and there has been for quite some time. And while tech companies have pulled back the reins on hiring tech talent due to the economic consequences of the coronavirus outbreak, reports CBNC, more emphasis is being placed on preserving team member jobs and revitalizing the hiring process as we all prepare to re-open and heal. Out of the chaos of recent events comes opportunity and tech companies are showing more resilience than ever as tech leaders identify pragmatic ways to staff up. We’ve got three foundational tips to help hiring managers and senior cyber security / IT leaders fill their cyber talent and candidate pools with qualified professionals who not only look good on paper, but can demonstrate their qualifications.

\n

But before we dig into those recommendations, let’s establish some context first.

\n

State of the cyber security talent in the tech sector

\n

The role of the cyber security professional continues to develop and gain more authority and responsibility as the security landscape and the integration of business and technology evolves.

\n

When we look at the current climate of cyber security jobs in the U.S., we see bleak yet in-demand overtones. Finding qualified cyber talent and candidates is very much like searching for a needle in a haystack for hiring managers and recruiters.

\n\n

While all companies likely struggle to find qualified cyber talent, the technology sector has its own unique set of challenges that are important to discuss and be aware of. Emerging technology, disruptive tech, the sheer evolution and the fast-paced nature of the industry make it hard to find candidates who have experience and knowledge in specialized areas of technology­–many of which are just now becoming adopted into businesses.

\n\n

IT, security managers, operators and human resource leaders realize that:

\n
    \n
  1. they need to focus on filling positions with quality candidates who can demonstrate their skills in a skills-deprived landscape
    2. \n
  2. to achieve that objective, more can be done in the recruitment and hiring phase.
    3. \n
\n

Okay, let’s talk about those recommendations now. And if you have more suggestions based on what’s worked with your company, let us know!

\n

Promote from within

\n

The first logical step in filling a cyber position is to promote from within the company. It saves on time and cost to recruit. There may be IT generalists in your company who desire to take their career to a new level in cyber security and you’re just not aware of it (…and may have the aptitude and willingness to learn).

\n

If an IT generalist is interested in filling a needed cyber security position (e.g. information security engineer, network architect, systems analyst), consider giving them a project to test their skills and ambition and see how they do. More on this in a second.

\n

To promote from within, ensure you’ve communicated the requirements of the position clearly to the company across all departments. People in cyber security positions come from all walks of life: computer science, history, military, political science, yes, even fields like philosophy. Yet they all have one thing in common: They share a deep and abiding interest in how technology works, notes Cyber Degrees.

\n

So find those individuals who are looking to grow into a new position within the company and interview them. You may be surprised to learn there are passionate people willing to learn and grow, right in your own company ‘backyard.’

\n

Test skills during the interview process

\n

Allow candidates the opportunity to demonstrate what’s on their resumé. Online cyber training platforms like Project Ares can help HR managers and decision makers ‘see’ how a prospect might tackle a realistic cyber security issue.

\n

·     Evaluate candidate skills in real-time against resumé credentials

\n

·     Assess cyber competencies against other candidates and co-workers

\n

·     Identify strengths in cyber technique, tactics, and procedures

\n

By completing a set of tasks or activities that put skills like digital forensics, Linux skills, ports and protocols, and regular expressions work, candidates can show employers what they know and how they work before they even move on to a second or third interview. It’s one thing to talk about your experience, it’s another to actually apply it in a realistic setting.

\n

Use Project Ares to support internal hiring processes

\n

Circadence’s Project Ares platform helps HR decision makers assess candidate skills and competencies in various aspect of cyber security. And the platform can work for both internal recruitment and external recruitment. If promoting from within and you identify interested candidates who may or may not have a rich cyber background, you can use the platform’s cyber learning games and foundational scenarios to learn aspects of cyber security and security operations in ‘safe’ cyber range environments. If candidates demonstrate a willingness to learn in the platform, that is a good sign. If they are able to follow the guidance and instructions and apply critical thinking to complete the scenarios in the platform, even better. Hiring mangers can literally ‘see’ how an internal candidate responds to the act of learning and one can glean a lot about a candidate’s fit for the position simply through this effort of cyber aptitude testing.

\n

Use Project Ares to support external hiring processes

\n

The same applies for external hiring of cyber security professionals. Hiring managers and cyber security leaders can use Project Ares foundational and specialized scenarios to teach certain cyber skills they are looking for. If you’re looking to fill a position that aligns to a NIST/NICE work role, several exercises in the platform can address those specific skill sets. Further, the Assessment Reports can help HR professionals evaluate candidate strengths and compare those results against other candidates who have engaged in the platform to identify the best company cultural fit and skills fit.

\n

·     Nurture qualified candidates in the platform

\n

·     Retain top talent with professional skills development efforts in the platform

\n

A Wall Street Journal article, sums up the ‘what’s next?’ to these challenges, succinctly:

\n

Tom Gimbel, CEO of LaSalle Network Inc., a technology staffing and recruiting firm, said that once the crisis fades he expects a rebound in tech hiring as businesses seek out technology tools to cut costs and eke out efficiencies during a prolonged economic recovery.

\n

“While new product implementations will slow down, we will see strong hiring of corporate IT, infrastructure, development and security roles,” Mr. Gimbel said.

\n

\n
\n
\n
\n
\n
Photo by Christina @ wocintechchat.com on Unsplash
\n
\n
\n
\n
\n","title":"3 Ways Tech Companies Can Improve the Talent Acquisition Process"}},{"node":{"id":"54ba01be-3163-5042-bfdc-c53b78d67b2b","slug":"how-person-centered-cyber-training-supports-threat-prevention-in-financial-companies","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/06/austin-distel-EMPZ7yRZoGw-unsplash-scaled.jpg"},"date":"2020-06-16T18:51:40.000Z","content":"

Cyber security threats and preventive measures go hand-in-hand. Yet cybercrime continues to impose threats on the financial industry. Financial services firms are 300 times as likely as other companies to be targeted by a cyberattack,” according to a report by the Boston Consulting Group. These threats can arise at any time and occur through various sources (external sources such as hackers, and internal sources such as staff members and contracted employees). Some financial companies have developed action plans with steps to take if a cyber-attack strikes, but cyber security best practices also includes establishing and initiating threat prevention methods. One example of a threat prevention method is person-centered cyber training.

\n

Statistics show that cyber threat prevention is an immense pain point for many financial companies. In a survey of 400 security professionals in financial services, it was observed that financial institutions are better at detecting and containing cyber-attacks and less efficient at preventing them. Almost 56% of financial institutions are useful in detection, and only 31% are good at prevention.

\n

Financial services institutions must understand how to prevent cyber threats, which may require a ground-up approach.

\n

Financial institutions can take immediate measures to engage in threat prevention methods with person-centered training. This type of training allows an IT or cyber professional to practice and hone skills by learning specific cyber lessons pertinent to the financial sector and applicable to their job role. The more upskilled the professional, the more they will be able to protect the company and company assets. A current platform that offers specific job role training is Project Ares.

\n

Person-Centered Training with Project Ares

\n

Circadence’s Project Ares is a browser-based learning platform designed for teaching cyber security in an engaging and hands-on applied method. This platform offers gamification and AI to train employees on the latest cyber threats and attacks. Project Ares is made up of foundational and specialized scenarios in the form of battle rooms and missions that address current cyber threats in the financial sector. The lessons within Project Ares are developed with specific job roles in mind.

\n

For example, various scenarios are developed with the theme of a financial service, so the trainee can learn the skills needed to prepare for a cyber threat. In these specific financial missions, the trainee will learn how to disable botnets, identify and remove suspicious malware, and protect the financial institution.

\n\n

This individual or team-based mission training delivers collaborative skill-building experiences aligned to NIST/NICE work roles, ensuring the trainee meets specific cyber competencies. This kind of immersive, hands-on training gives learners the ability to practice various forms of threat prevention, which will benefit the company’s overall security posture in the long run.

\n

The more trained cyber professionals are for their job roles, the more likely they will be able to safeguard against threats—and take proactive measures to better prevent cyber threats. If cyber professionals are prepared and well-informed with the right knowledge and skills in their toolbox, threat prevention will be more attainable and achievable for professionals on the frontlines of defense. Professionals will be able to spot a cyber threat, but also prevent cyber threats from breaking the bank.

\n

 

\n
\n
\n
\n
\n
\n
\n
\n
\n
Photo by Austin Distel on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"How person-centered cyber training supports threat prevention in financial companies"}},{"node":{"id":"d4a00928-c652-5c2c-a18d-0f047d71f52f","slug":"living-our-mission-circadence-collaborates-with-academia-and-army-to-support-cyber-range-virtual-environment-replication-and-construction-with-n-craf","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/10/Its-Time-to-Consider-a-Career-in-Cybersecurity.jpg"},"date":"2020-06-12T15:30:52.000Z","content":"

Circadence announced in May 2020 the latest development of an automated network mapping tool for IT use, based on collaborative work with Mississippi State University engineers and researchers. Circadence has had a six-year partnership with the university and the Threat Systems Management Office of Redstone Arsenal (TSMO) and has worked on several projects over the years to solve challenges related to National Defense. We sat down with two of our Circadence personnel: Dwayne Cole, the JMN NOSC (Network Operation and Security Center) Operations Manager and Craig Greenwood, Project Manager with Opposition Force/Advanced Red Team Intrusion Capabilities to understand more about the tool and learn about the benefits it provides to the technology community at large.

\n

The Netmapper/Cyber Range Automation Framework (N/CRAF) project started as two separate projects, Netmapper and CRAF. The projects were recently combined to form a new tool integrating two previously independent efforts:

\n\n

 

\n\n

\"ncraf

\n

N/CRAF Netmapper/Cyber Range Automation Framework is the enabling mechanism for effecting physical resource provisioning and virtual environment instantiation in a rapid and repeatable fashion. It supports the full lifecycle of cyber range virtual environment events.

\n

The Netmapper project was born out of the need to improve the accuracy of Cyber Range emulated network environments. Craig noted that before N/CRAF, range environments were built from a subject matter expert’s assumption/belief of what their network looked like but inevitably those assumptions were never 100% correct. The network mapping process previously required a network administrator or engineer to draw a picture/map of the network which became the basis of virtualize environment used in the exercise(s). One can understand how there was room for error in this manual process – at the least, a small level of concern as to whether a network drawing and virtualization of it was indeed as realistic and accurate as possible.

\n

As a result, Craig says, professionals training in the cyber range environments weren’t actually training on networks that were as ‘close to the real thing’ as possible. There was room to improve.

\n

When automation engineers have real-world scanned networks as a reference, they can more accurately emulate the customers environment. Simply put, as Craig notes, “we took the assumption out of network mapping” with N/CRAF. Now the training moves ever closer to real world environment.

\n

“Imagine scanning a network to extract the DNA which can be used to clone and re-build it” Circadence’s Dwayne Cole describes.

\n

Combining the two programs (Netmapper and CRAF) enabled an iterative approach to cyber range environment build out that also drastically improved the end product. The scanning technology helps the automation engineers verify what they have built; it adds a check for the automation framework. It also can be used by the customer to validate the environment. The customer can easily compare the original design or scan versus the final emulated environment hosted on the Cyber Range.

\n

With N/CRAF, it becomes easier for engineers to share their network models with one another and build out high fidelity networks to facilitate technologies assessments. N/CRAF saves everything to a single XML file to include all the configuration data.  The tool also supports merging and diff’ing the output files. The merge capability allows the engineer to take parts and pieces from other networks or events to add to the current event. This allows the engineers to build special purpose network sections, like synthetic internet or traffic generation, that can be reused/added to current event. N/CRAF is a force multiplier, it enables repeatable, tedious deployment and configuration tasks and improves the reuse of detailed environments for multiple users to train within.

\n

The tool is currently undergoing an accreditation process and is being demoed within defense departments with the goal to deploy it as a standardized tool across various agencies. The potential for the tool to be used in more commercial applications is promising as well.

\n

To read the project announcement issued by Mississippi State University, read the news release: https://www.msstate.edu/newsroom/article/2020/04/msu-circadence-partner-create-virtual-cyber-defense-tool.

\n

 

\n

 

\n

 

\n","title":"Living our Mission: Circadence Collaborates with Academia and Army to Support Cyber Range Virtual Environment Replication and Construction with N/CRAF"}},{"node":{"id":"5273e779-6599-5737-a79e-be4a8593bc9e","slug":"transform-fall-cyber-security-classes-with-hands-on-learning","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/07/circCorp_aboutUs_frame_02059-1.jpg"},"date":"2020-05-29T23:20:16.000Z","content":"
\n
\n
\n
\n
\n

As educators blend classroom and online learning for safe fall course experiences, Project Ares helps get the balance right for teaching cyber security. Whether instructing cyber security courses remotely or in-person, Information Security and Cyber Security educators must make learning engaging and relevant to best prepare students for careers in the field.  Circadence can help educators transform existing cyber security curriculum to support teaching challenges with the Project Ares online learning tool.

\n
\n
\n
\n
\n
\n
\n","title":"Transform Fall Cyber Security Classes with Hands-On Learning"}},{"node":{"id":"82cde9f0-1f0d-58ea-8af7-6c4bba0df299","slug":"prioritizing-risk-mitigation-for-your-financial-services-company","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/05/buildings.jpg"},"date":"2020-05-29T14:50:55.000Z","content":"

Financial services companies and departments are experiencing increased cyber-attacks, leaving their data and personnel at high risk. Mitigate risk using Project Ares to train professionals persistently and hands-on manner to stop threats coming into the company purview.

\n","title":"Prioritizing risk mitigation for your financial services company"}},{"node":{"id":"0db47cd0-88fb-51b0-adc2-a0e61a08f834","slug":"an-educators-perspective-the-impacts-of-distance-learning-and-teaching-a-qa-with-dr-bradley-hayes","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/05/brooke-cagle-JBwcenOuRCg-unsplash-scaled.jpg"},"date":"2020-05-19T19:36:34.000Z","content":"

We are continuously reminded of the stark reality that higher education teaching and learning is indeed different today than it was a few months ago. Since Circadence is committed to cyber security education and training, we try to stay on top of the latest developments with distance learning so that we can think through how to keep supporting cyber and information security teachers during this unprecedented pandemic time. We often hear from higher education partners and customers how much of a challenge distance learning and teaching can be, so we sat down with our own Dr. Bradley Hayes to hear firsthand what his experience has been like. Brad is the Chief Technology Officer at Circadence, and Assistant Professor in the College of Engineering and Applied Science, Director of the Collaborative AI and Robotics Lab at the University of Colorado, Boulder. We also solicited the perspectives of several other higher education teachers who were willing to share their thoughts on the challenges and opportunities to adapt to this ‘new normal’ of teaching and learning.

\n

We hope by sharing his story with you, our readers, it can help ignite conversation and ideas that make teaching cyber security better for both educator and student.

\n

How has distance learning requirements impacted you as a professor? Your class? Your teaching style?

\n

Distance learning has been a massive shift for many of us, and certainly requires a different approach: preparing for it and delivering lectures as if it were an in-person class does not work! For many professors, the lack of in-person social cues is the most noticeable change, especially if students aren’t sharing their video. Delivering a lecture to a computer monitor is difficult enough, and removing the implicit feedback mechanisms of in-person instruction can exacerbate issues that wouldn’t normally be problematic in lecture delivery.

\n

I teach a graduate class on the Algorithmic Foundations of Human-Robot Interaction in the Spring, which has been quite different now that there is greatly reduced human interaction (and no human-robot interaction!). I’ve certainly learned a lot, as I had to quickly transition to using robotics simulation environments (instead of having students use physical robotics platforms) and set student project teams up for effective remote collaboration on very short notice. Ultimately, I find that remote instruction is no substitute for in-person instruction, but it does encourage a more scalable mindset to assignments and mentoring that could have real benefit when we resume in-person classes.

\n

Switching to remote lecturing has had substantial impacts on my teaching style as well. The following observations have risen to the top as key learnings:

\n
    \n
  1. I tend to be very animated when teaching, which doesn’t particularly work as well over video and I feel has been detrimental to student engagement.
    2. \n
  2. I have found it takes extra effort to engage students with the material, particularly if they’re in an environment that isn’t conducive to focused learning.
    3. \n
  3. Encouraging more hands-on exercises can go a long way toward bringing their focus and attention back to the material, but this takes more advance preparation work than if it were an in-class exercise.
    4. \n
\n

How are your students responding to the remote learning shift?

\n

It’s been difficult for them, but to their credit, they’ve done a great job adapting to it. Social distancing and quarantine guidelines in general have caused a lot of upheaval in their lives, adding stress and instability that may not be outwardly obvious to us as their professors, which has necessitated a recalibration of expectations regarding coursework. One of the most important changes to keep productivity high was the adoption of real-time collaboration tools to facilitate group-work and bring more course material-relevant conversations into a more visible medium for others to benefit from and participate in. Even though most students were able to continue attending class synchronously (i.e., joining the video conference at our normal time), most of the interaction that would’ve traditionally happened in the classroom shifted into our online collaboration tools.

\n

To be an online learner, one needs to be independent, disciplined, organized and communicative with questions, responses and/or if issues exist.  What can be a little frustrating is reaching out to students with no response…not knowing how they are doing; being worried about them, hoping they are ok – it is a TEAM approach in all aspects.  The students are paying for their education, thus, the importance of high communication and engagement from both student and instructor is paramount. ~ Julie A. Shay, MBA-HIN, RHIA, Program Director for Health Information Technology Programs/Lead Faculty/Professor – Santa Fe College

\n

What was needed to make the transition to full remote teaching?

\n

A chat-based online collaboration tool was absolutely essential, as this became the new forum for conversations that would naturally occur at the conclusion of the lecture when students would typically walk up to the lectern with questions or ideas to discuss.

\n

These informal interactions can be approximated with post-class discussion through collaboration tools, though there’s an additional activation cost that requires priming from the instructor to kick things off. Another important consideration is the space from which you’ll be delivering your lecture: having a professional-looking environment with adequate lighting makes a big difference and can have a positive effect on student engagement.

\n

What challenges came with transitioning to a remote classroom?

\n

Since we go through a decent amount of complex mathematical derivations in my course, I had to weigh the advantages and difficulties of using a virtual whiteboard versus moving everything into slide format.

\n\n

The biggest challenge has been tracking student engagement and understanding of the material. In the absence of social cues, the feedback loop becomes much longer, as assignments or tangible work products from student projects become the only measurable signal. Learning to properly take advantage of remote collaboration tools has also been a difficult process, as many of us are adapting on-the-fly, leading to trial and error that puts additional hardship on the students.

\n

Understand that teaching in a remote environment will require a different leadership style and, in my opinion, that style is Transformational Leadership. In essence, this leadership style will require [the professor] to motivate and transform the mindset of the student to perform at a higher academic level…yet, remotely! ~ Dr. Eric Todd Hollis

\n

What have you learned/observed throughout this distance learning process?

\n

By far, the most important aspect of making distance learning work for students who are used to in-person instruction is to stay in communication with them, soliciting and listening to their feedback. Maintaining student engagement and keeping your students interested in the course material is more difficult from a distance learning perspective, and requires more effort than you may be used to! There is a common tendency to disengage entirely when feeling lost or demoralized by a class that is greatly exacerbated by the distance learning experience — it is critical to budget extra time and put in extra effort to connect with students who are at risk of disengaging.

\n

Since in-class group exercises may not be an option anymore (especially depending on how lectures are being delivered), additional resources, creativity, and preparation are necessary. Specifically, this past semester has really underscored the importance of providing ‘hands-on’ learning experiences to foster engagement in lecture and encourage retention of the material. The addition of a simulation environment that students could interact with was a game-changer not just in terms of making concepts ‘real’, but also in terms of giving students the tools they needed to really apply and experiment with what they were learning. Once there is an opportunity to explore the course material in an interactive environment, I’ve found that students are far more likely to bring up new ideas for discussion or implementation, reinforcing their interest in the course content and leading to better outcomes.

\n

What is one thing you’d advise other educators who are struggling to sustain distance learning for foreseeable future?

\n

Learn how to set up and use established online collaboration tools and learning environments! This will save you a lot of time and headache over cobbling together your own while also trying to develop an adapted curriculum. Establish a cooperative atmosphere by being transparent with your students when trying a new pedagogical approach, and regularly solicit their feedback to refine your strategy.

\n

In conclusion…

\n

We thank Dr. Hayes for taking the time to share his personal successes and challenges with us and the great higher education community of teachers. To hear Dr. Hayes in ‘virtual’ person, we’ve extended this topic of distance learning challenges and tools into a live webinar panel discussion in partnership with Microsoft. Join us June 9, as we dig into the state of distance learning today and introduce technologies that can help educator’s adapt to a blended classroom teaching experience as we head into the Fall semester season.

\n

REGISTER HERE: https://marketing.circadence.com/acton/media/36273/webinar-transform-distance-learning-through-creative-and-practical-technology-focus-on-cybersecurity-education

\n

 

\n

Photo by Brooke Cagle on Unsplash

\n","title":"An Educator’s Perspective: The Impacts of Distance Learning and Teaching, a Q&A with Dr. Bradley Hayes"}},{"node":{"id":"125cf84c-196c-5970-89c5-7047b38c693d","slug":"distance-learning-and-teaching-for-cyber-security-programs","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/05/avel-chuklanov-DUmFLtMeAbQ-unsplash-scaled.jpg"},"date":"2020-05-11T10:45:05.000Z","content":"

Distance Learning Today

\n

Practically overnight distance learning has become the ‘new norm’ for academic institutions. Educators worldwide are figuring out what Emergency Remote Teaching (ERT) means for their specific courses and subject matter for summer term and likely fall term 2020. And while the immediate remote learning requirements for pandemic mitigation will eventually recede, there is a growing awareness that online and blended learning options in Higher Education curriculum will likely be a strategic part of the post-pandemic norm.

\n

“Every faculty member is going to be delivering education online. Every student is going to be receiving education online. And the resistance to online education is going to go away as a practical matter,” James N. Bradley, chief information officer at Texas Trinity University, wrote in a LinkedIn post.

\n

Job opportunities in the cyber security field

\n

Let’s take a specific look at higher education programs for Information Technology and the related cyber security discipline. For starters, they can’t graduate students fast enough to fill the existing job openings in the cyber security field. Even before the pandemic, there was a well-documented talent gap between the growing number of open cyber security jobs and skilled applicants to fill them. In November 2019, ISC2 calculated that the cyber workforce would need to increase by more than 145% to fill gaps in talent across the U.S.  Cyberseek.org tracks this unique employment landscape and states that “the average cybersecurity role takes 20% longer to fill than other IT jobs in the U.S.” because employers struggle to find workers with cyber security-related skills.

\n

The dynamics of this gap have probably gotten worse. Today’s stay-at-home world has cyber security vulnerability written all over it. Online activities have exploded with remote work access, distance learning, telemedicine, video conferencing, online shopping, gaming, media streaming, and more all happening at once….and creating a world of opportunity for threats to identity, systems and data. And, in the post-pandemic world that we are looking forward to, many of the new and unexpectedly ‘proven’ activities like distance learning and telemedicine will likely stay with us to some extent as part of the ‘new norm’.

\n

The result is that behind the physical coronavirus crises is the shadow of a virtual cyber virus crisis. And it means that cyber security is quickly moving to the frontlines of mission-critical skillsets for healthcare, higher education, retail, and every employer that enabled work-from-home for the safety of their workforce. Now, more than ever, organizations and institutions need to stop thinking in terms of IF they are breached and start planning in terms of WHEN they are breached.

\n

Does that sound ominous? It is! But buried in the dramatic shortage of cyber skills, is opportunity. Opportunity for STEM/IT focused students (high school and collegiate) to specialize in cyber security and find jobs upon graduation. And opportunity for higher education institutions to ramp up their cyber security program enrollment.

\n\n

 

\n

Developing the cyber security skills that employers are desperate for is a multi-faceted challenge. Employers want to bring in new hires who have both a strong foundation in basic security principles and concepts as well as practical job role specific skills like networking protocols, scripting, regular expressions, kill chain and network defense, etc. And maybe most importantly, employers categorize top talent as those applicants with power skills like strategic thinking, problem-solving, teamwork and collaboration.

\n

Distance learning and the IT / cyber security discipline

\n

At Circadence, we specialize in cyber security learning, specifically through an immersive learning platform that provides hands-on experience and strategic thinking activities for students working towards careers in the field of cyber security.

\n

Today’s educators are looking for engaging student activities that teach designated core curriculum topics to meet learning objectives. And, it is equally critical to assess student comprehension of learned material and measure progress to ensure the effectiveness of the curriculum and teaching approach. These challenges can be met head-on with Circadence’s Project Ares in the online classroom. Project Ares is a browser-based learning platform specifically designed for teaching cyber security in a hands-on, applied manner.

\n

It can help transform existing cyber security curriculum to support current distance learning challenges as well as integrate into future course design.

\n

For cyber security instructors:

\n

•     The built-in learning exercises can augment existing syllabi.

\n

•     Anytime access enables flexible asynchronous delivery to support current circumstances for instructors and students.

\n

•     Self-directed student learning opportunities are supported through hints, Q&A chat bot, and session playback and review.

\n

•     Optional live observation or interaction within the exercises supports tutoring as well as assessment.

\n

•     Immersive, gamified environment sustains student engagement with scores and leaderboards to incent practice and improvement.

\n

•     Global chat enables peer-to-peer community and support for students.

\n

Additional Distance Learning & Teaching Resources

\n

As higher education instructors shift to deliver, proctor and advise online, we anticipate teaching strategies continuing to adapt to use new and immersive tools that enable alternative online courses to positively impact student learning now and into the future. Circadence is excited to be a part of this shift in learning and proud to partner with today’s cyber security educators that prepares tomorrow’s much-needed workforce of cyber defenders.

\n

For more information, check out these resources:

\n

•     Microsoft technology helps enable remote classrooms https://www.microsoft.com/en-us/education/remote-learning?&ef_id=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE:G:s&OCID=AID2000043_SEM_6M11V6Kq&utm_source=google&gclid=EAIaIQobChMIjrP4qvSQ6QIVlxatBh347wMJEAAYASAAEgL-VvD_BwE

\n

•     Circadence White Paper Teaching Cyber Security Remotely: Online Learning with Project Ares https://marketing.circadence.com/acton/media/36273/whitepaper-rise-of-distance-e-learning-in-higher-education

\n

•     Project Ares Curriculum Example. Building an Immersive Cyber Curriculum with Project Ares: A use case from a public research institution in the Western U.S. https://marketing.circadence.com/acton/media/36273/immersive-cyber-curriculum-with-project-ares-use-case  

\n

•     Cyberdegrees.org provides a comprehensive directory of colleges and universities offering cyber security degrees, as well as a wealth of information on career paths within the cyber security field, security clearances, the range of professional security certifications available.

\n

If there is one thing that this pandemic has taught us all, is that out of chaos arises opportunity: Opportunity to be better professionals, better neighbors, better defenders, and overall, better people. We hope each of you continues to stay safe and secure during this time.

\n

 

\n

Photo by Avel Chuklanov on Unsplash

\n","title":"Distance Learning and Teaching for Cyber Security Programs"}},{"node":{"id":"a9a31581-64d4-5ac1-a9a3-0ef28b6ca9c9","slug":"cyber-security-and-risk-mitigation-go-hand-in-hand","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/05/toa-heftiba-_UIVmIBB3JU-unsplash-scaled.jpg"},"date":"2020-05-04T07:00:27.000Z","content":"

Cyber Risk means different things to different people in an organization. Deloitte distinguishes it well: A CEO might worry about the expected financial loss related to cyber risk exposure; while the CFO is challenged to show the value of security while managing the associated costs. The CMO might worry about the impact to the brand if a breach to the company occurs; while the CISO is thinking about which key initiatives to prioritize to maximize risk buy down.  But one thing that savvy executives agree on is that cyber security is a business risk that should be included in corporate risk mitigation strategy and processes.

\n

Cyber Risk Mitigation focuses on the inevitability of disasters and applies actions and controls to reduce threats and impact to an acceptable level.

\n

Lisa Lee, Chief Security Advisor for Financial Services in Microsoft’s Cybersecurity Solution Group,  partnered with Circadence in April 2020 to talk about this topic in a webinar.  Originally broadcast for a financial risk mitigation audience, the practical advice Lisa offers in 6 areas of cyber risk mitigation is broadly applicable.

\n

Cyber Risk Insurance

\n

Insurance can help to reduce the financial impact of an incident, but it does NOT mitigate the likelihood of a cyber breach happening – in the same way that having car insurance helps with the financial consequences of an accident but cannot in anyway prevent an accident from occurring.

\n

Identity and Access Management

\n

Microsoft recommends making “Identity” the security control plane. Employees use multiple devices (including personal devices), networks, and systems throughout their lifecycle with a company. The explosion of devices and apps and users makes security built around the physical device perimeter increasingly complex.  At the same time, access to on-premise systems and cloud systems are shifting to transform to meet business needs.  Partners, vendor/consultants, and customers might also all require varying degrees of access.  A strongly protected, single user identity at the center of business for each of these constituents can exponentially improve the efficiency and efficacy of the overall security posture of the company.

\n

Configuration and Patch Management

\n

This is IT or cyber security 101.  Everyone should be doing it on a consistent basis.  But  20% of all vulnerabilities from unpatched software are classified as High Risk or Critical. The Center for Internet Security  is an excellent resource for more information on best practices.

\n

Asset Protection (devices, workload, data)

\n

There is a massive amount and diversity of signal data coming in from the network and there are many tools on the market to help assist in the collection, management, and assessment.  Lisa advised not to spend too much time trying to evaluate and select the best of breed tool in each category.  Rather, find a suite that works well together so that you don’t have to spend time on integration. Beyond devices, also consider your security policies and practices to ensure visibility for workloads across on-prem, cloud, and hybrid cloud environments.  And finally, consider protecting the information directly so that wherever data elements go, even outside the company, they carry protection with them.  The key to this is encryption.

\n

Monitoring and Management

\n

These two concepts are seemingly more about  ‘risk management’ vs. ‘risk mitigation’.  But monitoring helps you to ‘know what you don’t know’ in order to adapt and improve mitigation strategies.  And today, many of the monitoring tools from Microsoft and other vendors have features that enable cyber analysts to take action, i.e analysts can use the same tool that helps identify a vulnerability to then resolve it.

\n

Cyber Security Training

\n

Security is an ever-changing situation because bad actors are always developing new attacks.  Therefore, training and education is an ongoing requirement for cyber professionals.  Circadence’s Project Ares is a cloud-based learning platform specifically designed for continuous cyber security training and upskilling.   IT and cyber organizations that invest in on-going training for their people are making as strong an investment in mitigation as in the tool stack that the analysts use on-the-job.

\n

With consideration in all 6 of these areas, you will be able to architect and compose a comprehensive cyber mitigation strategy.

\n

Here’s a link to the full webinar.  It’s only 45 minutes long and Lisa provides more detail in each of these categories.

\n

Great Dance Partners: How Cybersecurity and Risk Mitigation Go Hand in Hand

\n

 

\n

Photo by Toa Heftiba on Unsplash

\n","title":"Cyber Security and Risk Mitigation Go Hand in Hand"}},{"node":{"id":"d987692c-ded2-59d3-ba26-ace9d925953b","slug":"why-cyber-risk-mitigation-is-a-priority-for-finance-leaders","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/04/carlos-muza-hpjSkU2UYSU-unsplash.jpg"},"date":"2020-04-15T20:19:13.000Z","content":"

The role of the CFO is evolving. Whether at a bank or credit union, today’s finance leaders wear many hats. One of which is a cyber security ‘hat’. Constant breaches within financial institutions warrant such a ‘wardrobe’. Insider threats are growing, outside adversaries are multiplying at rapid pace, and attacks on financial departments and companies are ever-increasing. Unfortunately, classic security controls like firewalls and antivirus are easily compromised as attackers become more sophisticated.

\n

As threats increase, risks to businesses increase—and for CFOs and VPs of Finance, defining an adequate budget to account for those cyber risks and allocating proper resources is of the utmost importance to protect companies and its clients. Finance leaders are no longer siloed to reviewing financial statements and spreadsheets—their role extends far beyond the numbers to include cyber security.

\n

Some CFOs may not be comfortable with this change but the reality of cyber security today mandates involvement from the CFO/VP of Finance to develop a cyber readiness strategy. Why are finance leaders critical to the cyber security conversation? Because many CFOs need to address and mitigate the business risk concerns of the C-suite , board , and investors (not to mention continuing to improve the ‘financial health’ of the company).

\n

Any sort of digital compromise to a financial services company, results in damaging monetary and reputational outcomes that directly impact the financial function of the organization.

\n

Hence why cyber risk mitigation is and should continue to be a critical priority for CFOs today. And for many, it already is: According to a 2019 study from Protiviti, 84% of global CFOs and VPs of Finance cited security and data privacy as a high priority[1] for them. Many CFOs are already taking the reins of the cyber security challenges to get ahead of looming risks and imminent vulnerabilities. How? By taking a more active role in defining cyber security strategy in a way that effectively hardens posture while ensuring company growth.

\n

As such, the typical CFO responsibilities listed below, are only a part of many to come:

\n
    \n
  1. identifying and monitoring risks of critical assets to protect company/client data
    2. \n
  2. ensuring critical infrastructure operations meet regulatory requirements
    3. \n
  3. contributing to the optimization of digital asset access and utilization to safeguard against attackers
    4. \n
\n

That third responsibility may seem a tad ‘out of the norm’ for a CFO. Typically a CIO or CISO might be in charge of that objective. But as more financial services companies respond to digital transformation demands, data becomes a critical asset to protect. Much of that data “lives” on the devices that company employees use every day. CFOs should have a general awareness of who has access to what, where, and when and be aware of the policies in place that enforce security at all levels.

\n

Since data is a valuable company asset, the CFO’s responsibility to ensure the financial ‘health’ of the company becomes much more complex as cyber security asset and risk management becomes a top priority. Security Boulevard writes “A modern CFO will have an excellent grasp on how an organization manages cyber security and will be able to ask the right questions.”[2] We agree!

\n

For CFOs to make cyber security a priority, they are having to work across many lines of business within their organizations to contribute to the construction of a holistic cyber security program that has full buy-in from all employees (leadership/C-Suite included).

\n

Learn how to prioritize risk mitigation in your financial services company.

\n

Further, CFOs bring a unique perspective to the ‘building a culture of cyber security’ conversations as they are extremely committed to helping the company grow. While CFOs may not be cyber security experts, they do have a unique take on how and what solutions to invest in that will maximize the potential for company growth over time.

\n

By working hand-in-hand across departments like IT and legal, CFOs and finance leaders can develop a holistic cyber security plan that goes beyond merely ‘evaluating cyber insurance coverage’. A huge part of strategic cyber planning includes understanding what current companies are doing to mitigate cyber risk. Foundational elements need to be established first.

\n

While cyber insurance is a good start, other measures need to be taken to ensure that companies are not just reacting when threats occur, but instead, are taking proactive measures to get ahead of threats before they hit. A proactive approach should also include the adoption of a persistent cyber security training program to support frontline defenders who are doing the day-to-day defense against ambitious yet malicious adversaries.

\n

With the right cyber security training in place, teams can be assessed on their abilities to identify and mitigate risks before they happen, while supervisors (e.g. CISOs) can glean insight into how teams are responding and areas for improvement. This intel can translate upward to the CFO who will need to know the risks associated with gaps in cyber security response.

\n

 

\n

Check out our webinar:
\nGreat Dance Partners: How Cyber Security and Risk Mitigation Go Hand-in-Hand.

\n

[1] https://www.cfodive.com/news/cybersecurity-is-latest-cfo-domain-study-finds/567056/

\n

[2] https://securityboulevard.com/2019/08/is-it-critical-for-cfos-to-understand-cybersecurity-2/

\n
\n
\n
\n
\n
\n
Photo by Carlos Muza on Unsplash
\n
\n
\n
\n
\n
\n","title":"Why Cyber Risk Mitigation is a Priority for Finance Leaders"}},{"node":{"id":"416bd88a-2f31-5d1d-a897-03e58c1c66ae","slug":"cyber-ranges-101-and-how-they-improve-security-training","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/04/CyRaaS_06_wallpaper_1366x768.jpg"},"date":"2020-03-30T09:24:35.000Z","content":"

WHAT ARE CYBER RANGES?

\n

Cyber ranges were initially developed by government agencies looking to better train their cyber operators on new skills and techniques. To do this, a physical range or ranges were installed on-premise.  Cyber range providers built representations of actual networks, systems, and tools that helped cyber professionals safely train in virtual, secure environments without compromising the agency’s operational network infrastructure.

\n

Today, cyber ranges are used in the cyber security sector to effectively train IT professionals in all industries and help improve defenses against cyberattacks. As technology advanced, cyber range training advanced as well, both in scope and potential. More on this later. 

\n

To schedule a demo of Circadence’s cyber range platform, click here.

\n

\n

The National Initiative for Cybersecurity Education reports that cyber ranges provide:

\n\n

Most cyber ranges come in one of two forms: A network environment without pre-programmed content; or a network environment with prescriptive content that may or may not be relevant to a user’s industry. Either cyber range type limits the learner’s ability to develop enriched skill sets beyond what their specific work role may dictate.  

\n

UNDERSTANDING & EVOLVINGCYBER RANGES IN A BOX 

\n

Typically, Cyber range in a boxhas been a collection of virtual machines hosted on an on-premise systemHowever, Circadence has taken the concept of a cyber range in a box and placed it the cloud to better scale cyber training. We lovingly call this CyRaaS, or Cyber Range-as-a-Service, which is integrated into our Project Ares cyber learning platform.

\n

Instead of purchasing a physical set of machines to take up space in a room, virtual machines exist in the cloud and can be accessed by more professionals from any location who want to train persistently and develop cyber skills. The cloud is recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure cyber ranges spin up environments quickly, deliver the latest training content, and engage users in productive training activitiesaccessing cyber ranges in the cloud is the latest and greatest approach for professionals training in ‘sandbox’ environments. 

\n

\"in-game-screeenshot-of-network-map\"

\n

By offering cloud based, cyber range in a box services to support cyber training in Project Ares, we are able to deliver more relevant tools and technologies to help professionals gain the best cyber security training possible
\n
\nThe service allows Project Ares to emulate industry-relevant network configurations within learning activities that help trainees practice defensive tactics. Cloud-based cyber ranges also offer hands-on keyboard experience with real world tools and emulated network traffic to reflect the authentic feeling of an actual cyberattack.  

\n

Advances in Artificial Intelligence and machine learning allow us to use cloud ranges to their full potential by tracking patterns in training data to reveal player learning progression with minimal human intervention and oversight. Those patterns are then used to inform the recommendations of an in-game advisor (Athena) that has chat bot functionality so players can get help on cyber range training activities in the platformFurther, cloud-based cyber range training gives security professionals better predictive capabilities when defending and anticipating threats—and according to Microsoft, even  “improve the efficacy of cyber security, the detection of hackers, and prevent attacks before they occur.” 

\n

GAMIFIED CYBER RANGES

\n

Not only have we taken physical cyber ranges and placed them in the cloud but we’ve added in elements of gamification to further drive the effectiveness of cyber training. 
\n
\nWith many studies touting the benefits of gamification in learning, it only makes sense that cyber ranges come equipped with sets of gamified elements (e.g. leaderboards, scoring mechanisms, points, badges, levels, etc.). Project Ares has a series of cyber learning games that teach foundational cyber concepts and termsbattle rooms that teach tools, tactics, and procedures, and team-based missions that bring learning full circle when players are tasked with defending against a realistic cyber threat scenario.  This level of cyber learning is done in the cloud so professionals can work together from anywhere in the world to collaborate and defeat modern-day attacks.  

\n

We hope this post helped you understand the true potential of cyber ranges in the cloud and how they are evolving today to automate and augment cyber workforce training and learning.  

\n

REQUEST A DEMO

\n","title":"Cyber Ranges and How They Improve Security Training"}},{"node":{"id":"8d588536-8b43-5aca-b724-86f316d3a75e","slug":"gamification-for-the-greater-good-why-we-need-more-diverse-learning-approaches-for-the-workforce","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/gamification_design_green_semifinal.jpg"},"date":"2020-02-18T22:13:51.000Z","content":"

“Gamification” is a term that has been popularized by the modern cultural and consumer demand of video games. It is the application of design elements (e.g. leaderboards, scoring, points) to an activity or set of activities, made popular by video games. Today, it has made its way into software programs as a way to increase engagement and productivity. Yet when we think about gamification today, we don’t generally think of its application in educational settings, let alone in the business world. After all, when was the last time Ubisoft had a press conference about how gamified Assassin’s Creed is? So what are we talking about? We’re talking about the challenge of engaging adults in professional training and development while being sensitive to their learning preferences. The reality is, it’s hard to get adult learners excited to go back to the classroom to learn something for their job. But there exists a potential for gamification to lower the barriers to learning for adults. Today’s professionals are a prime target for using gamification in a more meaningful way—to break through the “sheer fun and games” if you will, and leverage gamified elements for a greater, more significant purpose. Gamification is really all about education, and it’s alleviating the age-old struggle of how to teach effectively and remain relevant.

\n

Before breaking down the benefits of gamification in learning, let’s review more common learning approaches. Less thrilling “cousins” of gamification often used in teaching and tasked-based activities include displays like tutorials, lectures, slide shows, watch-only videos, and text-based material. These are used in educational settings and are part of what researchers define as “passive learning,” techniques—a method of teaching where students receive information from a source to internalize and regurgitate. Studies show this approach is highly ineffective at helping learners retain information (and even worse when it comes to applying learned information to an actual experience or task). Gamification can help overcome these challenges—especially when we leverage it within the context of business training and professional employee development. The types of training professionals might undergo include trainings on customer engagement and retention, sales processes, use of specific software applications, etc. If professionals can conduct those trainings in gamified settings, their propensity for completing (and enjoying!) training increases. We’ll discuss “how” this actually happens later. As a result, they might be better collaborators among colleagues, drive more sales, or foster greater customer satisfaction.

\n

\n

Entertainment with a Social Benefit

\n

We’re constantly on the hunt for the “perfect” way to teach, one that resonates and is impactful. The difficulty here is that people are unique, each with their own motivations, modes of learning, and literally the way our brains are wired to absorb information. Gamification isn’t the first attempt at a perfect solution, television and radio had their time as well. Before we dive deeper into how gamification enables professional, adult learning, let’s understand how history has taught communities.

\n

Before video games entered the market in a big way, TV and radio held the spotlight as primary modes by which information was relayed and stories were told. What you might not know is that the channel’s reputation to deliver information to the masses (eventually ‘to entertain’ the masses) was actually grounded in socio-psychological theory. Miguel Sabido aptly named the “Sabido methodology” to define ways in which social attitudes and behaviors were positively changed due to information (aka: a stimulus) delivered from television and radio. Sabido pioneered the use of telenovelas to teach about social issues in the 1970s and 80s, when he was Vice President of Research at the Mexican television network Televisa.

\n

His complex narratives allowed audiences to relate to his characters who were often positioned as positive, negative, and neutral role models. The characters addressed relevant social issues of the times (e.g. women’s status, child slavery, environmental protection, HIV/AIDS) and audiences became emotionally attached to them as they made good or bad decisions within the storyline. Why? Because the topics covered and the character behaviors resonated with viewers.

\n

What Sabido uncovered in this narrative communication method (complete with relatable characters and compelling storyline) was a new way to teach people about important issues they otherwise might not care to educate themselves on. Over the next decade, Sabido produced six serial dramas that touched on issues of HIV/AIDS and safe sex practices—coincidentally (or not), Mexico experienced a 34% decline in population growth rate during that same time frame. Perhaps the way in which he addressed social issues that were important to his viewers, resonated after all.

\n

We can learn a lot from Sabido’s efforts here. According to Population Media, “The major tenet of the Sabido methodology is that education can be compelling and that entertainment can be educational. Sabido originally termed his approach ‘entertainment with proven social benefit,’ and since then, many communication professionals and scholars have applied the term ‘entertainment-education’ to the Sabido approach.” Sabido helped pioneer a new kind of learning that adults were attracted to and interestingly enough, we see similar “entertaining education” strides made today when teaching is done using gamification.

\n

Learning Styles, Information Overload, and Misconceptions of Gamification

\n

It’s not shocking that the interactive media and gaming industry has followed this “entertainment-education” pathway. As technology evolves, we naturally find new ways of putting it to work for us in a way that is not only useful and functional but appealing. Sabido’s use of serialized dramas and engaging characters have shown to be extremely effective in igniting social change and shifting social attitudes among viewers/consumers of information—and as professionals in business, we should learn from his work and mission. Consider gamification the latest teaching approach we have at our fingertips. It offers a new way of learning that hasn’t been employed to its fullest potential in other media/education models.

\n

There are three generally recognized learning styles: Visual, Auditory, and Kinesthetic. Kinesthetic learning (learning by doing), wasn’t really an option for Sabido (watching TV was passive information consumption, visual and auditory). However, gamification and interactive media is a reflection of that third learning category, kinesthetic. For the first time, we can take a student to Mars in a virtual environment, or have them interact with a neuron the size of a house leveraging Kinesthetic learning technology. The training and educational possibilities are endless (especially when we layer in elements of gamification) and we’re just scratching the surface.

\n

But learning is only as effective as the approach we deploy to learn. When it comes to assessing the effectiveness of gamification in an educational application, learners tend to evaluate it from two lenses, asking: “How do I learn” and “How do I play?” To answer these questions, we can review various game mechanics and features that make up each of the three learning styles. More on that later. However, we’re missing a large piece of the purpose of gamification if we don’t also ask “Why do I play?” This is equally the most challenging question to answer when it comes to using gamification to teach today’s professionals.

\n

If we are to truly leverage gamification as a learning mechanism for business in professional training and development, we first need to understand how adults process new information. Researchers note “…our problem as adults are that we want to take new knowledge and compare and contrast it to what we already have. Our brains natively know that they can only process so much at a time, so they try to analyze incoming input to identify key material that must be retained, and then immediately file that information alongside relevant contexts. That processing imposes a significant amount of overhead, and it’s why acquiring new knowledge and skills is so much harder for an adult.”

\n

Compare that learning style against the physical act of teaching a child, and we see stark differences. When teaching a child a concept, it is relatively straightforward: preach at them, and they’ll absorb it. For the most part, author Don Jones notes, “they’ll believe it because they tend to lack the context to dispute it.”

\n

Now apply how adults learn to their professional and personal environments. As adults, we’re constantly bombarded, now more than ever, with new information at every moment. Opening up your phone in the morning usually bears forth a host of notifications to sift through, between messages, news headlines, and advertisements. Our brains are constantly working to filter what we care about, and what we don’t. Adults do this natively and unintentionally, as much as we’d like to just absorb all the information we’re presented with… our brains just don’t function that way anymore. We’d be on overload!

\n

Should businesses adopt gamification as a learning strategy to enable professionals in their day-to-day jobs, we must first be cognizant of their perception of “playing a game,” (especially now that we understand how they learn and filter information). Imagine an adult that’s being asked to learn something new on the job by using a gamified platform where they have to play a “video game” to do it. That adult learner may very well bemoan the thought of “going back to school” or “playing a game” to learn something about their job. Unfortunately, video games aren’t something adults take seriously (because up until recently, they haven’t been really applied to support business-like functions and serve a greater good). There’s a perception that playing games is all fun and not meaningful–but gamification has to overcome these misconceptions. When teaching adults, we must remember to communicate the “why”…

\n

Jones also notes, “I often provide the ‘why do I care about this?’ answer upfront, in the form of a problem statement, where my key point becomes the solution. I then immediately illustrate or demonstrate how the key point solves the problem, providing reinforcement and confirmation to the students’ brains.”

\n

Leaders interested in deploying gamified learning in professional training programs need to communicate the “Why do I play?” to their trainees. The answer isn’t merely to ensure the learner understands the point of the lesson, it’s much more about understanding what drives and engages their brain to interact with a gamified environment in the first place. There are driving motivational factors in gamification that make it a powerful tool for professional training and learning. Given that we all are wired differently, we must understand how to make gamification work best for us, as individual learners.

\n

\n

Making Gamification Work for All Learners

\n

Yu-kai Chou created a framework for gamification and behavioral analysis that he calls “The Octalysis Gamification Framework.” Within he does a fantastic job breaking down driving factors and motivators for different types of gamers and learners—and we can use this model as a foundation to build out professional learning programs and activities in our own businesses. The Octalysis Framework is extremely deep, yet it’s easier to understand Chou’s eight Core Drivers in human behavior, in the circular graph.

\n

When we consider Chou’s driving factors, through the lens of “How we Learn” and “How we Play,” in-game mechanics—with the understanding of the three learning styles, it becomes easier to see the potential for gamification as a mechanism to complement other learning styles. By examining the motivating factors that contribute to whether or not something is considered “gamified,” those doing the teaching can clearly see where kinesthetic learning fits within the overall game mechanics structure in relation to auditory/visual representations found in the mechanics.

\n

\"\"

\n

\"\"Figure 2

\n

Notice in figure 2, game mechanics prioritize competitive drivers over collaborative efforts, community over exploration (as indicated by the quantity of learning style icons).

\n

As much as we celebrate the experiential elements of kinesthetic learning in educational literature… there’s much work to be done in gamification to ensure hands-on learning styles are better represented on this model so that more inclusive learning can be had.

\n

Further, game components like “Levels” and “Missions” are incredibly broad terms and they can be as varied as the subjects they attempt to illustrate, yet I would argue that these mechanics determine if a product truly feels like a game more than features like the ability to share accomplishments socially or obtaining a badge.

\n

The reality is, we’ve had a much longer history teaching to auditory and visual learning pillars, more so than teaching and training staff with gamification. If anything, this may illustrate that it’s easier to develop products and software that align with the visual and auditory-based learners versus developing products to meet the needs of those who want more hands-on experiences in a game-like setting. This is why we mostly hear about digital badging, leaderboards, and “leveling up” in the context of video games instead of in training programs for business professionals.

\n

While incorporating gamification elements into a professional development training program can be done, do we need to check off all these game mechanic boxes in order for a product to be considered “Gamified?” Arguably no. It’s all about your demographics and what will drive them to learn most effectively.

\n

We have reflected upon the history of “engaging educational learning” in the context of telenovela programming, deepened our understanding how we process and retain learned material in an overly interconnected culture, and sought new ways for learning to “stick,” one thing becomes clear: gamification is an untapped learning resource for today’s professionals. Dare I say, the diamond in the rough we’ve been searching for in business training and professional development. If your professional demographic is at all varied (I bet it is), then your teaching strategies will likely have to be as well. It’s time businesses think beyond the passive learning styles of yesteryear, and embrace a new gamified approach to adult training and development—something that better fosters driving factors like collaboration and exploration equally to that of competition, community, and achievement. Only then, will we really have a learning approach that meets everyone where they are.

\n","title":"Gamification for the Greater Good: Why We Need More Diverse Learning Approaches for the Workforce"}},{"node":{"id":"cfbe2fd5-761f-5018-898e-a9bb762bf8f5","slug":"top-tax-season-scams-and-how-to-avoid-them","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/02/rupixen-com-Q59HmzK38eQ-unsplash-scaled.jpg"},"date":"2020-02-18T21:26:29.000Z","content":"

Doing taxes can be stressful enough without worrying that your sensitive information may fall into the wrong hands. With more and more taxpayers doing their taxes online, having awareness of potential threats is the first step in practicing cyber safety this tax season. Here are 4 of the most popular tax scams used by hackers each year to be on the lookout for:

\n

 

\n
    \n
  1. Tax Refund Fraud – This scam involves and filing false returns with them. They will typically claim a low income with high deductions and will file electronically. When a taxpayer goes to legitimately file their return, it is rejected by the IRS because someone else already filed under that identity. To prevent this, one can request an Identity protection PIN from the IRS before filing. This is a six-digit pin that must be used on a tax return in addition to an SSN in order to verify the identity of the taxpayer.
    2. \n
\n

 

\n
    \n
  1. W-2 Email Phishing Scam – Some hackers choose to go straight to the source for private information: employers. Cyber criminals have been known to trick major companies into turning over copies of W-2 forms for their employees. This is actually a CEO imposter scam, where a criminal pretends to be a top company employee and asks payroll or human resources for sensitive information. This information is then used to file bogus returns or is sold online to other criminals.
    2. \n
\n

 

\n
    \n
  1. IRS Phone Scam – Scammers make calls claiming they are with the IRS, acting as though a tax bill is owed that one must pay immediately or be arrested. They use common names to identify themselves and fake IRS badge numbers to appear legitimate, send fake emails to support their verbal phone claims, and they will usually call again claiming to be the police department or the DMV in an attempt to extort additional funds. Yikes! One thing to note: the IRS will NEVER call an individual. They send official notices in the mail, but if the IRS pops up on the caller ID, don’t answer.
    2. \n
\n

 

\n
    \n
  1. Canceling Your SSN – Criminals are making calls and threatening to suspend or cancel your Social Security numberuntil overdue taxes are paid. The scam may seem legitimate because the caller has personal information, including the last four digits of your SSN. If someone calls and threatens to cancel or suspend your social security number, hang up immediately. If they call back, don’t answer. Write down the number and then report the call on this site, and send an email with the subject of “IRS Phone Scam” to phishing@irs.gov and include the phone number, as well as any other details that are relevant, in the body of the email.
    2. \n
\n

With more taxes processed online and scammers always thinking one step ahead, it’s important for every employee receiving their W-2s to have cyber awareness training. Understanding the risks that are out there help people to feel more empowered to thwart them when handling personal online transactions.

\n

Combatting Tax Scams with inCyt

\n

Circadence is here to help. Our newest product, inCyt, is a browser-based strategy game that invites players with limited cybersecurity knowledge to compete in cyber-themed battles. inCyt’s progressive, inventive cyber learning program teaches cybersecurity awareness through games and interactivity with colorful characters and friendly competition. Lessons are embedded in the gameplay, so players learn cybersecurity basics as soon as they engage with the program. Players start learning basic cybersecurity topics including email security and best practices for software updates before venturing to understand more nuanced concepts about social media, insider threats, ransomware and more. inCyt will be available in Spring 2020.

\n

Empower your employees with persistent, hands-on cyber training. To learn more visit: https://www.circadence.com/products/inCyt

\n","title":"Top Tax Season Scams and How to Avoid Them"}},{"node":{"id":"faa43703-86c7-5611-9d52-209a127fd3ba","slug":"things-to-do-at-rsa-2020","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/02/headway-F2KRf_QfCqw-unsplash-scaled.jpg"},"date":"2020-02-11T16:56:24.000Z","content":"

This year’s RSA Conference is sure to be chockfull of exciting innovations, new technology, and swag galore. As much as we love the excitement of being on the expo floor, it’s always a good idea to take time to explore the conference, meet new people, and unwind with a few good colleagues or newfound friendsThis list of networking gatherings and affiliate events will help you make the most out of your RSA experience! 

\n

 

\n

Events through RSA: 

\n\n\n

 

\n

Affiliate events: 

\n\n\n\n

Stay up to date on any additional affiliate events as they get added by checking out this calendar provided by the conference, and be sure to swing by our booth #6480 to see what we’ve been working on and add to your swag collection

\n

To get a sneak peek at our latest cyber training platform, inCyt and be sure to register for our webinar, inCyt: Inside the Human Element of Cyber. We can’t wait to see you at the conference and have some fun! 

\n","title":"Things to do at RSA 2020 "}},{"node":{"id":"580d9694-c4ec-5c80-9d5b-daf74d313999","slug":"living-our-mission-blog-series-paul-ellis","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/01/alexandre-debieve-FO7JIlwjOtU-unsplash-scaled.jpg"},"date":"2020-01-28T16:43:48.000Z","content":"

Early Aspirations in Technology Become Reality for Circadence’s Paul Ellis 

\n

Paul Ellis, Senior Product Manager at Circadence, was always interested in technology, even at a young age. When Paul was 8-years oldhe rode his bike to the closest RadioShack to buy a book written for adults on the topic of electrical engineering no lessAfter saving enough allowance to purchase the book, he dove into it as soon as he got home and that’s where his love for technology really began. 

\n

But perhaps, too, Paul’s passion stemmed from his father, who worked for a company developing computer robots. Their bond over technology contributed to Paul’s interest in the field. In factPaul and his father built their first computer together – an 8Mhz Intel 8088 PC when he was 10 years old. Paul read the entire instruction manual from front to back to learn what he could do with his newly built device. From that day on, he was always creating! He created electronic devices, computers, and even composed music. 

\n

In high school Paul played many different instruments and began his college journey with aspirations to become a sound engineer to satisfy his interest for both technology and music. He quickly realized that his interest in technology outweighed his musical career interest, and that the lifestyle of a sound engineer wasn’t very appealing. 

\n

He changed his major to Business and Marketing and graduated with a Bachelor of Science from California State University San Marcos in 2005. He then continued to Purdue University for an MBA in Technology Commercialization, Marketing and Finance. Throughout his academic journey and in his free time he continued to create and assemble tech devices. He was never afraid of technology; he was drawn to it and always knew there was a way to control it. 

\n

Paul, a techie through and through, followed his cyber heart and became a Senior Product Manager for more than a decade for various leading tech firms. He began to learn about identity risk and how our technological advancements were increasing threats. During his time at a previous employer, LifeLock, he learned about risk prevention, identity theft, how vulnerable consumers are in the real worldand how risk would continue to escalate if companies and individuals weren’t taking precautions to protect themselves and their devices.  

\n

Upon joining Circadence, Paul began to navigate the world of cybersecurityThe company’s cutting-edge ideas and technology designed to protect businesses, government and consumers were appealing to him given what he had observed in previous tech positions. He was interested in the innovative products that provided new ways for cybersecurity beginners and professionals to learn, and he could envision how it would improve the cyber posture of enterprises. 

\n

“I feel like I’m doing something positive for society,” Paul said. He’s been with Circadence for a year now as the Senior Product Manager and continues to be inspired by his team and the revolutionary products Circadence brings to market.  

\n

“There’s a huge threat out there, and a huge lack of skills in the industry, and being a part of the solution is a big part of my intrinsic motivation.”  

\n

Paul enjoys partaking in all the different facets of a product’s lifecycle – how the product supports a need for the consumer or industry, how it is marketed, and how to assess its financial viabilityHe also enjoys talking to customers to learn about their experience with a product first-hand, because at the end of the day, a product’s success is dependent upon customer’s experience with it 

\n

Managing the success of a product is how he gauges the success of his career – what did the product solve, and how did it benefit the customer and the industry? The payoff is seeing the cumulative effect of the entire product,” said Paul. For example, iNovember 2019 he worked long hours along-side his team to prepare for one of our largest partner events – Microsoft Ignite. They developed specific gamified battle rooms in Project Ares to teach user’s about Microsoft’s new security tools and how they can be utilized in realistic cyber scenarios. Attendees could get direct experience using Microsoft’s security tools within Project Ares, which runs on Microsoft Azure 

\n

“Ignite was one of the most meaningful moments in my career and I’m fortunate I had the opportunity to work with my team to pull it off! There was so much teamwork, collaboration and problem solving from planning, developing, to deployment at the event. It’s only in bringing people together, that my work succeeds.”  

\n

Paul not only enjoys doing something that keeps consumers and businesses safer, but he truly respects and values his team at Circadence. There’s a true sense of trust between everyone on his team and he feels fortunate to have this experience in the workplace.  

\n

The need for improved cybersecurity is everywhere,” said Paul. The cyber learning products Circadence provides today will help teach the future cyber workforce and help protect us from the countless risks and threats that are out there. He continues to fulfill his passion for technology by bringing Circadence cyber learning products to marketHe appreciates Circadence products because they actually provide trainees what they need to knowand what they will be doing on a day-to-day basis. It’s not just about reading a white paper or watching a video – gamified platforms like Project Ares provide hands-on experience to master the craft of cybersecurity. 

\n

Photo by Alexandre Debiève on Unsplash

\n

Photo by Marvin Meyer on Unsplash

\n","title":"Living Our Mission Blog Series:Early Aspirations in Technology Become a Reality for Circadence’s Paul Ellis"}},{"node":{"id":"082dc463-4f08-566b-85bf-ba6142ef94b6","slug":"living-our-mission-building-a-roadmap-to-bring-product-vision-to-reality-with-circadences-raj-kutty","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/01/bogdan-karlenko-36b7JBzhfF4-unsplash-scaled.jpg"},"date":"2020-01-20T08:45:24.000Z","content":"

This installment of the “Living our Mission” blog series features Circadence’s Rajani “Raj” Kutty, Senior Product Manager.  

\n

Raj is fascinated by technology’s evolution in the marketplace and that interest has informed her career path toward success. She achieved her masters degree in computer science from University of Pennsylvania in 2003. From there, she spent 15-16 years in the tech industry and has always been interested in the everchanging advancements in technology. Her tech background consists of Java programming, business analysis and product management. In the beginning of her career, she worked on mobile app designs, web app development, and programming for various industries including finance, insurance, retail, and more. For the last 10 years, she’s moved into the direction of product management. Her shift into this area began because she enjoys building a roadmap for product development and seeing it through the various stages from identifying a problem in the market, and creating a product that solves pain points for customers. Her experience working with many different industries provides an advantage to Circadence since she has a first-hand understanding of why these businesses can benefit from additional cyber security training to protect company assets.

\n

Raj started at Circadence about 7 months ago and was immediately captivated by the concept of cyber readiness and the security industry as a whole. Throughout her profession, she noticed a growing issue many companies faced: a lack of cyber security awareness and training. Over the years, she heard a lot about the cyber workforce shortage and knew the first step to creating a solution for this problem was to get the user engaged with the right type of training. In her mind, if the user is engaged in training, then it would result in better cyber defense for the organization. Her previous work experience, thoughts about cyber security readiness and ideas around engaged training were validated when she heard what Circadence was doing to help companies be “cyber ready” using gamified learning platforms. In the past, training would consist of a video, classroom lecture or reading textbooks- something dry and boring, she said. Raj felt Circadence offered a unique solution to get people interested in cyber security, which could lead to more strategic cyber defense performance and possibly minimize the cyber workforce gap.

\n
\n

“Training has to be fun and interesting to the user, while still being effective. I feel like Circadence is offering this to the cyber workforce in a game-play mode, which is more engaging for the user.”

\n
\n

Day to day, Raj works with different departments and team members at Circadence developing product strategy and bringing a product roadmap to life. Her knowledge across many industries helps ensure our products meet the needs of different organizations, while still maintaining in-depth cyber training and ease-of-use for the customer. Much like planning a road trip, which requires knowledge of route to destination, Raj leads her team every day by investigating and communicating strategy and plans to determine where they need to go next to bring the product to market.

\n

Her main focus over the last couple months has been a new portal Circadence is developing called CyberBridge. CyberBridge is the entry point at which users can access all Circadence cyber learning platforms including Project Ares®, inCyt®, Orion® and more. It’s a global SaaS platform that offers different types of cyber training content for different markets.

\n

“I love that I get to help design a product that addresses the cyber challenges across different industries and the ability to provide a readiness solution pertinent to each sector’s security pain points.”

\n

The products Raj helps map to market fulfills her goal of bringing much-needed cyber awareness and training solutions to everyone and every business. Her perspective: With every tech integration, Bluetooth connection, and device-to-device communication we implement to make our working lives easier, we inherently increase our cyber risk as our attack surface widens. There are no signs of a slowing tech usage, hence why the importance of cyber awareness continues to grow each day. When we talk about how businesses need to protect themselves, we’re really talking about the people of a business, since people are what make up a company. In today’s world of escalating cyber threats, it’s everyone’s responsibly to gain cyber awareness to protect a company.

\n

“Cybersecurity is like community immunity, when everyone gets vaccinated, we are improving and protecting our greater community, and cyber security works the same way.”

\n
\n
\n
\n
\n
\n
\n

Photo by John Lockwood on Unsplash

\n
\n
\n
\n
\n
\n
Photo by Bogdan Karlenko on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"Living Our Mission: Building a Roadmap to Bring Product Vision to Reality with Circadence’s Raj Kutty"}},{"node":{"id":"977e9d27-9531-5336-920d-6af7c0d0b560","slug":"microsoft-security-blog-rethinking-cyber-scenarios-learning-and-training-as-you-defend","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/10/krzysztof-kowalik-KiH2-tdGQRY-unsplash.jpg"},"date":"2020-01-14T18:33:53.000Z","content":"

In this third and final post in the series, Microsoft’s Mark McIntyre addresses more advanced SecOps scenarios that an experienced cyber practitioner would be concerned with understanding.

\n","title":"Microsoft Security Blog: Rethinking cyber scenarios—learning (and training) as you defend"}},{"node":{"id":"8738b7ea-9ec8-54fe-b3b3-67b301d65b3c","slug":"new-year-new-threats-top-cyber-threats-anticipated-to-hit-big-in-2020-for-enterprise-companies","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/01/bud-helisson-kqguzgvYrtM-unsplash-scaled.jpg"},"date":"2020-01-13T08:45:27.000Z","content":"

As we enter the New Year, one thing is certain: cyber attacks aren’t going anywhere. Enterprise companies have been tasked with defending their networks from unyielding cyber crooks who want a piece of the pie for themselves. What’s on the horizon for enterprise security threats in 2020? We’ve got a few predictions.

\n\n

As more 5G devices enter the network, organizations must prepare for the onslaught of added security threats.

\n\n

“I expect that the ransomware used will continue to become more advanced. I am concerned that some threats have just become more stealthy, or are working toward that, and that readily available ransomware will enable even novice criminals to maintain stealth. Organizations are spending more resources to defend against ransomware, which might drive out a few of the lesser players, but any organization with resources will still see ransomware attacks happen as a fast and easy way for financial gain, so hackers will continue to pursue advancements.” ~ Karl Gosset, VP of Content Development at Circadence

\n

It’s clear that the threat landscape will continue to grow and become more sophisticated in the coming year, which means it’s time for businesses to step up their security game.

\n

Circadence believes that the best way to do this is through cyber learning games themselves! Our flagship product, Project Ares, delivers real-world attack scenarios in a safe, online range environment and allows users to practice and hone their cyber skills through the use of games. With missions specific to enterprise threats, such as Operation Crimson Wolf and Operation Desert Whale, Project Ares will ready your organization for any looming threats like these. By using a gamified cyber learning platform like this for your security teams in 2020, you can readily pop some champagne and dance the night away, knowing your enterprise is better protected in the new year.

\n
\n
\n
\n
\n
\n
\n

Photo by Robynne Hu on Unsplash

\n
\n
\n
\n
\n
\n
Photo by Bud Helisson on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"New Year, New Threats: Top Cyber Threats Anticipated to Hit Big in 2020 for Enterprise Companies"}},{"node":{"id":"a74ab6c5-69d2-5f47-9697-c156f53ef318","slug":"the-future-of-finance-cyber-security-in-2020","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2020/01/ryan-born-x8i6FfaZAbs-unsplash-scaled.jpg"},"date":"2020-01-06T07:45:18.000Z","content":"

Cyber attacks seem to grow more sophisticated and menacing with each passing year. No industry understands this better than finance, as their enormous stores of cash and sensitive data make them a prime target for hackers year-round. Let’s look ahead at four trends that are likely to play a role in 2020’s biggest banking hacks and share how we can help harden financial services firm’s security posture to prevent attacks.

\n

Ransomware attacks will evolve

\n

Ransomware attacks are believed to cost victims billions of dollars every year, as hackers deploy technologies that enable them to literally kidnap an individual or organization’s databases and hold all of the information for a ransom. As companies continue to focus on building stronger defenses to guard against ransomware breaches, some experts believe hackers will increasingly target other potentially profitable ransomware victims such as high-net-worth individuals.

\n

Biometric security leaks and anti-fraud system bypass

\n

A new report from cyber security company Kaspersky states that cybercriminals have created a huge underground market called Genesis, which sells digital fingerprints of online banking users from all over the world. There have also been several biometric database security leaks in the last year, the most notorious of which was the Biostar 2 database, which included the exploitation of biometric data of over 28 million people. With biometric leaks on the rise, this will make it easier for hackers to bypass anti-fraud systems to gain access to online bank records.

\n

Increased third party risks

\n

Banks have not been impervious to the decentralization of IT that has affected most enterprise businesses. As organizations become increasingly reliant on third-party vendors for their day-to-day operations, financial services firms must be continuously monitored for cyber security vulnerabilities. Lack of awareness of how third-party security services operate could cost banks millions in 2020 and beyond. Ensure your cyber team is not only monitoring its own vulnerabilities but that of its outsourced security as well.

\n

Cryptocurrency hacks

\n

Big banks are starting to dip their toes in the crypto waters, with one in five financial firms saying they might start trading cryptocurrencies. However, crypto exchange has had many hacks of its own, including the largest in history, which happened earlier this year. Japanese crypto exchange, Coincheck, was drained of coins worth a total of roughly $534 million. In the first half of 2019 alone, hackers have stolen approximately $4.26 billion worth of crypto currency. It’s possible that the involvement of major financial institutions will shore up the security of the crypto industry — but if the past is any indicator, extreme measures will have to be taken to ensure the security of these digital currencies.

\n

So, how can financial institutions continue to grow and adapt to new technologies while keeping their stores of information and constituent’s wealth safe from adversaries?

\n

Circadence has a solution: our gamified cyber learning platform, Project Ares. Project Ares can be used by everyone at your institution from the Chief Financial Officer to IT teams. With persistent, hands-on learning in a safe, browser-based environment, financial services security teams can stay up to date on the latest threats and feel prepared to keep them at bay. With finance specific missions such as Operation Wounded Bear and Operation Crimson Wolf, your team can practice combatting hackers anytime, anywhere. Don’t let your finance company be the next one making headlines for a data breach, see what Project Ares can do for you.

\n
\n
\n
\n
\n
\n
Photo by Erol Ahmed on Unsplash
\n
\n
\n
\n
\n
\n","title":"The Future of Finance Cyber Security in 2020"}},{"node":{"id":"9ad1a025-7fd0-5fa6-8311-3b7f3d78aac8","slug":"living-our-mission-project-ares-takes-full-flight-with-cloud-native-architecture","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/12/projAres_office_03_wallpaper_1920x1080.jpg"},"date":"2019-12-19T16:28:08.000Z","content":"

According to CIO magazine, about 96% of organizations use cloud services in one way or another. In partnership with Microsoft, we are proud to announce that Circadence has redesigned its Project Ares cyber learning platform to fully leverage a cloud-native design on Microsoft Azure.  This new, flexible architecture improves cyber training to be even more customized, scalable, accessible, and relevant for today’s professionals.

\n

This transition to cloud infrastructure will yield immediate impacts to our current customers.

\n\n

Proven success at Microsoft Ignite

\n

At the recent Microsoft Ignite conference (November 2019), more than 500 security professionals had the opportunity to use the enhanced platform.  Conference participants set up CyberBridge accounts and then played customized battle rooms in Project Ares. Microsoft cloud-based Azure security solutions were integrated into the cloud-based cyber range to provide an immersive “cloud-in-cloud” sandboxed learning experience that realistically aligned to phases of a ransomware attack.  The new version of Project Ares sustained weeklong intensive usage while delivering on performance. 

\n

So what’s new in the new and improved Project Ares?

\n

Curriculum Access Controls for Tailored Cyber Learning

\n

One of the biggest enhancements for Project Ares clients is that they can now control permissions for  training exercises and solution access at the user level. Customer Administrators will use the new CyberBridge management portal to tailor access to Circadence training exercises for individual users or groups of users.

\n

Single-sign-on through CyberBridge enables the alignment of training exercises to individuals based on their unique learning requirements including:

\n\n

Cyber Essential learning tools and the inCyt game for security awareness will be added to CyberBridge over the next several months. With the capability to pre-select training activities reflective of a company’s overall security strategy, enterprise security managers can call the shots.

\n

“As the administrator, you now choose what curriculum content your team should have. “This provides more flexibility in cyber training for our customers in terms of what they can expose to their teams.” ~ Rajani Kutty, Senior Product Manager for CyberBridge at Circadence.

\n

Greater Scalability and Performance in Cyber Training

\n

With a cloud-native architecture design, Project Ares can support more simultaneous users on the platform than ever before. Project Ares can now handle over 1,000 concurrent users, a significant improvement over historical capacity of 200-250 concurrent users on the platform.  The combination of  content access control at the group or individual level and the increased scalability of Project Ares creates a solution that effectively spins up cyber ranges with built-in learning exercises for teams and enterprises of any size.  Additionally, this means that no matter where a cyber learner is geographically, they can log on to Project Ares and access training quickly. We see this as similar to the scalability and accessibility of any large global content provider (e.g. Netflix)—in that users who have accounts can log in virtually anywhere in the world at multiple times and access their accounts.

\n

Now that Project Ares can support a greater volume of users on the platform, activities like hosting cyber competitions and events for experts and aspiring security professionals can be done on-demand and at scale.

\n

“We can train more people in cyber than ever before and that is so impactful when we remember the industry’s challenges in workforce gaps and skills deficiencies.” ~ Paul Ellis, Project Ares Senior Product Manager at Circadence

\n

The previous design of Project Ares required placing users in “enclaves” or groups when they signed on to the system to ensure the content within could be loaded quickly without delay. Now, everyone can sign in at any time and have access to learning without loading delays. It doesn’t even matter if multiple people are accessing the same mission or battle room at the same time. Their individual experience loading and playing the exercise won’t be compromised because of increased user activity.

\n

Other performance improvements made to this version of Project Ares include:

\n\n

New Cyber Training Content

\n

One new Mission and three new Battle Rooms will be deployed throughout the next few months on this new version of Project Ares.

\n\n

Mission 15 has been developed from many discussions about 2020 election security given past reports of Russian hacktivist groups interfering with the 2016 U.S. election.  In Operation Raging Mammoth, users are tasked to monitor voting-related systems. In order to identify anomalies, players must first establish a baseline of normal activity and configurations. Any changes to administrator access or attempt to modify voter registration information must be quickly detected and reported to authorities. Like all Project Ares Missions, the exercise aligns with NIST/NICE work roles, specifically Cyber Defense Analyst, Cyber Defense Incident Responder, Threat/Warning analyst.

\n

Battle Rooms 19 and 20 focuses on using Splunk software to assist IT and security teams to get the most out of their security tools by enabling log aggregation of event data from across an environment into a single repository of critical security insights. Teaching cyber pros how to configure and use this tool helps them identify issues faster so they can resolve them more efficiently to stop threats and attacks.

\n

Battle Room 21 teaches cmdlet lightweight commands used in PowerShell.  PowerShell is a command-line (CLI) scripting language developed by Microsoft to simplify automation and configuration management, consisting of a command-line shell and associated scripting language. With PowerShell, network analysts can obtain all the information they need to solve problems they detect in an environment. Microsoft notes that PowerShell also makes learning other programming languages like C# easier.

\n

Embracing Cloud Capabilities for Continual Cyber Training

\n

Circadence embraces all the capabilities the cloud provides and is pleased to launch the latest version of Project Ares that furthers our vision to provide sustainable, scalable, adaptable cyber training and learning opportunities to professionals so they can combat evolving threats in their workplace and in their personal lives.

\n

As this upward trend in cloud utilization becomes ever-more prevalent, security teams of all sizes need to adapt their strategies to acknowledge the adoption of the cloud and train persistently in Project Ares. You can bet that as more people convene in the cloud, malicious hackers are not far behind them, looking for ways to exploit it. By continually innovating in Project Ares, we hope professionals all over the globe can better manage their networks in the cloud and protect them from attackers.

\n","title":"Living our Mission: Project Ares Takes Full Flight with Cloud-Native Architecture"}},{"node":{"id":"8b766adf-3b8c-5741-b4ac-2883a429e02f","slug":"holiday-hacks-in-the-financial-sector-what-you-need-to-know-to-stop-grinches-during-the-holiday-season","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/12/m-b-m-ZzOa5G8hSPI-unsplash.jpg"},"date":"2019-12-18T21:30:51.000Z","content":"

Not everyone gets into the holiday spirit, but whether or not your stockings are hung by the chimney with care, there are real world cyber grinches out there looking to steal holiday joy and sensitive data. The Financial Sector in particular is a high-profile target for hackers in the cyber industry year-round but the holiday season has historically attracted a larger quantity of cyber criminals who conduct attacks designed to steal money, social security numbers, addresses, and other sensitive information. The volume of e-commerce and e-banking transactions that occur during the holiday season provide ample opportunities for hostile actors to exploit financial institution networks. Specifically, “attacks on SWIFT—the leading global network for money and security transfers—alone cost $1.8 billion year-to-date” Forbes reports. To understand just how vulnerable banking and financial organizations are, let’s review the attacks that financial cyber teams should look out for and then discuss systemic solutions to safeguard finance networks, companies, and their stakeholders.

\n

Financial institutions are susceptible to any of the following cyber attack types:

\n\n

\n

Systemic Cyber Readiness Solutions for Financial Services

\n\n

Don’t let your financial institution fall victim to a holiday hack. Utilize persistent, hands-on, gamified cyber training to put your cyber teams on the front lines of defense. Circadence’s flagship product, Project Ares, ensures higher user engagement and learning retention through the use of cyber ranges. Project Ares utilizes a library of mission scenarios with specific skill-based learning to accurately measure skills and performance, such as:

\n\n

These missions and more cyber learning activities in Project Ares allow users to gain insight into real-world attack scenarios pertinent to their industry in a safe learning environment. These specific mission scenarios can help to keep financial institutions at the front lines of cyber defense over the holidays and year-round. Just like the grinch’s heart, you can grow your cyber defense to stay happy year-round! To learn more about what Project Ares can do for you, visit  www.circadence.com.

\n

 

\n
\n
\n
\n
\n
\n
Photo by Helloquence on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Photo by M. B. M. on Unsplash
\n
\n
\n
\n
\n
\n","title":"Holiday Hacks in the Financial Sector: What You Need to Know to Stop “Grinches” during the Holiday Season  "}},{"node":{"id":"15b453aa-a42b-57eb-a42b-d6b0b6e6a7c1","slug":"living-our-mission-blog-series-cyber-security-teaching-the-perfect-match-for-developing-cyber-curriculum-in-project-ares-for-circadences-megan-daudelin","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/12/joshua-sortino-LqKhnDzSF-8-unsplash.jpg"},"date":"2019-12-16T16:34:34.000Z","content":"

Ever wondered about the people behind Project Ares’ development? How does Circadence identify and develop learning curriculum material to benefit today’s cyber professionals? The crux of the strategy stems from the talents within our own Circadence family and is the driving force behind this “Living our Mission” article. We are sharing the unique talents of Megan Daudelin, Team Lead of Curriculum Development for our flagship gamified learning platform, Project Ares. While one might expect that a cyber background is critical to any tech-focused role in a security company, Megan would argue that having a strong understanding of learning theories, experience teaching cyber subjects, and placing oneself in the customer’s shoes equally weigh in importance to successfully build rich cyber curriculum into our products.  

\n

 Blending Forensics, Hospital Security, and Cyber Education   

\n

Megan has a rich history in the cyber security industrywhich started after she graduated with her bachelor’s degree, and continued as she worked full time while completing her Master’s in Digital Forensics Management from Champlain CollegePrior to Circadence, she served as a Digital Forensic Analyst at ManTech and Information Security Content Analyst at Tenable Network Security. She also worked as a Network Security Analyst at New London Hospital between her stints at ManTech and Tenable, monitoring networks and medical devices in accordance with HIPPA. Those experiences helped her learn the importance of understanding an end-user’s behavior to identify and investigate digital evidence.  

\n

 Her career as a digital forensic analyst revolved around gathering and interpreting data. She recalls a previous job where she was responsible for writing up a narrative around a customer by referencing only the information available in a customer’s device. She would get a sense of the day-to-day digital life the user led to understand who and how that person was using the technology.  

\n

“That’s the part I liked, taking a vast amount of information and drawing the lines through the ‘dust cloud’ of data to figure out the connections between everything and turn the ‘cloud’ into a digestible amount of information.  

\n

 As Megan embraced new skill acquisition on the job, she grew to appreciate how problem-solving played a critical role in managing threats for her employers and their customers. 

\n

It was her passion for identifying the tools and techniques that best helped harden security posture that led her back to the classroom as an Adjunct Professor at her alma mater, Champlain College, to help groom the next generation of cyber professionals. Her professional experience across multiple disciplines in cyber, from digital forensics to network security to ethical hacking and incident response, allows her to teach courses on a variety of cybersecurity disciplines—a job she still does today.  

\n

 Using Teaching to Inform Cyber Learning in Project Ares 

\n

Over the last two years, Megan has taken her love for teaching and applied it directly to the innovation within Project Ares. She is able to see how her students learn best whether through direct, hands-on experiences or learning from peersand she applies those observations within a customer’s experience in the platform. All of this comes with the understanding that she must remember not to get “too deep” into one thought pattern, to maintain the “10,000 foot view” as she puts it, so that she can build cyber learning curriculum that is cross-disciplinary and cross-functional.  

\n

 Megan put her cyber and teaching skills to the ultimate test at the Microsoft Ignite “Into the Breach” cyber defense experience in November 2019. She helped design six custom-built Battle Rooms in Project Ares that were used in a competition-style activity among event registrants.  The battle rooms provided a gamified learning approach to teach cyber professionals about Microsoft Security Tools. Megan used the Project Ares virtual environments to create hands-on, experiential learning activity that focused on problem-solving using Microsoft tools. By adopting the end-user’s perspectiveshe was able to help the players through the maze from the home page of the Project Ares interface down to the data they were looking for to find the answers they needed.  

\n

“It was quite the adventure learning all these new security solutions and organizing them into a cohesive storylineWe weren’t asking independent questions to teach TTPs in a silo. Instead, we were walking the players through a single attack pattern. The narrative was knit together so that they could understanthat the tasks in the Battle Rooms were related to the progressive arc of a full-scope attack and there were different points along the kill chain where the Microsoft tools could help to identify, analyze, and respond.” 

\n

Looking ahead…  

\n

As Megan works hard to build learning curriculum into Project Ares, she can’t help but think about what lies ahead for the cyber security industry.  

\n

 “I hope the prioritization of training and education continues to increase; I hope the prioritization of security as a pillar of someone’s organization continues to get recognition. I think we’re coming out of a phase where organizations felt that they could just ignore the elephant that’s stomping around their data center.  

\n

 I’m hopeful we’re moving into a time that people are becoming more aware of their organization’s digital activity online…. not just in a check-the-box periodic program kind of way, but in the sense that cyber security readiness and training has ongoing funding and cross-function collaborationThe industry is moving toward recognition that this is where priorities lie.”  

\n

It is this kind of forward-thinking mindset in employees that helps Circadence deliver state-of-the-art products and we are incredibly proud to have Megan within the Circadence family!  

\n","title":"Living Our Mission Blog Series: Cyber Security + Teaching = the Perfect Match for Developing Cyber Curriculum in Project Ares for Circadence’s Megan Daudelin "}},{"node":{"id":"7ae63ac1-f9cd-522e-8ce0-4dc4833de9a4","slug":"living-our-mission-blog-series-connecting-the-dots-academic-virtual-labs-microsoft-ignite-and-battle-room-design-from-circadences-matt-surprenant","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/12/helloquence-5fNmWej4tAA-unsplash.jpg"},"date":"2019-12-11T16:34:01.000Z","content":"

After serving in the Coast Guard and learning IT, Matt Surprenant applied his technical abilities to the academic community, building out cyber ranges for students to practice their tradecraft in virtual environments. Managing virtual labs for 250-500 students wasn’t an easy job by any means, but it certainly gave him invaluable insight into how learning occurs to best train today’s cyber enthusiasts (tomorrow’s frontline defenders).   

\n

At Champlain I grew from a student at the Helpdesk, to deploying software in physical labs, to managing virtual labs. After spending a decade at Champlain College, enjoying the collegiate atmosphere working and learning, I transitioned from creating virtual computing environments at Champlain to virtual ranges at Circadence.  

\n

For more than 11 years at Champlain, Matt performed many cyber roles (help desk technician, imaging applications analyst, and academic service administrator) that informed his understanding of opportunities for innovation, and what is needed to train the next generation of cyber professionals. He was able to take that experience and apply it at Circadence for enterprises looking to embrace modern ways to train their own cyber teams and harden security strategies.
\n

\n

Creating Space for Productive Cyber Learning  

\n

For the past three years, Matt has been responsible for constructing Battle Rooms within Project Ares. Battle Rooms are the training simulation environments where users learn the tools, tactics, and procedures of cybersecurity before entering the next “level” of activities in Project Ares called Missions.  Battle Rooms allow users to train and hone their skills before entering a simulated scenario environment with multiple components, narrative backstory, and where deeper application of skill comes into play.  

\n

Currently, Matt manages the logistics for Battle Room development, guiding his team on project priorities week-by-week and acting as a liaison for the Content / Cyber Curriculum Team. Alongside the Curriculum team, he works to determine what the training outcomes are in each of the Battle Rooms. On the technical side of Project Ares, Matt ensures that the automation of environments and the logistics are working correctly. He enjoys developing content that guides a player along a cyber learning pathway, so they learn multiple skills from performing reconnaissance to enumerating networks. The Battle Rooms are particularly fun for him to build out because he sees them as “small spaces that teach specific concepts” and help inform a cyber work role a player might want to learn more about.  

\n

 Since Project Ares’ debut, customers have greatly informed the kinds of Battle Rooms Circadence develops. After all, it is about the customer having the ability to train according to their specific cyber needs, so this strategy works out well for team members like Matt.  

\n

 “I’ve really enjoyed developing the CTF (Capture the Flag) content for our customers. The customer gave us a walkthrough of their expectations, showed us some pre-made content, and shared ideas of how to configure the different pieces of technology. We [the BR team] worked up a functional configuration and validated playthrough based on our understanding of the customer’s expectations. It was incredible to see how successful the team could be playing to each other’s strengths in order to meet a customer’s request. The icing on the cake was that the content was very well received by the customer.” 

\n

Observations from Microsoft Ignite  

\n

Matt was able to lend his cyber expertise at the Microsoft Ignite “Into the Breach” cyber defense experience in November 2019. Five custom-built Battle Rooms in Project Ares were used in a competition-style activity among event registrants. The battle rooms provided a gamified learning approach to teach cyber professionals about Microsoft Security Tools.
\n 

\n

“I was really excited to see how well the content in the Battle Rooms blended into the background as the purpose of the event was really to introduce registrants to Microsoft Security tools using a gamified environment.”  

\n

Matt noticed registrants were curious to understand how to use these cyber tools in their own profession. The capability for Project Ares to deliver this educational experience to end-users, Matt reflects, was a huge benefit to see how learning unfolded.  

\n

Advice for the Next Generation of Cyber Professionals  

\n

“Trust but verify.” Those are the simple words Matt says he would tell any aspiring young professional interested in entering the field of cybersecurity.  

\n

It seems like a simple statement, but I’ve found many security professionals don’t necessarily practice what they preach. Develop personal habits that help you professionally. A simple one is to constantly validate or fact-find when you’re told something. Ask questions! Does that update process actually work as you think it should? Should that application actually make web requests? Develop an inquisitive nature that will allow you to bolster claims with factual findings. 

\n

For Matt, that inquisitive mindset occurred in high school when he found system administration was an interesting discipline.  

\n

I started a high school club where one day a week we would “re-image” a writing computer lab with images that had games pre-installed and have a “LAN (local area network) party”. Club members (mostly my friends) would get together and play video games on the freshly reconfigured computers for a couple of hours. At the end of the event, we would reset the lab back to a writing lab. Sometimes there were minor hiccups that users (other students) would run into afterward. I enjoyed helping those users fix the issue, but I also enjoyed identifying how we could make it better next time we re-imaged the lab. That’s kind of what information/cybersecurity is for me – identifying weaknesses in configuration, policy, or procedure and making a change to mitigate that weakness. 

\n

It is that kind of curious approach to building cyber learning into our products that helps Circadence deliver state-of-the-art learning tools today.  We are incredibly proud to have Matt as part of the Circadence family!   

\n","title":"Living our Mission Blog Series: Connecting the Dots – Academic Virtual Labs, Microsoft Ignite, and Battle Room Design from Circadence’s Matt Surprenant"}},{"node":{"id":"7ec8a7c3-fa93-5f6b-9a99-a8b4dcf751ca","slug":"predictions-for-cyber-security-in-2020","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/11/ramon-salinero-vEE00Hx5d0Q-unsplash.jpg"},"date":"2019-12-03T07:25:37.000Z","content":"

The dynamic world of cyber security is prompting a new shift in focus for security execs and frontline defenders as we head into a new year in 2020. Given the rapid pace by which enterprises have adopted Cloud computing services to improve operations, the frequency of threats and attack methods, and the widening skills gap facing many industries, we expect 2020 will finally be the Year of Preparedness & Cyber Proactivity—from the CISO, to the Director of Risk Management, to the Network Analyst professional—and we’ll tell you why.

\n

A recent report from ICS2 noted that the cyber security industry now faces an estimated shortfall of 4.07 million cyber professionals. In the U.S. alone, the industry is expected to have more than 490,000 unfilled cyber positions in the coming years. While the great debate continues as to whether we really have a “skills gap” problem or if we need to loosen the reins on job requirements and lower candidate qualification expectations, one thing is for sure—today’s (and tomorrow’s) cyber professionals will need help in combatting imminent threats to harden cyber security in 2020. To facilitate their preparedness strategy, we envision proactive tools and resources will become more mainstream to help professionals do their jobs with greater efficiency leveraging automation, to support expanding security provisions, compliance requirements, and minimize the widening attack surfaces.

\n

Automation will become the preferred way to support security operations

\n

Whether a security manager has 1,000 defenders on their cyber team or one, automating certain administrative tasks for these individuals will be a goal focus in 2020. Directors, managers and cyber team leads understand that threats are getting so sophisticated that network defenders and security analysts need as much help as possible.

\n

Our own Battle Room Design Team Lead Matt Suprenant anticipates enterprises will be finding ways to “automate responses to detections” observing at the Microsoft Ignite event in Nov. 2019 that Microsoft toolsets on display were designed with automation in mind.

\n

“As we think about the future of cyber, we will see a combination of things start working together as we learn more about AI, SOAR, and other mechanisms by which we can augment today’s workforce.” ~ Battle Room Design Team Lead, Matt Suprenant

\n

Cloud adoption will be growing across all security sectors

\n

In 2019, we predicted more enterprises would shift to the cloud for a more seamless and elastic security experience. Reports indicate that about 90% of businesses today are using the cloud to conduct operations from simple file storage to sales transactions in the cloud. So what’s next? Security divisions will be leveraging the cloud to train their professionals on the latest cyber threats and attacks in 2020. Cyber training in the cloud will likely become one of the new ways Cloud computing will be leveraged in 2020 since teams need persistent and always-on access to training (moving away from the one-and-done on-site classroom-based training offerings of today). The future of cyber training will occur in the cloud.

\n

Don’t believe us? Hear the benefits of training in the Cloud in our webinar.

\n

Renewed focus on security awareness training for all employees

\n

Human resource managers and risk and compliance managers will work more closely together to design their own security training programs to nurture incoming talent and existing staff. Another cyber security prediction in 2020 will indeed be around this topic, as HR managers and Risk and Compliance managers identify new ways to educate all employees (not just the IT staff) on cyber risks, attack methods, and how to spot suspicious emails (phishing attacks), links, website, and other digital assets related to endpoint security.

\n

“I hope the prioritization of training and education continues to increase; I hope the prioritization of security as a pillar of someone’s organization continues to get recognition. I think we’re coming out of a phase where organization’s felt that could just ignore the elephant that’s stomping around their data center. I’m hopeful we’re moving into this position that people are being more generally aware [of their digital activity online], not just on paper, but that [cyber security readiness and training] needs funding and collaboration…The industry is moving toward recognition that this is where priorities lie.” ~ Megan Daudelin, Team Lead, Curriculum Development

\n

Election Security will dominate discussions

\n

Years ago, ballot fidelity was the issue to solve but now, election security is the hot ticket item to address in cyber security in 2020. The breadth and diversity of counties means election security isn’t managed the same way, putting all elections at greater risk of interference. Russian cyber criminals have been able to gain access to voting systems around the country, most notably in the 2016 election. As we head into an election year, election security pros will be understanding vulnerabilities in voting machines and (ideally) replacing such machines using congressional funds, which granted $380 million to upgrade old voting systems.

\n

We also anticipate both election volunteers and frontline election security tally monitors and processors will desire more cyber training and education to ensure they’re doing their part to stay vigilant against any suspicious activity that comes in their purview.

\n

Increased Attacks on IT/OT automated systems, state local governments

\n

Municipal ransomware attacks on cities was a big occurrence in 2019 and we don’t envision it’s going to stop in 2020. A CNN news article reported that over 140 local governments, police stations and hospitals were held hostage by ransomware attacks in 2019. As more entities run by and are funded/informed by state and local government organizations, automated operations of network security will be more prevalent to streamline workforces and workloads, thus, increasing the chances of cyber attacks occurring on those systems. To prevent data breaches and make cyber readiness a top priority, live fire cyber exercises will be leveraged to bring together cyber security experts across departments and teams, divisions and functional areas of critical infrastructure and government operations.

\n

We will continue to see a rise in targeted ransomware attacks, especially against small to medium size public entities like utilities, governments, and hospitals. Too many are just paying the ransom because it is far cheaper to do that than fix it, even if you have backups. ~ Paul Ellis, Senior Product Manager

\n

What do we do to harden cyber security in 2020?

\n

Educate, educate, educate. Train. Train. Train.

\n

That is our recommendation for security leaders, managers, and frontline defenders who are heading into 2020 trying their best to anticipate the next threat vector or patch a vulnerability.

\n

The more companies can educate their non-technical staff about cyber issues and suspicious activity while IT teams and security divisions regularly train/upskill their defenders the better off enterprises will be.

\n

It’s important to remember that cyber security in 2020 and beyond is not a “do this thing and you’re secure” effort. Cyber security and hardening posture is a JOURNEY, not to be taken lightly or without concern.

\n

For enterprise security teams who want to understand more about how Project Ares can support cyber learning in mission scenarios that address election security, ICS/SCADA systems, and experience learning against automated adversaries in the Cloud, schedule a demonstration of Project Ares today.

\n

For HR managers and Risk and Compliance directors seeking ways to implement a company-wide security awareness training program using gamification, check out our inCyt platform (Available soon).

\n

 

\n
\n
\n
\n
\n
\n
Photo by Ramón Salinero on Unsplash
\n
\n
\n
\n
\n
\n
\n
Photo by Shahadat Rahman on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"Predictions for Cyber Security in 2020"}},{"node":{"id":"a9a73f22-352a-5546-aa9d-b170758a00c7","slug":"rethinking-cyber-learning-consider-gamification","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/mimi-thian-ZKBzlifgkgw-unsplash.jpg"},"date":"2019-11-26T14:59:56.000Z","content":"

This post originally appeared on Microsoft’s Security Blog, authored by Mark McIntyre, Executive Security Advisor, Enterprise Cybersecurity Group

\n","title":"Rethinking cyber learning—consider gamification"}},{"node":{"id":"b7c414ee-b265-550d-9fa1-650616d87a4e","slug":"cyber-monday-and-black-friday-cyber-security-safety-tips-to-prevent-holiday-hacks","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/11/catherine-zaidova-fPfvv3u5PHY-unsplash.jpg"},"date":"2019-11-25T07:25:47.000Z","content":"

If you’re anything like me, you get really excited when the holidays roll around. The music is cheerful (the Hallmark Channel is on 24/7–high five!), the fireplace is roaring, and I can curl up with my blanket and mobile phone to SHOP ONLINE (of course). Ah, the spirit of the holidays…But the bah humbug part about the scene I’ve just set, is I’m not the only one feeling “festive.” Cybercriminals LOVE when surges in online shopping occur because people are looking for the best deals on gifts, bargain hunting, and planning for the biggest online shopping days of the year: Black Friday and Cyber Monday. This means adversaries can more easily manipulate our holiday spirits with cyberattack methods like phishing and social engineering, credit card fraud, and more.

\n

So while you prepare your winter festivities and “add to cart,” consider these 12 tips to keep your “digital dwelling” safe and warm during Cyber Monday and Black Friday, especially.

\n

Shop from websites you know and trust. 

\n

Don’t click on those flashy “hot deals” that are likely too good to be true. Scammers deliver ads based on your interests, offering sweet discounts or great deals to get the click. Now is NOT the time to experiment with new retail websites and apps.

\n

Don’t go “public.” 

\n

Avoid public Wi-Fi when using the Internet, especially when accessing sensitive data like your bank account balance or emails. Your personal information isn’t a “gift” you want to give a hacker this holiday season.

\n

Update your operating systems. 

\n

With a little more downtime during the holidays, take a merry minute to keep your operating systems as current as possible. This also goes for apps on your phone.

\n

Refresh your passwords.

\n

Enter into the New Year with stronger, more secure passwords—something that will keep a criminal out of your personal property and prevent identity theft. Things like symbols and numbers to replace letters add a layer of complexity that make passwords harder to crack. Consider using a password manager to store all your different passwords so you don’t forget them!

\n

To ensure you are protected from any precocious cyber predator, check our security awareness game inCyt, a fun way to learn cyber concepts and attack methods while cozying up on your couch with a hot toddy. You can practice proactive cyber readiness during the holidays—and year-round with this sweet resource. 

\n

Don’t click on suspicious links. 

\n

Scammers, like the Grinch, will impersonate real online retailers and stores to get you to open an email and click on links while you are holiday shopping. Don’t! This phishing email tactic opens the door for them to install malware on your computer and before you know it, your data is stolen and compromised.

\n

Look for the lock. 

\n

Secure websites will often have a lock icon in the browser address bar to indicate it is a secure connection.

\n

Get creative with security questions. 

\n

Your mother’s maiden name or favorite food can most likely be found online somewhere, so try getting creative with your security questions to access your accounts. Choose a motto you live by perhaps or choose an answer to a question that is completely opposite of what you would select.

\n

Watch your bank and card activity.

\n

Hackers can see your financial activity when you’re sleeping and when you’re awake if you’re not careful. Diligently monitor your bank account, online transactions, and card activity and notify your financial services provider if you observe any suspicious activity.

\n

Disable auto-connect.

\n

Some devices will auto-connect to available wireless networks. Ensure you are only connected to wireless and Bluetooth networks when devices are in use or about to be used. Unknowingly being connected is the opportune time for hackers to cause damage right under your nose.

\n

Store devices when away. 

\n

If you’re a busy traveler, criminals seek out meal times to check hotel rooms for unattended laptops and mobile devices. Be especially wary when attending conferences or trade shows as guest networks tend to be more vulnerable to attacks (and allows hackers to access lots of data from lots of people, who are all in one convenient location).

\n

Activate double authentication. 

\n

If you haven’t done so already, ensure all your apps have a double authentication factor so every time someone tries to log in to your online account, they need a code or key that is texted to your phone or sent to your email to gain access. That makes unintended access to things like social media accounts more difficult for cybercriminals.

\n

Practice persistent protection.

\n

Hackers aren’t just looking to exploit individual data, they also target businesses knowing many take extra time off this time of year to spend with loved ones. Ensure your company has a strong cybersecurity response plan in place and key members of your threat intelligence, analysis, and fraud teams are consistently practicing responding to threat scenarios. Our Project Ares platform runs on Microsoft Azure, so professionals can practice cyber offense and defense from anywhere, at any time on a gamified cyber range.

\n

It’s important to practice safe online behavior all year-round but the holidays bring about an extra level of digital activity hackers love to exploit. Make sure you are taking proactive measures to ensure you are having the most wonderful online shopping day of the year—and cybercriminals aren’t.

\n

 

\n

 

\n","title":"Cyber Monday and Black Friday Cyber Security Safety Tips to Prevent Holiday Hacks  "}},{"node":{"id":"0ff75ec5-56fa-5b3c-afd5-5e39e4afde33","slug":"living-our-mission-blog-series-how-tony-hammerling-curriculum-developer-orchestrates-a-symphony-of-cyber-learning-at-circadence","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/11/marius-masalar-rPOmLGwai2w-unsplash.jpg"},"date":"2019-11-19T07:25:12.000Z","content":"

Circadence’s Curriculum Developer Tony Hammerling wasn’t always interested in a career in cyber—but he was certainly made for it. In fact, he initially wanted to be a musician! While his musical talents didn’t pan out for him early in his career, he quickly learned how to create unique harmonies using computers instead of instruments…After joining the Navy in 1995 as a Cryptologist and Morse Code operator, he transitioned to a Cryptologic Technician Networks professional where he performed network analysis and social network/persona analysis. It was there he learned more offensive and defensive strategies pertinent to cyber security and was introduced to network types and communication patterns. He moved to Maryland to do offensive analysis and then retired in Pensacola, Florida. The world of cyber grew on Tony and he enjoyed the digital accompaniment of the work it offered.

\n

For the last few years, now settled in Pensacola, Florida, Tony is a critical part of Circadence’s Curriculum Team, working alongside colleagues to develop learning objectives and routes for players using platforms like inCyt, Project Ares, and other cyber games like NexAgent, Circadence’s immersive network exploration game. Currently, Tony and his team are focused on building out learning of network essentials in NexAgent, and “…are bridging the gap between what new IT professional’s learn in NexAgent and getting them onto more advanced learning pathways in Project Ares,” says Tony.

\n

“We’re starting to introduce new content for [Project Ares] battle rooms so users coming out of NexAgent can have an understanding of the tools and techniques needed for more advanced learning of cyber defense—and actually apply those tools and techniques in realistic scenarios.”

\n

As the technical subject matter expert for cyber curriculum, Tony digs into the details with his work—and that’s where he shines. Tony and his team ensure that user learning is reflective of today’s cyber attacks and vulnerabilities. In the next iteration of NexAgent, users will be able to focus on network segmentation using election security as the theme for game-play. From separating election polling servers to working with registration databases to designing networks to prevent election fraud, learning becomes much more interesting for the end-user.

\n

The most exciting part about Tony’s job is the diversity of material he gets to work on every day. One day he could be helping end-users of Project Ares identify fraudulent IP addresses in a battle room and another day he could be working on a full-scale technical design of a SCADA system modeled after a cyber incident at a Ukrainian power plant.

\n

By understanding corporate demands for new content, Tony and his team have more direction to build out cyber learning curriculum that aligns to customer’s needs. He believes the technical training he’s able to support with learning material in Circadence’s platforms complements traditional cyber learning paths like obtaining certifications and attending off-site classes. The variety of learning options for users of all cyber ability levels (both technical and non-technical), gives professionals the opportunity to be more thoughtful in their day-to-day lives, more critical and discerning of vulnerabilities and systems, and more creative in how they address threats.

\n

“Knowing that people are able to come into a Circadence product and learn something that they didn’t know before or refine specific knowledge into an application/skill-based path is exciting. I don’t think too much of the greater impact my work provides—but perhaps 10 years down the line when we can say ‘we were the first to gamify and scale cyber training,’ it will mean so much more.”

\n

We are grateful for the unique talents Tony brings to the Circadence family of products and how he’s able to craft learning “chords” that when orchestrated, provide a symphonic concerto of cyber learning activity—empowering cyber professionals across the globe with relevant, persistent, and scalable cyber training options to suit their security needs.

\n

Photo by Marius Masalar on Unsplash
\n

\n
\n
\n
\n
\n
\n
Photo by Alphacolor on Unsplash
\n
\n
\n
\n
\n
\n
\n

 

\n","title":"Living our Mission Blog Series: How Tony Hammerling, Curriculum Developer, Orchestrates a Symphony of Cyber Learning at Circadence"}},{"node":{"id":"13877865-bf74-5bc7-90ce-81839b7dbdac","slug":"8-tips-to-keep-your-small-business-cyber-safe-this-holiday-season","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/11/aryan-dhiman-iGLLtLINSkw-unsplash.jpg"},"date":"2019-11-14T07:25:05.000Z","content":"

The holiday season is a time of giving, however, for hackers it can be a time of swindling. We are all susceptible to cyberattacks, but small businesses can hurt the most from the fall out. With limited staff numbers, small IT departments (if any at all), and no money allocated toward remediation, it is of the utmost importance to protect your small business, especially over the holidays. So, what can you do to protect yourself?

\n
    \n
  1. Understand your vulnerability by industry – While every industry can be targeted by scammers, there are some more at risk than others. Specifically, retail, automotive, manufacturing, and financial. Not only do these industries process a lot of sensitive data and large quantities of money, but they also use automated process and many interconnected devices which are vulnerable to cyber attacks. Assessing your risk is the first step in preventing it.
    2. \n
  2. Adopt a cyber security policy – Whether you’re a sole proprietor or a company with 5,000 employees, cyber criminals are targeting your business. Smaller businesses may not have controls, processes, or policies in place for cyber security defense and offense. There are several options for securing a comprehensive cyber security plan such as a managed service provider (MSP), a systems integrator or security system provider, or a cyber security consultant. Take the time to put together a comprehensive policy for your employees to learn and reference.
    3. \n
  3. Educate employees on cyber risks and prevention – It won’t do you any good to adopt a cyber policy if you don’t train your employees on risk awareness and staying safe online while working. Ensure you utilize persistent, hands-on learning, such as a cyber range, to keep employees abreast of the latest threats while building confidence in their abilities to recognize threats and suspicious activity.
    4. \n
  4. Beware of popular scam tactics used against small businesses – From overpayment scams to phishing emails, hackers will try just about anything to get to your money and sensitive information. Be wary of anything that looks or sounds suspicious such as calls from unknown persons, pop-ups, and unfamiliar websites, only open emails from trusted sources, and NEVER give your credit card or personal information to anyone you don’t know whether over the phone, by email, or in person.
    5. \n
  5. Secure WiFi Networks – These days all businesses require WiFi to operate, so you need to ensure your network is safe. Hide your network, which you can do by googling instructions or working with your internet provider, so that your router does not broadcast the network name (or SSID) and ensure that a password is required for access. Be sure you change the administrative password that was on the device when first purchased as well to a complex password only you will remember. Setting up a private network for employees and offering a guest network to customers is a great way to keep customers happy while ensuring your cyber safety.
    6. \n
  6. Make backup copies of important information – Regularly back up data on every computer used in your business including documents, spreadsheets, financial and personnel files, and more. You can do this through many channels from uploading files to an external hardrive, USB, the cloud, or using a paid data storage site.
    7. \n
  7. Install and update antivirus software – Every device you use for your business needs to be protected with antivirus, antispyware, and antimalware software. You will need to purchase this software either online or from a retail store and will need to assess your specific needs based on a variety of factors, such as the type of operating system you use (mac or PC) and your budget. Here is a handy guide for things to consider before purchasing antivirus software. Be sure you install and update antivirus software regularly to ensure the newest and best iteration is at work protecting your sensitive information.
    8. \n
  8. Install a VPN – A virtual private network (VPN) is a software that enables a mobile device to connect to another secure network via the internet and send and receive data safely. If you regularly use your smartphone to access secure information for your small business, it can be technology that is well worth investing in. Setting up a VPN is a simple task but depends on what operating system you use. Check out this great article that guides you through VPN set up for various systems.
    9. \n
\n

By following these tips and tricks, you can ensure that your business stays protected and profitable. Cyber security is an ever-changing field, and businesses must continually adapt to new attack methods and be able to defend themselves. Keep the latest in cyber training at your fingertips with Circadence’s inCyt security awareness game of strategy and if you have a small security team/IT professional, consider our flagship immersive, gamified cyber learning platform, Project Ares for advanced cyber training. We wish you a safe and happy holiday season!

\n
\n
\n
\n
\n
\n
Photo by Aryan Dhiman on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Photo by You X Ventures on Unsplash
\n
\n
\n
\n
\n
\n
\n

 

\n","title":"8 Tips to Keep Your Small Business Cyber Safe this Holiday Season"}},{"node":{"id":"bd021454-0eda-5215-adcc-17596d2eb4d3","slug":"operation-gratitude-5-reasons-to-give-thanks-for-cyber-security","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/11/pro-church-media-p2OQW69vXP4-unsplash.jpg"},"date":"2019-11-12T08:25:42.000Z","content":"

With daily breaches impacting business operations and security, it’s easy to forget about the good ways that cyber security keeps us safe behind the scenes. This holiday season, we’re giving thanks to cyber security and all that it does to make our lives easier and more secure with what we’re calling Operation Gratitude (inspired by our Project Ares missions, uniquely titled “Operation Goatherd” or “Operation Desert Whale”). #OperationGratitude is a rally cry for security professionals and business leaders to remember the positive aspects of cyber security and share those positive thoughts with each other. Too often we live in fear from cyber attacks and persistent threats, and while, there is always cause for concern, we must remember how advances in the field have equally made aspects of our digital life easier. We’re thankful for these advances in cyber security:

\n
    \n
  1. Two-factor authentication – This tool helps to keep you secure by requiring two different credentials before allowing you to gain access to sensitive information online. One example of this would be when you log in to check your bank statements and it prompts you to not only enter your username and password, but also to check your phone and enter a verification code that was texted to you. You will normally see this security precaution used when logging into an account from a new device. The great part about it is, it’s widely known and used by everyone from CISOs to high school kids.
    2. \n
  2. HTTP(S) – You’ve likely seen this appear when visiting a URL online, usually showing up just before the “www” and website name. Http means HyperText Transfer Protocol. HTTP is the underlying protocol used by the World Wide Web, which defines how messages are formatted and transmitted, and what actions web servers and browsers should take in response to various commands. The “S” is for security, and this little letter means that all communication between your browser and your website is encrypted for your protection. This means that sites utilizing https are prioritizing your safety while performing sensitive transactions online!
    3. \n
  3. Personal digital responsibility – These days the average consumer is more connected than ever. With our lives relying on smartphones, computers, tablets, and a multitude of IoT devices, we are entrenched in cyber every single day. This reliance requires us to practice personal digital responsibility, or often called digital citizenship—that is, the ability to participate safely, intelligently, productively, and responsibly in the digital world. Just because we are more connected does not necessarily mean that we are more aware of cyber risks, however, initiatives such as Cyber Security Awareness Month (in October) are helping to increase awareness by promoting cyber citizenship and education. Circadence is proud to contribute to the security awareness and digital responsibility effort with the soon-to-be-available inCyt, a security awareness game of strategy that helps bring cyber safe practices into the workplace and cultivates good cyber hygiene for all (and you don’t have to be a technical expert to use it).
    4. \n
  4. Corporate security awareness trainings – Given that 25% of all data breaches in the U.S in 2018 were due to carelessness or user error, it is critical for companies of all sizes to engage their employees in persistent cyber training. Thank goodness there is an increase in organizations such as the National Cyber Security Alliance (NCSA) that provide risk assessments and security training to organizations across the U.S.
    5. \n
  5. Increased security collaboration – With more than 4,000 ransomware attacks alone occurring daily, no one business can mitigate the increasing amount of cyber risks present in today’s threatscape. It is more important than ever for businesses to share knowledge from breaches they have experienced and stand together to fight cyber crime, which is exactly what they’re doing! Nowadays these partnerships are being formed not only to share information, but to conduct live fire cyber readiness exercises. One such initiative is DHS’s National Cybersecurity and Communications Integration Center(NCCIC) – a 24/7 cyber situational awareness, management and response center serving as a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC also shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.
    6. \n
\n

So, as you prepare your Thanksgiving meal from recipes pulled up on your tablet, with holiday music playing from your smart phone, and timers set by Alexa to ensure the juiciest turkey and tastiest pies, remember to give thanks for cyber security. We certainly are!

\n

 

\n
\n
\n
\n
\n
\n
Photo by Simon Maage on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
Photo by Pro Church Media on Unsplash
\n
\n
\n
\n
\n
\n","title":"Operation Gratitude: 5 Reasons to Give Thanks for Cyber Security"}},{"node":{"id":"4abffb86-09e3-5508-8bb0-289777e8f5f9","slug":"28-bits-and-bytes-about-cybersecurity-careers-you-probably-didnt-know","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/10/danial-ricaros-FCHlYvR5gJI-unsplash.jpg"},"date":"2019-11-05T07:45:45.000Z","content":"

Getting a job in cyber security doesn’t have to be an intimidating process. If you haven’t been taught the basics and/or are looking to change careers for something different, launching a cyber security career can start with basic learnings that lead to more formal training, certifications, and skills development. And there are several online resources for developing security competencies that are free or at a minimal cost. These resources can be complemented with cyber range training to expedite learning to land the cyber security job you want.”

\n

To bring cyber security to the surface as a strong and lucrative career option for young professionals, we’ve taken the liberty to share some fast facts and fun things about the industry.

\n

Fast Facts About the Cybersecurity Industry

\n\n

Technical Abilities and Knowledge Needed for the Cyber Security Industry

\n\n

Professional Skills Needed for the Cyber Security Industry

\n\n

The Benefits of a Cyber Security Career

\n\n

To prepare yourself for a fruitful career in cyber security, consider training and building your skills in Project Ares. Project Ares is the premier gamified, hands-on learning tool that can support novice and aspiring cyber security and IT professionals in acquiring and maturing cyber security skills and competencies needed for on-the-job placement.

\n\n

Watch an on-demand demonstration of Project Ares

\n

Happy cyber career searching!

\n
\n
\n
\n
\n
\n
Photo by Danial RiCaRoS on Unsplash
\n
\n
\n
\n
\n
\n
\n
Photo by Fabian Grohs on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"What you need to know about a cyber security career path"}},{"node":{"id":"44b3855d-5d88-5799-8f93-6e47d739af98","slug":"will-artificial-intelligence-replace-cyber-security-jobs","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/christian-wiediger-WkfDrhxDMC8-unsplash.jpg"},"date":"2019-10-29T08:34:01.000Z","content":"

The cyber security workforce gap continues to grow, and the availability of qualified cyber professionals is predicted to decrease in the coming years. In fact, a Cyber Security Workforce Study from the International Information System Security Certification Consortium predicts a shortfall of 1.8 million in the cyber workforce by 2022. Some resources even claim upwards of a 3.5 million worker shortfall within the next two years. While this can feel like impending doom and gloom for the industry, AI, or artificial intelligence, can help to quell the concerns while empowering existing cyber workers.

\n

While many other industries have seen robotic systems replacing the need for human workers, this doesn’t appear to be the case in cyber security. Humans are able to accomplish more when supported by the right set of tools. Allowing AI to support and react to human behavior allows cyber professionals to focus on critical tasks, utilize their expertise to analyze potential threats, and to make informed decisions when rectifying a breach. Autonomous cyber security doesn’t mean cyber security without humans.

\n

AI can do the legwork of processing and analyzing data in order to help inform human decision making. If we were to rely completely on AI to manage security risks, it could lead to more vulnerabilities because such systems have high risks for things like program biases, exploitation, and yielding false data. Nevertheless, if utilize and deployed correctly for cyber teams, AI has the ability to automate routine tasks for processionals and augment their responsibilities to lighten the workload.

\n

Learn more about AI’s role in cyber security professional training in our on-demand webinar!

\n

So, is AI going to take over the jobs of seasoned cyber pros? The answer is no; however, AI will drastically change the kinds of work cyber engineers are doing. In order for IT teams to successfully implement AI technologies, they will need a new category of experts to train the AI technology, run it, and analyze the results. While AI may be great for processing large amounts of data or replacing autonomous manual tasks, it will never be able to replace a security analyst’s insights or understanding of the field. There are some data points that require a level of interpretation that even computers and algorithms can’t quite support yet.

\n

AI can help to fill the workforce gap in the cyber security sector, although it may create a need for new skillsets to be learned by humans in the industry. AI and the human workforce are not in conflict with one another in this field, in fact, they complement each other. The future is bright for AI and humans to work in tandem at the front lines of cyber defense.

\n

For more information, check out our white paper on AI and gamification!

\n

 

\n

DOWNLOAD WHITEPAPER

\n

Photo by

\n

Christian Wiediger on Unsplash
\nPhoto by Mimi Thian on Unsplash

\n

 

\n","title":"Will Artificial Intelligence Replace Cyber Security Jobs?"}},{"node":{"id":"a17f968d-2b17-5eee-a407-20d1a9f002c5","slug":"why-cyber-security-is-important-in-the-education-sector","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/vasily-koloda-8CqDvPuo_kI-unsplash.jpg"},"date":"2019-10-22T08:45:02.000Z","content":"

It might surprise you to know that the education industry is a prime target for malicious hackers. While threats in this sector are on the rise, many education institutions are not prepared for a cyber attack nor do they know how to recover from one. In fact, there were 122 cyber attacks last year at 119 K-12 public education institutions, averaging out to an attack every three days. A 2018 Education Cyber Security Report published by SecurityScorecard also found that of 17 industries, the education sector ranked dead last in total cyber security safety. Schools are leaving themselves open to student and faculty identity theft, stolen intellectual property, and extremely high cost data breach reconciliation. In fact, a study done by the Ponemon Institute shows the average cost of a data breach in the education sector is $141 per record leaked.

\n

This industry faces some unique cyber security challenges:

\n\n

So how can educational institutions better protect themselves against looming cyber threats?

\n\n

Circadence is here to help. Cybersecurity in the education sector is more important than ever, and our immersive, gamified cyber learning platform, Project Ares, can help ensure that your cyber team is ready to defend against malicious attacks. Our inCyt product (coming soon!) will keep everyone else in your organization up to snuff on cyber defense and offense. We pair gamification with prolonged learning methods to make learning and retaining cyber security tactics simple and fun for all. Don’t let your institution and students be next in line for a breach–think inCyt, and Project Ares when you think cyber security for the education sector!

\n

If you’re still looking for more information on education and cyber security, check out these handy references:

\n\n

DOWNLOAD WHITEPAPER

\n
\n
\n
\n
\n
\n
Photo by Vasily Koloda on Unsplash
\n
\n
\n
\n
\n
\n","title":"Why Cybersecurity is Important for Higher Education Institutions"}},{"node":{"id":"e4eb9c5b-610f-5383-b07c-49e0b2c14b4c","slug":"trick-or-cyber-treat-how-quickly-hackers-use-your-information","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/10/mathew-schwartz-8rj4sz9YLCI-unsplash.jpg"},"date":"2019-10-17T21:21:17.000Z","content":"

We’re getting in the Halloween spirit (with a cyber security spin of course)! We started wondering about the mysterious (or not-so-mysterious) world of hacking.  We wondered just how frightfully easy it might be to gather intel from social platforms with minimal prerequisite knowledge.

\n

To that end, we did a little experiment in an attempt to understand the hacking process. We asked ourselves…

\n\n

Are we “sharing too much” as a population committed to living our lives on social media?

\n

To answer these questions and learn if we’re just asking to be tricked or if what hackers can find out about us is really their treat to exploit…[insert gloomy music here], we simulated an online  “stalking” exercise.

\n

<< See this cool graphic to your left or read below for the simple steps we took to find personal details of someone online.

\n\n

So gosh.  This turned out to be a frighteningly straightforward path to take to find intel on someone….even if some of their social accounts are private!  And, you might be shocked to know that it took us less than an hour to discover enough information about a random person.

\n

So what might a hacker do with the intel like what we just dug up? They use the information to manipulate us and make us vulnerable to an attack.

\n\n

And it can happen fairly quickly. Are you surprised?

\n

There’s good news here though. While we did learn from this exercise that what we each choose to share online is, indeed, asking to be tricked by hacker, the fact is WE have some control of what information is “out there”.  Hackers LOVE any data they can use about our interests and personal information to gain access to something they want (e.g. bank accounts, social security numbers, credit cards, etc.); but we can limit our personal information and lock down our profiles to minimize how much intel is out there to start with.

\n
\n
\n
\n
\n
\n
Photo by Ehud Neuhaus on Unsplash
\n
\n
\n
\n
\n
\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n","title":"Trick or Cyber Treat? How Quickly Hackers Use Your Information"}},{"node":{"id":"c0fe67d1-e295-5705-af6a-95bd72c3be1f","slug":"living-our-mission-blog-series-programming-innovation-in-orion-thanks-to-raeschel-reed-circadence-software-engineer","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/08/kaitlyn-baker-vZJdYl5JVXY-unsplash.jpg"},"date":"2019-10-16T08:25:32.000Z","content":"

There’s never a dull moment at work for Circadence Software Engineer Raeschel Reed. Between learning ways to use new technology, improving coding techniques, and operationalizing cyber innovations, Raeschel is a critical part to the success of the company’s product suite.

\n

She currently works on Orion, a curriculum development application that allows learning coordinators or security managers to customize cyber training exercises based on specific needs. Raeschel has been a part of the Orion development team for over nine months, working on the back-end operations to create the logic behind the functionality. The best part about working on this product is the level of collaboration Raeschel gets to experience.

\n

“We do a lot of pair-programming on Orion, where we work in groups of two or three to move tasks along quickly. Everyone has good ideas to share and suggestions that build on one another and it helps expediate the problem-solving aspect of software engineering,” she said.

\n

Prior to joining Circadence, she served as a senior software developer supporting the Naval Integrated Tactical Environmental System Next Generation and before that, at the Battelle Memorial Institute supporting various government contracts for the Department of Defense and Homeland Security. Those experiences helped her learn critical technical skills and computer languages that diversified her understanding of programming and software development. She’s also an alumnus of George Mason University (master’s degree in Computer Science) and Mary Washington College (bachelor’s in Computer Science).

\n

For Raeschel, the process of working with and applying a new tech stack like Kubernetes, back-end tools like Golang (an open-source programming language), and working in Azure, keep the act of software development truly unique and on the cutting-edge of innovation.

\n

While unique hobbies like soccer, sewing and improv feed her need to try new things, it is the tech industry she keeps returning to for career fulfillment.

\n

“Tech stuff I keep coming back to,” she said. “I have a growth mindset where I want to keep learning new things and trying new things and the field of cyber allows me to do that.”

\n

And if that wasn’t enough for Raeschel to feel inspired and innovative at Circadence, the team she works with is second to none in her eyes.

\n

“Team Orion is the BEST!” she exclaimed. “I feel very fortunate to be here and to have found ‘my people.’ Mondays never feel like Mondays.”

\n
\n
\n
\n
\n
\n
Photo by Fatos Bytyqi on Unsplash
\n
\n
\n
\n
\n
\n
\n","title":"Living our Mission Blog Series: Programming Innovation in Orion, Thanks to Raeschel Reed, Circadence Software Engineer"}},{"node":{"id":"77622803-f63d-52ff-90b0-c852bd56ad93","slug":"living-our-mission-blog-series-hitting-a-home-run-with-circadences-security-management-thanks-to-ts-reed-cybersecurity-engineer","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/10/joey-kyber-8eREIa0u4lw-unsplash.jpg"},"date":"2019-10-10T08:28:55.000Z","content":"

The journey to cybersecurity engineer has been an exciting one for Circadence’s TS Reed. The former baseball pro turned security tech expert found his passion for problem solving at Circadence. After completing an undergraduate degree in criminology at Cal State Northridge, he pursued a master’s degree in mechanical engineering at CSUN and then a master’s in cybersecurity engineering from the University of San Diego.

\n

TS started as an intern at Circadence and was quickly onboarded as a full-time employee for his technical prowess, adaptability, and knowledge of modern security functions and processes. For the past three years at Circadence, TS has monitored the company’s network security, tested the security of its products (including Project Ares) and learned how and what to look for to stay one step ahead of attackers.

\n

“It’s impossible to be bored in this job. Security is always changing: the way people build it, the way people attack it. You have to continuously learn and teach yourself the latest and greatest practices,” said TS.

\n

But cybersecurity management wasn’t always in the stars for TS. Prior to joining Circadence, TS coached division one baseball at the University of San Diego and was also an assistant coach and recruiting coordinator at the University of Arkansas Fort Smith. A Cal State Northridge Alum, TS was a well-respected baseball player, hitting home runs in the athletic industry (named a CIF California Player of the Year and a Division 1 All-American at CSUN) with the fourth highest batting average at the 2008 Big West Conference. After college he went on to play one year of professional baseball in St. Louis for the Gateway Grizzlies of the Frontier League.

\n

He traded in his baseball cleats for cybersecurity after discovering the inherent problem-solving nature of the field—a part of the job that greatly intrigued TS to dive into a completely new field of study and long-term career trajectory.

\n

For TS, one of the best ways to “win the game” in the security field is to think like a hacker. By understanding what vulnerabilities they look for to exploit and why, security engineers like TS, know how to harden systems and deploy preventative measures beforehand. And while open forum online communities help TS and other security professionals “understand the mind of a hacker” there is always a level of uncertainty he has to deal with.

\n

“Hackers are attacking constantly and finding new ways to infiltrate networks,” said TS. “We have to stay as close to them as possible,” he adds.

\n

While TS’ professional journey has been unconventional at best, he has noticed many lessons from his baseball career that have translated into the cyber arena.

\n

“Teamwork is huge; I learned early on in baseball that every teammate receives things differently. You have to take the time and care enough to figure out how your team members communicate. [In cyber security], everyone communicates differently too. Both in receiving communication and externally communicating. Step one is always getting a feel for that in order to be as effective as possible when communicating with teammates/team members.”

\n

Likewise, TS learned that in baseball, a player’s own skill level and performance weren’t the sole indicator of how “good” a teammate was. The greatest measure, he says, is how effective one is at making others better and serving them.

\n

“To be good at and handle your job is one thing but whenever you have a team involved, the greatest measure of a player or cyber employee is the capability to lift up those around them and make them better,” he advises. Empowering teammates, teaching them, and learning from them is the approach he lives by at Circadence.

\n

We are proud to have TS as part of the Circadence family and know while he’s not hitting balls out of the park at the stadium, he’s hitting home runs with Circadence, hardening its cyber security posture.

\n
\n
\n
\n
\n
\n
\n

Photo by Joey Kyber on Unsplash

\n
\n
\n
\n
\n
\n
Photo by Krzysztof Kowalik on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"Living our Mission Blog Series: Hitting a Home Run with Circadence’s Security Management, thanks to TS Reed, Cybersecurity Engineer"}},{"node":{"id":"a1376dd1-aa16-5aa5-a890-d008f1c862af","slug":"living-our-mission-blog-series-supporting-cyber-red-teams-with-consultations-and-pen-testing-from-josiah-bryan","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/StrikeSet_01_wallpaper_1440x900.jpg"},"date":"2019-10-08T08:00:12.000Z","content":"

While Circadence is proud to be a pioneer that has developed innovative cyber learning products to strengthen readiness at all levels of business, there’s one professional area at Circadence that doesn’t tend to get the limelight, until now. Meet Josiah Bryan, principle Security Architect for Circadence’s security consultation services, aptly called Advanced Red Team Intrusion Capabilities (ARTIC for short). For almost two years, Josiah has provided support and services to Red Teams around the country, those leading-edge professionals who test and challenge the security readiness of a system by assuming adversarial roles and hacker points of view.

\n

Josiah enjoys doing penetration testing and exploit development with Red Teams at a variety of companies to help them understand what a bad actor might try to do to compromise their security systems.

\n

But Josiah wasn’t always on the offensive side of cyber security in his professional career. He was first introduced to the “blue team,” or the defensive side of cyber, when he began participating in Capture the Flag competitions across the U.S. during his time as a computer science student at Charleston Southern University. Those competitions also exposed him to the offensive side of security training and he never looked back.

\n

After graduation, he took a job in San Diego with the U.S. Navy as a DoD civilian, finding vulnerabilities in critical infrastructure, which were then reported up to the Department of Homeland Security.

\n

“Learning how the DoD operates internally and how they conduct penetration tests/security evaluations was an extremely valuable skill and great background for my current job at Circadence,” he says.

\n

In addition to consulting with Red Teams, Josiah uses a variety of tools to show and tell companies about existing vulnerabilities. For example, badge scanners that let people gain access to a facility or room are quite common devices for Josiah and his team to test for customers. He might also use USB implants that provide full access to workstations and wireless signal identification devices.

\n

“We show people how easy it is to get credentials off of someone’s badge and gain access to an area,” he says. “They never believe we will find vulnerabilities but when we do, they realize how much they need to do to improve their cyber readiness,” he adds.

\n

But, ultimately Josiah’s favorite part of his job is the level of research and analysis he gets to do. “We are a research team, first,” he says. “We are pushing the boundaries in cybersecurity and discovering new ways that bad actors might take advantage of companies, before they actually do.  It’s a great feeling to help companies and Red Teams see the ‘light’ before the hackers get them,” he adds.

\n

Whether circumventing a security measure or patching a system, Josiah’s contributions to the field are significant.

\n

“Finding new ways to help people understand the importance of strong cyber hygiene is fulfilling,” he says. “We can’t stress it enough in today’s culture where attacks are so dynamic and hackers are always looking for ways to take advantage of companies.”

\n

To stay on the cutting edge of Red Team support, Josiah follows Circadence’s philosophy to persistently learn new ways to protect people and companies. “Any company is only as good as the least trained person,” Josiah says.

\n

 

\n","title":"Living our Mission Blog Series: Supporting Cyber Red Teams, with Consultations and Pen Testing from Josiah Bryan"}},{"node":{"id":"757d02d5-2137-5343-ac95-81103251ded6","slug":"how-to-stay-safe-from-social-engineering-attacks","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/tom-roberts-7vmA7Fx1Nyo-unsplash.jpg"},"date":"2019-10-03T08:15:59.000Z","content":"

What is social engineering and why does it matter? In the context of information security, it is a hacking tactic designed to psychologically manipulate or “trick” a person into performing actions or divulging confidential information. Social engineering threats are a wildly popular way for cybercriminals to get access to money or damage a company’s reputation. In fact, social engineering attack statistics in the past year are daunting. In 2018, more than 17% of workers fell victim to social engineering attacks, according to InfoSecurity Magazine. This is problematic, as you can imagine because it disempowers people who place their trust in digital communications and leaves them feeling scared to engage with anyone online (especially if they’ve fallen victim to an attack already). Likewise, the propensity of workers who fall for these attacks tells cyber professionals that more needs to be done to: 1) educate people on what social engineering is, 2) how it manifests and impacts your personal life, and 3) the effects it can have on companies whose workers succumb to the attacks. In this article, we will discuss ways to recognize social engineering in your digital life and how to increase your cyber security awareness for these types of attacks using…games (yes, games!). More to come on that later.

\n

Types of Social Engineering Attacks and How to Spot Them

\n

Social engineering techniques come in many forms, but one of the most common ways to manipulate a person is via phishing email or a phone call. A malicious hacker could pose as one of your email contacts and send you a message to get personal information. Or an email aligning to your interests that seemingly comes from a store you frequent could allow a hacker access to your bank account. Perhaps your friend reaches out in need of help for an issue they are experiencing. One click in that email and a cybercriminal has instant access to all kinds of data about you from the operating system you use, even your social security number.

\n

 

\n

Some warning signs to think about if you believe you’re being attacked:

\n\n

“My mom just became a victim of a social engineering hack recently…A person hacked into her email and she received a notice her firewalls were damaged and that she needed to pay money to have them restored before her data was compromised…a few hours later she found herself on the phone with a supposed representative of a reputable tech company giving out her credit card info to remedy the situation. It was incredibly disheartening to hear and I felt terrible that she experienced that. Fortunately, she was able to get her money back but this wasn’t the first time she fell victim to such a scam.” ~ a Circadence employee

\n

This is just one example of what can happen when someone is unaware of social engineering tactics or just doesn’t know how to recognize them.

\n

How to Protect Yourself from Social Engineering Attacks

\n

Understanding defensive strategies will help anyone looking to “up the ante” on their social engineering detection prowess. Some strategies include:

\n\n

These are just a few options but honestly, one should not simply “pick and choose” from the above options in a silo. Those looking to protect themselves should adopt what SANS calls a “multi-layered” defense against social engineering, where if a hacker penetrates one level of protection, he/she can’t get into the next layer without being “found out.” And when all else fails, trust your gut! If something seems strange, out of the blue, or too good to be true, it probably is.

\n

Persistent Cybercrime Requires Persistent Cyber Learning and Training – with Games!

\n

Security awareness and defensive strategies are more than just telling people to update their software when prompted. It requires a deeper analysis and understanding of what, when, and how cybercriminals exploit vulnerabilities (and warning signs you’re being attacked).

\n

Further, as social engineering attacks infiltrate and impact businesses, employees need to know what confidential information is, how to identify sensitive data, and how they as individuals can safeguard it simply by being proactive and cautious in their everyday online behavior. Nobody is immune to a social engineering attack and malicious hackers are working new vulnerable people every day to make progress and get what they want. But don’t let the “doom and gloom” of persistent cybercrime get you down…get empowered and fight back!

\n

To begin a journey toward social engineering self-protection, we recommend looking into tools that help you learn cyber security basics and foundations. Our inCyt tool can help with that. It is a gamified security awareness training solution that doesn’t require any prerequisite knowledge of cyber security to play.

\n

Accessible via a browser, inCyt invites players to complete in epic cyber-themed battles to increase the Cyber IQ of all players. Players gather intel and then use gamified hack processes like phishing and malware to take out their opponent. It disrupts the standard, stale teaching options currently available by giving people instant, approachable access to learning cyber in a fun way. Non-technical employees too, can play and learn real-world concepts like social engineering.

\n

\n

Social engineering is a very real threat and one that isn’t going away any time soon. Once companies realize that every cyber vulnerability starts with its people knowing and understanding how to protect themselves, the more companies will be on the defensive against these types of attacks. A willingness to empower oneself with persistent, gamified training and a multi-layered defensive approach is key to stopping social engineering hackers in their tracks. If more people adopt these strategies, social engineering will become much more difficult to deploy.

\n

Photo by Austin Distel on Unsplash
\nPhoto by Tom Roberts on Unsplash

\n","title":"How to stay safe from social engineering attacks"}},{"node":{"id":"a333dba1-7ddf-5b25-b739-10a22f9927c8","slug":"exclaim-cyber-for-all-during-national-cyber-security-awareness-month","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/joel-muniz-XZBjfxj_NPQ-unsplash.jpg"},"date":"2019-10-01T08:20:29.000Z","content":"

Happy National Cyber Security Awareness Month! We all know that cyber security isn’t just a month-long focus area for businesses and individuals—but this month, we are grateful for the collaborative effort between government entity Department of Homeland Security and the National Cyber Security Alliance that together, place a lens on cyber (as an industry, strategy, and operation). It reminds us that the industry is persistent and impacts us all, and is not siloed into a single time span, or targeted to a specific industry or person. We know this because of data cyberattacks on businesses occurring every day, the continual discussion about the cyber talent “gap” and lack of holistically-trained workforce, and because of the ineffectiveness of passive-learning training models many professionals are exposed to today. Nevertheless, as the world draws its attention around cyber in October and the industry evolves to better serve today’s professionals and businesses, we wanted to communicate the critical idea that cyber really IS for all as we strive to make cyber awareness learning accessible, intentional, and effective.

\n

Making cyber learning accessible

\n

We believe there are three ways to make cyber learning more accessible: providing a comprehensive learning curriculum, making it available via a browser, and using gamification as a tool for ingesting and retaining new information.

\n

Before we dive into each of those areas, let’s get more context about the concept of cyber learning itself. For a long time, cyber security has been thought of as a technical career and while there is a great deal of technical prowess that goes into the day-to-day tasks of a cyber pro, the idea of cyber security being an “anyone can do it” profession hasn’t popularized – and rightly so.

\n

With roots in the military and government (cyber range training), learning cyber security has been a structured, systematic, and data-driven process typically executed in a passive learning setting where students watch or listen and then take a test at the end of the lesson. There is minimal opportunity for hands-on practice in safe and secure environments, making cyber security learning and awareness of its purpose, value, and function a little more ethereal than we in the industry would like.

\n

Comprehensive Learning Curriculum

\n

One way to ensure “cyber for all” (our rally cry this year), is to make cyber training more readily available to reach today’s learner (the next generation of cyber pros) while injecting a touch of personal accountability toward the concept. This should include a learning curriculum that addresses:

\n

–      General awareness topics: These are topics that are broadly applicable to all employees of an organization and ones they should know regardless of IT level or expertise. Cyber security awareness topics at this level might include phishing, malware, social engineering, identity theft, removable media security, insider threats, social media vulnerabilities, etc.

\n

–      Industry-focused topics: relevant cyber security issues segmented by industry where security is a priority, especially highly regulated sectors like healthcare, government and industry, finance, election security, manufacturing, electricity, etc.

\n

–      Executive level topics: more functional/business topic areas where corporate leaders and other high-risk personnel and privilege users are impacted. Cyber security awareness topics at this level might include support/maintenance, consulting, managed services, legislation, risk assessment, etc.

\n

By offering pathways upon which interested cyber enthusiasts or seasoned pros can “walk along,” it gives learners an idea as to how to develop their knowledge and skills. Further, cyber learning and awareness becomes more accessible because there is a route—or cyber learning journey—for everyone to choose.

\n

Browser-Based Accessibility

\n

The other component to ensure learning cyber awareness is accessible is by making the act of learning available to virtually anyone—via a browser. Online trainings today are quite popular for cyber enthusiasts and pros in training who want to hone their skills—and the idea of being able to access a cyber security course or activity online without having to leave the office or home is not only convenient but preferred these days. Some companies (like ours) are taking cyber training a step further by placing it in the cloud (Microsoft Azure) so learning can be scalable, more collaborative, and more customizable to learner needs.

\n

Gamified Cyber Learning

\n

Finally, cyber awareness learning can be attained by making learning fun. We do this with elements of gamification, which engage and inspire learners to train in environments that are not only realistic but also supported by a compelling narrative that invites players to progress through activities. Components like leaderboards, points, badges, and team-based collaboration allow learners to build a sense of “healthy competition” while learning and building skills and cyber competencies. Circadence offers learners of all skill levels various game-based activities from foundational concept learning in games like RegExile to application and analysis in Project Ares’ battle rooms and missions.

\n

One student who played our RegExile cyber learning game in his cyber security course at CU Boulder said:

\n

“I played the RegExile game today and I have to say I have hated regex till now, but when I learned it through the game, I actually liked it. It was really fun. I liked the concept of how a false sense of impending danger from the robots can make you think better and learn more. I was typing out my regex and actually thinking quite hard on how it could work and what I could do to make sure it was right as I did not want to lose the shield. I learned more through this game on regex than what I had in my undergrad class.” ~ Student at CU Boulder Cyber Security Course

\n

\n

Make Cyber Learning Intentional

\n

Cyber learning has to be intentional. In order for students and existing cyber pros to get the most out of their training, they need a curriculum path that is not only diverse (based on skill needs), but also one that addresses all phases of learning: knowledge, comprehension, application/analysis, and synthesis/evaluation.

\n

Can we insert an image that illustrates the “learning phases” of knowledge, comprehension, application/analysis, and synthesis/evaluation?

\n

After understanding what cyber concepts are and how they impact our professional and personal lives (knowledge and comprehension), a learner needs to be able to build their cyber literacy and knowledge “essentials” by developing baseline cyber skills (application/analysis). Then, they can apply those skills in objective-based activities that synthesize concepts (evaluation).

\n

“I personally found Project Ares to be a great learning experience and thought the mission environment was seamless.” ~ Chris N. UNCW Cyber Security Operations Club

\n

Making Cyber Learning Effective

\n

For IT Security Specialists and professionals, cyber learners can advance their competencies via recurring role-based training combined with continuing education and real-world experience trainings. Cyber learning needs to be rooted in best practice, industry-defined frameworks and there’s no better model to follow than the framework set forth by the NIST/NICE organization.

\n

By aligning learning curriculum against work roles, learning concepts and skills inherently becomes more effective because it is RELEVANT for people. They learn concepts, how to apply them and can draw connections to how those concepts apply to their own jobs or jobs they aspire to. Further, the learning permeates into individual’s personal lives as well, enhancing cybersecurity at home.

\n

We have built-in five NIST/NICE work roles that are present in Project Ares for trainees to work toward including:

\n

–      Cyber Defense Infrastructure Support Specialist

\n

–      Information Systems Security Manager

\n

–      Threat Warning Analyst

\n

–      Systems Security Analyst

\n

–      Cyber Defense Analyst

\n

Intentional cyber learning following this framework focuses on a particular technical topic, such as Incident and Event Management, Identification of Privilege Escalation Techniques, or Elections and Voting Security. This type of work role specification helps make learning cyber a reality.

\n

Summing it up

\n

While there’s no switch to turn on every part of this “cyber for all” plan, we hope it helps shed light on ways security leaders and HR directors can begin to cultivate an inclusive cyber culture in their own workplace, among their own teams. As we celebrate National Cyber Security Awareness Month (NCSAM 2019), it’s important for us to resurface conversations around what it means to actually be aware and how we can manifest that meaning into something that really makes an impact on business’ security posture. We hope this post is one inspiration to start initiating those conversations around shared responsibility to ensure all Americans stay safe.

\n

 

\n

Photo by Joel Muniz on Unsplash

\n
\n
\n
\n
\n
\n
Photo by Mimi Thian on Unsplash
\n
\n
\n
\n
\n
\n","title":"Exclaim “Cyber for All!” During National Cyber Security Awareness Month"}},{"node":{"id":"4d8842ca-df81-5f40-9dd3-6659a98120bf","slug":"why-alternatives-to-traditional-cyber-training-are-needed-immediately","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/christopher-gower-m_HRfLhgABo-unsplash.jpg"},"date":"2019-09-24T06:32:03.000Z","content":"

Are you looking for a more effective, cost-conscious cyber training tool that actually teaches competencies and cyber skills? We’ve been there. Let us share our perspective on the top cyber training alternatives to complement or supplement your organization’s current training efforts.

\n

Cyber training has evolved over the years but not at pace with the rapid persistence of cybercrime. Cyberattacks impact businesses of all sizes and it’s only a matter of time before your business is next in line. Traditional cyber training has been comprised of individuals sitting in a classroom environment, off-site, reading static materials, listening to lectures, and if you’re lucky, performing step-by-step, prescriptive tasks to “upskill” and “learn.” Unfortunately, this model isn’t working anymore. Learners are not retaining concepts and are disengaged from the learning process. This means by the time they make it back to your company to defend your networks, they’ve likely forgotten most of the new concepts that you sent them to learn about in the first place. Read more on the disadvantages of passive cyber training here.

\n

So, what cyber training alternatives are available for building competency and skill among professionals? More importantly, why do you need a better way to train professionals? We hope this blog helps answer these questions.

\n

Cyber Range Training

\n

Cyber ranges provide trainees with simulated (highly scalable, small number of servers) or emulated (high fidelity testing using real computers, OS, and application) environments to practice skills such as defending networks, hardening critical infrastructure (ICS/SCADA) and responding to attacks. They simulate realistic technical settings for professionals to practice network configurations and detect abnormalities and anomalies in computer systems. While simulated ranges are considered more affordable than emulated ranges, several academic papers question whether test results from a simulation reflect a cyber pro’s workplace reality.

\n

Traditional Cyber Security Training

\n

Courses can be taken in a classroom setting from certified instructors (like a SANS course), self-paced over the Internet, or in mentored settings in cities around the world. Several organizations offer online classes too, for professionals looking to hone their skills in their specific work role (e.g. incident response analyst, ethical hacker). Online or in-classroom training environments are almost exclusively built to cater to offensive-type cyber security practices and are highly prescriptive when it comes to the learning and the process for submitting “answers”/ scoring.

\n

However, as cyber security proves to be largely a “learn by doing” skillset, where outside-of-the-box thinking, real-world, high fidelity virtual environments, and on-going training are crucially important, attendees of traditional course trainings are often left searching for more cross-disciplined opportunities to hone their craft over the long term. Nevertheless, online trainings prove a good first step for professionals who want foundational learnings from which they can build upon with more sophisticated tools and technologies.

\n

Gamified, Cyber Range, Cloud-Based Training

\n

It wouldn’t be our blog if we didn’t mention Project Ares as a recommended, next generation alternative to traditional cyber training for professionals because it uses gamified backstories to engage learners in activities.  And, it combines the benefits and convenience of online, cyber range training with the power of AI and machine learning to automate and augment trainee’s cyber competencies.

\n

Our goal is to create a learning experience that is engaging, immersive, fun, and challenges trainee thinking in ways most authentic to cyber scenarios they’d experience in their actual jobs.

\n

Project Ares was built with an active-learning approach to teaching, which studies show increase information retention among learners to 75% compared to passive-learning models.

\n

Check out the comparison table below for details on the differences between traditional training models and what Project Ares delivers.

\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Traditional Training
\n(classroom and online delivery of lectured based material)		Project Ares
\n(immersive environment for hands on, experiential learning)
Curriculum Design

\n
    \n
  • Instructors are generally experts in their field and exceptional classroom facilitators.
    • \n
  • Often hired to develop a specific course.
    • \n
  • It can take up to a year to build a course and it might be used for as long as 5 years, with updates.
    • \n
  • Instructors are challenged to keep pace with evolving threats and to update course material frequently enough to reflect today’s attack surface in real time.
    • \n
  • It is taught the same way every time.
    • \n
\n		Curriculum Design

\n
    \n
  • Cyber subject matter experts partner with instructional design specialists to reengineer real-world threat scenarios into immersive, learning-based exercises.
    • \n
  • An in-game advisor serves as a resource for players to guide them through activities, minimizing the need for physical instructors and subsequent overhead.
    • \n
  • Project Ares is drawn from real-world threats and attacks, so content is always relevant and updated to meet user’s needs.
    • \n
\n
Learning Delivery

\n
    \n
  • Courses are often concept-specific going deep on a narrow subject. And it can take multiple courses to cover a whole subject area.
    • \n
  • Students take the whole course or watch the whole video – for example, if a student knows 70%, they sit through that to get to the 30% that is new to them.
    • \n
  • On Demand materials are available for reference (sometimes for an additional fee) and are helpful for review of complex concepts.   But this does not help student put the concepts into practice.
    • \n
  • Most courses teach offensive concepts….from the viewpoint that it is easier to teach how to break the network and then assumes that students will figure out how to ‘re-engineer’ defense. This approach can build a deep foundational understanding of concepts but it is not tempered by practical ‘application’ until students are back home facing real defensive challenges.
    • \n
\n		Learning  Delivery

\n
    \n
  • Wherever a user is in his/her cyber security career path, Project Ares meets them at their level and provides a curriculum pathway.
    • \n
  • From skills to strategy:   Students / Players can use the Project Ares platform to refresh skills, learn new skills, test their capabilities on their own and, most critically, collaborate with teammates to combine techniques and critical thinking to successfully reach the end of a mission.
    • \n
  • It takes a village to defend a network, sensitive data, executive leaders, finances, and an enterprises reputation:  This approach teaches and enables experience of the many and multiple skills and job roles that come together in the real-world to detect and respond to threats and attacks….
    • \n
  • Project Ares creates challenging environments that demand the kind of problem solving and strategic thinking necessary to create an effective and evolving defensive posture
    • \n
  • Project Ares Battle Rooms and Missions present real-world problems that need to be solved, not just answered. It is a higher-level learning approach.
    • \n
\n
\n

If you want to learn more about Project Ares and how it stacks up to other training options out there, watch our on-demand webinar “Get Gamified: Why Cyber Learning Happens Better With Games” featuring our VP of Global Partnerships, Keenan Skelly.

\n

  You can also contact our experts at info@circadence.com or schedule a demo to see it in action!

\n

Photo by Helloquence on Unsplash

\n","title":"Why Alternatives to Traditional Cyber Training Are Needed Immediately"}},{"node":{"id":"66fcded9-1e3b-570d-aff4-89cea51b363d","slug":"help-wanted-combating-the-cybersecurity-skills-shortage","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/projAres_office_03_wallpaper_2560x1440.jpg"},"date":"2019-09-18T19:35:04.000Z","content":"

Recent news headlines frequently communicate about the massive cyber security skills shortage in the industry so we wanted to dig deeper into this phenomenon to find out why there’s a cyber security talent gap and what can be done about it. Cyberattacks are permeating every commercial and government sector out there yet industry and analyst reports indicate there isn’t a large enough talent pool of defenders to keep pace with evolving threats. When data is compromised and there aren’t enough cyber security staff to secure the front lines, we ALL are at risk of identity theft, monetary losses, reputational damage, fines, and operational disruption. cy

\n

Statistics on the Cyber Skills and Talent Gap

\n

With more than one in four organizations experiencing an advanced persistent threat (APT) attack and when 97 percent of those APT’s are considered a credible threat to national security and economic stability, it’s no wonder the skills shortage is on everyone’s mind.

\n

A report from Frost & Sullivan found that the global cybersecurity workforce will have more than 1.8 million unfilled positions by 2020 (that’s next year!) while some sources report a 3.5 million shortfall by 2021.

\n

It begs several questions:

\n\n

Strategies to Minimize the Cybersecurity Skills Shortage

\n

Given the pervasive nature of cyber attacks, businesses can’t afford to wait around for premiere talent to walk through the door. Companies need to take a proactive and non-traditional approach to hiring talent—and, yes, it takes effort. Closing the corporate cyber-operations talent shortage may even take a company culture overhaul.

\n

Miller suggests that recruiters “must learn to engage security professionals through less traditional avenues. The best security recruiters have learned how to connect with the community via social media. They’ve learned how to have meaningful interactions on Twitter and are patient in their approach.”

\n

Whether looking to fill a position in digital forensics or computer programming or network defense or even cyber law, the skills required for those positions can be taught with the right tools. Companies should learn to be flexible with those requirements as many are now filling unopened positions by hiring and then teaching and training professionals on preferred cyber skills and competencies. Recruiters need to adopt a paradigm shift during the talent search and be more comfortable hiring for character and cultural fit first, then, training for skills development.

\n

Fill the talent pipeline

\n

Consider hiring people with different industry backgrounds or skill sets to bring new ideas to the table. Sometimes, getting an “outside” perspective on the challenges firms are facing sheds a new light because they notice nuances and inconsistencies that internal teams, who are in the day-to-day, may not see immediately. Look for passionate candidates with an eagerness to learn.

\n

Companies today are prioritizing skills, knowledge, and willingness to learn over degrees and career fields because they know that some things cannot be taught in a classroom such as: curiosity, passion, problem-solving, and strong ethics.

\n

Look for individuals with real-world experience

\n

If you happen to have candidates in your pipeline that have industry knowledge, ask about their real-world experience. Inquire about the kinds of things they’ve learned in their previous position and get them to share how they remedied attacks. Create a checklist of skills you desire from a candidate that may include identity management, incident response management, system administration, network design and security, and hacking methodologies, to name a few. Learning how they dealt with real situations will reveal a lot about their personality, character, and skill set.

\n

Re-examine job postings

\n

Often a job posting is the only thing compelling a candidate to apply for a position. If the job posting is simply a laundry list of skills requirements and degree preferences, it may deter candidates who have those skills but also seek to work for a company that values innovation, creativity, and strategic vision. Read descriptions carefully to determine if they portray the culture of your organization. If a cultural vibe is lacking, it may be time to inject a sense of corporate personality to attract the right candidates.

\n

Provide continuous professional development opportunities

\n

With advances in technology, professionals need to be on top of the latest trends and tools to succeed in their job. That is why it is vital to re-skill and persistently train cybersecurity professionals so they can prepare for anything that comes their way—and you can retain your top talent. Conferences, webinars and certifications are not for everyone—so it is important to find growth opportunities that employees want to pursue for both their personal as well as their professional benefit.

\n

Create a culture of empowerment for retention

\n

CISOs can set expectations early in the hiring process so candidates understand how their specific role impacts the organization. For example, during the interview process, notify candidates of your expectation that they be “students of the industry” such that they are expected to stay on top of security news and happenings.

\n

Gartner advocates for a “people-centric security” approach where stacks of tools are secondary to the powerful human element of security. Additionally, send out quarterly or bi-monthly roundups of the latest cyber security news and events to keep your team abreast of current affairs. Making it as easy as possible for them to be “students of the industry” increases the likelihood that they will remain current on industry developments and engaged in their role.

\n

Invest in Cyber Training to Cultivate Talent

\n

Executives are demonstrating their support for strong info security programs by increasing hiring budgets, supporting the development of info security operation centers (SOCs) and providing CISOs with the resources they need to build strong teams.

\n

With the right talent, you will have a better chance of successfully defeating attackers, staying aware of current threats, and protecting your team, your company—and your job. These strategies will go a long way in preventing future attacks and preparing staff and systems to respond when things go awry. The cyber security staffing shortage is no longer just a cyber security department issue—it’s a global business risk issue.

\n

 

\n","title":"Help Wanted: Combating the Cyber Skills Gap"}},{"node":{"id":"11893628-7f60-5921-9130-135efb1c59e7","slug":"living-our-mission-embracing-the-art-of-gamification-with-hector-robles-lead-game-designer-at-circadence","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/09/ugur-akdemir-5X39cfzKX3o-unsplash.jpg"},"date":"2019-09-17T08:35:29.000Z","content":"

If there’s anyone who truly embodies the art of gamification, Hector Robles name just might top that list. As a lead game designer at Circadence, Hector works closely with the company’s content and curriculum departments to take complex cyber concepts and learning paths and artistically weaving them into fun cyber games that make learning desirable.

\n

Hector has more than nine years of professional experience in the game design and cyber security/tech space, but his career wasn’t always rooted in making games for companies. In fact, after graduating from high school, Hector proudly served in the U.S. Army, as a military police officer. It was there he gained an understanding of and appreciation for the importance of security as a whole. Hector saw firsthand how proliferating technology impacted both civilian security and military security operations. After his service, Hector followed his interest and passion for game design by attending the Miami International University of Art and Design and graduating with a degree in game design. Then, he began working with media conglomerates and startup companies as a designer, producer, and artist.

\n

But something was missing. While Hector was accumulating an impressive portfolio of entertainment game design work, he sought something more meaningful—a way to apply his skills in game design to help others. It was then he learned about Circadence and joined the game development team alongside colleagues Kari Sershon, Ronaldo Periera and Jose Velazquez.

\n

Hector has worked on Circadence’s flagship platform Project Ares, specifically the cyber learning games embedded within it. The cyber learning games that Hector has designed will also soon become a part of the CyberBridge Essentials learning hub for wider customer access. Hector’s work can be seen most poignantly in Circadence’s new 2019 game, RegExile, which teaches players how to do regular expression coding work. RegExile helps players learn the syntax of regular expressions so they can efficiently parse through the data in search of evidence of a breach. It is a fast-paced pattern-recognition game that teaches the concepts of regular expression while exercising player’s muscle memory and reaction time. The game challenges players to form the correct expression to select or exclude data while immersing them in a futuristic “save the world” scenario filled with human-destroying robots. Players must recognize patterns in the names and type proper RegEx techniques to eliminate robots before they destroy the colony.

\n

For Hector, designing games like this is fulfilling. “It’s a completely different beast from entertainment game design. It’s meaningful to take complex cyber concepts and turn them into fun, interactive, easily-digestible material for players—whether it’s people just starting out in cyber security or seasoned professionals looking to brush up on skills,” Hector says.

\n

Hector typically approaches new game development by first thinking about how to make a certain concept or task in cyber “fun.” He does a lot of game research to come up with ideas of new game play designs and layouts. The research, which may include playing a game of Dungeons and Dragons to get the cognitive juices flowing, playing an arcade style game to think of narrative storylines and actions, or even breaking out a board game with friends, sparks Hector’s imagination and creativity. Once he has an idea of what kind of game he wants to create to teach the cyber concept that the Circadence Curriculum team has outlined, he develops a one-page pitch for stakeholders that presents his ideas cohesively, including details on game objectives, purpose, and technical specifications. After approval, the fun begins! Hector and his team start prototyping features and components of the game to make the ideas on paper become reality. For RegExile, he planned out the movement of the robots in the game by moving game board pieces around to capture an authentic “in game” feeling for the player.

\n

“I try to always think about what games are out there and how we can make our games truly unique,” says Hector. “We’re constantly thinking about things like accessibility, narrative, and pacing to ensure our games aren’t just entertaining, but that people are really learning from them,” he adds.

\n

Hector is also working on augmented reality and virtual reality card games where players can learn cyber security concepts in industry-specific settings like oil rigs and power plants to further engage one’s understanding of different cyber threats and defense tactics in the cyber kill chain. Users will eventually be able to use physical playing cards to learn things like ports and protocols too. Stay tuned for more on that!

\n

While some may view Hector’s work as all fun and games, it does have a meaningful component that many end-users don’t think about at first. When someone logs onto a game, they are presented with audio/visual and text-based cues to inspire their behavior or ignite an action. Those cues are what allow a player to understand how to engage and act in a game setting, so they are not confused as to what to do or how to do something. Hector’s work takes the guessing out of game play for Circadence’s products. Players who engage with a cyber learning game like RegExile know immediately how to play the game and what the objective is without having to jump through hurdles or be confused at where to start. Thank Hector and his team for that!

\n

“When they get to the platform, they know what to do, the basics of the tool, and more of the narrative and understanding of how they’ll engage with it,” said Hector. “It’s the components we build into the game that allow them to feel empowered when they hit “play” to start,” he adds.

\n

It’s Hector’s team’s expertise behind the coding work, gamification elements, and user interface that comes together to create the best user experience for the player. The art of gamification not only engages and entertains, but it inspires, teaches, and instills cyber knowledge in the minds of players who want to grow in cyber competency and skill.

\n

“Seeing someone’s face light up when they play our games brings a smile to my face,” says Hector. “At first they’re hesitant but then they start playing and there is a moment of clarity that washes over their face that makes the time and energy put into our games all worth it.”

\n

Hector believes the best way to learn is by playing games. That’s what ‘living our mission’ at Circadence is all about. The power of games can cement cyber concepts and we look forward to seeing what Hector and his team whip up next to keep professionals and first-time cyber learners coming back for more knowledge and skill building.

\n","title":"Living Our Mission: Embracing the Art of Gamification with Hector Robles, Lead Game Designer at Circadence"}},{"node":{"id":"ea1da9d4-1443-59bc-969b-9bfc82c0c41b","slug":"living-our-mission-blog-series-building-hyper-scalable-cyber-training-experiences-with-randy-thornton-enterprise-architect-at-circadence","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/08/markus-spiske-Skf7HxARcoc-unsplash.jpg"},"date":"2019-09-09T08:25:35.000Z","content":"

A newly minted Engineering Fellow, Randy Thornton has dedicated his craft to software development for over 30 years. His passion for learning and using new technologies is evident in Circadence’s cyber range platform, Project AresÒ.

\n

Randy joined Circadence in 2005 when the company was selling its WAN Optimization product, MVOÔ. His background in scientific computing software for CAD/CAM, telecom, and seismology have all been brought to bear to transform Project Ares from a mere cool idea that met unique market demands, to now, a full-fidelity, hyper-scalable range training tool for cyber security professionals used worldwide.

\n

Randy and Circadence: Then and Now

\n

In the beginning, there were about four Circadence employees working on the Project Ares prototype, which was eventually adopted by government and military agencies who were looking for better ways to train their cyber operators. Fast forward to today, Randy is leading the Project Ares team to redesign the architecture to scale within Microsoft Azure.  The goal is to provide private sector enterprises the same cutting-edge opportunity to train their cyber teams of any size and location on a gamified range—persistently, authentically, with flexibility and relevant to their specific cyber readiness needs. And Randy has been there through it all!

\n

Today Randy mentors the engineering team at Circadence and helps them identify and collate standards around how the company’s products’ code is written and tested. He also helps identify what technologies to use and evaluates the technical feasibility of using new tech in the products themselves.

\n

“Researching and learning new technology and staying on the cutting-edge is one of the most exciting parts of my job,” said Randy. “I see so much potential for Project Ares…so much promise…and being able to build out complicated networks in the cloud is a welcomed challenge for me.” he added.

\n

Fellow Designation Reflected in Technical Capabilities within Project Ares

\n

Randy’s contributions have been celebrated with a promotion to an Engineering Fellow, a significant career milestone that honors his achievements, expertise, and technical leadership to Project Ares, Circadence, and the cyber security industry as a whole.  The well-deserved recognition clearly stems from the fact that Randy never stops learning! He recently completed his Azure architecture certification exam, which helps him contribute to transitioning Project Ares to run on Microsoft Azure intelligent cloud.

\n

“Project Ares’ ability to scale across regions is even more prevalent now thanks to Microsoft Azure,” said Randy. “The usability, the functionality, and its capability to connect across multiple locations and look like one single installation will be very beneficial to enterprise and government entities looking to scale their cyber training efforts effectively.”

\n

A professional motto that drives Randy’s belief in continuous innovation in Project Ares is “Every time we change code, we should improve it.” It is this technical philosophy that has kept Randy and the Circadence engineering team on their toes and moving at pace to meeting market demands for scalable cyber training experiences.

\n

Evolving Cyber Training to Scale for Customers

\n

Randy’s current project lies in Project Ares.Next, an evolution of Project Ares from an on-premise application to a true cloud native SaaS platform that fully exploits the advantages of the cloud computing model.  Many of the cloud native improvements for Project Ares will be “under the covers”.  But customers will see performance improvements in mission virtual machines and new cyber curriculum will be able to be added to the platform more expeditiously. Project Ares users who want to train their teams from anywhere in the world will be able to do so persistently, without compromising user experience and impacting mission load times, etc.

\n

As Project Ares evolves, we start to adapt to Go and Google standards and Kubernetes standards,” said Randy. “We’ve been working closely with Microsoft engineering teams on how we use the Azure Cloud most effectively and efficiently,” he adds.

\n

The work of Randy and his teams is technical in nature and we greatly appreciate the level of knowledge and expertise they have to ensure Project Ares stays on the cusp of cyber training market demands using the latest technology to automate and augment the cyber workforces of tomorrow. We are grateful for their work to make Project Ares better every day as they use their talents to inform what our customers experience in the platform.

\n

Learn Project Ares, including recent mission and battle room updates!

\n
\n
\n
\n
\n
\n
\n

Photo by Markus Spiske on Unsplash
\nPhoto by John Schnobrich on Unsplash

\n
\n
\n
\n
\n
\n
\n","title":"Living Our Mission Blog Series: Building Hyper-Scalable Cyber Training Experiences with Randy Thornton, Enterprise Architect at Circadence"}},{"node":{"id":"fcbadf28-d1f1-5dc8-8a52-6e771dacbc7d","slug":"living-our-mission-learning-is-built-into-project-ares-thanks-to-victoria-bowen-instructional-designer-at-circadence","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/08/art-creative-design-5836.jpg"},"date":"2019-09-04T10:30:55.000Z","content":"

Victoria Bowen has worked in the instructional design field for about 35 years – primarily developing e-learning with a smattering of web development, SharePoint development, and Learning Management System administration. She holds an undergrad degree is in psychology, a master’s in special education, and doctorate in curriculum, instruction, and supervision with emphasis on instructional design.  What that means is that she knows how people learn and what aids and interferes with learning in training products. Victoria worked an IT security services company and then transitioned to a training role with the Air Force’s Cyberspace Vulnerability Assessment/Hunter (CVAH) weapon system. “I was responsible for the training database and the app store for several versions of CVAH.  I also developed user guides and training materials,” she said. Victoria served in that role for about nine months before joining the Circadence team.

\n

Since September 2013, Victoria’s main job as an instructional designer has been to analyze training needs for Circadence products. She helps assess target audiences for Circadence products to determine learning goals and objectives for the product designers. She establishes the behaviors that a user would be assessed against, after engaging with the product, to ensure learning has occurred. Victoria also suggests ways to evaluate those behaviors to optimize product utility. In doing so, she prepares training outlines and documentation and writes content development processes and learning paths. Mapping Job Qualification Requirements (JQRs) tasks to training tasks is a regular function of Victoria’s job alongside mapping National Institute of Standards and Technology (NIST) standards to training tasks. She ensures the core skills addressed in our curriculum creation tool Orion™ align to defined NIST standards.

\n

Applying instructional design theory to new technology

\n

What keeps Victoria returning to her desk every day is the challenge of learning and applying instructional design theory to cutting edge training technology. Although the old rules still apply, Circadence is leading the way in developing new rules and research on how learning happens and best practices for simulations like Project Ares®. We know a lot about constructivism as an underlying theory, but to apply it gaming environments like Project Ares is new and fascinating,” she says.

\n

The challenge of applying theory to technology is complicated by the fact that new books about instructional design and cognitive analysis and processing are published frequently. And there are new online articles every month. Also, there is a growing emphasis on instructional analysis before beginning training development projects, so there is a growing emphasis on analytical skills for instructional designers. These skills help us design the right training, just enough training, and just in time training for learners.

\n

“Ensuring we are constructing an environment in which the player is constantly learning, not just performing a task or activity is essential.  We need the player to understand the what, when, how, and why related to the tasks they perform in the environment.  For deeper learner and better retrieval from long term memory, we also need the player to understand how their tasks relate to each other.” Victoria says. “Furthermore,” she adds, “we want the player’s understanding and performance to progress from novice to intermediate to expert. That doesn’t happen just by repetition. There must be instruction too.”

\n

Instructional design within Project Ares

\n

For the Project Ares Battle Rooms and Missions, Victoria collaborates with cyber security subject matter experts to write the learning objectives and assessment criteria, provide role-based learning content outlines, identify gaps and redundancies in content, and review product design to ensure high quality instructional design aspects. For inCyt™, she’s written the scripts for several of the cyber security lessons. Finally, Victoria also reviews and identifies instructional design issues such as scrolling text and text display not controlled by the user, “both of which interfere with cognitive processing by the user and adversely affect transfer from short term to long term memory,” she adds.

\n

“I have a different challenge every day and I like challenges. I’m also fascinated by cyber security and enjoy learning more about it every day. Instructional research has consistently supported that interactivity is the most important component of instruction regardless of delivery method. We have a very interactive environment and that’s great for retention and transfer of learning to real world application.”

\n

Victoria’s passion for intelligent learning systems dates back to her time in school. “When I was a poor graduate student at the University of Georgia, I paid around $25 a month in overdue fees to the library so I could keep the AI books I checked out longer. (Once they were turned in, professors usually got them and could keep them up to a year.) There were only about 25 books on that topic at the time. Today, it is remarkable to see what our AI team can do with Athena.”

\n

Why persistent cyber training matters

\n

The cyber world is changing very fast. People need to learn constantly to keep up with their job requirements. Cyber challenges are not about cookie cutter solutions. It’s important that the cyber operator learns cyber problem solving, not just cyber solutions. By jumping into a training program and being able to craft different approaches to solving problems and test those approaches, the cyber professional can learn skills that directly help them do better on the job. Plus – a big plus – the training is fun!

\n","title":"Living Our Mission: Learning is Built into Project Ares, Thanks to Victoria Bowen, Instructional Designer at Circadence"}},{"node":{"id":"d9177db7-0480-5493-827e-217d30e45562","slug":"living-our-mission-creating-authentic-cyber-training-and-learning-environments-inspired-by-real-world-experience-todd-humes-sr-mission-designer","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/freestocks-org-540554-unsplash.jpg"},"date":"2019-08-19T15:32:11.000Z","content":"

Bringing his Air Force and military security engineering background to use, Senior Mission Designer Todd Humes understands what it takes to defend networks from adversaries. Prior to Circadence, he served in various government security roles including as a Systems Security Engineer and Systems Administrator and on the commercial side as a Director of Network Defense Operations at a Managed Security Service Provider. He noticed a gap in commercial cyber training and readiness that eventually lead him to Circadence.  

\n

In his current role, Todd ensures that real-world training exercises developed meet critical training objectives and are authentic for the end-user. “We want to provide a safe place for trainees to learn cyber…so he/she doesn’t have to worry about causing damage on actual networks when trying to build skills,” he says.  

\n

It’s important trainees in Project Ares experience true-to-life cyber threat scenarios that they would in their actual workplace.

\n

In “mimicking a controlled environment that they would see” in the workplace, trainees gain “an experience that is highly relatable and allows for professional development,” Todd says.  

\n

When developing new missions Todd and his team examine market verticals and threats associated with those industries to identify unique scenarios that can be built out in a Project Ares mission. “We do our own research and threat intelligence targeting verticals, brainstorm specific scenarios and begin designing what the network environment should look like,” he says. The automation and orchestration of how the mission will unfold require a great deal of programming. Between building the mission components, the layout, and the services that will be “affected” in the exercise, Todd and his team bring cyber threats to life in the most authentic way possible. Sometimes, he adds, “we have to reverse engineer the malware [for example] to get the capability we want,” adding layers of complexity and back-end work to produce the final product.  

\n

But the intricacies of building missions is anything but dull. “It’s never boring! We’re always learning day in and day out and the people who are successful in this field are the individuals who continue to learn themselves,” Todd says.

\n

To ensure missions stay relevant against today’s threats, Todd is always keeping a pulse on the latest research and vulnerabilities by studying online reports and attending cyber conferences and industry-related events to network with like-minded leaders.  

\n

He believes by continuously learning about the industry, all professionals in this line of work and beyond can find new and better ways to address an exploit and stay one (or several) steps ahead of hackers. He considers cyber security one the few industries and specializations that requires persistent learning and skill building in order to “extend the life” of security across organizations and companies.   

\n

Learn Project Ares, including recent mission and battle room updates here.   

\n","title":"Living our Mission: Creating Authentic Cyber Training and Learning Environments Inspired by Real-World Experience: Todd Humes, Sr. Mission Designer"}},{"node":{"id":"f6173379-fb6d-58c5-bf70-9272a1581718","slug":"cyber-security-and-the-baby-boomer-gen-x-populations","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/08/image-20151029-15338-mctq40.jpg"},"date":"2019-08-13T14:59:19.000Z","content":"

We all have someone in our lives who isn’t tech-savvy They don’t know how to convert a word doc into a PDF, or they try to do a Google search on Facebook, or they seem to struggle with the ‘simple’ act of text messagingThese are not uncommon missteps when using smart devices for people who didn’t grow up with Siri ® (let alone the Internet!) at their fingertips. While these mistakes seem harmless or even comical at times, there can be much more serious cyber security consequences.  

\n

Baby Boomer and Generation X populations (born 1946-64 and 1965-76) are a growing target for scammers because they are a largely trustworthy population made up of financially successful people. And some of the oldest may have cognition and memory ailments. The American Journal of Public Health estimates that about 5of the Baby Boomer population, (about 2 to 3 million people)experience from some sort of scam every year. The Federal Bureau of Investigation cites that older adults lose more than 3 billion dollars a year to financial scams. 

\n

Some of the most common forms of cyber threats that vulnerable Baby Boomers can fall victim to are impersonation scams, or fraud. This is a kind of deception involving trickery and deceit that leads unsuspecting victims to give money, property, or personal information in exchange for something they perceive as valuable or worth protecting. According to Scam Watch, in 2019 so far 10,297 scams have been reported in the 55-64 age range, and 13,323 scams have been reported in those 65 and older.  

\n

Here are some of the top types of scams used against this population: 

\n\n

The good news is that we can help the most vulnerable in this population avoid falling victim to a scamWe can have conversations to stimulate awareness of online and phone safety practices, make frequent visits and facilitate discussions about monthly bills and medications, and destigmatizing fear or embarrassment to come forward if they find they have been taken advantage of (waiting to rectify the situation could only make things worse). You can report scams to a number of organizations, including the FBI, Social Security Administration, Federal Trade Commission, or your bank or retirement facility. 

\n

 Don’t wait until it’s too late, have important conversations with loved ones of all ages and ensure they feel empowered to make smart decisions online. 

\n

Photo by Kaitlyn Baker on Unsplash https://unsplash.com/@kaitlynbaker?utm_source=unsplash&utm_medium=referral&utm_content=creditCopyText 

\n","title":"Cyber Security and the Baby Boomer, Gen X Populations"}},{"node":{"id":"9fa51229-e6d1-5ad0-958a-41180d006254","slug":"deepfake-the-deeply-disturbing-implications-behind-this-new-technology","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/08/ciaran-o-brien-qegMLAiTBA4-unsplash-2.jpg"},"date":"2019-08-05T15:33:21.000Z","content":"

DeepFake is a term you may have heard lately. The term is a combination of “deep learning” and “fake news”. Deep learning is a class of machine learning algorithms that impact image processing, and fake news is just that – deliberate misinformation spread through news outlets or social media. Essentially, DeepFake is a process by which anyone can create audio and/or video of real people saying and doing things they never said or did. One can imagine immediately why this is a cause for concern from a security perspective.

\n

DeepFake technology is still in its infancy and can be easily detected by the untrained eye. Things like glitches in the software, current technical limitations, and the need for a large collection of shots of other’s likeness from multiple angles in order to create fake facial models can make this a difficult space for hackers to master. While not a security threat now, given how easy it is to spot manipulations, the possibility of flawless DeepFakes is on the horizon and, as such, yields insidious implications far worse than any hack or breach.

\n

The power to contort content in such a way yields a huge trust problem across multiple channels with varying types of individuals, communities, and organizations: politicians, media outlets, brands and consumers just to name a few. While the cyber industry focuses on the severity of unauthorized data access as the “problem,” hackers are shifting their attacks to now modify data while leaving it in place rather than holding it hostage or “stealing” it. One study from Sonatype, a provider of DevOps-native tools, predicts that, by 2020, 50% of organizations will have suffered damage caused by fraudulent data and software, while another  report by DeepTrace B.V, a company based in Amsterdam building technologies for fake video detection and analysis, states, “Expert opinion generally agrees that Deepfakes are likely to have a high profile, potentially catastrophic impact on key events or individuals in the period 2019-2020.”

\n

What do hackers have to gain from manipulated data?

\n\n

 

\n\n

 

\n\n

While the ramifications of these kinds of audio and video clips seem disturbing, DeepFake technology can be used for good. New forms of communication are cropping up, like smart speakers that can talk like our favorite artists, or having our own virtual selves representing us when we’re out of office. Most recently, the Dalí Museum in Florida leveraged this technology to create a lifelike version of the Spanish artist himself where visitors could interact with him. These instances show us that DeepFake is a crucial building block in creating humanlike AI characters, advancing, robotics, and widening communication channels around the world.

\n

In order to see the benefits and stay safe from the threats, it is no longer going to be enough to ensure your security software is up to date or to create strong passwords. Companies must be able to continuously validate the authenticity of their data, and software developers must look more deeply into the systems and processes that store and exchange data. Humans continue to be the beginning and ending lines of defense in the cyber-scape, and while hackers create DeepFakes, the human element of cyber security reminds us that just as easily as we can use this technology for wrongdoing, we have the power to use it to create wonderful things as well.

\n
\n
\n
\n
\n
\n
Photo by vipul uthaiah on Unsplash
\n
\n
\n
\n
\n
\n","title":"DeepFake: The Deeply Disturbing Implications Behind This New Technology"}},{"node":{"id":"9b4cc89d-457c-5758-a5f2-b622d15e454a","slug":"when-cyber-security-meets-machine-learning","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/07/coaching-coders-coding-7374.jpg"},"date":"2019-07-30T08:45:06.000Z","content":"

What happens when cyber security and machine learning work together? The results are pretty positive. Many technologies are leveraging machine learning in cyber security functions nowadays in order to automate and augment their cyber workforce. How? Most recently in training and skill building.

\n

Machine learning helps emulate human cognition (e.g. learning based on experiences and patterns rather than inference) so autonomous agents in a cyber security system for instance, can “teach themselves” how to build models for pattern recognition—while engaging with real human cyber professionals.

\n

Machine learning as a training support system

\n

Machine learning becomes particularly valuable in cyber security training for professionals when it can support human activities like malware detection, incident response, network analysis, and more. One way machine learning shows up is in our gamified cyber learning platform Project Ares, under our AI-advisor “Athena” who generates responses to player’s queries when they get stuck on an activity and/or need hints to progress through a problem.

\n

Athena generates a response from its learning corpus, using machine learning to aggregate and correlate all player conversations it has, while integrating knowledge about each player in the platform to recommend the most efficient path to solving a problem. It’s like modeling the “two heads are better than one” saying, but with a lot more “heads” at play.

\n

Machine learning as an autonomous adversary

\n

Likewise, machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent during professional training—enabling adversaries to disguise their network traffic or on-system behavior to look more typical to evade detection. Machine learning’s ability to continually model and adapt enables the technology to persist undetected for longer (if it is acting as an autonomous agent against a trainee in our platform). This act challenges the trainee in the platform in a good way, so they begin to think like an adversary and understand their response to defensive behavior.

\n

Machine learning supports cyber skills building

\n

Companies like Uber use machine learning to understand the various routes a driver takes to transport people from point A to point B. It uses data collected to recommend the most efficient route to its destination.

\n

It increases the learning potential for professionals looking to hone their cyber skills and competencies using machine learning.

\n

Now imagine that concept applied to cyber training in a way that can both help cyber pros through cyber activities while also activating a trainee’s cognitive functions in ways we previously could not with traditional, off-site courses.

\n

Machine learning abilities can analyze user behavior for both fraud detection and malicious network activity. It can aggregate and enrich data from multiple sources, act as virtual assistants with specialized knowledge, and augment cyber operators’ daily tasks. It’s powerful stuff!

\n

To learn more about machine learning and AI in cyber training, download our white paper “Upskilling Cyber Teams with Artificial Intelligence and Gamified Learning.”

\n

Photo by Startup Stock Photos from Pexels

\n","title":"When cyber security meets machine learning"}},{"node":{"id":"400d0da1-f533-586a-a19f-2bfc6d5d0737","slug":"how-cyber-security-can-be-improved","status":"publish","template":"","format":"standard","featured_media":null,"date":"2019-07-22T16:50:05.000Z","content":"

Every day we get more interconnected and that naturally widens the threat surface for cybercriminals. In order to protect vulnerabilities and keep pace with hacker methods, security – and non-security professionals must understand how to protect themselves (and their companies). And that involves looking for new ways to improve cyber security. To start, we believe cyber security can be improved by focusing on three areas: enterprise-wide cyber awareness programs, within cyber teams via persistent training, and in communication between the C-suite and the CISO. Check out our recommendations below and if you have a strategy that worked to improve cyber security in your company or organization, we’d love to hear about it.

\n

Company-Wide Security Awareness Programs

\n

Regardless of company size or budget, every person employed at a business should understand fundamental cyber concepts so they can protect themselves from malicious hackers. Failure to do so places the employee and the company at risk of being attacked and could result in significant monetary and reputation damages.

\n

Simple knowledge of what a phishing email looks like, what an unsecured website looks like, and implications of sharing personal information on social media are all topics that can be addressed in a company-wide security program. Further, staff should understand how hackers work and what kinds of tactics they use to get information on a victim to exploit. Reports vary but a most recent article from ThreatPost notes that phishing attempts have doubled in 2018 with new scams on the rise every day.

\n

But where and how should companies start building a security awareness program—not to mention a program that staff will actually take seriously and participate in?

\n

We believe in the power of gamified learning to engage employees in cyber security best practices.

\n

Our mobile app inCyt helps novice and non-technical professionals learn the ins and outs of cyber security from hacking methods to understanding cyber definitions. The game allows employees to play against one another in a healthy, yet competitive, manner. Players have digital “hackables” they have to protect in the game while trying to steal other player’s assets for vulnerabilities to exploit. The back and forth game play teaches learners how and why attacks occur in the first place and where vulnerabilities exist on a variety of digital networks.

\n

By making the learning fun, it shifts the preconceived attitude of “have to do” to “want to do.” When an employee learns the fundamentals of cyber security not only are they empowering themselves to protect their own data, which translates into improved personal data cyber hygiene, but it also adds value for them as professionals. Companies are more confident when employees work with vigilance and security at the forefront.

\n

Benefits of company-wide security awareness training

\n\n

For more information about company-wide cyber learning, read about our award-winning mobile app inCyt.

\n

Persistent (Not Periodic) Cyber Training

\n

For cyber security professionals like network analysts, IT directors, CISOs, and incident responders, knowledge of the latest hacker methods and ways to protect and defend, govern, and mitigate threats is key. Today’s periodic training conducted at off-site training courses has and continues to be the option of choice—but the financial costs and time away from the frontlines makes it a less-than-fruitful ROI for leaders looking to harden their posture productively and efficiently.

\n

Further, periodic cyber security training classes are often dull, static, PowerPoint-driven or prescriptive, step-by-step instructor-driven—meaning the material is often too outdates to be relevant to today’s threats—and the learning is passive. There’s minimal opportunity for hands-on learning to apply learned concepts in a virtualized, safe setting. These roadblocks make periodic learning ineffective and unfortunately companies are spending thousands of dollars every quarter or month to upskill professionals without knowing if it’s money well spent. That’s frustrating!

\n

What if companies could track cyber team performance to identify gaps in security skills—and do so on emulated networks to enrich the learning experience?

\n

We believe persistent training on a cyber range is the modern response for companies to better align with today’s evolving threats. Cyber ranges allow cyber teams to engage in skill building in a “safe” environment. Sophisticated ranges should be able to scale as companies grow in security posture too. Our Project Ares cyber learning platform helps professionals develop frontier learning capabilities on mirrored networks for a more authentic training experience. Running on Microsoft Azure, enterprise, government and academic IT teams can persistently training on their own networks safely using their own tools to “train as they would fight.”

\n

Browser-based, Project Ares also allows professionals to train on their terms – wherever they are. Artificial intelligence via natural language processing and machine learning support players on the platform by acting as both automated adversaries to challenge trainees in skill, and as an in-game advisor to support trainee progression through a cyber exercise.

\n

The gamified element of cyber training keeps professionals engaged while building skill. Digital badges, leaderboards, levels, and team-based mission scenarios build communicative skills, technical skills, and increase information retention in this active-learning model of training.

\n

Benefits of persistent cyber training

\n

Gamifying cyber training is the next evolution of learning for professionals who are either already in the field or curious to start a career in cyber security. The benefits are noteworthy:

\n\n

For more information about gamified cyber training, read about our award-winning platform Project Ares.

\n

CISO Involvement in C-Suite Decision-Making

\n

Communication processes between the C-suite and CISO need to be more transparent and frequent to achieve better alignment between cyber risk and business risk.

\n

Many CISOs are currently challenged in reporting to the C-suite because of the very technical nature and reputation of cyber security. It’s often perceived as “too technical” for laymen, non-cyber professionals. However, it doesn’t have to be that way.

\n

C-suite execs can understand their business’ cyber risks in the context of business risk to see how the two are inter-related and impact each other.

\n

A CISO is typically concerned about the security of the business as a whole and if a breach occurs at the sake of a new product launch, service addition, or employee productivity, it’s his or her reputation on the line.

\n

The CISO perspective is, if ever a company is deploying a new product or service, security should be involved from the get-go. Having CISOs brought into discussions about business initiatives early on is key to ensuring there are not security “add ons” brought in too late in the game. Also, actualizing the cost of a breach on the company in terms of dollar amounts can also capture the attention of the C-suite.

\n

Furthermore, CISOs are measuring risk severity and breaking it down for the C-suite to help them understand the business value of cyber.  To achieve this alignment, CISOs are finding unique ways to do remediation or cyber security monitoring to reduce their workloads enough so they can prioritize communications with execs and keep all facets of the company safe from the employees it employs to the technologies it adopts to function.

\n

Improving Cyber Security for the Future

\n

Better communications between execs and security leaders, continual cyber training for teams, and company-wide cyber learning are a few suggestions we’ve talked about today to help companies reduce their cyber risk and harden their posture. We’ve said it before and we will say it again: cyber security is everyone’s responsibility. And evolving threats in the age of digital transformation mean that we are always susceptible to attacks regardless of how many firewalls we put up or encryption codes we embed.

\n

If we have a computer, a phone, an electronic device that can exchange information in some way to other parties, we are vulnerable to cyber attacks. Every bit and byte of information exchanged on a company network is up for grabs for hackers and the more technical, business, and non-technical professionals come together to educate and empower themselves to improve cyber hygiene practices, the more prepared they and their company assets will be when a hacker comes knocking on their digital door.

\n

Photo of computer by rawpixel.com from Pexels

\n","title":"How Cyber Security Can Be Improved"}},{"node":{"id":"f3d25848-4d7e-51d8-a564-725f3c5a4810","slug":"living-our-mission-blog-series-3-new-learning-curriculum-in-project-ares-3-6-4","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/07/M6_D.png"},"date":"2019-07-08T22:20:13.000Z","content":"

We’ve made several new updates to our gamified cyber learning platform Project Ares. We are releasing new battle room and mission cyber security exercises for professionals to continue training and honing skills and competency and have optimized some aspects of performance to make the learning experience smoother.

\n

New Missions and Battle Rooms

\n

To ensure professionals have access to the latest threats to train against, we develop new missions and battle rooms for our users so they can continually learn new cyber security skills, both technical and professional. The following new missions are available to users of the Professional and Enterprise licenses of Project Ares; while the new battle rooms updates are available to users of the Academy, Professional, and Enterprise licenses of Project Ares.

\n

Mission 5 – Operation Wounded Bear

\n

Designed to feature cyber security protection for financial institutions, the learning objectives for this mission are to identify and remove malware responsible for identity theft and protect the network from further infections. Variability in play within the mission includes method of exfiltration, malicious DNS and IP addresses, infected machines, data collection with file share uploads that vary, method of payload and persistence, and a mix of Windows and Linux.

\n

This mission provides practical application of the following skill sets:

\n\n

Mission Objectives:

\n
    \n
  1. Use IDS/IPS to alert on initial malware infection vectors
    2. \n
  2. Alert/prevent download of malicious executables
    3. \n
  3. Create alert for infections
    4. \n
  4. Kill malware processes and remove malware from the initially infected machine
    5. \n
  5. Kill other instances of malware processes and remove from machines
    6. \n
  6. Prevent further infection
    7. \n
\n

Mission 6 – Operation Angry Tiger

\n

Using threat vectors similar to the Saudi Arabia Aramco and Doha RasGas cyber attacks, this mission is about responding to phishing and exfiltration attacks.  Cyber defenders conduct a risk assessment of a company’s existing network structure and its cyber risk posture for possible phishing attacks. Tasks include reviewing all detectable weaknesses to ensure no malicious activity is occurring on the network currently. Variability in play within the mission includes the method of phishing in email and payload injection, the alert generated, the persistence location and lateral movement specifics, and the malicious DNS and IP addresses.

\n

Core competencies used in the mission:

\n\n

Mission Objectives:

\n
    \n
  1. Verify network monitoring tools are functioning
    2. \n
  2. Examine current email policies for risk
    3. \n
  3. Examine domain group/user policies for risk
    4. \n
  4. Verify indicator of compromise (IOC)
    5. \n
  5. Find and kill malicious process
    6. \n
  6. Remove all artifacts of infection
    7. \n
  7. Stop exfiltration of corporate data
    8. \n
\n

Mission 13 – Operation Black Dragon

\n

Defending the power grid is a prevailing concern today and Mission 13 focuses on cyber security techniques for Industry Control Systems and Supervisory Control and Data Acquisition systems (ICS/SCADA).  Players conduct a cyber defense assessment mission on a power distribution plant. The end state of the assessment will be a defensible power grid with local defender ability to detect attempts to compromise the grid as well as the ability to attribute any attacks and respond accordingly.

\n

Core competencies used in the mission:

\n\n

Mission Objectives:

\n
    \n
  1. Evaluate risks to the plant
    2. \n
  2. Determine if there are any indicators of compromise to the network
    3. \n
  3. Improve monitoring of network behavior
    4. \n
  4. Mitigate an attack if necessary
    5. \n
\n

Battle Room 8 – Network Analysis Using Packet Capture (PCAP)

\n

Battle Room 8 delivers new exercises to teach network forensic investigation skills via analysis of a PCAP. Analyze the file to answer objectives related to topics such as origins of C2 traffic, identification of credentials in the clear, sensitive document exfiltration, and database activity using a Kali image with multiple network analysis tools installed.

\n

Core competencies used in the mission:

\n\n

Battle Room 10 – Scripting Fundamentals

\n

Scripting is a critical cyber security operator skillset for any team. Previously announced and now available, Battle Room 10 is the first Project Ares exercise focus on this key skill.  The player conducts a series of regimented tasks using the Python language in order to become more familiar with fundamental programming concepts. This battle room is geared towards players looking to develop basic programming and scripting skills, such as:

\n\n

Core competency used in the mission:

\n\n

Game client performance optimizations

\n

We made several adjustments to improve the performance of Project Ares and ensure a smooth player experience throughout the platform.

\n\n

These features are part of the Project Ares version 3.6.4 on the Azure cloud which is available now. Similar updates in Project Ares version 3.6.5 for vCenter servers will be available shortly.

\n

 

\n","title":"Living our Mission Blog Series #3: New Learning Curriculum in Project Ares 3.6.4"}},{"node":{"id":"c06cc42c-1567-5c0e-af1e-a1f7a4c14b97","slug":"targeted-cybercrime-on-the-rise","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/bill-oxford-udXD2NrbXS8-unsplash.jpg"},"date":"2019-07-08T08:45:40.000Z","content":"

Targeted attacks against particular groups or entities are on the rise this year. Instead of a “spray and pray” approach, malicious hackers are getting particular about who and what they attack and how for maximum accuracy. Why? The right ransomware attack on the right data set to the right group of people can yield more monetary gain than an attack towards a general group of people at varying companies. To empower ourselves, we need to understand how cybercrime is “getting personal” and what we can do to prevent attacks like this.

\n

Cybercriminals want to stay under the radar, so the more their attacks remain hidden from the public eye, the better chance they have to replicate that method on other vulnerable groups with lots to lose. Unauthorized adversaries target certain devices, computer systems, and groups of professionals most vulnerable to cybercrime.

\n

Server hacking for faster monetary gain

\n

Attacks on endpoint devices like computers and laptops are a thing of the past for evolving hackers who know that unsecured enterprise servers offer the best chances of staying undercover than device firewalls allow. Why get pennies and minimal personal information from a single laptop user when you can get millions from a few locked up servers that house incredibly sensitive data like billing information and credit cards?

\n

The City of Baltimore experienced this firsthand with a ransomware attack that affected 14,000 customers with unverified sewer charges. Hackers demanded $76,000 in bitcoin to unlock city service computers, which impacted the delivery of water bills to local residents. While many residents might not mind skipping a payment, in the long run it’ll cause “surprise” bills when back-pay is requested.

\n

Recently, Rivera Beach in Florida was one of the latest government entities to be crippled by a ransomware attack, and unfortunately, they paid almost $600,000 to hackers to regain access to their data.

\n

But it’s more than a local city and state governments that are being attacked at this scale.

\n

Multi-mass hacking for political disruption

\n

Devices that are used by the masses are also at risk. Think about voting machines. Hacking into those machines has never been easier due to old devices and lack of security on them. To ensure the integrity of data, governments can consider using blockchain to maintain a more hardened security structure all the while, educating their election security professionals on the latest hacking methods so they can assess vulnerabilities on physical systems. The end result of voting machine hacking isn’t monetary per se—it’s much better—pure, unbridled political chaos and public distrust in election security and government operations.

\n

Car-jacking to car hacking

\n

Modern transportation system and vehicle attacks are on the rise too. Today’s cars are basically computers on wheels with the levels of code embedded within them. Hackers have been known to target cars to control key functions like brakes, steering and entertainment consoles to jeopardize the people in the car, as well as everyone around them on the road. In an interview with Ang Cui, CEO of Red Balloon Security, he notes “If you can disable a fleet of commercial trucks by infecting them with specialized vehicle ransomware or in some other way hijacking or crippling the key electronic control units in the vehicle, then the attacker could demand a hefty ransom.”

\n

Cyber security professor Laura Lee notes, “The transportation sector is said to now be the third most vulnerable sector to cyber-attacks that may affect the seaport operations, air traffic control, and railways. The ubiquitous use of GPS information for positioning makes this sector especially concerned about resiliency.”

\n

Preventing targeted cybercrime

\n

In many of the incidences above and those not reported upon, humans are often the first and last line of defense for these companies and devices being attacked. Humans have the ability to detect vulnerabilities and gaps in security while also understanding what hackers are after when it comes to cybercrime tactics.

\n

Our ability to handle both technical and analytical aspects of hacking means more can be done proactively to prevent targeted cybercrime like this. Specifically, in the field of training cyber security professionals, government and commercial entities should evaluate current training efforts to ensure their teams are 100% prepared for targeted attacks like these. How hackers attack changes every day so a persistent, enduring method of training would be critical to helping empower and enable defenders to anticipate, identify, and mitigate threats coming their way.

\n

New cyber training approaches are using gamification to complement and enhance existing traditional, off-site courses. Currently, many traditional courses are passively taught with PowerPoint presentations and prescriptive video learning, often disengaging trainees who want to learn new cyber concepts and skill sets (in addition to staying “fresh” on the cyber fundamentals).

\n

Government organizations and commercial enterprises would be smart to explore engaging ways to keep cyber team skills up to snuff while increasing skill retention rates during training.

\n

More information on new ways to gamify cyber learning can be found here.

\n

Handcuffs: Photo by Bill Oxford on Unsplash
\nKeyboard : Photo by Taskin Ashiq on Unsplash
\n

\n","title":"Targeted Cybercrime on the Rise"}},{"node":{"id":"b32d602d-7e84-5b1d-a397-a4ac76c0df4a","slug":"good-bots-and-bad-bots-how-to-tell-the-difference-to-stay-cyber-safe","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/su-san-lee-1244964-unsplash.jpg"},"date":"2019-07-01T08:45:41.000Z","content":"

You may have heard or read the term “bot” in the context of cyber security. Normally we hear this word in the wake of a cyberattack and relate it to breaches in computer or network security. While there are certainly bad bots, there are good bots too! So what exactly is a bot, how can you differentiate, and how do they work?

\n

What are bots?

\n

The term bot is short for robot and is a type of software application created by a user (or hacker) that performs automated tasks on command. There are so many variations, from chatbots to spider bots to imposter bots. Good bots are able to assist in automating day to day activities, such as providing up to the minute information on weather, traffic, and news. They can also perform tasks like searching the web for plagiarized content and illegal uploads, producing progressively intelligent query results by scouring the internet content, or helping find the best purchase deals online.

\n

While we encounter bots like these in our everyday activities without really thinking about them, being aware of bad bots is important. Bad bots, used by adversaries, perform malicious tasks and allow an attacker to remotely take control over an infected computer. From there, hackers can infiltrate the network and create “zombie computers,” which can all be controlled at once to perform large-scale malicious acts. This is known as a “botnet”.

\n

How do bots work?

\n

Cybercriminals often use botnets to perform DoS and DDoS attacks (denial of service and distributed denial of service, respectively). These attacks flood target URLs with more requests than they can handle, making regular traffic on a web site almost impossible. Hackers use this as a way to extort money from companies that rely on their website’s accessibility for key business functions and can send out phishing e-mails to direct customers to a fake emergency site.

\n

Protect yourself from bad bots

\n

Don’t let this information scare you though! Awareness is a great first step to recognizing any potential harmful activity, whether on your own computer or on a site you visit online. Preventing bad bots from causing attacks before they start is easy with these tips:

\n\n

Bots can be incredibly helpful, and we use them every day. Knowing how to differentiate the good from the bad while taking the necessary precautions to protect yourself against malicious bots will ensure that you only need to deal with bots when they are telling you about blue skies or saving you money on that great shirt you’ve been wanting!

\n

Photo by Su San Lee on Unsplash

\n","title":"Good Bots and Bad Bots: How to Tell the Difference to Stay Cyber Safe"}},{"node":{"id":"270c2144-5df7-55d5-bdd7-2b1af7330e62","slug":"ransomware-the-attack-du-jour","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/michael-geiger-JJPqavJBy_k-unsplash.jpg"},"date":"2019-06-25T19:50:43.000Z","content":"

Ransomware is gaining traction among hackers; emboldened by financial success and anonymity using cryptocurrencies. In fact, ransomware is now considered a tried and true cyberattack technique, with attacks spreading among small and medium-sized businesses, cities and county governments. Coveware’s recent 2019 Q1 Ransomware Report notes:

\n\n

Let’s review how ransomware works and why it’s so effective. Ransomware is a type of cyberattack where an unauthorized user gains access to an organization’s files or systems and blocks user access, holding the company’s data hostage until the victim pays a ransom in exchange for a decryption key. As you can surmise, the goal of such an attack is to extort businesses for financial gain.

\n

Ransomware can “get into” a system in different ways, one of the most common through phishing emails or social media where the human worker inadvertently opens a message, attachment, or link acting as a door to the network or system.  Messages that are urgent and appear to come from a supervisor, accounts payable professional, or perceived “friends” on social media are all likely ransomware actors disguising themselves to manipulate or socially engineer the human.

\n

Near and Far: Ransomware Has No Limits

\n

Many types of ransomware have affected small and medium-sized businesses over the last two decades but it shows no limitations in geography, frequency, type, or company target size.

\n\n

These headlines are stories of a digital war that has no geographical borders or structured logic. No one is truly immune to ransomware, and any company that thinks that way is likely not as prepared as they think they are. Beazley Breach Response (BBR) Services found a 105% increase in the number of ransomware attack notifications against clients in Q1 2019 compared to Q1 of 2018, as well as noting that attackers are shifting focus to targeting larger organizations and demanding higher ransom payments than ever before.

\n

Immersive cyber ranges – Protect Yourself, Your Business, Your People

\n

If your own security efforts, staff practices, and business infrastructure are continuously hardened every time a new breach headline makes the news, the things that matter most to you and your company will be better protected. One of the ways to consistently harden security practices is via immersive and persistent training on gamified cyber ranges. Some benefits of using cyber ranges like this include:

\n\n

When ransomware does come knocking at your business door, will you be ready to recover from the costly and reputational damages? If there is any shred of doubt in your mind, then it’s time to re-evaluate your cyber readiness strategy. As we’ve learned, even the smallest vulnerability or level of uncertainty is enough for a cybercriminal to take hold.

\n

Photo by Michael Geiger on Unsplash and via website.

\n","title":"Ransomware – The Attack Du Jour!"}},{"node":{"id":"8e60e2de-bf6a-5451-a43d-8b1031bd6666","slug":"cyber-security-and-the-lgbtqia-community","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/peter-hershey-282615-unsplash.jpg"},"date":"2019-06-18T11:00:38.000Z","content":"

While most of us recognize the inherent vulnerabilities of putting our personal information online, we may not think about how marginalized communities are at even greater risk of malicious attacks on the internet. The LGBTQIA (lesbian, gay, bi-sexual, transgender, queer, intersex, and asexual) community certainly understands the ramifications of sharing their lifestyles on the web, and it is of vital importance to consider how compromised online privacy can specifically impact these already vulnerable groups.

\n

To understand the privacy risks for LGBTQIA individuals, consider how we all use the internet and create digital footprints. Here are some statistics from LGBT Tech, The Trevor Project, and a study released by GLSEN (the Gay, Lesbian, and Straight Education Network).

\n\n

The internet can be a scary place for members of the LGBTQIA community, but it is often also a lifeline.  LGBT-identifying adults often need to find resources and places that will be welcoming and supportive, and mobile devices play a vital role in their day today.  For many individuals who are not yet comfortable revealing their sexual identity at home or in their communities, the internet is often the first tentative step for seeking both information and community belonging.

\n

However, when privacy is breached, intentionally or unintentionally, for vulnerable populations, consequences can be catastrophic including loss of employment, damaged familial relationships or friendships, and even threats of physical harm or death.

\n

Back in 2013, the National Cyber Security Alliance (NCSA) launched a collaboration with the LGBT Technology Partnership to highlight safety issues and increase focus on vulnerable populations. They created a sheet of specific tips and tricks for the LGBTQIA community for staying safe online based on the slogan STOP. THINK. CONNECT. which can be found here. Many of these tips are helpful for everyone looking to stay safe online, but when reviewing them, you can see just how cautious members of this population need to be in order to feel safe.

\n

Ensuring that every person has equal rights and access to online safety is of the utmost importance. While many walk through life taking precautions to ensure their data is protected, we must be aware of how certain communities are at more risk than others and strive to practice our own safe behavior online so as not to put anyone else’s lives at risk.

\n

We wish members of the LGBTQIA community a cyber safe Pride Month and risk-free access to the resources they need.

\n

To ensure everyone stays safe online, we’ve developed a few educational videos to keep everyone informed about hacking methods and how to avoid them.
\nWatch the video series here.

\n

 

\n
\n
\n
\n
\n
\n
Photo by Peter Hershey on Unsplash
\n
\n
\n
\n
\n
\n","title":"Cyber Security and the LGBTQIA Community"}},{"node":{"id":"65836fad-617d-5887-9c58-f1a2315d5356","slug":"spotlight-cyber-security-readiness-for-the-electricity-and-energy-industries","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/critical_energy_splash.jpg"},"date":"2019-06-18T08:35:01.000Z","content":"

When your power goes out, you recognize just how many things you use every day rely on energy. From phones to WiFi to air conditioning and heat, our homes and offices almost entirely rest on this silo of critical infrastructure.

\n

While we may not think of the energy sector as being a significant cyber vulnerability (we don’t read about a lot of breaches on this sector in the news media), it is not only of intrinsic importance to a functioning society but all other sectors that make up the nation’s critical infrastructure rely on electricity. According to the Council on Foreign Relations, the U.S power system has evolved into a highly complex enterprise with:

\n\n

There are not many documented cases of a successful power grid attack, but the first known instance occurred on December 23, 2015 in Ukraine. Hackers were able to compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electric supply to the end customers. A year later, Russian hackers targeted a transmission level substation, blacking out part of Kiev.

\n

Although there may not be many examples of historical energy facility hacks, these kinds of attacks are no longer a theoretical concern. In 2014, Admiral Michael Rogers, director of the National Security Agency, testified before Congress that China and other countries likely had the capability to shut down the U.S. power grid. An adversary with the capability to exploit vulnerabilities within the electric utility silo may be motivated to carry out such an attack under a variety of circumstances, and it seems increasingly likely that the next war will be cyber.

\n

Cyber Security Readiness for Electricity and Energy

\n

So what can we do to prepare ourselves? Understanding that cyber security is the responsibility of everyone, not just CISOs or those in IT, helps ensure that everyone is participating in strengthening an organization’s cyber readiness.

\n

Utilizing AI, persistent learning, and gamified training to upskill your team will ensure that you are prepared for any looming threat.

\n

Electricity is of incredible importance to the country and the world, the remainder of our infrastructure would crumble without it. Building a culture of awareness and education around cyber security will help protect us from a domino effect of failing infrastructure. Continuously improving security posture is vital to defending ourselves against attacks that threaten our critical infrastructure.

\n
\n
\n
\n
\n
\n
Photo by Gerrit Vermeulen on Unsplash
\n
\n
\n
\n
\n
\n","title":"Spotlight: Cyber Security Readiness for the Electricity and Energy Industries"}},{"node":{"id":"9ed92cfb-4778-588e-8158-e684b80fc2e8","slug":"cyber-attacks-and-risk-mitigation-in-critical-infrastructure","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/ian-simmonds-274504-unsplash.jpg"},"date":"2019-06-10T08:45:48.000Z","content":"

Critical infrastructure is a term used by the government to describe assets that are essential for the functioning of a society and economy (think oil and gas, water, electricity, telecommunication, etc.). According to the Department of Homeland Security, there are 16 sectors of critical infrastructure. In the past few years, we’ve seen attacks on departments of transportation, cities, and other network infrastructure that are prompting many cyber security leaders to pay closer attention to their readiness strategy and risk management. With the threat of cyberattacks against public and private sector infrastructure on the rise, it is important to understand the history of these attacks, as well as what critical infrastructure cyber security professionals can do to protect themselves against them. Today, we are going to focus on three sectors: oil and gas, energy and electricity, and transportation.

\n

Oil & Gas Cyber Security

\n

Much of how we live and work is dependent upon the energy produced from oil and gas production, including cooking, heating/cooling, driving, and use of electronic devices and appliances. There have been several successful attacks on this industry already:

\n\n

Energy & Electricity Cyber Security

\n

While we may not think of the energy sector as being a large cyber vulnerability, it is not only of intrinsic importance to a functioning society but necessary for all other sectors that make up the nation’s critical infrastructure.

\n

There are not many documented cases of a successful power grid attack but that doesn’t mean they don’t occur! The first known instance taking place on December 23, 2015 in Ukraine. Hackers were able to compromise information systems of three energy distribution companies in the Ukraine and temporarily disrupt electric supply to end customers. A year later, Russian hackers targeted a transmission level substation, blacking out part of Kiev.

\n

Although there may not be many examples of historical energy utility hacks, these kinds of attacks are no longer a theoretical concern. In 2014, Admiral Michael Rogers, director of the National Security Agency, testified before Congress that China and other countries likely had the capability to shut down the U.S. power grid. An adversary with the capability to exploit vulnerabilities within the electric utility silo may be motivated to carry out such an attack under a variety of circumstances, and it seems increasingly likely that the next war will be cyber.

\n

Transportation Cyber Security

\n

Via plane, train, or automobile, the transportation sector supports nearly 10 percent of the U.S. GDP (gross domestic product), which includes monetary value of all goods and services produced within the United States. Over the past couple of years, the industry has grown in operational complexity with logistical chains, production, facility and manufacturing partners and plant management. As a result of this growth, it has become an even more alluring and accessible hacking playground for cybercriminals. There have been a few noteworthy attacks on this silo of infrastructure in the last few years:

\n\n

 

\n

You can see that attacks on these silos of industry have already begun (and show no signs of stopping) and we need to be prepared for what the future holds. To mitigate cyber attacks and protect critical infrastructure against looming threats, teams need to be prepared to address all possible scenarios that can occur on said attack surface in order to effectively protect and defend IT and OT critical infrastructures.

\n

Reducing Risk in Critical Infrastructure Cyber Security

\n

Project Ares® cyber security learning platform can prepare cyber teams with the right skills in immersive environments that emulate their own IT and OT networks to be most effective. In fact, there are exercises within the cyber range platform that have players detect threats on a water treatment plant and in an oil and gas refinery. It is designed for continuous learning, meaning it is constantly evolving with new missions rapidly added to address the latest threats in any critical infrastructure sector. Further, targeted training can be achieved from the library of battle room scenarios to work on specific skill sets like digital forensics, scripting and Linux.

\n

Training in cyber ranges is a great way to foster collaboration, accountability, and communication skills among your cyber team as well as cross-departmentally. Persistent and hands-on learning will help take your cyber team to the next level. Benefits of this kinds of learning include:

\n\n

By placing the power of security in human hands, cyber security teams can proactively improve a company’s ability to detect cyber-related security breaches or anomalous behavior, resulting in earlier detection and less impact of such incidence on energy delivery, thereby lowering overall business risk. Humans are the last line of defense against today’s adversary, so prioritizing gamified training for teams will foster the level of collaboration, transparency, and expertise needed to connect the dots for cyber security across these critical infrastructure sectors.

\n
\n
\n
\n
\n
\n
Photo by Ian Simmonds on Unsplash
\n
\n
\n
\n
\n
\n","title":"Cyber Attacks and Risk Mitigation in Critical Infrastructure"}},{"node":{"id":"d66075ff-a0d1-5c84-9800-8f1f3d508a35","slug":"kickstarting-your-cyber-security-career-path","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/andras-vas-655218-unsplash.jpg"},"date":"2019-06-04T08:45:37.000Z","content":"

Jumpstarting a new cyber security career path can feel like a daunting initiative, however, it may be more attainable than you think. By utilizing online cyber resources and persistent learning exercises, you can start learning everything you need to know to understand career options and land your dream job.

\n

Virtual machines and digital libraries are great places to start on your cyber learning journey. A virtual machine is a software program or operating system that exhibits the behavior of a separate computer and is capable of performing tasks such as running applications and programs like a separate computer. This enables you to create multiple independent VMs environments on one physical machine and it aids in detecting things like malware and ransomware attacks. A digital library is an online platform that offers a diverse collection of cyber security learning objectives, along with an online database of digital materials like videos and reports.

\n

Here are some resources that can help you pursue a career in cyber security:

\n\n

From entry level positions to cyber security professionals, digital libraries help in understanding cyber concepts and virtual machines allow learners to apply and hone cyber skills that security professionals use on the job such as risk management, information systems security, and network security.

\n
\n
To complete your well-rounded cyber education, pairing these tools with hands-on practice in cyber range like Project Ares is key.
\n
\n

Circadence’s own Project Ares uses gamified cyber range learning environments to emulate immersive and mission-specific network threats for a variety of cyber security work roles and job titles. The Project Ares platform is constantly evolving with foundational and specialized scenarios we call Battle Rooms and Missions to address the latest threats in the workplace. Learn tools, tactics and procedures and apply multiple skill sets in Mission scenarios hands-on to build experience. Using Project Ares is a great stepping stone to launching into a career in cyber security.

\n

From concept learning to skills application, gamification paired with persistent, hands-on training in virtual environments is an ideal approach to understanding the ins and outs of complex cyber networks and how to recognize potential vulnerabilities in today’s evolving threat landscape. Pairing Project Ares with any of the aforementioned resources is a sure-fire way to kick off your cyber security career and prepare for security certifications!

\n

Photo by Andras Vas on Unsplash

\n","title":"Resources for starting a career in Cyber Security"}},{"node":{"id":"31f3ec2d-bd3b-5187-bef0-2a308599b9ca","slug":"microsoft-azure-government-secret-helps-enhance-cyber-training","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/projAres_dataCenter_01_wallpaper_1920x1080.jpg"},"date":"2019-05-30T19:50:32.000Z","content":"

Across the board there’s been a push from a policy perspective to get into secure cloud environments that provide organizations with the on-demand and protected availability that they need to improve business processes. Azure Government Secret is a cloud solution that delivers comprehensive and mission-enabling cloud services to US Federal Civilian, Department of Defense (DoD), Intelligence Community (IC), and US government partners working within Secret enclaves. It can also have global implications for how cyber defenders prepare for tomorrow’s threats.

\n

The April 2019 announcement of Azure Government Secret enables Circadence to deliver Project Ares to similar defense industry partners in support of their cyber training and readiness missions. Having the power of the Azure Secret cloud infrastructure behind Circadence is necessary to deliver infinite cyber range scalability for gamified training and learning opportunities to defenders across the globe who need specialized security and scalability in training programs.

\n

As cyber threats grow more frequent and more malicious, it is mission critical to government cyber protection teams to have the flexibility and accessibility to scale training to their needs, with limitless opportunity for enhanced cyber preparedness. The persistent, gamified training and frontier learning that occurs in Project Ares, coupled with this new level of secure cloud, enhances the protection of the nation’s most critical digital assets and will undoubtedly contribute to our overall national security.

\n

VP of Global Partnerships Keenan Skelly tells us how it helps improve cyber training today.

\n

“Our partnership with Microsoft Azure allows us to build infinitely scalable cyber ranges to do cyber exercises and trainings,” said Skelly.

\n

\n

With the help from Microsoft Azure Government Secret cloud, Circadence can continue to evolve cyber training solutions that help today’s elite, DoD cyber security professionals anticipate, prevent, and react to threats more efficiently and effectively. In doing so, we are proud to contribute to a world-class security culture that proactively protects our most critical assets and our people.

\n","title":"Microsoft Azure Government Secret Helps Enhance Cyber Training"}},{"node":{"id":"71ebb71c-1577-5f73-8e60-622e2fdee78a","slug":"girl-scout-troop-visits-circadence-to-earn-cyber-security-badges","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/IMG_87141.jpg"},"date":"2019-05-29T08:15:17.000Z","content":"

Introducing girls to the world of cyber security and empowering their access to this STEM discipline is incredibly important to Circadence as we advocate for a cyber workforce with diversified thinking and problem-solving perspectives to keep pace with today’s adversaries. In mid-May, Circadence was honored to host 12 Brownies from a local Girl Scout troop at our San Diego office to help them earn their cyber security badges. Some of Circadence’s own family members are involved with the local troop and several co-workers facilitated a series of workshops for the girls to teach aspects of cyber security including cryptography, spamming, and virus detection.

\n

Circadence’s Raeschel Reed, software engineer, taught the group about Cryptography and showed them how to use a Caesar Cypher to encrypt messages. The girls worked in groups of two to encrypt their favorite food and color. Then, they traded messages with each other and worked to decrypt the messages.

\n

The group also learned about spotting fake emails and about using photo filters and editing pictures from Shirley Quach, Software Engineer at Circadence. Girls broke into groups and presented their comparison arguments for which photo was real and which was fake.

\n

Yadhi Marquez-Garcia, DevOps engineer, taught a section about what a digital footprint is and how we should only share positive and not personal information. The girls wrote down all of the websites, games, and online services they interact with in order to learn about their own digital trail and “see” where they have been online. This helped them be much more conscientious and intentional about sites they visit online and the implications of their online activity.

\n

Digital viruses and how they spread was another topic of discussion that included a hands-on activity. Domonique Lopez, office operations manager, led the girls through an exercise where they shook hands with as many people as they could in two minutes and then pulled a card out of a bucket. The girl who pulled the card out was deemed “the virus” and the other girls quickly realized they were likely “infected” because most had touched her either directly or indirectly. Domonique and the girls then discussed ways to limit exposure to viruses while online. The underlying lesson was that viruses can spread quickly if you aren’t careful about what websites you “shake hands” with.

\n

Complementary to that topic, Kate Dionisio, software engineer, applied the concept of viruses to computer networks. She discussed about how malicious viruses are designed to disrupt computer systems and explained how ransomware attacks work. The girls gathered in a group and tried to pass a message from one to another (a game of “telephone”) while 3 disrupters shouted and tried to stop the message. Then they did the same thing but with 6 disrupters! This led into a discussion about how some viruses will overload a server with requests and stop messages from going where they need to go.

\n

 

\n

Finally, the girls formed teams of two to play inCyt, Circadence’s new cyber awareness game designed to help anybody learn basic cyber concepts similar to the ones that the troop had been learning about. Volunteers helped the girls understand how the cyber topics they’d been learning about applied to cyber attacks they were playing with on inCyt.

\n

“When interacting with inCyt the girls were excited to get a chance to play a game. They loved picking their hackables and choosing a name. They got really excited when they were successful at sending a hack and loved the music. When talking with each other and volunteers they did a great job of connecting what they were doing with our discussions about digital trails and clicking suspicious links. I think they walked away more engaged than if we had just given them a lecture on the content,” said Domonique.

\n

Circadence is pleased to host opportunities like this to engage the next generation and improve their cyber awareness.  There is a significant cyber skills gap today and while these young girls won’t be entering the workforce soon, we hoped they learned that cyber security isn’t scary and is a field they could consider someday.   In the meantime, we’re glad that they might be a little safer online.

\n","title":"Girl Scout Troop Visits Circadence to Earn Cyber Security Badges"}},{"node":{"id":"9444921f-c902-5dd0-9158-67e539a4ba30","slug":"how-to-launch-a-cyber-security-career","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/annie-spratt-605838-unsplash.jpg"},"date":"2019-05-21T18:39:57.000Z","content":"

Preparing for a cyber security career is more enjoyable than you may think! The technical challenge, problem-solving, constant change (you’re never bored!), and continuous learning opportunities are positive experiences one can have when entering the field of cyber security.

\n

For any interested student or autodidactic, a cyber career path may seem a little daunting. But with the right cyber security tools and teachings in place, coupled with the latest proficiencies, any person can learn cyber and garner the skills necessary to enter the workforce with confidence and competency.

\n

The earning potential for an individual pursuing a career in cyber is significant. The national average frontline cyber security career salary is $94,000-119,000 (on the low end) for security-related positions in the U.S. according to the Robert Half Technology’s 2020 Salary Guide

\n

The industry offers high paying jobs, yet many positions continue to be unfilled with an estimated 145% workforce needed to fill the talent gap.

\n

This begs the question: what is the best way to fill the cyber security skills gap with motivated and budding professionals? The answer is multi-faceted but at its core is a fundamental shift in how we prepare and train them with the skills needed to thrive.

\n

Pro Tips for Building a Cyber Security Career Path 

\n

Just like many other career paths, cyber security needs people who possess a mix of academic, theoretical-based knowledge, practical skill sets, and a lot of creative thinking. An aspiring cyber security professional can learn the knowledge, skills, and abilities needed in the industry, seek out internships and/or apprenticeships, and learn of careers in cyber without actually being on the defensive frontlines of cyber attacks. Details of each approach are below.

\n

Step 1: Identify individual strengths, knowledge, skills, abilities

\n

The first suggestion for an individual who wants to learns on their own is to match their unique strengths (technical and non-technical) to the kinds of knowledge, skills, and abilities needed to do certain cyber jobs in the workplace. Understand what kinds of jobs are available too. For students, they will likely learn these details in traditional classes and in their coursework assignments. With Google at our fingertips, however, it’s easy to find a variety of online resources to learn cyber security KSA’s including ISACA, ISC(2), ISSA, and The SANS Institute—all of which provide information about the profession and detail certification and training options. Understanding the kinds of tasks performed in certain work roles and the kinds of behaviors needed to perform certain jobs, an aspiring cyber professional will be better prepared during the interview and job search process. He/she won’t be surprised to learn about what is required to start a job in cyber security.

\n

Step 2: Consider internships, apprenticeships, and alternative pathways to cyber learning 

\n

As a self-guided learner, you likely have the go-getting attitude needed to find a cyber security internship, apprenticeship, or alternative trade school to start building your knowledge, skills, and abilities more.

\n

Internships are available through many community colleges, technical colleges, and universities, each of which has well-oiled practices of connecting students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation.

\n

Apprenticeships are a “learn while you earn” kind of model and are incredibly beneficial for both the company offering the apprenticeship and the student.

\n

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

\n

The Department of Homeland security created a Cyber Corp Scholarship program to fund undergraduate and graduate degrees in Cyber Security. Students in this program agree to work for the Federal Government after graduating (with a one year service for every year of scholarship).

\n

These types of opportunities are especially advantageous for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field.

\n

Alternative pathways are also quite accessible for the college graduate or self-driven learner seeking a career in cyber security. One cyber career pathway is via “stackable” courses, credits, and certifications that allow learners to quickly build their knowledge base and get industry-relevant experience. These kinds of courses are available in high school (taking collegiate-level courses) and at the college level. Another type of alternative pathway is via cyber competitions and hackathons. Learners can gain practical skills in a game-like event while meeting fellow ambitious professionals. Participating in these events also makes for great “extracurricular activities” on one’s resumé too.

\n

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriotCarnegie Mellon’s picoCTFMajor League Hacking, and the National Cyber League.

\n

Cyberseek.org also has a detailed and interactive roadmap for hopeful professionals to learn more about how to start and advance their careers in cyber security. This interactive cyber security career pathway map breaks it all down. For example, if you’re interested in a software development role, you’ll want to build skills in Java or Python, databases, code testing, and software engineering, as well as, build cyber skills in cryptography, information assurance, security operations, risk management, and vulnerability assessment. You may also consider certifications in Certified Ethical Hacking (CEH), Security+, Network+, Linux+, Offensive Security Certified Professional (OSCP), CISSP, and GIAC in addition to having real-world experience and training. In addition, check out Cyber-Security Degree, a free service that helps individuals looking to enter into the field find the right path to getting an online degree.

\n

Step 3: Understand Cyber Security Career Requirements

\n

We recommend three types of experience when considering a career in cyber security:

\n

·     Degree experience for basic understandings of cyber theory and practice

\n

·     Technical experience to demonstrate learned knowledge translates to skill sets acquired

\n

·     Real-world training experience, either via an internship/on-the-job opportunity or via realistic cyber range training

\n

Many entry-level cyber security job descriptions will require at least a bachelor’s degree or 4 years’ experience in lieu of a degree. Higher-level positions will require the academic degree plus some technical experience and/or real-world training.

\n

It’s important to note that there are two types of cyber training available: A traditional classroom-based setting and an on-demand, persistent training option. Both are great in their own ways and can complement each other for holistic cyber learning. The classroom-based learning presents information to learners via PowerPoints, lectures, and/or video tutorials. Learners can take that knowledge and apply it in a hands-on virtual cyber range environment to see how such concepts play out in real-life cyber scenarios.

\n

Since cyber security is an interdisciplinary field, it requires knowledge in technology, human behavior/thinking, risk, law, and regulation—to name a few. While many enter the field with the technical aptitude, many forget the “soft skills” to cyber security. To communicate effectively with a cyber team, problem-solve, analyze data, identify vulnerabilities, and understand the “security story” of the employer, a young professional needs to possess and demonstrate those social skills to thrive in their job.

\n

The Variety of Cyber Security Fields are Endless!

\n

There’s more to cyber security than being a network analyst or incident response manager. Interested, aspirant professionals can work in cyber security through other departments beyond security and IT. Cyber careers in human resources, marketing, finance, and business operations are all available sectors that allow a learner to “be in cyber” without doing the actual day-to-day frontline security defense tactics. It is important to know about the other careers individuals can pursue in cyber security because it is not just for the IT department to “manage” within a business. Furthermore, cyber security roles don’t have to be pursued at technology companies – there are many healthcare, banking, energy, and enterprise companies seeking cyber security professionals in their organizations. So, if a certain industry is of interest to you, you can explore cyber in that specific industry. In the age of digital transformation, practically every sector has a security need that needs to be hardened.

\n

For young graduates entering the cyber security field, a multi-faceted approach to learning cyber security skills is recommended. The good news is that motivated learners have lots of avenues and resources available to them to pave a career path that best fits their needs and interests. Check out this article next for options to kickstart a cyber career.

\n

WATCH this On-Demand Webinar

\n

“KICKSTARTING A CYBER CAREER

\n

with Dr. Dan Manson

\n

 

\n","title":"How to Launch a Cyber Security Career"}},{"node":{"id":"108e573a-c8db-50d9-8a1f-d59f945cf7f8","slug":"the-future-of-cyber-security-in-the-wake-of-standardized-workforce-development","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/06/freestocks-org-540554-unsplash.jpg"},"date":"2019-05-19T14:13:29.000Z","content":"

The implications of the Executive Order on America’s Cybersecurity Workforce and what it means for cyber workforce development going forward

\n

The White House recently issued the Executive Order on America’s Cyber Security Workforce. This forward-looking executive order aims to close the cyber security skills gap and increase the number of cybersecurity professionals working in the field. This is a huge need for our critical infrastructure, national defense and modern economy. We are bound to see some changes across the industry with the passing of this bill. Although we don’t have a crystal ball to see the future, there are some implications we anticipate for the cybersecurity industry overall.

\n

Improved Global Security from Nationally Recognized Standards

\n

The executive order encourages widespread adoption of the cyber security workforce framework created by the National Initiative for Cyber Security Education (NICE). The use of the NICE framework will create some national standards in the industry and allow for more qualifying leverage. This will provide evaluation requirements used in contracts for IT and cyber security services.

\n

Prioritizing Cyber Workforce Diversity

\n

According to Cyber Security Ventures, there will be up to 3.5 million job openings by 2021 and currently, females represent less than 12% of the global cyber security workforce. This stat is crazy! To keep pace with sophisticated adversaries and develop technology that supports human cyber operator decision making, diversity of thinking and skill and approach should be a hyper-focus for the security industry.  Women are well suited for, and extremely talented at, technical fields such as information security, security engineering, and AI engineering; however, recruiting and retaining women in these fields is not where it needs to be. There is a long-standing stereotype that cybersecurity is too technical for women and that’s not the case. There are many critical skills that women bring to the table including an incredible attention to detail, problem-solving, and communication skills that are as important in cyber work as the technical know-how. Groups like Cyber Patriot, Girls Who Code, and more recently Women’s Cyberjutsu are wonderful organizations that inspire young girls and women to pursue careers in cyber and technology.

\n

The aptitude for cyber security lies not only in the technical fields, but can also be found in many unexpected disciplines. Some of the best cyber defenders started their career out doing something completely different. We need this type of diversity and people with different backgrounds to join the industry. We need to improve thinking and skill, both technical and critical thinking skills to combat today’s adversaries.

\n

New Methods of Cyber Security Training

\n

In developing the workforce, we need to be cognizant of the need for new methods of training that inspire the next-gen learner. The traditional ways of learning in a classroom have worked in the past, but there are a lot of statistics that show traditional classroom settings alone aren’t the most effective in terms of applied skill preparedness and learning retention. Studies on the effectiveness of traditional classroom settings show that students lose  40% of what they’ve learned after 20 minutes and between 50 – 80% of what they’ve learned after one day, and 90% of what they’ve learned after six days.

\n

Gamified learning approaches are currently being adopted federal agencies, banks, oil and gas and other infrastructure organizations as well as academic institutions such as the University of Colorado,  Divergence Academy, and Loudoun Public Schools. This form of active learning generally includes on-keyboard activities along with team collaboration and applying concepts to real-world scenarios, which has shown to improve retention to 75% compared to 5% through more passive learning methods like lectures with PowerPoints. Recently, a graduate student at the University of Colorado shared his experience after he played one of the cyber games in Project Ares, Circadence’s flagship learning platform. He mentioned that he liked the feeling the game created of a sense of impending danger from the robots and that made him think better and learn more as he worked to defeat them.

\n

Pursuing ‘Cyber as a Sport’ to Capture Talent

\n

We embrace the idea of “cyber as a sport” believing cyber security skill building can and should be fun, like sports. Cyber competitions are a great way to encourage skill-building plus they bring attention to the industry. These kinds of competitions should be happening from early school age (Girls Who Code), through high school (Cyber Patriot), and university (NCCDC), and then throughout the professional career. Competition categories can include individual and team-based events, software reverse engineering and exploitation, network operations, forensics, big data analysis, cyber analysis, cyber defense, cyber exploitation, secure programming, obfuscated coding and more.

\n

Wicked6 Cyber Games, cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge are several examples of events where students can engage in healthy competition and skill-building among peers in an active, living lab setting. Circadence’s gamified training platform, Project Ares is used as the platform to deliver the competitive exercises though its immersive, gamified cyber range.  Realistic scenarios challenge players in mission-specific virtual environments using real-world tools, network activity and a large library of authentic threat scenarios.

\n

Without continued effort to increase the cybersecurity workforce, our critical infrastructure, national defense and modern economy will be jeopardized.

\n

The publication of this Executive Order is an indication that government is ready to proactively address our very serious cybersecurity challenges and is looking to new ways of training and skill building to meet the demands of today’s workforce.

\n

To keep organizations better protected in the wake of digital transformation, legislative progress like this is a significant stepping stone to alleviating the industry’s largest challenges.

\n
\n
\n
\n
\n
\n
Photo by freestocks.org on Unsplash
\n

\n
\n
\n
\n
\n
\n
Photo by David Everett Strickler on Unsplash
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n
\n","title":"The Future of Cyber Security in the Wake of Standardized Workforce Development"}},{"node":{"id":"9c9a71bc-ccf7-5a1c-925e-953b3ad16a1d","slug":"nichols-college-students-spearhead-cyber-security-education-for-the-entire-campus","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/marvin-meyer-571072-unsplash.jpg"},"date":"2019-05-16T14:37:43.000Z","content":"

Policy makers are now prioritizing data security over talent, efficiency and controlling costs. As students growing up and being educated in the digital age, we are just starting to understand the importance of cyber security to individuals and their companies. Taking part in a Research Associate Internship on campus at Nichols College, our eyes have been opened to the vast number of threats we face on a daily basis.

\n

Oracle conducted a study titled “Security in the Age of Artificial Intelligence,” where 341 C-Suite executives and 110 policy makers were asked of their plans to improve their company’s security in the next two years. The top answer from this sample was to train existing staff. Human error poses the greatest risk to these companies (Oracle). In order to mitigate this risk, it is imperative to understand the opportunity cost of training employees on the importance of cybersecurity. Prioritizing training would prevent small mistakes, potentially costing a company much more in the long run.

\n

A Nichols College Associate Professor of Accounting and Finance, Bryant Richards, noticed a gap in cyber security education, wanting to bring cyber to campus in a big way, stating “As cyber risks have become ubiquitous throughout the industry, it is our responsibility to provide some degree of cyber literacy to our business students. We must train our accounting students to be data and technology professionals who understand accounting. The realistic and experiential nature of Project Ares matches how our students learn and provides a transformative learning experience.” Richards along with the two of us, helped Nichols partner with Circadence to complete a three-month pilot program of their gamified cybersecurity learning platform Project Ares.

\n

What We Found: Circadence did a great job with Project Ares, with an appealing, gamified user interface that sucks you in and is easy to use. As a student with no technical experience in the cybersecurity field, Project Ares proved to be both engaging and challenging. It provided an abundance of resources through its Media Center and Mini Games. Users can obtain a base layer of knowledge, progressing into education on concepts like the Cyber Kill Chain and how hackers utilize it. The interactive Battle Rooms provide real-life, technical lab environments where users can spin up virtual machines, explore real-world tools, build their confidence, and hone their skills.

\n

What We Learned: You do not have to be a professional hacker to steal someone else’s information or gain access to their computer. Understanding the code is no longer enough; this is much more than an individual problem. If your own device is compromised, the hacker can steal your personal information, and steal information from your employer and worse. This harsh reality surprised us when we first commenced our research. From clicking a wrong link in an email, to accidentally tapping an advertisement banner on your phone; these small errors can seem harmless but are really detrimental to your overall security.

\n

The gamification of cybersecurity training has allowed those of us with no prior knowledge, a chance to get a leg up. With increased demand to train existing staff, new training approaches must be made for the next generation of cybersecurity specialists. Gamifying the process made it easily digestible, directly benefitting any potential company or individual.

\n

The first step in becoming educated on cybersecurity is understanding that there are threats present in our everyday lives. In the words of the man who gave us our initial walkthrough of Project Ares, Brad Wolfenden compared cybersecurity to buying a gallon of milk, saying:

\n

“I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind … The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.”

\n

It is everyone’s ‘job’ to maintain high ethical standards and awareness when operating on the Internet nowadays. It is no longer up to one person or pre-installed software to protect your personal information. The more we are educated on the basic underlying principles of cybersecurity, the safer we will all be.

\n

References

\n

Oracle. “SECURITY IN THE AGE OF AI .” Oracle, 2018, www.oracle.com/a/ocom/docs/data-security-report.pdf.

\n

Wolfenden, Brad. “A Rising Tide Lifts All Boats: Celebrating National Cybersecurity Awareness Month.” Circadence, 30 Oct. 2018, www.circadence.com/national-cybersecurity-awareness-month/.

\n

*Students R.J. LeBrun & Lorenzo Secola guest authored this blog post as part of their Research Associate Internship at Nichols College 

\n

 

\n

 

\n

 

\n","title":"Nichols College Students Spearhead Cyber Security Education for the Entire Campus "}},{"node":{"id":"40935ba3-59d1-5781-bf19-8a317b6af473","slug":"diversity-in-cyber-security-why-its-important-and-how-to-integrate-it","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/05/circCorp_aboutUs_frame_02450.png"},"date":"2019-05-10T15:27:06.000Z","content":"

You may have heard that the cybersecurity skills gap is widening, and that there is a massive shortage of cyber professionals today. In fact, Cybersecurity Ventures predicts that there will be up to 3.5 million job openings in the field by 2021. In spite of the growing need for people in cyber, women continue to be underrepresented in the field.

\n

According to major findings from the 2017 Global Information Security Workforce Study:

\n\n

It’s no surprise that women are the underdog across plenty of male-dominated industries. So why is it so important for women to close the gender gap in cyber?

\n

\n

We need diverse perspectives in cybersecurity

\n

Firstly, cyber is an area that benefits greatly from utilizing people with diverse perspectives and histories to solve problems. As threat actors and black hat hackers often come from disparate backgrounds, the wider variety of people and experience that are defending our networks, the better the chances of success at protecting them.

\n

Combat the stereotype that cyber is only for men

\n

Secondly, as there are so many empty jobs in the field, it is ultimately detrimental for a factor like a gender to narrow the pool of people pursuing it. Unfortunately, the message is ingrained in women from a young age that tech and security are “masculine” professions, which results in a self-perpetuating cycle of unconscious bias against women in the field. These problems are difficult to fix because they are subtle and pervasive and often come back to issues in culture and education. In fact, an online survey, Beyond 11%, found that most women have ruled out cybersecurity as a potential job by the age of 15. This is unacceptable!

\n

Everyone can learn cyber

\n

Finally, there is a misconception that the cybersecurity industry is only for people with highly technical skills. Unfortunately, the “bad guy” hackers out there don’t require crazy technical skills to get to your personal information. Fortunately, being on the defensive lines don’t require them either. Cybersecurity is a highly trainable field and has a growing need for people in more positions than ever before, such as legal, marketing, and public policy – all of which women have proven to excel in. In fact, the communication skills, problem-solving and attention to detail skill sets needed to excel in cybersecurity are skills women possess and are really good at.

\n

Introducing more women to cybersecurity

\n


\nPrograms and Events

\n

Since many of these problems start for women from a young age and through somewhat unconscious societal and cultural constructs, it can feel like a daunting task to get women more involved in cyber. In order to combat these misconceptions, many programs and events have been put into place to provide young women with female role models in the cybersecurity field. Events such as the Women in Cybersecurity Seminar, Women in Cybersecurity Conference, and Cyber Day for Girls are just a small number of direct-action groups that companies like IBM have put in place to address the gender gap. Further cyber competitions like the Wicked6 Cyber Games, and organizations like the Women’s Society of Cyberjutsu and Girls Who Code are dedicated to introducing young women to cyber at that earlier age before they are told “it is not for them.”

\n

Cybersecurity Mentorships and Internships

\n

Mentorships and internships are another great way to introduce girls to other women in cybersecurity fields they may think are beyond their reach. Volunteers from tech companies have been going to summer camps specifically designed to encourage young girls to consider careers in STEM, such as the Tech Trek summer camp. Additionally, the Girl Scouts just introduced the first ever cybersecurity badge, which can be earned by completing curriculum and gamified learning around internet safety.

\n

Persistent cyber career development

\n

Another way we can support and retain women who choose cybersecurity roles is for companies have policies in place that ensure women do not miss out on opportunities to further their careers after having children. Things like flexible hours and the option to work from home can be key in maintaining a diverse and productive workforce. Hiring managers can also work to ensure equal employment opportunities when looking to hire for a new position. People from all backgrounds should feel welcome to apply for roles in this highly trainable and accessible field.

\n

We need all hands-on deck now more than ever in cybersecurity, tech and STEM fields. Communicating to girls at a young age that technology isn’t just for their male counterparts, and that it can offer them a long and rewarding career, is essential in closing the gender and skills gap in cyber.

\n

To learn more how to diversify the cybersecurity workforce from a strategic standpoint, read our other blog “Diversifying the Cybersecurity Workforce.” https://www.circadence.com/a-call-to-diversify-the-cybersecurity-workforce/

\n

 

\n

 

\n","title":"Diversity in Cyber Security: Why It’s Important and How To Integrate It"}},{"node":{"id":"a88447d5-49a3-510f-b44a-fbf06c48733a","slug":"healthcare-cybersecurity-in-critical-condition","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/04/healthcare-image.jpg"},"date":"2019-04-29T08:15:19.000Z","content":"

The digitalization of healthcare communication has greatly impacted how healthcare professionals use medical devices, perform patient care, and conduct internal operations. Electronic health record (EHR) mandates and widespread adoption of mobile devices has accelerated at such a rapid pace, healthcare cybersecurity companies are making mistakes that are inviting malicious hackers inside. Unfortunately, the healthcare industry has developed a negative reputation due to frequent data breaches, ransomware attacks, and security threats. It is time to revive the industry and get it on a path to a healthy recovery.

\n

Healthcare Cybersecurity Statistics

\n\n

Causes for these attacks like unencrypted, lost and stolen devices, outdated systems, and sheer lack of cyber professional personnel contribute to the health care industry’s demise. It allows cybercriminals to steal financial and billing information from hospitals, patient records, and even bank account numbers.

\n

The following organizations have fallen victim to attacks. Their suffering gives us a glimpse into the severity of healthcare cybersecurity threats. It also sheds light on how healthcare cybersecurity spending can be re-directed to support cyber teams so they can better prevent an attack of their own.

\n
    \n
  1. SSM Health in St. Louis: A former call center employee accessed 29,000 patient records including demographics and clinical information. The former employee did not have access to financial information, according to the statement.
    2. \n
  2. 21st Century Oncology of Fort Myers, FL: An unauthorized third party gained access to a company database, putting 2.2 million individuals at risk. Data stolen may have included patient names, social security numbers, physician names, diagnosis and treatment information, and insurance information.
    3. \n
  3. UNC Dermatology and Skin Cancer Center: A stolen computer contained roughly 24,000 patients with records detailing names, addresses, phone numbers, birthdates, Social Security numbers, employment status, and employer names.
    4. \n
  4. Sinai Health System in Chicago: A phishing scam affected approximately 11,350 people of the seven-member hospital system. The investigation reported no financial information was compromised but patient information may have been compromised.
    5. \n
  5. Henry Ford in Michigan: A cybercriminal accessed email credentials from a group of employees to view and steal the data of 18,470 patients. While the email accounts were password protected and encrypted, the hacker accessed patient names, dates of birth, medical record numbers, provider names, dates of service, health insurer, medical conditions and locations.
    6. \n
\n

There is good news, however. These threats can be mitigated with the right “medicine.” How?

\n

Stopping Healthcare Cybersecurity Threats

\n

Cybersecurity starts and ends with humans. It is the people controlling the use and deployment of technologies who have the ultimate power to create a secure cyber environment. Therefore, we advocate for a “data privacy first” mentality that places people at the center of cybersecurity in the healthcare industry.

\n

Cyber teams can engage in persistent learning and skill-building opportunities to learn how best to protect patients and minimize security risk and identity theft. Protected health information and patient security is of utmost importance to healthcare cybersecurity so if cyber professionals and non-cyber professionals like understand how to improve data security, patients and the facilities that house them will be better protected.

\n

To learn more about preventative ways to stop healthcare cybersecurity threats and upskill your cyber team, download our infographic: “Cybersecurity in Healthcare.”

\n

 

\n

 

\n

 

\n","title":"Healthcare Cybersecurity: In Critical Condition"}},{"node":{"id":"d58e5e19-9cc8-52d7-a811-7b6437be3c8c","slug":"obstacles-and-opportunities-in-cybersecurity-regulation-and-legislation","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/04/sebastian-pichler-25154-unsplash.jpg"},"date":"2019-04-22T08:18:40.000Z","content":"

As our world becomes increasingly dependent on the internet, more safeguards must be put in place in order to keep our information and services we rely on secure. In the last few years, we have seen an increase in regulations and legislation passed to uphold these safeguards, but it is unclear how much this has helped in thwarting attacks. Not only are we as consumers and individuals vulnerable to data breaches and cyberattacks, but our governments are at risk for cyberwarfare and potentially crippling assaults on resources and infrastructure.

\n

Governments around the world are implementing new cybersecurity legislation, such as the NIS Directive in the EU and the Cybersecurity Act of 2015 in the US to provide more structure and protocol to cybersecurity management. Many studies have been conducted to ascertain the level of sophistication in cybersecurity that different territories around the world possess, such as the Asia-Pacific Cybersecurity Dashboard. These studies consider legislation a basic indicator of the security landscape in these territories and helps cyber legislators identify strengths and opportunities for safety improvements.

\n

The number of new cyber laws shows the importance of implementing regulatory frameworks that protect us from a personal and business perspective. These frameworks help us to understand how to implement policy, as businesses generally don’t think much about cybersecurity unless they have to due to regulations. They also contribute to the reduction of security incidents and prevention of IT crime.

\n

CYBERSECURITY LEGISLATION OBSTACLES

\n

There are various cybersecurity technology obstacles in the way across territories that make the actual establishment and implementation of “global cyber legislation” no easy task. Here are just a few ways that legislation can be blocked, delayed, or become obsolete:

\n\n

Despite these obstacles, the frequency of cybersecurity laws around the world continues to rise as the number and severity of cyberattack incidents recorded worldwide does as well. Therefore, the aim is to have legal measures in place to require protection within various territories, and in a variety of industry sectors. With this goal in mind, legislators have started to consider the requirements necessary for security in their own countries first, including assessing the capacity to respond to large-scale incidents, the protection of critical infrastructure, and ability to collaborate with other countries.

\n

ENSURING CYBERSECURITY LEGISLATION KEEPS US SAFE

\n

While obstacles may be prevalent, there are actions we can take regardless of territory or region to ensure these laws keep us safe on the ground floor.

\n\n

Staying in tune with cyber legislation can mitigate your company’s risks before, during, and after a potential attack. There remains much to be done in this field, and as both technology and cybercrime continue to evolve, so will the legal landscape surrounding these incidences.

\n

 

\n","title":"Obstacles and Opportunities in Cybersecurity Regulation and Legislation"}},{"node":{"id":"5137aab6-93a2-596e-b2a6-0d7b9bf776c7","slug":"the-internet-of-things-ushers-in-a-new-wave-of-cybersecurity-needs","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/04/domenico-loia-272251-unsplash.jpg"},"date":"2019-04-15T08:45:46.000Z","content":"

The internet has changed rapidly since its inception in 1983. The way we communicate, consume news and media, shop, and collect data are just a few examples of the way the internet has changed the world. A term you may have heard crop up in recent years is IoT, or The Internet of Things. IoT is about extending the purpose of the internet from use in day to day devices like smartphones and computers to use as a host of connected “things.”

\n

So why would we want to do that? When something is connected to the internet and able to send and receive information, it makes the device smart. The more smart devices we have, the more connected and controllable our environment will become. IoT provides important insights to businesses and people that allow them to be more connected to the world and to do more meaningful, high-level work.

\n

While the Internet of Things holds incredible potential for the world, it also means opening up more avenues of vulnerability for hackers to tap into our infrastructure, our homes, and our businesses. On a large scale, the development of “smart cities” are cropping up, promising better usage of resources and more insights from data among other things. On the other hand, this could allow hackers higher access to critical infrastructure leading to potentially crippling instances of national and industrial espionage. On a smaller scale, things like parking meters can be hacked in order to cheat the system for free parking.

\n

The rise in IoT security must match the explosive growth rates for these devices, which means that a new era of cybersecurity is being ushered in. Nearly half of U.S. companies using an IoT network have been hit by a recent security breach, and spending on IoT security will reach more than $6 billion globally by the year 2023.

\n

Where does this leave us in a world with a seemingly bright technological future that holds such dark potential? As IoT continues to grow and evolve, it’s hard to say what specifics need to be put in place in order to keep it secure. However, there are some good general practices that can mitigate your personal and professional risk of being a victim of a breach.

\n\n

All these tips are focused on educating yourself as a responsible user of the internet and sharer of all things personal and professional. To protect yourself (and others around you), keep learning safer internet and cybersecurity practices. Cyber is always changing, just like the internet, and if we overlook a privacy policy or share a little “too much” on social media, we place ourselves at risk of exploitation and danger. It is up to us, the individuals who use this technology day in and day out, to create safer spaces online to communicate and continue to enjoy the internet in all its glory.

\n

Eventually, there is hope that the IoT industry is able to revolutionize cybersecurity for itself, as compliance and regulation never seem to catch up to the pace required by cyber defense technologies. Since this is still such a new industry and constantly evolving, utilizing the aforementioned tips and tricks will help you stay safe while IoT security gets its footing. There is a lot to look forward to as IoT continues to revolutionize the way the world works, it’s just a matter of time before cyber teams are ready to take on this new wave of security needs.

\n

Photo by Domenico Loia on Unsplash

\n","title":"The Internet of Things Ushers in a New Wave of Cybersecurity Needs"}},{"node":{"id":"a2b8a0c3-bf74-53e3-a1ef-792e425e4f1a","slug":"a-new-perspective-changing-how-we-think-about-cybersecurity-training","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/03/sergio-souza-735921-unsplash.jpg"},"date":"2019-04-08T08:45:08.000Z","content":"

What if someone told you that there was a new way to commute to work in the morning? A way that was more efficient than taking the highways or backroads to avoid traffic – a way that would allow you to save time, headaches and the dangers of driving altogether…you’d be interested, right? Maybe a little skeptical, certainly, but interested. So would we! Changing the way we think about a process or an act does not happen at the flip of a switch. We know that.  However, the speed at which technology advances and new products and services hit the market with attempts to make our daily lives easier, faster, better requires us to be open to new ways of thinking about traditional approaches. In this blog, it’s about changing how we think about “cybersecurity training.”

\n

While we can’t help you teleport to your office or lend you a flying car, the concept behind the “better way to commute” scenario is exactly what we at Circadence are advocating for—A new way to think about cybersecurity training and skills development. Now, we realize that might not be as “cool” as teleportation but hear us out.

\n

When it comes to cybersecurity, we believe wholeheartedly that there is a better way to train cyber professionals on the latest tactics and techniques. Why? Current ways of developing professionals with “one-and-done” trainings in classroom settings aren’t working. How do we know this? Because businesses are still getting hacked every day. In 2018 alone, we saw a 350% increase in ransomware attacks and 250% in spoofing or business email compromise. If lecture-based, classroom setting, PowerPoint-driven training courses were working, we wouldn’t still be reading about breaches in our local and national news. Something new, something different has to be done.

\n

Talk to your teams

\n

People develop, use and control the technologies we have available to us. People are the mechanisms by which we execute certain security methods and procedures. People are the reason there are actual tools to help us stop threats. Talking to your team can help gain perspective on how they are feeling with their current workloads and where they want to improve professionally.

\n

Without well-trained individuals who persistently learn new skills and find better (more efficient) ways to operationalize cyber processes and techniques, our businesses and our personal information will be exploited—it’s only a matter of time. While you may be thinking “I send my team to an off-site course and they learn new stuff every time” then great! We invite you to take the next step and talk to those teams about how they’re using what they’ve learned in everyday cyber practice. Sometimes the first step in adopting a new way of thinking about a process (in this case, cyber training), we need to talk to the people who actually experienced it (those with boots on the ground).

\n

Talk to your teams about:

\n\n

Listening to teams and asking objective questions like this can shed light on what’s working in your cyber readiness strategy and what’s not.

\n

Reframe negative thoughts

\n

Things that are new and different are disruptive and that can be scary for leaders looking for concrete ROI to tie to cyber readiness solutions. Forbes suggests reframing negative thoughts as well. In thinking about a new way to do cyber training, instead of “gamified cyber learning will never work,” come from a place of inquiry and curiosity instead. Reflect on what feelings or experiences are causing you to think negatively about a new way of doing something.

\n

Ask objective questions like:

\n\n

Understanding how something works or could work for your specific situation is the foundation for evaluating the merit of any new process or approach presented to you.

\n

Know Today’s Cyber Training Options

\n

How cyber training has been conducted hasn’t changed much in the past several years. Participation in courses require professionals to travel off-site to facilities/classrooms where they gather together to listen to lectures, view PowerPoint presentations and videos, and maybe engage in some online lab work to “bring concepts to life.”

\n

Travel costs incur, time away from the frontlines occurs, and learners often disengage with material that is passively delivered to them (only 5% of information is retained with passive-learning delivery).

\n

One of the biggest gaps in cyber training is that there isn’t a way to effectively measure cyber competencies in this traditional method. The proof is in the performance when professionals return to their desks and attempt to identify incoming threats and stop them. That absolute, black and white, way of measuring performance is too risky for businesses to stake their reputation and assets on.

\n

Leaders who send their teams to these trainings need to know the following:

\n

1) what new skills cyber teams have acquired

\n

2) how their performance compares to their colleagues

\n

3) what current skills they have improved

\n

4) what cyber activities have they completed to demonstrate improvement/progression

\n

Today’s off-site trainings don’t answer those questions until it’s too late and a threat has taken over a network. Professionals can “see” really quick when a learned skill doesn’t translate to real life.

\n

Embrace the journey of learning

\n

There is a better way to train professionals and it can happen with gamification. But don’t let us be your only source of truth. Talk to people. Listen to their experiences training traditionally and hear firsthand what they want out of a skill building opportunity. Read the latest research on gamification in the corporate workplace. Then, make connections based on the intel you’ve gathered to evaluate if gamification is right for your organization’s professional development approach.

\n

We’ll be here when you’re ready to dive deeper into specific solutions.

\n

Photo by sergio souza on Unsplash

\n","title":"A New Perspective: Changing How We Think About Cybersecurity Training"}},{"node":{"id":"fa467c4b-1469-5e68-8eb0-28ab50b83a0a","slug":"are-you-living-the-ciso-nightmare-five-cyber-concerns-keeping-them-up-at-night","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/03/sergey-zolkin-192937-unsplash.jpg"},"date":"2019-04-01T08:45:12.000Z","content":"

What keeps CISOs up at night? Is it the looming concern of a threat? The uncertainty of cloud security? Wondering if you have enough cyber pros on the frontlines to defend and protect? Maybe it’s all three –and more. CISOs are carrying a lot of security responsibility on their shoulders, all while trying to make sure their department is transparent, vigilant, agile, and of course, secure. Focusing on so many areas of digital opportunity, security vulnerability, and defensive improvement make it challenging for CISOs to truly dedicate attention to any specific operational “thing” for too long before they have to move to the next issue. Adapting to this rapid change of pace in the security industry can compromise security strength and lead to growing concerns about whether teams are really prepared for the next threat. We’ve pinpointed the top five cybersecurity concerns of CISOs that are stuff nightmares are made of.

\n
    \n
  1. \n

    New Threats

    \n
    2. \n
\n

This shouldn’t be a surprising concern. Threats are ever-evolving just as technology and digital connectivity is. While CISOs strive to keep their defenses up to snuff with the latest technology, there is always a new weakness waiting to be exploited. The recent government shutdown is a perfect example. It pulled many defenders off the frontlines of security, leaving the door wide open for malicious hackers to walk on it and do unimaginable damage. Also, the 2016 election attracted black hat hackers to manipulate public perception of the race via the use of social media. There’s always a new threat, a new vulnerability to be wary of—and CISOs are looking for ways to ensure their teams are always ready, always prepared, and have the proper support they need from machines and fellow colleagues to keep assets and people safe from harm.

\n
    \n
  1. \n

    Minimal Agility

    \n
    2. \n
\n

While CISOs desire agile operations and solutions, many still follow a linear “waterfall” model with sprinklings of agile adaptations. Developers, in particular, create security solutions tend to follow prescriptive, step-by-step requirements without always considering how security fits into the bigger solution picture. One can imagine the repercussions of such an approach. Failure to close the widening gap between deployment velocity and security implementation can yield weak security resilience. CISOs wonder if their organizations are strong enough to have both deep security testing in place and remediation plans effective enough to remove any semblance of fear, uncertainty, and doubt. DevSecOps spells opportunity for agile security as the approach advocates for the integration of security “checks” during every stage of development from planning to coding to testing and deployment and monitoring.

\n
    \n
  1. \n

    IoT and Cloud Security

    \n
    2. \n
\n

As work migrates out of the traditional office, users are moving off the network and accessing the cloud directly. More applications and servers are moving to the cloud to save money, achieve scale, and obtain greater access. However, massive amounts of sensitive data are now stored in the cloud and the “location” of that data and perceived lack of visibility is concerning for CISOs. According to a Kaspersky Lab study, one in three CISOs ranked cloud computing as a top security risk. Part of a CISO’s job is to apply controls to cloud security but when other responsibilities including managing security solutions take priority, concerns of cloud security often go unalleviated.

\n
    \n
  1. \n

    Cybersecurity Skills Gap

    \n
    2. \n
\n

This is one of the reoccurring nightmares for CISOs: finding and retaining enough security talent to bolster a capable cyber team with the right skills to address attacks. CISOs need a solution to improve the cyber skills at their company but can’t realistically send everyone away to class. Likewise, CISOs may realize they have skills gaps on their teams and assessing their competencies and hiring the right talent is becoming a growing challenge. Further, every CISO is concerned about their company being the next news headline of a cyberattack, so they are constantly worried about their overall cyber readiness and keeping their teams razor sharp. Looking down the barrel of a 300,000+ security job shortfall in the U.S. alone, CISOs fear their teams, whether large or small and mighty, may not have all the skills they need to effectively top new threats.

\n
    \n
  1. \n

    Rebuilding Trust

    \n
    2. \n
\n

It’s been a bad few years for cybersecurity leaders with the growing number of well-publicized hacks of large and small companies. Naturally, such news leaves many consumers and company stakeholders distrusting companies who fall victims to these attacks. What’s worse is trying to rebuild trust after an attack. It’s not a flip of a switch or apologetic PR statement that automatically regains public trust in data security for a company. It can take months or even years for a company to bounce back from a breach of any magnitude. Privacy issues, security and device addiction are all elements that need to be addressed from the beginning in order to take ownership and responsibility of how customer data is stored, used, transferred, and accessed.

\n

There’s often too much momentum in the way of today’s cyber operations to allow for any kind of change but this is something that MUST change. CISOs and their teams live with cybersecurity worries, threats, and “unknown unknowns” that are simply too scary to block out. Frustrated talented resources and limited budgets perpetuate these cybersecurity nightmares. For CISOs to wake up from these horrible scenarios, they need to consider new ways to develop their teams and foster holistic “security is everyone’s responsibility” cultures in order to move forward. New threats, cloud security issues, and skill gap concerns can be quelled with the proper persistent learning solutions in place to empower and augment cyber teams toward a stronger security infrastructure. Likewise, educating the entire staff, not just the IT department on security issues and best practices ensure everyone will have sweeter dreams.

\n

Photo by Sergey Zolkin on Unsplash

\n","title":"Are you living the CISO nightmare? Five Cyber Concerns Keeping Them Up at Night"}},{"node":{"id":"7b17e150-826d-5bad-a77f-c62a96e4bc46","slug":"on-the-move-cyberattacks-on-the-transportation-industry","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/03/m_v_-777372-unsplash.jpg"},"date":"2019-03-27T14:07:05.000Z","content":"

Everything is on the move. People. Agriculture. Water. Power. Materials ranging from home goods to hazardous waste all flow through a massively complex, public/private, interconnected – and increasingly automated – hive of vehicles and transport systems.

\n

According to the Department of Homeland Security:

\n\n

Via plane, train, or automobile, the transportation sector supports nearly 10 percent of the U.S. GDP and transports nearly 20 billion tons in goods annually. Over the past couple of years, the industry has grown in complexity in logistical chains, production, facility and manufacturing partners, and plant management operations.

\n

As a result of such growth, the industry has shifted to more automated processes, turning paper documents into digital formats, and using advanced analytics to address customer needs. Those efforts have placed more transportation systems online. With the expansion of the transportation industry into the digital domain, transportation cyber security has become more important than ever before.

\n

Historical cyber attacks on transportation systems

\n\n

While many transportation companies understand the importance of keeping data and passengers safe and secure, a few companies have experienced the detrimental effects of an attack similar to other industries like the financial sector and healthcare.

\n

From ransomware attacks to data breaches, the transportation sector is not immune to malicious hackers. While the industry has been thought of as “less vulnerable,” it also means the industry could be next in line for hackers to target. This is especially true now that automobiles and transit systems are becoming increasingly more connected via IoT, or the Internet of Things. Many cars now come with their own WiFi hotspot, public transportation utilizes apps to help you get around, and specialty lanes on the highway use the internet to charge for driving in things like the express lane.

\n

Unauthorized users know that such “untapped” industries are indeed at risk because they haven’t been attacked yet, leading industry professionals to believe their systems are secure and not defenseless. A system may appear to be secure, but until the first oversight or staffing shortfall impacts security, it’s hard to be 100% certain. The transportation industry is new territory that can be easily exploited if persistent cyber learning, procedures and processes are not put in place.

\n

Since most transportation organizations keep cybersecurity responsibilities in-house, building a culture of awareness within the organization that prioritizes education, skill-building, and continual awareness, is crucial to staying on top of threats. Transportation industry cyber teams and CISOs would do well to be proactive in their cybersecurity efforts instead of hoping their systems are secure from hackers. Hope isn’t a strategy.

\n

So, what is the best strategy? Continuous learning that upskills your cyber teams. It can and should be a part of the transportation sector’s cyber readiness efforts to constantly improve their posture. Because, as we know, the only constant in cybersecurity is change. The transportation industry is dynamic and evolving, just like cyber threats. Cybersecurity is the responsibility of everyone, not just those in IT. All need to take ownership of how they contribute to the security of the company.

\n

Failure to provide responsible oversight will not only impact everyone personally employed in the company, but it will have a ripple effect that extends out to the great social, political, and economic groups that depend on transportation.

\n

Transportation’s reach and integration with so many other industries requires and demands a stronger cybersecurity arm. To start strengthening the sector, we’ve prepared four strategies to form an elite cyber team. Without a strong cyber team in place, the newest technologies and tools will only go as far as the skill sets and knowledge base of your cyber team.

\n","title":"On the Move: Cyber Attacks on Transportation Systems"}},{"node":{"id":"a8d00707-a06f-5f10-b4a4-58df22aa54e6","slug":"hope-for-cybersecurity-cyber-teaching-challenges-new-horizons-for-cyber-learning","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/03/john-schnobrich-520023-unsplash.jpg"},"date":"2019-03-18T09:30:50.000Z","content":"

The statistics are dismal. An estimated 3.5 million unfilled cyber positions by 2021 and today, we have over 300,000 openings in the U.S. alone. According to a New York Times article, “filling those jobs would mean increasing the country’s current cybersecurity workforce of 715,000 people by more than 40 percent,” according to data presented at the National Initiative for Cybersecurity Education Conference. If you’re a student in cyber or are just undeclared, there hasn’t been a better time to consider cybersecurity as a professional career. The field has come a long way from the stereotypical hoodie-wearing, Mountain Dew sipping worker in a dark room performing tedious coding tasks.

\n

Cybersecurity is so much more than that—and it’s exciting! Don’t believe us? At Divergence Academy, we are preparing the next generation of cyber professionals to enter the workforce and alleviate the skills gap through gamified learning. If more institutions adopted such an approach, we as educators would be more successful at not just engaging our students in teaching relevant concepts and theory, but successful at helping them build skills needed in today’s workforce.

\n

Cyber Teaching and Learning Challenges

\n

But before we get into the “hopeful” part of this article, we need to understand the challenges in teaching cyber in the first place. The way that cybersecurity has been taught throughout the years often include lectures, PowerPoint presentations or online models that students complete on their own. Inherently there is nothing wrong in teaching new information in this way. However, the opportunity exists to help students learn how to apply this knowledge to a real-world setting. The act of doing and creating the needed experience is the single most important quality job candidates can bring to an employer and this is the gap Divergence Academy is hoping to close.

\n

When students sit in a classroom, information can be presented in a systematic way, where in real life this may not always be the case, especially in the world of cybersecurity.

\n

When you think of teaching someone how to think like a hacker, you are fundamentally teaching them how to be creative in how they approach a situation.

\n

The concept of teaching someone to think like a hacker is easier said than done, which is why diversifying the way students can process information is crucial. Not every student learns in the way same.

\n

There’s Hope for Cybersecurity: Continuous Skills Acquisition and Application

\n

As cyber educators and instructors, we know there is no “one-way” to teach and that’s the good news! While certifications and technical degrees are a starting place for cybersecurity readiness and workforce development, instructors must think of new methods that provide persistent access to cyber education.

\n

This statement can best be described with an analogous story. If an aspiring baseball player was training for the major leagues and went to practice to hone his/her skills, they would certainly learn something. However, if that aspiring baseball player then applied for the major leagues a year or so later, without attending training leading up to that point, he/she would be a little rusty, wouldn’t you say? The same situation can be applied to cybersecurity. You wouldn’t attend a class or even complete a full degree in cybersecurity and then apply for a job and say you were a “seasoned cybersecurity professional,” would you? Of course not. There is no “final inning” in cybersecurity signaling a professional’s peak of learning and skills acquisition.

\n

Threats evolved day by day and if a student graduates thinking about phishing or malware detection one way and ends up in a work environment where that knowledge isn’t applicable anymore, we won’t be able to help the next generation of cyber pros be successful in their jobs. To keep current students and alumni actively engaged in critical learning, persistent access to cybersecurity training must be employed. In this industry, the only constant in cybersecurity is change, and for that reason (in addition to the multitude of attacks businesses every day), educational institutions can be vigilant in putting learning to work for the businesses and workplaces we rely on to support our daily functions.

\n

As technology and interconnectivity evolve with each passing day, steps must be taken immediately to adopt a pedagogy that values and emphasizes continuous learning to best prepare our students for the career they want. With gamified learning at the helm of a new teaching approach for cybersecurity, we can be on our way to minimizing the cyber skills gap and empowering today’s students in a more effective way.

\n

For more information about our gamified learning cyber courses, visit https://divergenceacademy.com/.

\n

 

\n

 

\n

 

\n","title":"Hope for Cybersecurity: Cyber Teaching Challenges & New Horizons for Cyber Learning"}},{"node":{"id":"5ebf8610-d040-5a9a-bebf-1c6627daa1eb","slug":"guest-blog-embracing-immersive-gamified-cybersecurity-learning-featuring-divergence-academy","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/03/brooke-cagle-609873-unsplash.jpg"},"date":"2019-03-11T07:25:10.000Z","content":"

What is immersive, gamified cybersecurity learning? The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit the mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But gamification is more than a buzz word. Companies have seen gamification work for them in cyber team training—so we thought it wise to take what is working and apply it at the earlier stages of career development—in the classroom.

\n

At Divergence Academy, we are proud to offer a curriculum that embraces blended cyber learning to cultivate students and transitioning professionals who are ready to enter the workforce and stop today’s cyber threats.

\n

We offer data science, cybersecurity, and cloud computing immersive learning programs that enable students to gain the knowledge and skills needed to work in any of those fields. Many of our courses offer a mix of concept-driven learning and application-driven learning so that students understand new knowledge and, in turn, apply that knowledge in skill building, project-based activities. Through working with messy, real-world data and scenarios, students gain experience across the entire technology spectrum.

\n

Studies find when learners engage in active learning, hands-on activities, their information retention rates increase from 5% (with traditional, lecture-based methods) to 75%. The millennial generation presents radically different learning preferences than previous generations. Thus, educational institutions across the country should consider gamification as a pedagogical technique in the classroom. A study from the University of Limerick notes:

\n

Gamified learning activities could become an integral part of flipped teaching environments. Their social, asynchronous nature can be used to prompt students to engage with pre-prepared content, while gamified learning activities can be used in the classroom to prompt student interaction and participation.

\n

In watching our students engage with gamified activities, we see team-building blossom before our eyes. We see instant collaboration and problem-solving and critical thinking emerge. Those kinds of soft skills can’t always be taught in a traditional lecture-based setting and because of that, it is critical that we continue to offer a healthy mix of concept-driven learning with gamified learning opportunities to our students so that they can enter the workforce with a more holistic understanding of the industry.

\n

Cybersecurity has become a captivating and engaging subject matter for students, which is fantastic as those words aren’t typically associated with the technical field.

\n

“Wow, today we were introduced to Project Ares. Captivating is the best description I can think of. It is like ‘Call of Duty’ for cybersecurity.”
\n~ Divergence Academy Student, 24 years old

\n

Fellow professors and instructors are looking for ways to make cybersecurity more interesting and attractive to students and we believe at Divergence, the gamified learning approach can help. It is an approachable way for students to engage with a field they may be completely unfamiliar with and it supports instructors by offering a course that students WANT to take.

\n

“We notice an increase in student engagement in the classroom with the introduction of Project Ares. Gamification brings an element of intrigue and satisfaction to the learning experience.”
\n~ Beth Lahaie, Program Director

\n

We hope our adoption and proven success of a blended learning approach is the nudge other institutions around the globe need to consider its power in building the next generation of cybersecurity professionals.

\n

 

\n

 

\n","title":"Guest Blog: Embracing Immersive, Gamified Cybersecurity Learning, Featuring Divergence Academy"}},{"node":{"id":"206ab4a8-b7c4-5abf-9664-18034f1ea371","slug":"guest-blog-reimagining-cyber-learning-for-students-featuring-divergence-academy","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/02/kids-Ares.jpg"},"date":"2019-03-04T15:08:35.000Z","content":"

 

\n

It’s one thing to talk about the importance of teaching cybersecurity in an engaging way, and another thing to actually do it. Divergence Academy is proud to partner with Circadence to reimagine how cybersecurity is taught to current and aspiring professionals.

\n

About Divergence Academy

\n

Divergence Academy is an education institution creating adaptive learning solutions to empower individuals to pursue the work they love on the most relevant skills of the 21st century – from web development to data science to product management. It was established in 2014 as the first Data Science school in the Dallas/Fort Worth area school that used a hybrid approach to learning. It offers immersive and weekend programs for working professionals, college grads and transitioning workers.

\n

In early 2017, the academy grew to partner with leading cybersecurity organizations including E.C. Council and CompTIA to offer certified learning for students. However, it found that the curriculum was missing something—a “WOW” factor—a platform where learning could be managed and developed using a more hands-on approach, allowing students to level up and reinforce the skills they were learning towards certification.

\n

A Gamified Approach to Cyber Learning

\n

In realizing that we needed a more robust learning platform that complemented the certifications we offered, we were introduced to Circadence, a market leader in cybersecurity readiness, known for its Project AresÒ cyber range solution. It incorporated gamification into every aspect of the learning process, which encouraged students to progress through real-world exercises at their own pace and with a level of engagement unseen in previous traditional course sessions.

\n

Finding Project Ares put us on the map as an institution that put learning to work and it showed that we are not just an AI school but a school that teaches what we preach!

\n

The Class: Cybersecurity Professional Penetration Tester

\n

We launched our 12-week class using Project Ares in early February 2019. The program is a 400-hour course delivered over 2 weekday evenings and Saturday to prepare students for the role of Certified Ethical Hacker. We have a mix of students from mathematicians to software engineers to IT students all with varying levels of knowledge of cybersecurity, but anxious to learn.

\n

In Project Ares, students are able to identify “learning moments” where they begin to connect the dots on how a cyber concept is applied to a real scenario. They try to solve problems together, which is exactly what a real cybersecurity job would require.

\n

Not only are students learning industry-wide technical competencies such as information assurance, risk management and incident detection but also workplace competencies like teamwork, planning and organizing, problem-solving, and more. In preparing for a CEH role, students engage in the battle rooms, learning foundational skill sets and then apply them to a methodology in the missions. Skills like system hacking are learned in Missions 8-10, 12, and 13, and enumeration in Mission 1, and reconnaissance in Mission 1.

\n

The feedback from them is reassuring that Divergence Academy and Circadence are a powerful partner. We hear they enjoy collaborating with their peers in exercises within the platform and they kind of form their own “tribes” if you will and that’s the beauty of gamified learning. It really teaches these students how to work together, build soft skills, and technical skills needed for today’s workforce.

\n

The Impact of Project Ares

\n

Project Ares has allowed our instructors to really focus on our student’s performance. The automated, in-game advisor Athena within Project Ares helps students progress from activity to activity and solve problems quicker, which helps instructors prioritize the pace of learning from all students and in using the trainer view in Project Ares, see where the skills gaps are and how to better inform the exercise content to meet the individual needs of the students. Further, the automatic scoring and badging in the platform coupled with the media center allows instructors to easily align course curriculum with the platform’s games, whether it’s in a mission, a battle room, or through a mini-game.

\n

A Vision Come to Life

\n

Divergence Academy is excited to build a network with local community colleges in the Dallas/Fort Worth area in order to help upcoming graduates and faculty see us as a school that takes student learning to new levels—applied levels—practical levels that are relevant to the workforce. We hope local schools see our trade school as the next step in their learning journey to cybersecurity professionalism and understand that they will be able to get hands-on skill building (or upskilling) and practical experience.

\n

 

\n

To learn more about Divergence Academy and how they’re using Project Ares to support student learning, visit https://divergenceacademy.com/.

\n

 

\n","title":"Guest Blog: Reimagining Cyber Learning for Students, Featuring Divergence Academy"}},{"node":{"id":"7b475edc-3111-5e7b-8222-05508de68384","slug":"ten-reasons-to-check-out-san-francisco-while-at-rsa","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/02/ragnar-vorel-311734-unsplash.jpg"},"date":"2019-02-13T09:15:26.000Z","content":"

Your definitive guide to de-compressing from the tradeshow chaos.

\n

Exhibiting at and attending a tradeshow can be stressful. Packing, getting to your flight on time and finding your way in a “new” city are all trying. Not to mention, once you arrive at the show, the hours are long, the coordination is tedious, and all the coming and going from various conference rooms is tiresome—plus you are “always on.” We think you deserve a break! If you’re gearing up for the RSA 2019 Conference in San Francisco, CA this year March 4-8 at the Moscone Center, we’ve compiled the best stress-reducing, fun activities to do and see (after visiting with us at booth #6583, of course).

\n
    \n
  1. RSAC After Hours Events: These events, hosted by the conference, offer Full Conference and Discover Pass holders the chance to hang out with industry peers and colleagues in a setting of their choice.\n\n
    2. \n
\n
    \n
  1. Check out The View Lounge rooftop at the Marriott Marquis for some delicious cocktails and incomparable views of the city. Only a 6-minute walk from Moscone Center! It’s the perfect place to bring clients and partners, do some networking, or enjoy a little alone time at the end of a long day of networking and meetings.
    2. \n
  2. Head to the Ferry Building to enjoy the sights and sounds of the city. The expansive marketplace inside is home to wine, coffee, food, and souvenirs. A great spot to grab some lunch or coffee and get out of the conference room.
    3. \n
  3. Yerba Buena Gardens is a beautiful place to reflect on the tradeshow experience thus far and find some peace after the busyness of the day. Serene waterfalls, sprawling lawns and gorgeous gardens are sure to help you unwind, and it’s right across the street from the conference. Beyond being a great place to relax, a sponsored game of Intro to Capture the Flag will be taking place in the park from 8:00 a.m. to 9:30 a.m. on Thursday, March 7th. This is a women’s only game geared toward beginners. You will gain real-life hacking experience while collaborating, game playing, and enjoying coffee and bagels.
    4. \n
  4. If you’re looking for hot new restaurants to try, look no further than these gems near the tradeshow:\n\n
    5. \n
  5. Visit the San Francisco Museum of Modern Art, just around the corner from Moscone. The inspiring art and calm atmosphere are just the ticket for hitting the re-set button. Here is a list of museums that offer free days around the city if you find yourself craving more artistic expression!
    6. \n
  6. If art isn’t your thing, or you’re on the hunt for a very authentic San Francisco experience, be sure to check out the Cable Car Museum. It’s a free museum in the Nob Hill neighborhood. It holds historical and explanatory exhibits on the San Francisco cable car system, which can be regarded as a working museum in and of itself. If you’d like to actually ride one, here is a list of routes, tickets, and schedules.
    7. \n
  7. After spending the day at the tradeshow, why not visit the Fortune Cookie Factory and see what the future holds for you? This little bakery offers free tours, delicious fortune cookie flavors and toppings, and makes over 10,000 cookies per day, by-hand, from scratch. You can also get custom fortunes made as a gift for your colleagues and newfound customers and partners!
    8. \n
  8. Looking for an amazing shopping experience in the city? The Westfield San Francisco Center has you covered. From top department stores to small, SF-based boutiques, you can get whatever you need here. There’s also a dining hall and many delicious restaurants if you have trouble deciding what to eat.
    9. \n
  9. Still unsure of how to spend your time away from the Circadence booth #6583? Check out this list of sponsored parties around town. Keep checking back as this list will continue to get updated!
    10. \n
\n

We hope you find time to enjoy yourself this year at RSA. Kickstart your city adventures with some fun and be sure to visit the Circadence booth #6583 for more excitement. We would love to talk shop and hear what you’ve been able to do from our list!

\n

Photo Credit: https://unsplash.com/@sonuba

\n","title":"Ten Reasons to Check Out San Francisco while at RSA"}},{"node":{"id":"a5db9beb-7f4b-5314-8e97-dbabb4334b66","slug":"guest-blog-taking-cybersecurity-learning-to-a-whole-new-level","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/02/MicrosoftTeams-image-9.png"},"date":"2019-02-12T15:47:01.000Z","content":"

Last week I was lucky enough to be able to attend Circadence’s Cyber Learning Tour at the Microsoft Technology Center in Chicago.  This event was hosted by Laura Lee, VP of Rapid Prototyping,  and one of the lead creators of the Project Ares training platform.

\n

The opportunity to attend this event and hear from the brains behind Project Ares was an eye-opening experience for me.  The passion that Laura spoke with was something that I could relate to.  As someone who personally advocates for introducing more people to information technology and more specifically cybersecurity, it was amazing to hear Laura Lee talk about how she utilizes Project Ares in schools as early as middle school to educate students on not only the importance of cybersecurity but also real-world scenarios.  Hearing Laura talk about kids using Metasploit, Nmap, Wireshark and learning how to defend simulated cyber-attacks or infiltrating networks with Project Ares is taking learning to a whole new level.

\n

One of the more interesting topics Laura brought up about the platform is the scoring capability and how it works within the learning environment.  She often finds students begin competing against each other on the platform by going through missions and assessments over and over again to see who can get the better score.  This brings another avenue of excitement and energy to cybersecurity that could lead to more exposure with things such as e-sports using Project Ares.

\n

The fact that Circadence has created a learning environment that brings gamification, cybersecurity, and training to the same platform is ground-breaking to me.  Here is a platform that will simulate real-world scenarios like bank networks, power grids, and other enterprise networks and you either must attack (red team) or defend (blue team) using real-world skills and tools.  If you’re a rookie at cybersecurity, Project Ares offers a variety of battle rooms and assessments that will help get you up to speed.

\n

To hear more about why gamification and AI-powered cyber learning is the future of cybersecurity skill building, check out one of their other Cyber Learning Tour stops here: https://marketing.circadence.com/acton/media/36273/cyber-learning-tour-with-microsoft.

\n

Follow Zach’s YouTube Channel I.T. Career Questions for all things cybersecurity learning and development here: https://www.youtube.com/channel/UCt-Pwe2fODjH4Wuwf5VqE7A.

\n","title":"Guest Blog: Taking Cybersecurity Learning to a Whole New Level"}},{"node":{"id":"7bf20990-737d-50de-a5d3-725ee2f8928a","slug":"a-call-to-diversify-the-cybersecurity-workforce","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/02/rawpixel-653764-unsplash.jpg"},"date":"2019-02-11T16:19:55.000Z","content":"

You’ve read about it, know it well, and can probably instantaneously identify one of today’s top cyber crises: the cybersecurity skills gap. It’s putting enterprises, governments and academic institutions at greater risk than ever because we don’t have enough professionals to mitigate, defend, and analyze incoming attacks and vulnerabilities. According to recent estimates, we are looking at the possibility of having as many as 3.5 million unfilled cybersecurity positions by 2021. The widening career gap is due in part to the lack of diversity in the industry.

\n\n

And we’re not just talking about racial and ethnic diversity, we’re also talking about diversity of perspective, experience and skill sets. A recent CSIS survey of IT decisionmakers across eight countries found that 82% of employees reported a shortage of cybersecurity skills and 71% of IT decisionmakers believe this talent gap causes direct damage to their organizations[1]. It’s not just the technical skills like computer coding and threat detection that are needed, employers often find today’s cyber graduates are lacking essential soft skills too, like communication, problem-solving, and teamwork capabilities[2].

\n

An ISC2 study notes, organizations are unable to equip their existing cyber staff with the education and authority needed to develop and enhance their skill sets—leaving us even more deprived of the diversity we desperately need in the cybersecurity sector. The more unique thinking, problem-solving and community representation we have in the cybersecurity space, the better we can tackle the malicious hacker mindset from multiple angles in efforts to get ahead of threats. Forbes assents, “Combining diverse skills, perspectives and situations is necessary to meet effectively the multi-faceted, dynamic challenges of security.”

\n

In an interview with Security Boulevard, Circadence’s Vice President of Global Partnerships Keenan Skelly notes that as cybersecurity tools and technology evolve, specifically AI and machine learning, a problem begins to reveal itself as it relates to lack of diversity:

\n

“The problem is that if you don’t have a diverse group of people training the Artificial Intelligence, then you’re transferring unconscious biases into the AI,” Keenan said. “What we really have to do…is make sure the group of people you have building your AI is diverse enough to be able to recognize these biases and get them out of the AI engineering process,” she added.

\n

The good news is that is it never too late to build a more diverse workforce. Even if your organization cannot hire more people from different career backgrounds or varying skill sets, existing cyber teams can be further developed as professionals too. With the right learning environments that are both relevant and challenging to their thinking, tactics and techniques, current employees can develop a more diverse set of cyber competencies; all while co-learning with diverse teams around the world.

\n

Companies can also build relationships with local educational institutions to communicate critical workforce needs to better align talent pipeline with industry needs, recommends a new study from the Center for Strategic and International Studies. Likewise, cyber professionals can be guest speakers or lecturers in local cyber courses and classrooms to communicate the same diversification needs in the industry.

\n

While some experts say it’s too late to try and diversify the workforce in thinking, skill, and background, we beg to differ. If we give up now in diversifying our workforce, our technology and tools will outpace our ability to use it effectively, efficiently, and innovatively. It’s not too late. It starts with an open mind and “take action” sense of conviction.

\n

[1] CSIS, Hacking the Skills Shortage (Santa Clara, CA: McAfee, July 2016), https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hacking-skills-shortage.pdf. 

\n

[2] Crumpler and Lewis, The Cybersecurity Workforce Gap, Center for Strategic and International Studies, January 2019.

\n

Photo Credit: https://unsplash.com/@rawpixel

\n","title":"A Call to Diversify the Cybersecurity Workforce"}},{"node":{"id":"27e5393b-b50c-5c38-9106-e5ddd7417bc3","slug":"making-cybersecurity-better-dan-manson-to-speak-at-rsa-2019","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/01/Ares-Dark-BG-1.jpg"},"date":"2019-01-23T15:44:41.000Z","content":"

With the New Year in full swing, we are resolved to improve not only our own products to meet industry shifts but helping improve cyber professional’s skill sets against evolving threats. One of the ways we are doing this is through the help of our team member Dan Manson, Instructional Designer (Level 5) and current Professor of Computer Information Systems at California State Polytechnic University, Pamona.

\n

Dan is speaking on a panel discussion at the upcoming RSA 2019 conference, titled “How to Create a Truly Diverse Cyber Workforce” on Thursday, March 7 from 1:30 p.m. – 2:30 p.m. alongside panelists Mat Neufield, CISO for Unisys, Jordan Jacobson, California State Polytechnic University, Pomona student. Shelly Westman, principal with EY will moderate.

\n

It is at events like RSA (Find Circadence and Project Ares at booth 6583), the Circadence team and visitors to our booth share industry perspectives and explore dynamic learning solutions for cybersecurity professionals. The insights from these meetings often influence our advance product capabilities, features, and offerings.

\n

In addition to sharing his expertise on the ways to diversify the cyber workforce, Dan looks forward to playing an integral part in our Project Ares® cyber learning platform evolution alongside the rest of our incredible team.  He is helping integrate proficiency standards and competencies into Project Ares curriculum to improve the overall training value, player scoring, points, badges, etc. He also supports the analysis of how well the training content aligns to the NIST NICE Cybersecurity Workforce Framework, identifying the gaps for our Cyber Education and Training department to consider in curriculum design.

\n

We know the cybersecurity landscape is fluid, in a constant flux of improving security provisions, processes, technology, and the professionals behind it all. Circadence understands that there is no “one-size-fits-all” solution, which is why our solution capabilities ride on the coattails of the frequent industry changes. Our “Living our Mission” blog series keeps customers and interested parties current on the latest updates to our platforms and the benefits of the developments on organizational security posture.

\n

To learn more about how our gamified learning platform Project Ares is supporting a more diversified workforce in the midst of a widening skills gap, download our white paper “The Importance of Gamification in Cybersecurity Training” now. 

\n

 

\n","title":"Making Cybersecurity BETTER: Dan Manson to Speak at RSA 2019"}},{"node":{"id":"7ada3a91-2488-56be-bca6-9e881e9236c6","slug":"what-weve-learned-from-the-evolving-it-landscape-and-where-cybersecurity-is-headed-in-2019","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-25-at-12.07.12-PM.png"},"date":"2019-01-15T16:19:48.000Z","content":"

The new year is always a good time for reflection. At Circadence, we look back on how cyber security has evolved and think about the dynamic IT landscape to understand where CISOs and security leaders can direct their attention. To learn more, we tapped into our own cyber security expert Laura Lee, Executive Vice President of Rapid Prototyping, to answer some questions for us.

\n

Tell me briefly about your own background in IT security and how the changing landscape has impacted your approach.

\n

LL: I’ve been working in Computer Network Operations for over 20 years and have been involved in developing technology for protocol analysis, secure protocol development and defense strategies. I’ve seen tremendous technology evolution in that time as well as a reprioritization of security practices. In the past, we used to be able to rely more on technology (e.g., anti-virus, firewalls and IDS) but now the human cyber defender is critical.  Today, I lead multi-disciplined teams in the persistent development of our immersive cyber learning platform Project Ares, fusing real-world cyber ranges with engaging and gamified learning experiences. Early in my career, my focus was on protecting the networks for large radar and missile systems. For the last decade, I’ve been focused on cybersecurity defense tactics through training and exercises. The shift is a reflection of how cyber security has evolved over time, from being a siloed initiative rooted in government practices to a worldwide business to business effort layered with security complexities and interconnected devices and systems.

\n

How has the enterprise cyber security landscape changed in the past 30 years? Are organizations better off now than they were 30 years ago?

\n

LL: I have definitely seen improvements in enterprise IT, particularly in the last 10 years. There are now standards, like the NIST Cybersecurity Framework, which provides security guidance for how private sector organizations in the United States can assess and improve their ability to prevent, detect, and respond to cyberattacks.

\n

In the beginning of the Internet, we were working more on interoperability and sharing data – security was the last thought. Interoperability, which is the ability of computer systems to exchange and make use of information, was still very difficult when the internet first came into being. People weren’t able to share so much information as quickly, so the need for security systems and secure protocols wasn’t something to be concerned about. As the internet grew, so did the vulnerability of sharing personal data with the wrong people or networks. Online shopping, online banking, social media, etc. made information so easily accessible to hackers, that the focus had to shift to cybersecurity.

\n

Unfortunately, hackers and attacks have improved more than defenders, so we are far from “winning this cybersecurity war”. Not only are there more advanced tools that cybercriminals are rolling out and utilizing, but these criminals have more to gain and operate their hacks like a business. They use well-designed tools, such as FakeLogin and GM Bot, which make it easy for those who don’t necessarily have a technical background to launch a cyberattack. From data mining techniques to the sheer volume of information that many organizations keep on file, hackers can access more and reap a higher reward than ever before.

\n

What have been major cyber security milestones that have altered or shaped this market? Why are these the most significant?

\n

LL: I believe two things have made it harder to win the war against hackers. First, many offensive hacking tools (including previously classified government ones) have been released and are freely available online. These tools are the same ones that white hat hackers use, but for different purposes. While cybersecurity professionals use them to find vulnerabilities and deploy defensive mechanisms to prevent the exploitation of the network, hackers can use them to launch cyberattacks.

\n

While there are many reasons that we need offensive hacking tools, these tools also make it easier for black hat hackers to cause damage by publishing the found weaknesses. Black hat hackers use the information to launch malicious attacks against these networks based on the research gleaned from ethical hacking. This makes the barrier to entry very low for cybercriminals.

\n

Second, the advent of electronic currencies like Bitcoin have helped monetize cyber-crime. Bitcoin is decentralized, with no bank or single administrator, and can be sent from user to user on the peer-to-peer Bitcoin network without the need for intermediates. Cryptocurrency has made it easy for cybercriminals to monetize hacking. Prior to cryptocurrency, hackers used things like espionage, extortion, and identity theft to make money. Each of these methods came with big risks, which cryptocurrencies have solved by being anonymous, unregulated, and easily converted to cash value.

\n

These milestones have been a catalyst for the increasing ransomware attacks, such as the attack on Atlanta in early 2018 where ransomware was used to glean sensitive information from multiple applications and devices used by city employees. It has also increased attacks on healthcare and energy industries, and the recent attack on the Tribune publishing services, which disrupted printing operations and distribution for newspapers. Criminal organizations are always looking for new ways to build cash and cyber-crime has been lucrative for them.

\n

Looking ahead to the next 30 years, or even the next 10, what do you see as the greatest challenges or threats enterprise or IT security professionals will face?

\n

LL: We already have a huge gap in the number of trained cybersecurity professionals (with estimates of over 3.5 million unfilled positions by 2021). Primary and secondary education programs are just rolling out to help teach the next generation of cyber professionals, but the struggle is real since cybersecurity is such a unique and challenging field. To become an expert, you need thousands of hours in a hands-on environment to learn the network fundamentals, attack strategies, defensive tactics and how to adapt to an ever-changing threat. You need to see what an attacker looks like on a realistic network and practice new ways to detect and respond.  Cyber professionals must be both broad and deep with continued learning being a lifelong requirement!

\n

As the cyber threat surface expands, so do our defensive teams. However, what we are actually seeing is a widening skills gap in the cyber arena, putting us at more risk than ever because we simply don’t have enough people to defend incoming threats. This is why it is imperative that cyber learning becomes more incorporated into academia. Cyber ranges are a great way to learn the ins and outs of cybersecurity. A cyber range is a virtual environment that uses hands-on learning for cyber warfare skills development. By training students to address real-world attack scenarios, we prepare them for the workforce of the future.

\n

Recommended Reading: 

\n

Faces of Cyber Ranges white paper – download now!
\nAlternative solutions to cyber learning 
\nCyber range learning in academia 
\nThe benefits of active, gamified learning in cybersecurity

\n

 

\n","title":"What We’ve Learned from the Evolving IT Landscape and Where Cyber Security is Headed in 2019"}},{"node":{"id":"50704da5-c1ab-51b2-bb1e-1f52099928c1","slug":"finding-the-needle-in-the-cybersecurity-haystack-why-gamification-is-the-answer-youve-been-looking-for","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/gamification_design_green.jpg"},"date":"2019-01-09T19:29:50.000Z","content":"

To say we’re on an upward trajectory in the cybersecurity space would be an understatement. Cyber threats are increasing. Organizational spending is increasing. And the cost of a data breach is increasing—to somewhere around $3.62 million per breach according to the Ponemon Institute. With such exponential growth across the field, CISOs are actively looking for ways to strengthen their efforts. With the plethora of information available today, it is like finding a needle in a haystack. It’s hard to know whom to believe, what to believe and how often. With so many options available, CISOs are understandably stymied in making educated decisions for an optimal solution. Fortunately, our 20+ years in the gaming industry have led us to a valuable conclusion that can help CISOs professionally develop their teams—and protect their organization. The answer lies in gamification 

\n

It’s a buzz word floating its way around the technology sphere for quite some time and is gaining momentum. It’s commonly defined as a process of adding games or game-like elements to something. The term was originally coined in 2002 by a British computer programmer named Nick Pelling. The term hit mainstream when a location-sharing service called Foursquare emerged in 2009, employing gamification elements like points, badges, and “mayorships” to motivate people to use their mobile app to “check in” to places they visited.  

\n

The term hit buzzword fame in 2011 when Gartner officially added it to its “Hype Cycle” list. But we’re not recommending gamification because it is the new, shiny object on the heels of AI. We’ve seen gamification work for companies looking to train their cyber teams.   

\n

How does it work 

\n

Unlike compliance-driven teaching methods, gamified teaching engages practitioners individually and in teams, through modern learning strategies. It works by deploying connected, interactive, social settings that allow learners to excel in competitive, strategic situations. It allows trainees to apply what they know to simulated environments or “worlds,” creating a natural “flow” that keeps them engaged and focused. And we’re not talking about simple Capture the Flag games, we’re referring to cybersecurity exercises inspired by game-like activities to effectively engage learners.

\n

According to Training Industry, gamified training programs are customizable based on an organization’s needs; visually-driven through use of progress bars and milestones; and are usually time-bound to hold employees accountable for task completion. Further, achievements, points, badges, trophies, and rewards/recognition of progress gives users a sense of accomplishment, keeping them motivated and engaged. 

\n

Why is gamification powerful?  

\n

The next gen learner (born after 1980) has never known a world without video games so it’s a natural progression that cyber training incorporate a style of teaching that best suits today’s learner. Neuroscientist Eric Marr said the reason it works so well is because when an individual engages with gamified simulations, the brain releases dopamine, a chemical that plays a role in the motivational component of reward-driven behavior. He says “Dopamine helps activate the learning centers in the brain. If your brain releases dopamine while you’re learning something, it helps you remember what you’ve learned at a later date.”  

\n

Studies like “I Play at Work: Ten Principles for Transforming Work Processes Through Gamification” outline the following benefits:  

\n\n\n

 

\n

At Circadence®, we have taken these learnings and applied them to our own flagship product, our cybersecurity training platform Project Ares®. Recognizing the widening cyber skills gap and evolving threats, only the most productive and effective training mechanisms will do—and the latest research tells us that gamified environments are here to stay. An immersive training platform, Project Ares appeals to today’s learner—and gets CISOs and their colleagues excited about training again. In contrast to passive, traditional instructor-led courses, gamification provides an active, continuous learning, people-centric approach to cybersecurity skills development.   

\n

For a more in-depth look at the Importance of Gamification in Cybersecurity, download our white paper here.

\n","title":"Finding the needle in the cybersecurity haystack: Why gamification is the answer you’ve been looking for"}},{"node":{"id":"aa7095b0-937b-59cf-b716-1e3458b82c6f","slug":"circadence-takes-a-different-look-at-cybersecurity-on-the-road","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/12/circCorp_logo_stillFrame_v02.jpg"},"date":"2019-01-08T16:17:17.000Z","content":"

In partnership with Sirius Computer Solutions, Snowflake Computing, and Puppet software, Circadence is pleased to participate in the roadshow series,  “A Different Look at Cybersecurity.” In cities across Tennessee, Mississippi, and Alabama, Circadence, and partners will help businesses discover new ways to approach cybersecurity readiness in the wake of imminent and persistent cyberattacks affecting every industry today.

\n

Attendees will gain meaningful insights into:

\n\n

Understanding that enterprises are actively seeking both strategic and technological solutions to solve their cybersecurity challenges, these informative and educational events include in-person conversations that focus on real-world, practical approaches that apply to CISOs and SOC professionals.

\n

“Connecting with business leaders at events like this is the best way to understand what cybersecurity issues are keeping them up at night,” said Daniel Jaramillo, vice president of sales at Circadence. “By engaging with the cybersecurity community in small groups, we can share ideas that will help them stay protected from attacks and empower their cyber teams with effective learn-by-doing approaches.”

\n

To learn more about each of the stops for “A Different Look at Cybersecurity” visit our Facebook events pages and register for FREE today:

\n

“A Different Look at Cybersecurity” in Chattanooga – https://www.facebook.com/events/438374093367001/

\n

“A Different Look at Cybersecurity” in Nashville – https://www.facebook.com/events/357315905048895/

\n

“A Different Look at Cybersecurity” in Memphis – https://www.facebook.com/events/2291581351131659/

\n

“A Different Look at Cybersecurity” in Jackson – https://www.facebook.com/events/1219009901596924/

\n

“A Different Look at Cybersecurity” in Mountain Brook – https://www.facebook.com/events/223832025193175/

\n

If you have any further questions about these roadshow events, please contact Amy Dageenakis.

\n

 

\n

 

\n","title":"Circadence Takes “A Different Look at Cybersecurity” on the Road"}},{"node":{"id":"619bd94d-a59a-5e70-bebd-c5d5f89da534","slug":"cybersecurity-learning-through-robotics","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2019/01/jelleke-vanooteghem-554406-unsplash.jpg"},"date":"2019-01-08T16:13:53.000Z","content":"

We sat down with Circadence’s own Chief Technology Officer, Brad Hayes, to delve deeper into the meaning of AI and machine learning as it relates to the cybersecurity field, to discuss how robotics inform best cybersecurity practices, and to learn about new developments that are shaping the future of the field.

\n

Artificial Intelligence (AI) is a phrase we hear quite often. It’s thrown around in movies and TV shows, listed as a feature in new devices we buy, and is even brought into our homes through voice services like Siri and Alexa. AI is a technology this being positioned to help us, as consumers and professionals perform traditionally complex tasks with ease. The ability to automate and augment responsibilities using robotics continues to gain traction as our digital footprints expand. And surrounding it all, cybersecurity becomes ever more critical as we seek out better ways to protect ourselves, our schools, our businesses, and national security.

\n

Before we talk about Artificial Intelligence and machine learning, can you tell me a little more about your robotics research?

\n

BH: The central theme of my lab’s research is building technology to enable autonomous systems to safely and productively collaborate with humans, improving both human and machine performance. The main goal is developing human-understandable systems and algorithms to create teams that are greater than the sum of their parts, outperforming the state of the art in inferring intent, multi-agent coordination, and learning from demonstration. Robotics is a foundation upon which AI and machine learning technology can be deployed with substantial impact, and it opens doors for skill building and capability expansion when we use these techniques in the context of cybersecurity learning.

\n

Can robots help humans be more efficient?

\n

BH:  Early robotics research focused on creating robots that would primarily occupy a purely physical role: as a force multiplier that adds physical strength, repetition, or precision to a process (like a robotic arm helping to transport material). Within the scope of earlier AI research, decision support systems were designed as cognitive assistants, helping humans make more informed choices. The next evolution of robotics research significantly synthesizes AI advancements and helps engineers and developers understand how to automate and augment processes of cognition and interaction.

\n

The idea of machines/robots helping professionals automate and augment tasks and decision-making is interesting. Can you explain how machine learning folds into this idea?

\n

BH:  Machine learning is a broad concept. It gets confused a lot with artificial intelligence (AI), which is more of an umbrella term.  Machine learning is a term that applies to systems that adapt based on behavior or action, while AI is descriptive of intelligence that doesn’t necessarily need to change as a function of its experiences over time.

\n

AI and machine learning are ever-present in our lives. Route directions on Google maps, for example, use a combination of AI techniques to find a path between your source and destination while machine learning models estimate factors like traffic, time of day, and weather conditions to get you to your destination as quickly as possible. Netflix uses a tremendous amount of data, processed within their machine learning models, to predict shows that you might like. They also use these models to inform which programs they’re going to manage and create. Likewise, Pandora and Spotify use machine learning to tell you what they think you’d like to listen to. Machine learning is ubiquitous, already telling us where to go, what to see, and what to listen to. 

\n

How does robotics relate to cybersecurity?

\n

BH: A lot of the problems that we’re trying to tackle in the human-robot interaction research space are also echoed within the cybersecurity industry. If we want to design a robot teammate for a manufacturing task, that robot will need to be able to infer a human’s goals and intent from observation. This will let the robot perform productive actions, avoid collisions, and generally not be infuriatingly “in the way” during collaboration. Now apply that behavior to cybersecurity: Consider an autonomous agent that can infer the intent of actors on a system on your network, based on their behavior. Once those intentions are known, a defender can take steps to mitigate threats so malicious actors can’t achieve their goals. That’s a force multiplier for those defenders, making them more powerful and productive!

\n

The relationship between the autonomous teammate and the human is especially important to cybersecurity education, as we can use learning technologies to assess a learner’s skill set and guide their progress to make them more effective more quickly. Beyond cooperative activities, we can also use these autonomous agents as opponents, providing a cost-effective means of teaching cyber professionals to react and respond to realistic attacks, forcing them to think more strategically and creatively to overcome adversaries.

\n

Thinking about the relationship between robotics and cybersecurity, an example I often think of is when IBM’s “Deep Blue” beat Garry Kasparov at chess. People were asking: “Does this mean that computers are smarter than people? What does this mean for the future of chess?” My response is that this doesn’t mean we’re going to abandon chess, but rather that we will have new tools to train with and improve. In fact, that advancement helped spur great interest in human-machine teaming within the game of chess.

\n

To me, the most exciting aspect of these systems is when it’s shown that a team consisting of an expert human and the AI can beat the AI by itself, suggesting that there are still aspects of the game not yet captured by the system. This example is illustrative of the fact that even in domains widely considered “solved,” the human still brings something valuable to the team.

\n

Why does cyber learning matter to you and why is cybersecurity so important given advancements in AI and machine learning?

\n

BH:  Cybersecurity professionals can engage in a cyber range learning environment against AI-powered adversaries and gain new insights into their approach, positively impacting threat response and mitigation. Further, they can learn to team up with AI-powered agents to accomplish tasks quicker and develop strategies to mitigate threats to defeat increasingly capable, quick, and clever opponents. Cyber learning through AI-powered intelligent tutoring is of paramount importance for providing affordable, effective, and personalized education at scale.

\n

As we’ve been quick to inject computation into pretty much every aspect of life, the speed at which we’ve deployed these systems has come at a cost. At this stage, I would consider it a debt, as there is a tendency to deploy systems without properly safeguarding them and/or ensuring that they’re reliably operational under potentially adversarial operating conditions.

\n

Further, cybersecurity doesn’t just mean being able to defend against intentional adversaries, but also against unintentional consequences stemming from benign actions from people we trust. In any case, the attack surface grows rapidly as points of interaction grow in number. Because of this, I don’t foresee a viable strategy that doesn’t heavily involve the use of AI and machine learning for cybersecurity professionals, both in terms of learning and continuing education, but also in terms of effective coordination against increasingly capable adversaries.

\n

These concepts are important to know and understand as government, enterprise, and academic institutions look to keep pace with the evolving threat-scape and prepare the next generation of cyber professionals. To learn more about how Circadence is at the forefront of cybersecurity learning tools at https://circadence.com/.

\n

 

\n

 

\n

 

\n

 

\n

 

\n

 

\n","title":"Artificial Intelligence and Learning Through Robotics: An Interview with Circadence CTO Bradley Hayes"}},{"node":{"id":"992ee016-5f00-54f8-9fba-cba170e1fe92","slug":"cybersecurity-artificial-intelligence-trends-from-2018","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/vulnearbility.jpg"},"date":"2018-12-19T16:10:29.000Z","content":"

Worsening employee cybersecurity habits and the need for organization-wide cybersecurity literacy.

\n

A study conducted by SailPoint reported that nearly 75% of employees engage in password re-use across accounts, as opposed to just over half four years ago. Nearly half of people surveyed admitted to sharing passwords across personal and work accounts. Part of this is being driven by employees seeing IT practices as inconvenient, as they seek circumvention in favor of personal efficiency.

\n

Public awareness of cybersecurity issues is increasing.

\n

Cybercrime making it into mainstream news headlines has also raised public awareness of its challenges, dangers, and impacts. An increased prevalence of ransomware, such as “cryptojacking” software, has been spurred by the relative ease of orchestrating difficult to trace ransom payments and increasing malware availability.

\n

Artificial Intelligence is being used to enable personalized attacks at-scale.

\n

Attackers are gaining access to troves of personal data to use for increasing threat effectiveness. By combining increasingly sophisticated AI techniques for language understanding with the scraping of publicly available, indexed data, it is becoming far easier for malicious actors to generate increasingly authentic, personalized attacks. As a result, large-scale personalized threats have a lower barrier to entry than ever before.

\n

Artificial Intelligence provides a force multiplier for offensive capabilities.

\n

Machine learning models provide a general mechanism for organization-tailored obscuring of malicious intent, enabling adversaries to disguise their network traffic or even on-system behavior to look more typical to evade detection. In addition to enhancing data exfiltration capabilities, these techniques provide the capability to continually model and adapt to their environment even after deployment, enabling them to persist undetected for longer and potentially infiltrate deeper into organizations.

\n

Artificial Intelligence provides a necessary force multiplier for defensive operations.

\n

Increasing system complexity, endpoint vulnerability, and attack sophistication have expanded the available attack surface in a manner that has left traditional monitoring techniques ineffective. Particularly in a world of increasingly intelligent threats and well-resourced actors, the only cost-efficient and scalable mechanisms for detection and remediation are quickly becoming artificially intelligent systems with the ability to sift through largely unstructured data, identify malicious behavior over potentially long time horizons, and dynamically respond. We’re seeing proof that applications of AI to both local-machine and organization-wide event monitoring can correlate observations to provide root cause analyses and incident investigations beyond traditional analyst capabilities on superhuman timescales.

\n

Perhaps the most important trend over the past year has been the industry’s continued realization and acceptance of a coming arms race between AI-enhanced dynamic threats and AI-enhanced adaptive defenses. 

\n

Artificial Intelligence is not a cure-all.

\n

While AI has deservedly received substantial hype within the cybersecurity realm and beyond, there still exists a substantial gap between algorithm deployment and successful application. To that end, continuing education is still critical for cybersecurity professionals to be able to leverage, collaborate through, and engage with these technologies to form a basis for effective defense: providing AI-enhanced tools with the knowledge and data they need to operate and engaging appropriate levels of trust and reliance in their capability (both in terms of detection and response) to make them a formidable component of a modern defensive cybersecurity strategy.

\n","title":"Cybersecurity & Artificial Intelligence Trends from 2018"}},{"node":{"id":"b78e0018-7d50-5cf1-b622-d94f76366b06","slug":"cyber-range-learning-in-academia","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/customer_education_splash.jpg"},"date":"2018-12-14T16:06:29.000Z","content":"

Cyber ranges are virtual learning environments used for cyber warfare skills development.  A cyber range offers hands-on learning opportunities for cybersecurity professionals by marrying traditional classroom concepts with more ‘sticky’ experiential learning techniques.

\n

By effectively preparing students to address real-world cyberattack scenarios now, academic institutions will increase their success rate of achieving learning outcomes pertinent to the cybersecurity profession. Further, the students benefit by applying what they’ve learned to realistic cyber situations they’d experience in the workplace.

\n

While there are many cyber range solutions on the market today, there are several key learning capabilities missing on their platforms. Some examples of this are:

\n\n

To read more about cyber range learning environments for student skill building, download: 
\n“The Faces of Cyber Ranges: Tapping into Experiential Skill Building for Cybersecurity Teaching and Learning.”

\n

 

\n

To ensure your academic institution gets the most out of its cyber range investment, the following features and capabilities should be considered to best maximize student learning and skill building:

\n\n

In order to address these glaring needs, Circadence created Project AresÒ, the face of the next generation of cyber ranges. Project Ares delivers learning and assessment opportunities to anyone from cyber newbies to cyber ninjas, with both individual and team-based engagements. It can be adapted to students in undergraduate and graduate university programs as well as Middle/High/Primary level schools. High engagement in cybersecurity education is critical because if students are not interested in learning new skills, and aren’t encouraged to think outside of the box, they won’t be adequately prepared to handle threats that are always changing and evolving in the workplace.

\n

Academic institutions have an exciting opportunity in front of them – to lead the way with progressive, next-generation learning approaches that utilize cyber ranges to prepare students for the cybersecurity workplace. Don’t fall behind the times, look into learning through this exciting platform in order to better serve the future workforce.

\n","title":"Utilizing Cyber Range Learning in Academia"}},{"node":{"id":"ad950fc3-13c0-5cf1-9ce9-6bdca49c2f9b","slug":"new-developments-for-project-ares-3-6","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/ares_splash_no_logo.jpg"},"date":"2018-12-10T16:00:22.000Z","content":"

From new training content to Intelligent Cloud-based hosting options, our immersive, gamified Project Ares cybersecurity learning platform continues to evolve to meet the changing needs of our customers. Enterprise, government, and academic institutions are looking for scalable, diversified, results-driven cybersecurity readiness solutions that allow their organization to flex based on ever-evolving cyber threats. We are pleased to share the latest developments with you.

\n

We’re on Microsoft Azure

\n

Circadence is pleased to announce it is bringing Project Ares cyber ranges to Microsoft Azure cloud service. This arrangement will allow enterprise, government, and academic institutions the opportunity to further scale and grow their cyber range spaces based on ever-evolving cybersecurity goals and objectives. Circadence’s cyber range learning environment will be hosted in the Azure cloud to give further experiential opportunity to clients who seek access to public and private virtual environments for their cyber workforce. This revolutionary combination transforms learning by taking traditional lecture-based training out of the classroom and into interactive real-world environments anytime, anywhere.

\n

Battle Room Alignment to NIST/NICE

\n

All Project Ares battle room exercises and activities have been aligned to NIST/NICE workforce frameworks. Now clients can measure training ROI against industry-standard cybersecurity knowledge-bases, skills, and abilities. The seven NIST/NICE work roles include: operate and maintain, protect and defend, investigate, collect and operate, analyze, securely provision, and oversee and govern.

\n

Scripting Fundamentals a new battle room

\n

Scripting Fundamentals, new Battle Room #10, focuses on scripting fundamentals using Python 2.7 to create loops, functions, user input, casting, data structures, conditions, and modules. There are easy and medium levels of difficulty to adapt to student skill level.

\n
\n

“If you understand the concepts of one language, they oftentimes transfer to many others, such that you can pick them up more quickly,” said Lisa Perdelwitz, Director of Cyber Education and Training at Circadence.

\n
\n

Scripting skills are critical to any assessment team in order to enable them to perform at the next level and yet it continues to be under-taught in the cyber training community. This battle room will provide all users with a basic understanding of scripting and its value in the cybersecurity world and support them with this subject matter, which is proven challenging for learners.

\n

New!  Fast-Paced Mini-Game called RegEXile

\n

\"RegExile

\n

RegEXile is an exciting pattern-recognition game that teaches the concepts of regular expressions while exercising trainee’s muscle memory and reaction time.  With an immersive, futuristic scenario, the game challenges players to form the correct expression to select or exclude data in order to save-the-world.

\n\n

Operation Black Dragon:  Defend the power grid within Project Ares

\n

Mission 13, focused on defending the power grid, will be introduced soon as “Operation Black Dragon” with an initial ‘easy’ level.

\n

The mission scenario is as follows:

\n\n

Mission Objectives:

\n\n

Core Competencies Required:

\n\n

Project Ares Platform Enhancements

\n

In addition to new content, the Circadence engineering team also made additional updates to the user interface in this 3.6 version, including highlighting actionable buttons and various performance improvements, bug, and color fixes.

\n

Stay tuned for our next release update 3.7!

\n

We strive to enhance and expand Project Ares to keep it current and relevant.  We use our customer feedback to help prioritize new content releases and feature evolutions.  And, we constantly stay on the pulse of the threat landscape across all industries to inspire and inform our battle room and mission exercises.

\n

 

\n

 

\n

 

\n

 

\n","title":"Living Our Mission Blog Series #2: New Developments for Project Ares 3.6"}},{"node":{"id":"d01f06ad-1301-5659-9f7e-f99172eae675","slug":"2019-cybersecurity-predictions","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/generic_man.jpg"},"date":"2018-12-06T15:43:24.000Z","content":"

Well, it’s safe to say that 2018 for the cybersecurity industry has been a little doom and gloom. And rightly so. More than 3.5 million unfilled job positions expected by 2021, 90 percent of cyberattacks caused by human error, and what we thought were once effective learning methods prove to only yield a 5 percent information retention rate. The financial sector, governments, and healthcare organizations continue to rank in the top most attacked industries. Cybersecurity spending keeps increasing and phishing, insider threats, and malware keep infiltrating enterprise systems. It appears in 2018, cyber professionals just couldn’t keep pace with evolving threats!

\n

So what does 2019 have in store for the cybersecurity industry? We asked our own Laura Lee, Executive Vice President of Rapid Prototyping to find out: Is there a light at the end of what appears to be a VERY dark (cyber) tunnel?

\n

Increase in Supply Chain Cyber Risk

\n

Supply chain cyber risk will be one of the biggest issues in 2019 and will require a coordinated effort to address. Risks from third party service providers with physical or virtual access to information systems, poor information security practices, compromised software or hardware components, are only a few of the vulnerabilities that stem from this issue. Since breaches tend to be less about technology and more about human error, IT security systems best practices for critical information won’t be foolproof unless employees throughout the supply chain use secure cyber practices.

\n

Increase in Social Media Infiltration

\n

The Facebook breach in 2018 made it apparent that social media platforms are equally vulnerable to sophisticated hackers. In fact, we will likely see an increase in black market vendors moving their businesses to social media channels for added “secrecy.” This will make it harder for law enforcement to track and monitor their activities.

\n

Exploitation of Fear

\n

Attackers will leverage a company’s fear of reputational damage and data loss with extortion tactics. Recent threats to our own election system, healthcare, critical infrastructure tell hackers that organizations are willing to pay more to not have a breach released to the public, rather than pay for them to relinquish their compromised data. This will be a way for hackers to get more money.

\n

Cloud Migration

\n

In an effort to harden security posture, enterprises and government entities will keep moving on-prem software to the cloud for a more seamless, scalable, and elastic data-privacy/sharing/usage experience. There will continue to be a strong appetite for modeling the digital footprint of enterprises in cloud environments.

\n

Better Alignment between the CISO and C-Suite

\n

While it’s important to know what’s likely on the horizon in terms of threats, not all cybersecurity “stuff” is going to be bad.  On the flip side, we will see better alignment between the CISO and the C-Suite as more and more businesses understand cybersecurity isn’t just an “IT issue” but a larger business risk issue that impacts all facets of successful business operations and reputation.

\n

Integration of IT and OT Cyber Infrastructure

\n

Industries like critical infrastructure and manufacturing have a lot of physical (and digital) assets to manage. Operational technology (OT) are the systems (e.g., SCADA, ICS) used to monitor and control infrastructure like power, pipelines, water distribution, and now many things in your house and car. With changing technologies and a drive toward “data-driven and remote operations,  the two technology environments are starting to converge” notes a study from Edith Cowan University. OT data is now accessible via cloud environments for ease of quantitative management reporting and the potential to increase productivity of such systems.

\n

These predictions are really just the tipping point of what’s to come for the cybersecurity industry. Companies will have to keep hardening their security postures, upgrading technologies, upskilling and educating all staff members, and driving a holistic cyber readiness strategy that leverages machine learning and other Artificial Intelligence technologies to automate and augment the workforce.

\n

 

\n

 

\n

 

\n

 

\n","title":"2019 Cybersecurity Predictions"}},{"node":{"id":"bd87a15a-1b88-5108-b7c4-716d746feaaf","slug":"oil-and-gas-cybersecurity","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/critical_oilgas_splash_b.jpg"},"date":"2018-11-27T13:47:34.000Z","content":"

The oil and gas sector is susceptible to security vulnerabilities as it adopts digital communication methods that help power energy production and distribution. To understand the cyber threats to the oil and gas industry, there exist approximately 1,793 natural gas-powered electricity plants in the U.S. and they generated 34% of the nation’s electricity in 2018. Much of how we live and work is dependent upon the energy produced from oil and gas production, including everyday cooking, heating/cooling, communication, and use of electronic devices and appliances. Therefore, even the smallest cyber attack on one of the thousands of interconnected and digital systems can pose a serious cyber risk to oil and gas production.

\n

A company that goes through an attack can experience a plant shutdown, equipment damage, utility interruptions, production shutdown, inappropriate product quality, undetected spills, and safety measure violations—to name a few. Recently, 87% of surveyed oil and gas senior executives have reported being affected by cyber incidents in the past 12 months. Further, 46% of attacks in Operational Technology go undetected.

\n

Cyber Attacks on Oil and Gas, Energy, Utilities Companies in History

\n

Security threats to the oil and gas industry have already manifested across facilities worldwide with no signs of slowing down.

\n\n

These examples show other oil and gas companies the consequences that arise from insecure cyber environments, vulnerable systems, and cyber teams that lack the latest skills to stay ahead of attackers.

\n

How Circadence Can Help

\n

To manage security risks in the oil and gas sector while lessening the attack surface, cyber security teams need to be prepared to address all possible scenarios that can occur in order to effectively protect and defend infrastructures.

\n

Project Ares® cyber security learning platform can prepare cyber teams with the right skills in immersive environments that emulate their own oil and gas networks to be most effective. It is designed for continuous learning, meaning it is constantly evolving with new missions rapidly added to address the latest threats in the oil and gas industry. Further, targeted training can be achieved from the library of mission scenarios to work on specific skill sets.

\n

Training in cyber ranges is a great way to foster collaboration, accountability, and communication skills among your cyber team as well as cross-departmentally. Persistent and hands-on learning will help take your cyber team to the next level. Benefits of this kind of learning include:

\n\n

By placing the power of security in human hands, cybersecurity teams can proactively improve a company’s ability to detect cyber-related security breaches or anomalous behavior, resulting in earlier detection and less impact of such incidence on energy delivery, thereby lowering overall business risk. Users are the last line of defense against threat actors so prioritizing gamified training for teams will foster the level of collaboration, transparency, and expertise needed to connect the dots for cybersecurity in oil and gas sectors.

\n

This solution coupled with proper collaboration between IT and OT divisions to share real-time threat intelligence information will do wonders for companies looking to stay out of the negative news headlines and stay safe against an attack.

\n

Download our Infographic “oil and gas cybersecurity” for more details on cyber readiness and training.

\n

\"oil_gas_infographic\"

\n

DOWNLOAD INFOGRAPHIC

\n","title":"Oil and Gas Cyber Security: Understanding Risks, Consequences, and Proactive Measures"}},{"node":{"id":"778a8c96-44ca-5627-b9b5-6f0982b6fc21","slug":"cybersecurity-apprenticeships-internships-alternative-pathways-cyberworkforce","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/server_rrom.jpg"},"date":"2018-11-14T14:23:58.000Z","content":"

We’ve all heard by now that the cyber workforce gap has reached a level of desperation that puts all of us, and our country, at risk. It’s time we start moving the conversation away from the problem and towards innovative solutions.

\n

To truly narrow this cyber workforce gap, it’s crucial to solicit the collaboration and support of the “golden trifecta” – academia, commercial industries, and government. And while educating and training high school and university students is important, this should not be our only focus; re-skilling and upskilling populations such as Veterans, minorities, career changers, women, persons with disabilities and learning differences, and others, have tremendous potential to both shrink the gap and contribute much needed diversity to the cyber workforce.

\n

Recognizing National Cybersecurity Career Awareness Week (Nov. 12-17), we thought it prudent to share three tools that can help prepare the next generation of cybersecurity professionals to address ever-evolving threats and the aforementioned challenges.

\n

Apprenticeships

\n

Compared to other professions, cybersecurity apprenticeship programs are scarce.  Yet, there is hardly a better way for an organization to fill its pipeline with well-qualified cybersecurity talent than by building an apprenticeship model into existing recruiting strategies. By integrating an “earn while they learn” model, employers can leverage a unique opportunity to grow their own talented pool of cyber professionals who have the highly desired combination of hands-on skills and foundational, academic knowledge.

\n

“This is absolutely fundamental, and a key plan in meeting the workforce needs. Our solution to the gap will be about skills and technical ability,” says Eric Iversen, VP of Learning & Communications, Start Engineering. “And the most successful of apprenticeship programs offer student benefits (e.g., real-world job skills, active income, mentorship, industry-recognized credentials, an inside track to full-time employment, etc.) and employer benefits (i.e., developed talent that matches specific needs and skill sets, reduced hiring costs and a high return on investment, low turnover rates and employee retention, etc.)”

\n

These types of opportunities are especially beneficial for recruiting individuals who may be switching careers, may not have advanced degrees, or are looking to re-enter the field. The U.S. Department of Labor, provides guidance on starting apprenticeship programs.

\n

Internships

\n

The hardest part of being a young professional is finding that first career opportunity. However, that is a particular challenge for aspiring cyber professionals when just about every job posting they find asks for some level of relevant, industry experience. The problem is, not many organizations are willing to give it! For organizations looking to bring fresh ideas, perspectives and talent through the door, internship partnerships with local academic institutions can be a great workforce development tool. Many community colleges, technical colleges, and universities have well-oiled practices of connecting their students with local companies. In fact, it’s not uncommon for most students, both undergraduate and graduate, to be required to complete an internship in their field of study before graduation. Much like a successful apprenticeship program, a strategic internship program enables a situation where everyone involved, wins.

\n

Alternative Pathways

\n

While there are many models to be considered here, the following two are typically the most accessible and well-received for both students and employers.

\n\n

a). High school students can enroll in college-level coursework and/or earn cybersecurity-focused certificates while completing their high school career.

\n

b). College-level students can leave higher education for a job, and later return with credits that count toward the next certificate or degree.

\n

This approach continues to gain traction as high school counselors and college administrators respond to the rapidly evolving nature of our economy.

\n\n

Circadence is proud to lend its platform Project Ares® for many local and national cyber competitions including the cyberBUFFS, SoCal Cyber Cup, and Paranoia Challenge so students can engage in healthy competition and skill-building among peers. For more information on cyber competitions and hackathons, check out the Air Force Association’s CyberPatriot, Carnegie Mellon’s picoCTF, Major League Hacking, and the National Cyber League.

\n

Closing the cyber workforce gap will take diversification in all sense of the word.

\n\n

Enterprise, government and academic institutions must pursue innovative and engaging ways new to attract underrepresented professionals to apprenticeships, internships and alternative pathways to add diversity to the cybersecurity workforce. And based on the current state of our cyber workforce, this suggestion is not just important, it is essential.

\n

Many desired outcomes become a reality when we emphasize these efforts. It’s the unique perspectives, the inspired teamwork, the widened pool of well-qualified talent, the creativity and the “all-hands-on-desk” (see what we did there?) mentality that will help strengthen the cybersecurity industry not just for students, but for all agencies and businesses. Let’s embrace all of it!

\n","title":"Close the Cybersecurity Workforce Gap with Apprenticeships, Internships, and Other Alternative Pathways"}},{"node":{"id":"5ac18625-8908-5383-af16-9ae0d8600559","slug":"modern-cyber-ranges","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/CyRaaS_04_wallpaper_1920x1080.jpg"},"date":"2018-11-13T20:44:20.000Z","content":"

Cyber ranges were initially developed for government entities looking to better train their workforce with new skills and techniques. Cyber ranges provide representations of actual networks, systems, and tools for novice and seasoned cyber professionals to safely train in virtual environments without compromising the safety and security of their own networks.

\n

Today, cyber ranges are known to effectively train the cyber workforce across industries. As technology advances, ranges gain in their training scope and potential. The National Initiative for Cybersecurity Education reports cyber ranges provide:

\n\n

\n

In order to upskill cybersecurity professionals, commercial, academic, and government institutions have to gracefully fuse the technicalities of the field with the strategic thinking and problem-solving “soft skills” required to defeat sophisticated attacks. Cyber ranges can help do that.

\n

Currently, cyber ranges come in two forms: Bare environments without pre-programmed content; or prescriptive content that may or may not be relevant to a user’s industry. Either form limits the learner’s ability to develop many skill sets, not just what their work role requires.

\n

Six Components of Modern Cyber Ranges

\n

Modern cyber ranges need realistic, industry-relevant content to help trainees practice offense and defense and governance activities in emulated networks. Further cyber ranges need to allow learners to use their own tools and emulated network traffic in order to expand the realism of the training exercise. By using tools in safe replicated networks, learners will have a better understanding of how to address a threat when the real-life scenario hits.

\n

We also know that cybersecurity attacks require teams to combat them, not just one or two individuals. So, in addition to individual training, cyber ranges should also allow for team training and engagement for professionals to learn from one another and gain a bigger picture understanding of what it REALLY takes to stop evolving threats.

\n

With advances in Artificial Intelligence (AI), we know cyber ranges can now support such technology. In the case of our own Project AresÒ, we are able to leverage AI and machine learning to gather user data and activity happening in the platform. As more users play Project Ares, patterns in the data reveal commonalities and anomalies of how missions are completed with minimal human intervention. Those patterns are used to inform the recommendations of an in-game advisor with “chat bot-esque” features available for users to contact if help is needed on a certain activity or level. Further, layering AI and machine learning gives cyber professionals better predictive capabilities and, according to Microsoft, even  “improve the efficacy of cybersecurity, the detection of hackers, and even prevent attacks before they occur.”

\n

With many studies touting the benefits of gamification in learning, it only makes sense that modern ranges come equipped with a gamified element. Project Ares has a series of mini-games, battle rooms, and missions that help engage users in task completion—all while learning new techniques and strategies for defeating modern-day attacks. The mini-games help explain cyber technical and/or operational fundamentals with the goal of providing fun and instructional ways to learn a new concept or stay current on perishable skills. The battle rooms are environments used for training and assessing an individual on a set of specific tasks based on current offensive and defensive tactics, techniques and procedures. The missions are used for training and assessing an individual or team on their practical application of knowledge, skills and abilities in order to solve a given cybersecurity problem set, each with its own unique set of mission orders, rules of engagement and objectives.

\n

There is a lot of sensitive data that can be housed in a cyber range so security is the final piece to comprising a modern cyber range. The cloud is quickly recognized as one of the most secure spaces to house network components (and physical infrastructure). To ensure the cyber ranges are operating quickly with the latest updates and to increase visibility of how users are engaging in the cyber ranges across the company, security in the cloud is the latest and greatest approach for users training in test environments.

\n

There you have it. The next generation cyber range should have:

\n\n

We are proud to have pioneered such a next generation cyber range manifest in many of our platforms including (as mentioned above), Project Ares®, and CyRaaSTM. We hope this post helped you understand the true potential of cyber ranges and how they are evolving today to automate and augment the cyber workforce.

\n","title":"Modernizing Cyber Ranges"}},{"node":{"id":"8d6f39f6-530d-5d56-a4ac-2352c438b04d","slug":"penetration-testing-challenges-solutions","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/vulnearbility.jpg"},"date":"2018-11-07T20:23:07.000Z","content":"

It’s one of the most direct and proactive cyber security activities organizations can do to protect themselves from an attack, penetration testing.

\n

Also known as ethical hacking, it involves legally breaking into computers to test an organization’s defenses. Companies make it a part of their overall security process to know if their systems are strong or not. It’s kind of like preventative maintenance. If a hired penetration tester can get into their system, it’s relatively reassuring because penetration testing teams can take steps to resolve weaknesses in their computer systems before a malicious hacker does.

\n

So how does penetration testing work? What roadblocks are professionals in this field facing? How are companies using penetration testing today? What innovations in penetration testing are available today? All these questions will be answered in this article. And if you have questions about any of it, please contact us for more information.

\n

What is Penetration Testing?

\n

Now that we understand why penetration testers exist and how critical they are to companies security posture, let’s review how they work. The ethical hacking process usually involves working with the client to establish goals and define what systems can be tested, when and how often without service interruptions. In addition, penetration testers will need to gather a lot of information about your organization including IP addresses, applications, number of users who access the systems, and patch levels. These things are considered “targets” and are typically vulnerable areas.

\n

Next, the pen tester will perform the “attack” and exploit a vulnerability (or denial of service if that’s the case). They use tools like Kali Linux, Metasploit, Nmap, and Wireshark (plus many others) to help paid professionals work like hackers. They will move “horizontally or vertically,” depending on whether the attacker moves within the same class of system or outward to non-related systems, CSO Online notes.

\n

Penetration Testing Career and Company Challenges

\n

As you can imagine, being an ethical hacker naturally requires continuous learning of the latest attack methods and breaches to stay ahead of the “black hatters” and other unauthorized users. That alone can present pentesting challenges because it requires a huge time commitment and lots of continual research. In addition, the following penetration testing challenges are keeping organizations up at night:

\n\n

A New Penetration Testing Training Solution

\n

Recent reports note that 31% of pen testers test anywhere from 24-66% of their client’s apps and operating systems, leaving many untouched by professionals and open to vulnerability. In the face of these penetration testing challenges, government, enterprise, and academic institutions are turning to technology and persistent training methods for current staff to help. Automated penetration testing tools can augment the security testing process from asset discovery to scanning to exploitation, much like today’s malicious hacker would.

\n

Circadence is proud to have developed a solution (available soon) that automates and augments penetration testing security professionals with a platform called StrikeSetTM. StrikeSet is designed to increase the efficiency and thoroughness by which pen testing is performed. Specifically, the platform can help professionals perform hacks and simulated attacks on systems while machine learning capabilities provide session analysis and create unique threat playbooks for operators. It also monitors and tracks tool behavior for classification.

\n

In addition, data is gathered from distributed operators who can remotely collaborate on how to gain access to a system and exploit development, perform SQL injections, forensics analysis, phishing campaign orchestration, and much more. That data analyzes Red Team’s TTPs with the aim of mimicking approaches to save on resources and time.

\n

With cyber attacks becoming the norm for enterprises and governments, regular scans and pen testing of application security is key to protecting sensitive data in the real world. Coupled with holistic cyber training for offense, defense, and governing professionals and enterprise-wide cyber hygiene education, enterprises and governments will be better prepared to handle the latest and greatest threats. It’s time for organizations to leverage tools that automate and augment the cyber workforce in the wake of an ever-evolving and complex threat landscape.

\n

 

\n","title":"Penetration Testing Challenges and Solutions"}},{"node":{"id":"7b8c13e7-22b9-5ac9-b107-7c18592e2322","slug":"keeping-critical-infrastructure-strong","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/critical_cyber_splash.jpg"},"date":"2018-11-01T18:05:27.000Z","content":"

November is Critical Infrastructure Security and Resilience Month, a nationwide effort to raise awareness and reaffirm the commitment to protect our Nation’s critical infrastructure.  Circadence’s mission is to build awareness about how next-generation cybersecurity education and training can improve cyber preparedness. This month is an excellent time to talk about that in relation to critical infrastructure.

\n

“We are seeing government agencies and companies work to make systematic, holistic, and cultural changes through improved cybersecurity standards, best practices, processes, technology, and workforce,” said Josh Davis, Director of Channels. “The massive, distributed, and legacy infrastructure we have today demands a layered security approach that focuses on building a true understanding of what’s at risk within critical infrastructure systems —and that requires a targeted focus on the people who operate these systems both digitally and physically.”

\n

We know critical infrastructure as the power we use in our homes and businesses, the water we drink, the transportation systems that get us from place to place, the first responders and hospitals in our communities, the farms that grow and raise our food, the stores we shop in, and the communication systems we rely on for business as well as staying connected to friends and family. The security and resilience of this critical infrastructure is vital not only to public confidence, but also to the Nation’s safety, prosperity, and well-being.

\n

During November (and year-round), Circadence focuses on engaging and educating public and private sector partners to raise awareness about the security posture of the systems and resources that support our daily lives, underpin our society, and sustain our way of life. Safeguarding both the physical and cyber aspects of critical infrastructure is a national priority that requires public-private partnerships at all levels of government and industry.

\n

Managing risks to critical infrastructure involves preparing for all hazards and reinforces the resilience of our assets and networks.

\n

This November, help promote Critical Infrastructure Security and Resilience Month by:

\n\n

Our virtualized cyber ranges-as-a-service (CyRaaSTM) provide public/private entities the opportunity to train in realistic cyber environments that mirror their actual interconnected, internet-of-things networks. These virtualized ranges can model the digital footprints of companies, agencies, entire city networks and even Nation State operation exercises, into living physical and fifth domain environments. Teams can collaborate and train together to test and improve their cyber skills in protected environments that can scale and flex as their organizations’ inter-connected structure does, but without impacting live systems and networks.

\n

By combining Circadence’s Project Ares®, Orion Mission Builder™, and StrikeSet™, your organization can learn and grow without impacting your operations. This next-generation combination transforms traditional lecture-based learning, taking it out of the classroom and into interactive real-world environments, at any scale, anytime, anywhere.

\n

We all need to play a role in keeping infrastructure strong, secure, and resilient. We can do our part at home, at work, and in our community by being vigilant, incorporating basic safety practices and cybersecurity behaviors into our daily routines, and making sure that if we see something, we say something by reporting suspicious activities to local law enforcement.

\n

To learn more, visit www.dhs.gov/cisr-month.

\n","title":"Keeping Critical Infrastructure Strong and Secure"}},{"node":{"id":"b1828fe6-b588-5fb4-b8c3-f947e2e8a134","slug":"national-cybersecurity-awareness-month","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-11-13-at-2.24.28-PM.png"},"date":"2018-10-30T20:51:44.000Z","content":"

National Cybersecurity Awareness Month (NCAM) in October reminds us of the importance of being safer online, in both our professional and personal lives. Easier said than done, eh? Who’s to say the majority of us even know what makes us “safer” online, or for that matter what makes us vulnerable or should raise a red flag?

\n

It all starts with awareness. I’d like to suggest that “IT Literacy” is no longer enough. Now, in 2018 and beyond, “Cyber Literacy” needs to be a year-round, all-encompassing movement. And regardless of whether or not “Cyber-” or “IT-”anything is or will be in your title, cybersecurity must matter to you.

\n

During a recent workshop presentation I delivered to attendees at the Florida CyberCon 2018 in Tampa, I likened our cybersecurity practices to the idea of personal hygiene. Because let’s face it, one’s personal hygiene is something that,
\na.) you are personally aware of and educated on how to maintain
\nb.) is attended to routinely
\nc.) is well understood in terms its impact on your overall health
\nd.) has a relative impact on everyone around you regardless of direct contact

\n

Cybersecurity can be thought of much in the same way. We must all begin to realize that cybersecurity demands the same kind of personal awareness and attention – it not only impacts us as individuals but also our family, colleagues, department, agency, company.

\n

I believe that part of the disconnect around cybersecurity best practices comes from the assumptions we make as consumers in general – that what we’re buying is designed and sold with our best interests, and security, in mind. For example, you buy a new car and it comes equipped with seatbelts, turn signals, airbags, automatic brakes and locks, etc. The food you buy and eat is certified by the Food & Drug Administration to indicate it has been safely grown/ raised and suitable for human consumption. When making technology purchases, we cannot take these same conveniences for granted.

\n

Now, that’s not to say that all technology is inherently unsafe, but my point is, we can’t settle with pre-installed safety protocols because, as we know, technology is ever evolving and failure to frequently update it and use it safely results in vulnerabilities that hackers will exploit for financial, reputational, or economic gain. Just like with personal hygiene, healthy practices and regular routines are necessary for optimal cyber literacy and performance.

\n

The goal behind NCAM is to encourage us take some time to understand the problems resulting from poor cybersecurity practices. Those behaviors will not start to diminish until school counselors, parents, teachers, administrative assistants, nurses, athletes, and everyone become more aware of their cyber posture. There’s a reason why the laptop or PC you’re reading this on asks you to update its internet browser and operating system. And those push notifications you get on your phone to update your apps aren’t coming through to annoy you and eat up your battery and data. These simple practices and others — like resetting passwords and activating double-verification – will improve your cyber hygiene and protect you against ongoing threats to infiltrate the devices and exploit the data of our everyday lives.

\n

So, did you shower today?
\nDid you check your computer updates today?

\n

Ready to learn more? Checkout our new short, fun education videos on the “Cybersecurity Whiteboards” video playlist, here: https://www.youtube.com/playlist?list=PLUdKZUJquY1hn2EwlBJ90MyunBYcAaXRk.

\n

As National Cybersecurity Awareness Month comes to a close, it’s important that the efforts put forth do not end. The reality is this: as the cost of compute power continues to be driven down by advancements in manufacturing and technology, the resources used by malicious hackers become more accessible. This, combined with the fact that a successful cyber breach gets more and more newsworthy and profitable by the day, means the problem isn’t going anywhere anytime soon. When we take steps together to be stronger individually, we become stronger collectively. We can prove the saying, “A rising tide lifts all boats.” Together, we can lift the intellectual property, national security and private data “boats” if we all commit to be more cyber conscientious and cautious.

\n","title":"A Rising Tide Lifts all Boats: Celebrating National Cybersecurity Awareness Month"}},{"node":{"id":"043c13a2-bb32-5f47-bc08-1fdca7fd0932","slug":"how-to-tell-if-you-cybersecurity-strategy-is-prone-to-cyberattack","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/StrikeSet_01_wallpaper_1440x900.jpg"},"date":"2018-10-26T20:45:57.000Z","content":"

What does your current InfoSec environment look like? Are teams prepared to tackle evolving threats? Is your cybersecurity strategy aligned with business objectives? Do you and your team undergo regular training to stay ahead of hackers? If you’re not sure, this blog is for you. Today, we’re outlining some of the most common, overlooked, unrecognized, and “I-just-don’t-have-time” aspects that comprise an insecure InfoSec culture so CISOs can cross reference these items against their own cyber environment.  

\n

Lack of Executive Level Threat Intelligence & Communication  

\n

Board members are looking to CISOs to report on the latest threats hitting their organization coupled with an explanation of WHY they’re being attacked. If CISOs aren’t regularly positioning themselves in front of their board communicating the company’s vulnerabilities and business risk, what happens is a lack of intel across the organization. If key stakeholders don’t have a general understanding of the latest threat intelligence happenings, a culture that values a “data privacy first” mentality cannot thrive. Skip the technical jargon and explanations of malware variants—a high level view of hacker profiles, new techniques, and new methods of hacking as it relates to the organization is sufficient.    

\n

Inconsistent (or Absence of) Cyber Team Training  

\n

If your cyber team isn’t regularly training to upskill, they will not be prepared to tackle the latest threats. Businesses fall victim to a ransomware attack every 14 seconds. So, you can bet that those methods of infiltration only get more advanced as sophisticated threats convert to successful attacks and breaches. With this threat evolution comes the dire need for cyber teams to stay on top of the latest threats—and the only way to do that successfully is through immersive, gamified training. The benefits of gamification for cybersecurity training are numerous, and far outpace traditional classroom learning. 

\n

Irregular System Updates, Monitoring, and Auditing  

\n

Performing regular system updates seems like a no-brainer, but you’d be surprised how many people let it slip through the cracks. Systems that aren’t regularly updated and assessed against current licenses/requirements will certainly be the demise of any secure cyber environment. Even little things like updating passwords monthly or installing the latest software updates can put companies at great risk. In the healthcare industry alone, about 78 percent of medical devices were breached because they weren’t properly locked. Continuous monitoring and auditing the system’s lifecycle—coupled with enterprise-wide system protection usage and authorization—will keep organization’s systems strong against threats.  

\n

These are just a few of the cybersecurity insecurities we see emerge in our conversations with new customers. They’re seeking InfoSec solutions that strengthen their security posture, so they can enable their team and be a trusted, visible source and security support system for the business.

\n","title":"How To Tell If Your Cybersecurity Strategy Is Prone to a Cyberattack"}},{"node":{"id":"0a300a3d-0056-5df2-97d8-86b6f9e0122f","slug":"new-developments-for-project-ares","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/ares_splash_no_logo.jpg"},"date":"2018-10-17T19:00:18.000Z","content":"

The only constant in cybersecurity is change. To best serve our customers’ needs and equip them with the latest technology, tools, and best practices that help them successfully combat evolving threats, Circadence regularly updates its cybersecurity solutions. This is the first of a regular blog post series where we will share platform news about our cybersecurity solutions.

\n

To that end, our talented engineering department recently upgraded our flagship Project Ares cybersecurity training and assessment platform.

\n

Security

\n

Security is not only our business but also our foremost concern for our own software. New security updates strengthen Project Ares and shrink possible vulnerabilities that today’s sophisticated hackers could take advantage of. For example, accounts now lock out after 11 unsuccessful password attempts.

\n

Graphics

\n

Visual improvements to Project Ares marry form and function to ease the player into a streamlined user experience throughout the mission system. This new graphic style pushes Project Ares past the industry standards of other training platforms.

\n

Ease of Use

\n

Administration is more streamlined. With new capability to batch reset users in the administrative panel, it is easier than ever to onboard trainees to the system. Previously, users had to upload trainees one-by-one.

\n

Branding

\n

Customers can now brand the log in screen with their own company logo and messaging. Personalizing the platform helps companies and agencies embrace the Project Ares platform as a core training tool for their cybersecurity team.

\n

Content and Reporting (Project Ares for Government platform only)

\n

Enhanced trainee reporting features and upgraded Mission content now meets Government agency performance needs and supports their stringent skills evaluation processes.

\n

More Exciting Features Coming Soon

\n

To keep exercises relevant and fresh for all users, the engineering team is working on exciting new battle room and mission content for future upgrades of Project Ares. For more information about Project Ares and scheduling a demo of the platform with these updates, visit https://www.circadence.com/project-ares. Existing customers: Make sure to check out the new changes to your platform and let us know your feedback at info@circadence.com

\n","title":"Living Our Mission Blog Series: New Developments for Project Ares"}},{"node":{"id":"a02fc884-8fc0-565c-a9d3-b23299f3c066","slug":"cultivating-the-next-generation-of-cyber-professionals","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/circadence_splash_no_logo.jpg"},"date":"2018-10-12T18:31:39.000Z","content":"

Circadence® is proud to live out its mission to continuously educate and upskill the next generation of cyber professionals. We had the pleasure of hosting several interns over the Summer season who showed us firsthand the promise and potential they have for the industry. We had more than 20 interns spread across our offices in Tupelo, MS, San Diego, CA, and Boulder, CO. Students were placed departments pursuant to their degree programs or learning interests.  

\n

Interns are provided on the job experience and assist teams (both technical and administrative) with current work, while contributing to current projects and products. Each intern was assigned a specific mentor in which they were to meet with weekly for performance evaluation and learning monitoring. At the conclusion of the internship, students presented their project results and takeaways in a capstone brief, which they presented to their respective Circadence teams. All our interns did an amazing job learning new aspects of the cybersecurity industry from programming and app development to marketing and research. In this post, we feature the work of our interns in Tupelo who developed two web applications that focused on cybersecurity awareness training using trivia concepts.  

\n

\"Circadence

\n

Cypher

\n

Tupelo interns created a mock mobile app inspired by the concept of Alberti Cipher (a code that requires a movable circle to decipher text using a cipher algorithm). In the game, the player gets an encrypted or decrypted message in a quiz-like format that requires them to use the cypher code-breaker to figure out the answer. The app is designed for “on the go” playing and learning, which supports today’s learners who want a more accessible learning platform. The interns created it as an educational tool so new and seasoned professionals alike could learn more about cybersecurity and the technical side of the industry. The interns utilized the latest technologies of HTML, CSS, JavaScript and Bootstrap 4 to develop the app, levels had different themes to keep engagement high and scoring systems help players see where they rank against other players.  

\n

“I see a lot of promise in them and they were all very talented and very committed to their work; their work ethic was extremely strong, and they learned a lot and made a valuable contribution to Circadence’s work,” said Lauryn Pregoni, Human Resources Business Partner in Circadence’s San Diego office.   

\n

Perplex

\n

Interns also developed a multiplayer trivia loot game inspired by the many mobile app games we may play today. It is based off a client-server model with two types of client modes: host and controller. The host is the interface of the game projected on a main screen like a TV or projector. Players join in a queue on their mobile devices and start the game—kind of like how you’d join in HQ trivia. After the game has been initiated, a question pops up on a central screen and players race to select the correct answer. Players are timed to choose an answer and points are awarded based on correctness and time taken to answer. The game would be ideal for cybersecurity events or academic cyber competitions. 

\n

“It’s visual, multi-sensory, team-oriented, and brings everyone together in any genre to share and communicate and learn about cybersecurity,” said Katie McCustion, Human Resources Manager in Circadence’s Tupelo office.  

\n

All projects the interns worked on were a part of the everyday work that the professionals performed. This hands-on learning allowed the interns to develop and grow their technical prowess while working together as a team on real-world projects. Interns learned new skills in coding, research, frontend and backend development, and graphic design and overall communication skills that will support their future professional pursuits. We look forward to our next batch of interns in Summer 2019 and are excited for the future of these hard working and bright individuals!  

\n

Special thanks to Circadence’s Jerry Camp, Lauryn PregoniKatie McCustion, Wes Knee, and Maria Ko-Lee for their collaboration on this blog post. 

\n","title":"Cultivating the Next Generation of Cyber Professionals: Recapping Summer Internship Projects"}},{"node":{"id":"c077eba8-9e55-5d86-ad71-4426f6b65d68","slug":"bridging-the-cybersecurity-skills-gap-with-ai","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/outro_network_highRes_v01_02.jpg"},"date":"2018-10-10T19:35:49.000Z","content":"

You know it and we know it. We cannot train our way out of the widening cybersecurity skills gap (expected to reach 3.5 million by 2021). We’ve discussed at length why traditional, passive learning models in training classroom settings are ineffective (not to mention boring), but at Circadence®, we are optimists and innovators, dedicated to finding a solution—and for now, in the industry’s current state of affairs, we’ve found what works. It lies in leveraging artificial intelligence (AI) and machine learning.  

\n

Types of AI  

\n

AI is a broad field so for the sake of simplifying, there are two types of AI that we distinguish: Narrow and General. Narrow AI refers to AI that is used for a specific function like self-driving cars. General AI tends to be a feared concept (e.g. robots taking over the world). For this post, we are focusing on Narrow AI and how it informs the cybersecurity space. 

\n

Within Narrow AI, we are focusing on two sub-sets of the field: Natural Language Processing (NLP) and machine learning. Together, they can provide automated and augmented relief to weary cybersecurity workers who are stretched beyond their limits.  

\n

NLP is present in our cybersecurity training platform Project Ares®. The in-game advisor Athena uses NLP to communicate with trainees in “chat-bot” format to answer questions and provide hints to players. The data that comes from those conversations with Athena (in addition to how a user progresses through exercises) is processed by machine learning, the technique where data is used to learn about a user’s actions, so it can generate a response.  

\n

This becomes particularly valuable when machine learning has lots of data to process in order to create different pathways to solving a problem. It’s kind of like the “two heads are better than one” motto, but machine learning needs lots of “heads” (aka, data) to generate the best solution for the problem at hand. Uber uses machine learning to understand the various routes drivers are taking to transport people from point A to point B. It then takes all those routes together and finds the most efficient route, so current and future Uber drivers can better serve their passengers.  

\n

How AI can work for cybersecurity pros  

\n

Now, one can imagine how these two sub-fields of AI can be of value in the cybersecurity industry. With attacks getting more advanced by the minute and the frequency of attacks occurring at alarming rates (an average of 200,000 malware attacks per day per company), the more information we can equip machine learning and NLP with, the better it can function for us. Particularly when it comes to understanding how to defeat sophisticated cyberattacks and the appropriate steps to take for risk mitigation.  

\n

The more cybersecurity professionals engage with the Project Ares platform and its content, the better information data scientists have to draw conclusions on the best ways to solve the missions (and remember, the missions and battle rooms are developed from real-world threats and methods of attack, emulated on real networks). The more efficiently we solve missions, the closer we are to defeating incoming threats quicker, and the more we contribute to protecting enterprises from cyberattacks and closing the skills gap.  

\n

AI: Augmenting the cyber workforce 

\n

One of the exciting outcomes of AI is in its ability to augment the cyber workforce. Since there has been a staffing shortage, AI can be used to bridge the gap by scoring or ranking individuals and teams based on mission performance. The data that is collected and used to generate pathways for attack strategies and mission completion, can also inform the score or skill level a person is at. This can augment evaluation and assessment protocols, helping CISOs better evaluate the capabilities of their teams and identify areas for improvement.  

\n

AI can also augment cyber team task performance. For example, if an enterprise company wanted to create its own custom missions/exercises within Project Ares for its teams to train on (so they are not engaging with the same redundant exercises), designers/engineers can use AI to collect existing performance data from similar missions to create variability in another mission. Instead of the mission designer spending time creating different pathways in the mission, AI can use the data it already has to inform what and how those variabilities are developed, saving time and resources.   

\n

All about the data  

\n

The relationship between AI and cybersecurity comes down to how it is used within the solution and the quantity and quality of data it has available to work with. With our solutions, we leverage NLP and machine learning to automate administrative tasks currently performed by professionals and augment where staffing falls short. In the case of Project Ares, AI helps guide and teach trainees during game play, giving them new threat vectors, scenarios and tasks based on past performance and behavior. In other words, the ecosystem feeds threat data to improve training, augmenting cyber actions to ensure trainees are learning best practices to combat evolving threats.  

\n

What we’ve learned from the power of AI is that when it has a large corpus of data to work from, it is the most productive way to ensure systems take the best actions for the player’s learning advantage—and players, too, make informed decisions that help them defeat emerging threats.

\n","title":"Bridging the Cybersecurity Skills Gap with Artificial Intelligence"}},{"node":{"id":"5383c2a9-6007-59d3-b54d-9b0a86632863","slug":"3-ways-prevent-election-cyberattack","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/infrastructure_government_splash2.jpg"},"date":"2018-10-03T21:11:15.000Z","content":"

Voting is the crux of what we refer to as an American Democracy. Since the 2016 elections in the United States, numerous reports have cited concerns of vulnerabilities in the voting ecosystem, detailing attempts of foreign interference by organizations such as the Russian government to exploit election results with pervasive cyber attacks.

\n

To assist in securing critical infrastructure and preventing cyber attacks, Congress provided federal funding under the recent 2018 Consolidated Appropriations Act Election Reform Program, authorized by the 2002 Help America Vote Act (HAVA). This funding grants states additional resources to make improvements in election cyber security.  Failure to negate election interference will only perpetuate future cyber attacks, which will lower voter confidence in the democratic process and impact on voter turnout.

\n

Now more than ever, election security officials need to revisit their voting systems to leverage this newfound funding and better secure the human element that often causes cyberattacks. While the cyber attack surface of election systems is extensive due to the more than 8,000 jurisdictions in counties, states, and cities that maintain election infrastructure, there is one constant in the elections security system that can be leveraged—humans. With individuals and teams informing the entire voting process from voter registration to casting votes to reporting outcomes and auditing, humans are a key part in managing and directing both digital and manual processes.

\n

If election security professionals can be better trained to understand how to stop cyber attacks using their own tools in emulated environments, the state of election cyber security will be greatly improved.

\n

We’ve detailed three ways for election security officials to upskill their cyber security teams in spite of the variability in equipment and process.

\n

1. ADOPT A CONTINUOUS LEARNING APPROACH TO ELECTION CYBER SECURITY  

\n

In previous Circadence blogs, we’ve shared the benefits of a continuous learning approach, and there’s a reason for it—if cyber teams cannot keep pace with evolving adversary techniques and tactics, they won’t know how to stop them from causing mass damage. Learning basic cyber skills as well as how adversaries are using social engineering to influence election campaigns will help state, local and government election officials be better prepared to identify and respond to cyber attacks on voting systems.

\n

Unfortunately, there have been documented instances of untrained personnel who have knowingly and unknowingly jeopardized the security of elections thus far. Notably, one of the first cryptic signs of cyberespionage came when a Democratic National Committee (DNC) help desk contractor ignored repeated calls from the FBI who were reporting a cyber threat from a computer system hack conducted by a Russian group referred to as “the Dukes28.” The article notes the contractor “was no expert in cyber attacks,” and couldn’t differentiate the call from a prank call.

\n

Fortunately, with the passing of the Election Reform Program, now is the time for election cyber security professionals to dedicate the resources necessary to address all aspects of cyber security that affect a strong cyber posture. This includes:

\n\n

2. ANALYZE PREVIOUS ATTACKS TO UNDERSTAND ADVERSARY TECHNIQUES  

\n

It is insufficient to solely analyze the specific cyber attacks from the past few years, but it is still important to see and understand the tactics and vulnerabilities exploited, particularly since electronic voting machines are not upgraded often. Two cyber attack groups, Fancy Bear and Cozy Bear are worth investigating further since their methods have been analyzed in detail already. From using fake personas to deliver stolen emails and documents to journalists, to the use of malware and spear-phishing, adversaries were able to access an operational infrastructure, implant the agent and encrypt communication to silently exfiltrate data remotely.

\n

Understanding adversary techniques like this can inform how cyber teams train for future cyber attacks. Election officials can begin to assess the skill level of their teams and all involved in the election process to get a sense of their capabilities and how they would approach a “Cozy Bear 2.0” for instance.

\n

3. PARTICIPATE IN OR HOST TABLETOP AND LIFE FIRE EXERCISES  

\n

Recently, Circadence used its Project Ares platform to help the City of Houston simulate a realistic cyber attack exercise to help public and private entities better prepare for an attack scenario. Emergency response simulated a cyber attack on transportation, energy, water, and government sectors while senior leaders worked directly with technical professionals to develop timely responses.  This type of collaborative approach could be undertaken in every voting jurisdiction to test election systems.

\n

There will always be risks, but cities and counties are realizing that the key is getting ahead of the cyber attack and to develop effective cyber readiness policies and procedures, realistic virtual training environments can help. Running through these cyber exercises with multiple players helps leaders see apparent gaps in offensive and defensive techniques while reaffirming the practices that must take place to secure any type of infrastructure.

\n

As election security officials plan for new ways to leverage the HAVA Election Security Fund to improve processes, they will be pressed with justifying expenditures while also demonstrating that said security measures have indeed improved. The above recommendations will make elections safer and likely contribute to the restoration of public confidence in our democratic process.

\n

The more focus election security officials place on upskilling their cyber teams with 1) continuous learning approaches, 2) analyzing past cyber attack methods, and 3) participating in realistic training events, the more effectively they reduce human error as a dominant source of cyber attacks.

\n

To learn more ways to prevent election cyberattacks download our whitepaper “Protecting Democracy from Election Hacking.”

\n

DOWNLOAD WHITEPAPER

\n","title":"3 Ways to Prevent Cyber Security Election Interference"}},{"node":{"id":"e8c4ead1-80ae-5b9a-8874-f46d32115954","slug":"national-cybersecurity-awareness-month-year-round","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/Bg02.jpg"},"date":"2018-10-01T20:39:16.000Z","content":"

National Cybersecurity Awareness Month (NCAM) in October reminds us of the importance of being safer online in both our professional and personal lives. By employing fundamental cybersecurity best practices, ALL professionals from the C-Suite to the Administrator can better safeguard against ongoing threats infiltrating and exploiting systems and data every day.  

\n

The overarching theme of NCAM includes having a “shared responsibility [of cybersecurity] and we all must work together to improve our Nation’s cybersecurity.” Circadence couldn’t agree more. We are excited for the future of cybersecurity given the advancements in AI and machine learning and Natural Language Processing, all of which are features available in our cyber solutions focused on workforce readiness, cyber training and assessment, cyber ranges, cybersecurity awareness, and cyber competition/event support.  

\n

Turning awareness into action  

\n

During this month of awareness, Circadence is hyper-focused on its commitment to continue providing resources and tools to automate and augment the cyber workforce to accomplish the goal of increasing cyber resiliency across all organizations.  

\n

While NCSAM is entering its 15th year as an annual initiative, Circadence has been using its history in online gaming to develop innovative solutions that help businesses defeat evolving cyber threats. We’re proud to contribute to the cybersecurity of our nation through unique training, assessment and education platforms that together, help non-cyber professionals and seasoned cyber managers become better offenders, defenders, and governance leaders.  

\n

It’s not just about raising awareness of cybersecurity practices; we are at a time where it’s equally important to take that awareness and use it to ACT. In the current state of cybersecurity, every business, academic institution and government organization is and continues to be vulnerable. Regardless of how many cyber teams are on the frontlines protecting your organization, regardless of the stringency of policy and procedures in place; regardless of frequency of system updates and access controls, hackers are determined, intentional, strategic and leveraging technology to manipulate a company’s data, liquidate valuable assets or finances, and ruin their reputation and public trust. Therefore, we, as cyber and non-cyber professionals, too, must be determined, intentional, strategic and continue to leverage technology to automate and augment the cyber workforce so they can stay one or two steps ahead of hackers.  

\n

Educating and upskilling professionals to improve cybersecurity awareness  

\n

We understand the challenges facing cybersecurity experts are insurmountable. From staffing shortages to skill deficits to budget constraints and overworked cyber teams, it can appear there’s minimal hope for improvement. We are changing that with our suite of solutions designed to place PEOPLE at the forefront of cybersecurity readiness. We believe the experts who control the advancing technologies used to prevent cyberattacks are the key to strong infosecurity environments.  

\n

This month is a time for cyber professionals and CISOs to explore new ways to modernize their cyber readiness strategy and upskill their cyber teams and non-cyber professionals. Circadence has two solutions to help: Its gamified training and assessment platform Project Ares® is one solution that CISOs can leverage cost-effectively to better prepare their organizations to protect against cyberattacks and elevate visibility to the C-Suite of the value of building and sustaining a strong cybersecurity posture.   

\n

Likewise, the new inCyt® mobile application is a game-based concept designed to educate non-cyber professionals on fundamental cyber offense and defense strategies in a fun and engaging way. The first of its kind, inCyt’s ability to educate the entire workforce through gamified activities that challenge opposing colleague’s infrastructure using phishing, botnets, and spyware disrupts the stale learning approach in the marketplace.  

\n

Finally, we are actively producing a series of whiteboard videos focused on the fundamental concepts of cybersecurity, both demystifying terminology and debunking processes to further our mission of cultivating an “all hands on deck” cyber culture. Subscribe to our YouTube channel to receive updates as new videos are added to the library. 

\n

While National Cybersecurity Awareness Month is in October, the awareness and application of modern practices should continue throughout the entire year, so we don’t forget the value of a strong cybersecurity posture AND keep pace with imminent threats.   

\n

Let’s celebrate, educate, assess, and adopt modern cyber training practices year-round!  

\n","title":"Celebrate “National Cybersecurity Awareness Month” Year-Round"}},{"node":{"id":"23811fb9-c01d-5ddf-85bd-dd580d64a22f","slug":"do-more-with-less-strengthen-cybersecurity-posture","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/server_rrom.jpg"},"date":"2018-09-24T16:25:25.000Z","content":"

There is a hacker attack every 39 seconds. The average cost of a data breach in 2020 is expected to exceed $150 million. And by 2021, there will be more than 3.5 million unfilled cybersecurity jobs worldwide. No enterprise is safe from an attack.  

\n

Because of that, CISOs realize as they evolve business operations to better serve customers, such progression has unintended security consequences and compromises. With strapped resources (both human and financial), how can CISOs in commercial sectors DO MORE to up their cybersecurity posture WITH LESS? The answer lies in the human-power to control systems, processes, and technologies.   

\n

CISOs in every industry realize technologies and “one-and-done traditional training” cannot keep companies safe—but with the properly skilled individuals taking the reins to leverage those technologies optimally, the human-side of cybersecurity can minimize the skills gap and frequent attacks.  

\n

Resource Roundup 

\n

We’ve taken the liberty of publishing several articles to help CISOs “do more with less” to strengthen their cybersecurity posture. We understand you’ve spent lots of time and resources developing your teams. And they’re doing the best they can with the resources they have. Still, to amplify their success, ongoing training can help—and we hope these articles help, too.   

\n
    \n
  1. Help wanted: Combatting the Cybersecurity Skills Shortage 
    2. \n
  2. Modernizing Cyber Ranges for Professional Learning 
    3. \n
  3. How to Tell if your Cyber Posture is Prone to an Attack
    4. \n
  4. Cybercrime Incidents in the Financial Services Sector 
    5. \n
  5. Why We Can’t Keep Ignoring Cyber Fatigue 
    6. \n
  6. How Continuous Learning Can Help Upskill Cyber Teams 
    7. \n
  7. Why Gamification is the Answer You’ve Been Looking For 
    8. \n
  8. The Benefits of Active Learning in Cyber Training  
    9. \n
\n

Growing Cybersecurity Challenges  

\n

CISOs and their teams are challenged to keep pace with evolving cyber threats due to staffing shortages, resource constraints, strategy misalignment. Not to mention the continuous threat of attacks on industries with interconnected technologies. In fact, 70% of cybersecurity professionals claim their organization is impacted by the skills shortage; With spending expected to exceed $1 trillion between 2017 and 2021 and 74% of C-suite executives failing to involve CISOs the leadership table, this makes the job of the CISO incredibly difficult. That is why Circadence is dedicated to helping CISOs DO MORE WITH LESS—because we understand the arduous uphill climb they face (and will continue to face) if something is not done.   

\n

 

\n

Hungry for more help? Download our 3 A’s INFOGRAPHIC to learn more ways to support your cyber team against imminent threats.

\n

 

\n

There’s Still Time to Up Your Cybersecurity Posture 

\n

If cyber teams cannot upskill and keep pace with evolving threats, commercial sectors will continue to be hacked. Customers will not only lose trust in these institutions that aim to protect them and make their daily lives functional, but they simply won’t be able to operate efficiently, economies will suffer, and more.   

\n

However, for enterprises that have experienced an attack, it’s not too late to invest in cyber training to prevent another. Doing nothing after an attack is the worst possible response. With failure comes opportunity to enhance resiliency on both a company-wide level, as well as at an employee-specific level. Investing in training tells hackers the attack attempt stops at its people first.  

\n

For enterprises that have not experienced an attack, it’s not a matter of “if” but “when” it will occur. Digitalization and limited human resources make company’s front lines vulnerable and appealing to hackers. Now is the time to be proactive and empower cyber teams to train against hackers in a way that doesn’t require time-consuming travel, expenses, and other resources—simply a willingness to learn, grow, and upskill to better the company and themselves.   

\n

Circadence wants to change how cyber professionals prepare for, protect, and defend against evolving cyber threats. We hope these, and future resources will help CISOs and cybersecurity leaders take proactive steps to strengthen their cybersecurity posture by training their teams and their entire organization, without the costly burden of traditional training courses.   

\n","title":"CISOs, Strengthen Your Cybersecurity Posture with These Resources"}},{"node":{"id":"4aca901e-aa27-5381-959b-662c97e499da","slug":"enhanced-cyber-awareness","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/projAres_office_03_wallpaper_2560x1440.jpg"},"date":"2018-09-13T21:56:32.000Z","content":"

We’re constantly learning at Circadence. Learning what’s new and effective in cyber training. Understanding what our customers need and want in a cyber training platform. Discovering the issues that still keep them up at night. Learning how to improve our products to meet demands of a dynamic industry. What continues to emerge in our research are three pieces of advice (below) that direct CISOs to a place where they’re confident in their level of cyber awareness, which allows for better collaboration with their team and business stakeholders, and creates stronger protection for their organization against evolving cyber threats.   

\n

ASSESS 

\n

CISOs know the first step in having better cyber awareness requires an understanding of how to measure security. There is a need for the ability to assess the current state of cybersecurity in the organization. Now, this may not include a need to “assess” their current staffing quantity (especially if it’s just plain lean). However, they can assess other things that keep them up at night. Things like unpatched systems, outdated applications, BYOD security and IoT threats, etc. Or they can look at current access controls to see who’s using what and when and how. They can assess past breaches (if applicable) to understand what happened and how it was resolved. Or assess how digital and physical security policies are being followed by taking informational polls or facilitating interviews with authorized personnel. All of these things will help CISOs understand the basic warning signs and best practices for keeping the company safe. 

\n

ALIGN 

\n

Your infosecurity vision, mission, and goals should align with the company’s overall business objectives. The goal is to support the business, not stand separate from it. Currently, CISOs spend most of their time responding to threats instead of taking a “big picture” view of their department. As a result, it becomes difficult to collaborate with business leaders to define and assess their level of cyber awareness. Not to mention report and communicate the overall effectiveness of the strategy. This lack of visibility to the C-Suite stifles the perception of organizational risk and security. To expand perceptions, CISOs can begin aligning with the C-suite by providing 1) practical knowledge of the current threat environment, 2) demonstrating how their cybersecurity strategy reflects business objectives and 3) working with stakeholders to build out a data risk dashboard that reports on progress. 

\n

ACTIVE LEARNING 

\n

Active or adaptive learning is when individuals learn by doing. Research shows it helps learners be more engaged, empowered, excited, and shows they possess deep, conceptual understandings of topics learned. Active learning may involve collaborating with teams and applying concepts to real-world exercises/scenarios, which studies show improve retention rates by 75%, compared to 5% through traditional learning methods. As a result, organizations are finding ways to use active learning to cultivate a successful workforce. In fact, the Association for Talent Development’s “Personalized and Adaptive Learning” whitepaper reported that 83% of its respondents used some degree of personalized learning among their staff. In particular, cyber pros have begun implementing this method in the form of gamified cybersecurity training.

\n

CYBER AWARENESS CONTINUED

\n

These three action-items are just the tip of the cyber awareness iceberg, but, when faced with a challenge, the hardest part is getting started.  

\n

We hope our research saves you time in identifying strategic next steps so you can focus on finding the right tools and technology to help you create a culture of cyber awareness that thrives in the face of evolving threats.   

\n","title":"Learn the Three A’s for Enhanced Cyber Awareness"}},{"node":{"id":"4a5fe4d6-973a-5a45-8c5f-b296f1ecdcaf","slug":"understanding-the-dark-web","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/Dark_Web.jpg"},"date":"2018-08-22T23:20:41.000Z","content":"

If you are familiar with recent news reports about security incidents and threats, you’ve probably heard of the ‘dark web’ or the ‘darknet.’ In fact, you don’t even need to pay attention to the news. TV shows, movies and even social networking sites will introduce the terms to you. The problem is, there often isn’t any explanation about what those terms mean. Likely, the people using them have no idea what they mean. Understanding what they mean can help you better protect yourself, as well as having an idea of what is going on in these news reports. To get there, though, we’re going to take a quick journey through history. 

\n

A Brief History of the Internet 

\n

In the beginning was the Advanced Research Projects Agency (ARPA), along with its companion organization Defense Advanced Research Projects Agency (DARPA). These organizations were federal agencies that used money from the federal budget (tax dollars) to distribute to companies to conduct research and advance our capabilities as a country, as well as a military power. In the 60s, several people and organizations discussed the idea of connecting computers together so they could communicate, including communicating over long distances. Keep in mind that at that time, “computers” were very large devices that cost millions of dollars. The idea was to make better use of those devices by letting researchers anywhere access resources where research was being done.   

\n

In the late 1960s, two computers were connected together to create the start of the ARPANET. The ARPAnet was where TCP/IP was eventually developed. In the 1970s and then the 1980s, several other networks were developed by other organizations — CSNET, BITNET, THEORYNET, JANET and many others around the world. Eventually, the U.S. created the NSFnet, sponsored by the National Science Foundation. The NSFnet became a backbone network with very fast connections. As a side note, this is where the misquote of Al Gore originates. He didn’t say he invented the Internet. He said he took the initiative while in Congress to create the Internet. He’s correct, in that he was a driving force behind legislation creating the NSFnet, which became the Internet over time, as all other research networks were folded into the NSFnet. Additionally, Gore was involved in legislation allowing businesses to connect to the NSFnet, truly creating what we know today as the Internet. 

\n

The Connected Internet 

\n

The Internet isn’t a single network. It’s a large collection of networks, all interconnected. Every business and organization connect their own network to a service provider. The service provider connects to other service providers, sharing information about how to deliver information to businesses and organizations, where all the users live. The Web is an overlay on top of the Internet and refers to a specific service — servers that communicate using the Hypertext Transfer Protocol (HTTP).  

\n

Search engines like Google, Bing and others, make navigating the Internet possible. Not everything is searchable, though. If Google doesn’t know anything about the site, Google’s robots that are used to index sites can’t look through the site and deliver it in search results.  

\n

The Dark Web 

\n

Any site that has no connections to other sites and no other sites have connections to it is completely isolated from the search engines. The collection of sites like this, which may be web sites but may also be systems that use other protocols to serve up content to users, is a subset of the overall Internet and is sometimes referred to as an overlay. This overlay is sometimes called the “darknet” or the “dark web,” because the systems and services are not searchable by traditional search engines and you’d have to know they are there to make use of them.  

\n

More commonly, though, is another network overlay that was developed by the U.S. Navy. U.S. Naval Research Laboratory employees developed the concept of “onion routing” in the 1990s. Today, you may know this better as The Onion Router (TOR). TOR is a way of routing to sites through peer-to-peer connections, meaning system-to-system rather than site-or-network to site-or-network. When you hear about data being on the dark web or darknet, they are likely referring to TOR sites. They may, though, also be referring to other sites that are also connected to the Internet but can’t be found unless someone specifically knows about the site. 

\n

The Implications for Cybersecurity 

\n

It’s important to understand what the Dark Web is because it is intimately tied to the work conducted in cybersecurity. As hackers continue to evolve in their tactics and breach practices, stealing records including medical records and people’s personal data, that information is treated as currency, sold on the Dark Web. Beyond a profit motive, according to The Independent (a U.K. newspaper), “cyber criminals could exploit the healthcare records for other purposes like redirecting medication to different addresses, or request doctor appointments on other people’s health plans.”  

\n

Healthcare is just an example of how the Dark Web informs cybersecurity efforts but as we continue to understand the intricacies of the Dark Web, its activity, and see the damaging repercussions of its mere existence, we need to take our cybersecurity efforts that much more seriously. The possibilities of exploitation are endless when hackers are motivated by financial gain, insinuating social chaos, and/or manipulating data for power and status.   

\n","title":"Understanding the Dark Web"}},{"node":{"id":"1609c5dc-95c5-5692-9890-2cc00f15ffe0","slug":"the-benefits-of-active-gamified-learning-in-cyber-training","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/gamification_design_green.jpg"},"date":"2018-08-21T21:06:02.000Z","content":"

What is gamified learning? Before we dive into that question, let’s discuss some of the ways we currently learn about cyber today. Traditional cyber training has been conducted in the same way for years, comprised of static, classroom-style settings complete with a teacher lecturing and passive listeners. This model causes people to forget 

\n\n

In addition to forgetting material learned, there’s minimal opportunity for the student to proactively solve problems, think critically, and analyze material. Instead, they superficially understand concepts without truly learning their application to real-world situations. This leaves the trainees disengaged, disempowered, bored, and unmotivated.  

\n

We believe there’s a better way to deliver information security training—a way that engages teams in healthy competition and in critical thinking and problem-solving activity. Through active learning, studies show learners are more engaged, empowered, excited, and possess deep, conceptual understandings of topics learned. Active learning involves collaborating with teams and applying concepts to real-world exercises and scenarios, which improves retention rates to 75%, compared to 5% through traditional learning methods. 

\n

So why is active learning so important for cybersecurity professionals?

\n

Because the undeniable jobs shortage affecting the industry is prompting CISOs to take a closer look at ways in which they can close the skills gap. The first step involves leveling up existing cyber teams by equipping them with the tools and skills they need to do their jobs better. Without proper cyber training and skills development, professionals can’t keep pace with evolving cyber threats, causing teams, organizations, and companies to succumb to hacker attacks.  

\n

How significant is this issue? According to a recent ESG/ISSA study, 70% of cybersecurity professionals claimed their organization was impacted by the cybersecurity skills shortage, with ramifications such as an increasing staff workload, hiring and training junior personnel rather than experienced professionals, and situations where teams spend most of their time dealing with the emergency du jour, leaving little time for training, planning, strategy, etc.  

\n

So what can we do about this?  

\n

Consider gamified cyber training 

\n

Not only is hands-on, active learning important but we believe that gamification is the natural, logical step in training the next gen learner (born after 1980), who has never known a world without video games. Gamification is often defined as the process of adding games or game-like elements to something. The term was originally coined in 2002 by a British computer programmer named Nick Pelling. When we think about the benefits of gamification of cyber security training, it is a learning style best suited for today’s learner who grew up playing video games and being motivated by elements like leaderboards, competition, collaboration, and social proof/progression.

\n

Even academic institutions across cyber schools are exploring cyber security games for students to complement their classroom learning. Some institutions like CU Boulder have even crafted an entire class around gamified cyber training using Project Ares in their syllabus.

\n

Unlike compliance-driven teaching methods, gamified teaching engages practitioners individually and in teams, through modern learning strategies. It works by deploying connected, interactive, social settings that allow learners to excel in competitive, strategic situations. Further, it enables learners to apply what they know to simulated environments or “worlds,” creating a natural flow that keeps learners engaged and focused. Organizations that offer gamified exercises to teams report that 96% of workers see benefits including increased awareness of weaknesses, knowledge of how breaches occur, improved teamwork and response times, and enhanced self-efficacy.   

\n

In gamified environments, trainees are typically:  

\n\n

Active, gamified cyber training is only effective if employees apply their skills learned and acquired to real-world scenarios. For this reason, cybersecurity leaders are encouraged to measure the effectiveness of training efforts through regular audits and assessments to determine which employees may still pose a risk to the overall security posture of the organization.  

\n

“Keeping our workforce engaged, educated and satisfied at work is critical to ensuring organisations do not increase complexity in the already high-stakes game against cyber crime,” Grant Bourzikas, chief information security officer at McAfee. (ComputerWeekly) 

\n

Great, there are clear benefits. Now what?

\n

Now it’s time to reflect on how your organization can benefit from gamification in cybersecurity training. First, look at what training (if any) is currently occurring. Then, speak with teams about where they’d like to improve and draw clear parallels between the investment in training and desired business outcomes. And of course, when you’re ready to learn more, contact us to see how gamified training actually works through our Project Ares® platform.

\n","title":"Game On: The Benefits of Hands-On, Gamified Learning in Cyber Training"}},{"node":{"id":"31dae1cb-7249-506d-9e2b-f6f5134f0997","slug":"game-of-titans-cyber-challenge-raises-awareness-of-gamified-training-and-assessment-solution","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/Bg02.jpg"},"date":"2018-08-14T22:09:18.000Z","content":"

We hosted our first-ever “Game of Titans” Cybersecurity Challenge in Las Vegas recently, gathering security professionals together to compete on our Project Ares® cybersecurity platform for a chance to win several prizes.

\n

The event did not disappoint! Between the amazing Esports Arena venue, which offered enticing views of the game play, combined with the presence and engagement from celebrity hacker Vinny Troia, who provided colorful commentary and judging, and enthusiastic YouTube sensation Zach Hill of TalkTechDaily, who graciously live streamed the event, it was a success!

\n

Competitors had the opportunity to practice on the Project Ares platform for up to 11 days in July before entering the qualifiers and then attending the live final round in Vegas. For the CISOs and other tech leaders who wanted a more intimate view of the platform, we also hosted several private demonstrations of Project Ares in-suite at Mandalay Bay. We enjoyed conversations with leading cybersecurity influencers who were looking for a better way to solve their cybersecurity challenges in the face of staffing shortfalls and skills deficits.

\n

The inaugural Game of Titans competition culminated with three winners including best defensive player, offensive player, and MVP (pictured here). Congrats to the night’s MVP Monique Moreno with Ellucian, to Tim Nary with Booz Allen Hamilton who was the Red Team winner and Jordan Scott with Boecore as the competition’s Blue Team winner.

\n

We hope the event inspired these individuals and others to keep on strengthening the cybersecurity profession and gave interested cybersecurity professionals the opportunity to see how gamified cyber training and assessments can benefit their professional portfolio and organizational security position.

\n

 

\n","title":"Game of Titans Cyber Challenge Attracts Top Professionals, Raises Awareness of Gamified Training and Assessment Solutions"}},{"node":{"id":"fe012ba9-eaef-5518-8363-61686963ddda","slug":"recapping-jack-voltaic-2-0-cyber-research-project","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/05/critical_cyber_splash-1.jpg"},"date":"2018-08-02T22:32:09.000Z","content":"

Late last week, Circadence® participated in the Jack Voltaic 2.0 Cyber Research Project held in Houston, Texas. The event was described as a “bottom-up approach to critical infrastructure resilience,” where the City of Houston, in partnership with AECOM and the Army Cyber Institute (ACI) gathered with critical infrastructure partners to study cybersecurity preparedness gaps.  

\n

Developed by the ACI at West Point, Jack Voltaic 2.0 took place July 24–26 at the Houston Emergency Center and results from the activity will be published in a technical report from the Army Cyber Institute in November 2018.   

\n

Our own Laura Lee, executive vice president of rapid prototyping, attended the exercise and shared her experience in a quick Q & A.  

\n

What made this event special? 

\n

LL: This truly was a first of its kind event where a major city brought together both public and private entities across many different critical infrastructure sectors to prepare for a cyber event. It involved energy, healthcare, transportation, water and government services all working together to resolve an attack. The City of Atlanta suffered a cyberattack in early 2018 that caused millions of dollars and interrupted services in the city for weeks. The goal of this event was to avoid that type of situation and prepare, just like Houston does for hurricanes or the Super Bowl. There are always risks but the key is getting ahead of an event and developing policies and procedures to handle it.  

\n

What was the environment of the event like?  

\n

LL: During service restoration and when determining what was happening during the simulation, technical experts were serious in their pursuits to remediate the issues. Each team chose a leader and immediately and got to work. Harris County (where Houston resides) were quietly discussing what they were seeing for web attacks in their network, while the Port of Houston Authority were dealing with ransomware. Each team reported up to the Houston Emergency Center, with some teams reporting live via an online conferencing system. The activity was taken very seriously, and it felt like a real-world response.  

\n

What was one of the highlights of the event?   

\n

LL: The team from Memorial Hermann Health was asked to brief what they saw in ransomware and how they handled it. It was a Webex broadcasted to the 150 people in the Houston Emergency Center. All the teams were listening carefully to the report, trying to understand if they were seeing similar things. At this point, the hospital had successfully handled the attack, and everyone was gaining confidence and excitement.  

\n

Why did Circadence participate in this research exercise?  

\n

LL: Circadence is in a unique position to support city and state-wide cyber exercises because the company’s cybersecurity training and assessment platform, Project Ares®, offers virtual worlds that represent businesses and agencies in the real world. We have a synthetic internet with simulated users performing normal day-to-day jobs all in a closed, safe environment. For the event, it allowed key users to see and test what happens with the latest malware or cyber tactic. By using the Project Ares platform, we can select multiple environments that make up a city and then bring in real people, as if it was the actual city under attack. This gives a new dimension and real-world feeling to traditional “table top” exercises that are typically used for disaster preparedness. It’s a way to bring all the people required (government, industry, academia) together and includes the technical and policy personnel so everyone learns how to work together. We are passionate about helping every critical industry sector, every state, and every city learn to successfully mitigate cyber risk.  

\n

Circadence – Contributing to Critical Infrastructure Cybersecurity  

\n

Circadence supported the 6-month event planning process for the Jack Voltaic 2.0 Cyber Research Project. “We met almost monthly and created a realistic scenario within Project Ares, which resulted in a coordinated attack on the city,” said Laura. “We worked together to create events that would challenge each participant and then during the event, we ran the Live Fire exercise portion for the technical team players. We also displayed the results and analysis in real time within the large Emergency Center area so the policy makers could understand what was happening technically.”   

\n

Cyberattacks rarely affect a single target. Instead, unanticipated effects could ripple across interconnected infrastructure sectors, which is why infrastructure resilience is more critical than ever. Varying defensive capabilities and authorities complicate the response. If exploited by a determined adversary, these unidentified gaps leave our nation vulnerable. Circadence was proud to participate in this exercise and help close gaps in critical infrastructure cybersecurity through its Project Ares platform.  

\n

Watch the full press briefing from the City of Houston here 

\n","title":"Recapping Jack Voltaic 2.0 Cyber Research Project: A Q&A with Laura Lee"}},{"node":{"id":"258fac48-b9f1-5f3b-860e-4f6fa47be089","slug":"benefits-of-security-and-devops-working-together","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/07/Screen-Shot-2018-11-28-at-9.20.54-AM.png"},"date":"2018-07-31T23:07:32.000Z","content":"

For years, security professionals, including myself, have advocated for security to be part of the development process. Recently, development has been undergoing a big shift “to the left” so that security is part of a more integrated process in development. You may be aware of this change as DevOps. DevOps means that development and operations, the team responsible for deployment and management, work closely together rather than having cold hand-offs. One of the ways this works is by automating as much as possible, including building, packaging, testing and deployment. The integration came at an opportune time when shifts in software development started in the late 1990s, now called Agile. 

\n

What is Agile? 

\n

Agile is about rapid development that produces a releasable product at the end of each iteration. Most importantly, Agile is about focusing on customer needs and not big, over-developed software. DevOps provides the ability to take the idea of Agile several steps further. Beyond just having a product that the customer can use, DevOps opens the door to deployment and delivery. As more applications and functions become enabled through web technologies, there are more frequent deployments that the customer can use. Pinterest, as an example, deploys up to 50 times a day to their platform. 

\n

Where Security Comes In 

\n

You may be wondering where exactly the security comes in here. Security professionals may be concerned about what DevOps means for them. As it is, when a development process is complete, security gets tossed a product to do testing and assessment. How bad could that be if development and deployment is happening at least once every couple of weeks? Fortunately, there are answers to this question and the good news is, it helps from a security perspective, and this is where “shifting left” comes in.  

\n

\n

When we talk about “shifting left,” we mean that we are pushing things earlier into development process. Like the operations team, the security team can provide their needs and requirements to development early on. This can mean ensuring that security tests are built into the test automation. It should also mean that security is working closely with developers so developers understand what secure development looks like — appropriate practices and frameworks, for instance.  

\n

Implications for the Customer 

\n

If security and its requirements are incorporated earlier in the process and security professionals become a more prominent stakeholder, the customer benefits. Each development cycle has to factor in security and if there is anything required of the security team, they get tasks just like any of the developers or operations staff. This may include changes to intrusion detection systems, firewalls or web application firewalls if it’s a web application being developed.  

\n

An enormous advantage to regular deployments is the time to repair shrinks. If development teams are releasing even every two weeks, customers have a better chance of getting updates that fix security issues much faster. This helps the company and it helps the customer. It is a win-win.  

\n

Similarly, if processes are automated, the security team is in an even better position because there is less chance of human error that may result from botched installs or configurations.  Security work has its benefits in this instance.

\n

In the end, the blend of DevOps with Security, now referred to as DevSecOps, has enormous potential to improve application security. If you aren’t looking into it for your teams, you should be. Move security left! 

\n","title":"DevSecOps: The Benefits of Security and DevOps Working Together"}},{"node":{"id":"f404e834-a2ed-5340-b2b5-7739bd7ad44d","slug":"circadences-laura-lee-mentors-young-women-cybersecurity-badge-program-launch-event-girl-scouts-partnership-palo-alto-networks","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/Bg02.jpg"},"date":"2018-07-24T18:51:32.000Z","content":"

Our own Laura Lee, executive vice president of rapid prototyping, recently mentored young girls at a Girl Scouts event on Wednesday, June 27, that celebrated the launch of a new cybersecurity badge program.

\n

The program is the brainchild and joint partnership between Palo Alto Networks and Girl Scouts of the USA (GSUSA). It is a national effort aimed at eliminating traditional barriers to technology industry access, such as gender and geography. According to the Girl Scouts, the programming will target girls as young as five years old, helping ensure that even the youngest girls have a foundation primed for STEM careers.

\n

Laura, along with a group of nine other cybersecurity industry leaders, mentored six girls at a time in a roundtable format and answered questions about cybersecurity careers. While each mentor shared their own professional journey in cybersecurity, three common themes emerged: 1) no one started out thinking they wanted to be in cybersecurity but rather fell into it; (2) cybersecurity requires curiosity, life-long learning and diversity; (3) not many women are in the field (and the girls can change that!).

\n

Laura shared how she started out as an aerospace engineer building Missile Defense systems, a 15-year career path that prepared her for a transition into cybersecurity defense. She shared how Circadence® participates in many cybersecurity education events including the SoCal Cyber Cup, a challenge for middle and high school students, where a female won the entire competition. The story of the young girl winning such a notable competition was a strong proof point to the potential for more women to enter the cybersecurity field. The example brought an enthusiastic round of applause among the Girl Scouts.

\n

“I told them to think broadly about cybersecurity – it isn’t just computer science. In every field (medical, law, economics), there are cybersecurity aspects, so [I said they] should learn about it no matter what [they] want to pursue,” said Laura.

\n

The mentorship event reflected Circadence’s commitment to educate and train everyone interested or involved in cybersecurity, from aspiring professionals to seasoned experts. Further, the event was an opportunity to show the Girl Scouts how engaging and fun cybersecurity jobs can be, especially with the introduction of platforms like Circadence’s Project Ares®, a gamified teaching and training tool for cybersecurity professionals. “Being involved in this is another fundamental way to explain how a serious game [like Project Ares] can help teach concepts,” said Laura.

\n

While Laura’s stories and insight proved invaluable to the girls, Laura left the event equally impressed with the girls’ level of engagement and interest in cybersecurity. Circadence is proud to have Laura represent the company and use her expertise to inspire and educate the next generation of cybersecurity professionals.

\n","title":"Circadence’s Laura Lee Mentors Young Women at Cybersecurity Badge Program Launch Event for Girl Scouts in Partnership with Palo Alto Networks"}},{"node":{"id":"f7b8ff22-c1cc-5159-bdf8-8400b8b926f1","slug":"play-watch-experience-circadence-host-first-ever-game-titans-cyber-challenge-las-vegas","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/JV2.jpg"},"date":"2018-07-20T01:43:54.000Z","content":"

As the New York Times points out, “Video games are beginning their takeover of the real world,” and with the popularity of Fortnite and other events gaining traction, Circadence® is jumping on the voyeuristic video game bandwagon hosting its first “Game of Titans” Cyber Challenge–a unique event that will demonstrate the power of its immersive, online cybersecurity training platform Project Ares®.

\n

The “Game of Titans” competition is one of THREE ways cybersecurity warriors can experience the power of gamification within cybersecurity training in Las Vegas from August 6 through August 9.

\n

We’ve detailed the three opportunities for cybersecurity experts and enthusiasts to get involved below—and we look forward to seeing and meeting everyone in Las Vegas!

\n

Cyber Battle Competition – Play to Win!
\nCelebrity cybersecurity expert and ethical hacker Vinny Troia will oversee and judge the competition providing commentary of gamers’ progress for non-competitors watching the action.

\n

Qualifying rounds take place July 27-28 and finals will be held on-site at the new Esports Arena inside the Luxor Hotel and Casino in Las Vegas. Finalists will then compete live on-stage on August 7 from 6 to 10 p.m. in front of an audience using the Project Ares platform to show off their cybersecurity skills and talents.

\n

Interested competitors need to register online by July 26 or early bird entrants can register before July 22 for early access to Project Ares in order to practice. Prizes will be awarded for best offensive and defensive players as well as an MVP. Details to register can be found here.

\n

Competition Attendance – Watch the Action!
\nWhile the Esports Arena Las Vegas is open to the public, the competition is a true VIP experience where invited attendees enjoy food and drinks and a close-up view to the action. Audiences can watch the top players compete live on-stage for the inaugural “Project Ares Titan” crown and title.

\n

Viewers will be able to see up-close footage, live-action play, and instant replays—just like watching a football game. Audiences can jump aboard the popular game watching movement that’s inspiring a new generation of mainstream entertainment.

\n

Private Demos – Experience the Platform!
\nCircadence will be hosting private in-suite demonstrations at the Mandalay Bay Hotel and Casino Monday, August 6 through Thursday, August 9 from 10 a.m. – 4 p.m. for those interested in learning more about the platform’s capabilities for cyber teams.

\n

Demo registrants can speak one-on-one with Circadence representatives about their specific cybersecurity challenges and needs to find the best solution for them. Food and drink will be available in the suite. Interested parties can sign up for a 30-minute demonstration here.

\n

“We are excited to host the first Project Ares ‘Game of Titans’ Cyber Challenge for both novice and experienced cyber professionals, and the Esports Arena is the perfect space for attendees to experience the power and capabilities of the platform up close,” said Keenan Skelly, Circadence VP of Global Partnerships and Security Evangelist. “We hope the competition will inspire curiosity in using gamification in training as well as help people see for themselves how the platform can aid in their professional development, so they can keep pace with evolving cyber threats.”

\n

If you still need more information about getting involved in any of these opportunities, please contact Amy Dageenakis.

\n","title":"Play, Watch, Experience: Circadence to Host First-Ever “Game of Titans” Cyber Challenge in Las Vegas"}},{"node":{"id":"d1312341-8bb6-52b6-bf9e-97cd272ddcf6","slug":"guis-are-evil","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/PLC.jpg"},"date":"2018-07-18T01:40:31.000Z","content":"

Graphical User Interfaces (GUIs) are evil. Or in the words of a friend of mine – “the work of the devil.” I know people generally like shiny windows and icons and that’s fine for a lot of work. But, when it comes to being an info security professional, GUIs are just wrong in many cases. Stick with me. You will want to rethink your position on “just give me a shiny GUI over white letters in a stark, black window any day.” Here are a few reasons why GUIs aren’t necessary.

\n

Minimize distractions

\n

One of the biggest issues with a GUI is that it is designed to take away the onerous drudgery and work from performing computing tasks. If I’m writing a document, such as this one, give me a few bells and whistles so I can more easily manipulate text using a mouse. However, if I’m honest, I’m writing this in as close to a text editor as you can get. No frills. No clutter. Just a visual representation of a sheet of paper. Sometimes you need to shove everything off your desk and get to work without the distractions.

\n

Don’t bury the details

\n

When a GUI appears to be doing a lot of the work for you, it is. At the same time, it’s hiding a lot from you. The developers believe, sometimes rightly, that the details are clutter that will get in the way of you doing your job. You should be focused on the work and not the minutiae of how the work is done. However, the very things the GUI is hiding from you are often the details that you really need to see as a technology professional. Without the details, it can be hard to learn how everything fits together. As an example, if you were doing forensics work using one of the GUI tools like EnCase or FTK, you either wouldn’t get some of the low-level details or it would be harder to see them, as you’d get from tools like SleuthKit. Using the SleuthKit, you really need to understand how the filesystem is put together to be able to understand the output.

\n

Beyond that, there are cases where the tools you need for a task are just command-line based. As an example, if I to want to see whether another system was available and responsive on the network, I would use the program ping. There is no GUI alternative, at least installed by default on most operating systems, for ping. The same is true for traceroute/tracert. If you needed to do some troubleshooting for problems with your domain name server, it’s easiest to use a program like nslookup or dig. There are no other tools that are GUI-based that are available by default.

\n

Automatic task completion

\n

The last case I will put to you, though there are several others, is the ability to complete complex tasks automatically. When we use command line programs, we can put a list of those commands together into a file and have the entire list executed. On Windows, this would be called a batch file or a PowerShell script. On Linux, it would be called a shell script. This means you can have a complete process that can be repeated verbatim, over and over again. On Linux and other Unix-like operating systems, including macOS, you can chain several commands together to perform complex operations. The ability to take the output from one command and use it as an input to another program is called piping.

\n

Let’s take an example. The following command sequence takes the idea of piping beyond just output -> input.

\n

ps auxww | tr -s ” ” | cut -d ” ” -f 2 | sort

\n

This command sequence gets you a process list, which has a lot of space characters between columns, and sends the output to a program that translates characters. This particular command removes extra space characters. The output, without all the extraneous characters, goes to the program cut. This program cuts the second column (field) from the output with the space character as the delimiter between the fields. Finally, the output of that, which is the process ID, is sent to the program sort. What we end up with is a sorted list of all the process IDs.

\n

Command line programs give you a lot of control over the information you get and how it’s presented. You can enjoy your GUI programs if you like but I will tell you that if you really want to become a knowledgeable security professional, you should get comfortable with the command line. It will be your friend and give you a lot of power while minimizing your dependence on fancy GUIs.

\n","title":"GUIs Are Evil"}},{"node":{"id":"f14fe621-81ef-5a4f-b8c4-d9ad2244a188","slug":"continuous-learning-key-strengthening-cyber-teams","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/08/Way-Too-Happy-People-HD.png"},"date":"2018-06-19T22:48:31.000Z","content":"

There is a lot out there about the benefits of continuous learning—or continuous professional development—and what we’re gleaning from research is how POWERFUL the approach can be when applied to cyber team training.

\n

Like most industries, the only constant in cybersecurity is change. It’s not enough for cyber professionals to get technical degrees and certifications to call themselves experts. Ever-evolving cyber threats are a constant thorn in the sides of cyber professionals. They are responsible for finding new ways to stay ahead of the game to swiftly and efficiently defeat threats before they do damage to their company. CISOs in particular have the unrelenting challenge of identifying opportunities to assess, enable, train, and retain their cyber teams, which usually requires time they don’t have. To assist with this challenge, a simple and effective solution is continuous learning.

\n

Continuous learning is exactly what it sounds like: the ability to continually develop skills and knowledge to perform effectively in the workplace. When it comes to cyber teams, they must be “students of the business,” willing to stay current with the latest news and industry developments to grow their understanding and apply any new knowledge gained to their jobs.

\n

Practicing continuous learning within your cybersecurity team delivers the following benefits:

\n\n

Due to the widespread skills shortage of cybersecurity professionals (projected 1.8 million open and unfilled positions by 2022), organizations need ways to develop skilled teams to fight ever-evolving cyber threats.

\n

Many leaders are addressing this problem by adopting a continuous learning philosophy that involves consistent training and up-skilling their teams. In fact, 60% of companies use training to build security expertise (Coursera) and 96% of cybersecurity professionals agree that they must keep up with their skills or the organizations they work for will be at a significant disadvantage (ESG Research).

\n

However, preconceived notions of cost and time prevent lots of companies from offering continuous development opportunities for their employees (only 38% of cybersecurity pros say their organizations provide the right level of training and education). Fortunately, there are training platforms out there (such as our very own Project Ares®) that are both cost-conscious and time-saving in the sense that they don’t require time away from the office to train.

\n

We recommend CISOs adopt continuous learning by:

\n
    \n
  1. Interviewing and assessing cyber teams to identify skills deficits and, therefore, understand what team members need to learn/develop.
    2. \n
  2. Address large workloads via automation and augmentation so that cyber teams can move away from data handling tasks and into higher-level reasoning and analysis.
    3. \n
  3. Providing ample opportunities for skills development through persistent, gamified training, mentoring, networking, and continuing education.
    4. \n
  4. Developing teams incrementally and continuously via a “day-by-day, month-by-month” mindset – as the job is never done in this field.
    5. \n
  5. Dedicating resources, setting expectations, and aligning corporate culture with the goal of enabling employees to get the learning they need to protect and defend the organization at every stage of their careers.
    6. \n
\n

Continuous learning will up-skill and strengthen your cyber teams so that they are prepared to defend your organization against ever-increasing cyber threats.

\n

Increased understanding, skill and application of offensive and defensive strategies, will greatly improve your organization’s security posture and help keep the hackers at bay.  As technology and connectivity strengthen with each passing day, steps must be taken immediately to adopt a culture that values and emphasizes continuous learning to help avoid your organization being featured as the victim in the next cybersecurity attack headline.

\n","title":"Why Continuous Learning is Key to Strengthening Cyber Teams"}},{"node":{"id":"b992a772-9762-5c9f-a8f7-ca63079de217","slug":"the-illusion-of-security","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-19-at-1.24.41-PM.png"},"date":"2018-06-12T14:57:17.000Z","content":"

When you fly, you are subjected to a lot of requirements when passing through a security checkpoint. You have to take off your belt and jacket, remove everything from your pockets, you can’t carry in liquids more than 3 ounces and on and on. When someone, many years ago, devised a way to carry a bomb in their shoes, we were all required to take our shoes off when we passed through security. Of course, there are ways around these things by getting a background check and giving up your fingerprints. However, even after doing all that, you still have to pass through metal detectors and you still can’t bring in liquids. Despite all these restrictions, people still manage to get knives, liquids and other supposedly banned items through security.

\n

When I was in college, many years ago, I had a job doing physical security. What I knew then was that being visible, so everyone was aware there was a security presence who would step in if it was necessary, was often adequate to keep incidents from happening. Does either the Transportation Security Administration (TSA) or my own presence completely keep bad things from happening? Of course not. In security circles, what the TSA does is called security theater. It provides the illusion of security. This sounds derogatory and dismissive. The fact of the matter is that just having that presence keeps random people from doing stupid things on a spur of the moment. Will it keep determined people out? No, but that’s not really the point anyway.

\n

While the illusion of security can often have benefits, there are also a lot of downsides. Where it is especially an issue is when it comes to information security. Too many times when I did security consulting, I was asked by clients to provide a security assessment that was primarily focused on making them compliant with some set of requirements, whether for payment card processing, health care or maybe regulations or laws. Often, the most sensitive or vulnerable parts of the organization were out of scope. There is rarely enough time to do a thorough analysis of an entire network. Getting a report indicating that very little was found can provide some executives and other leadership the belief that they can’t be compromised.

\n

This is where the illusion of security is very dangerous. Anytime someone gives you the sense that you are safe from attack or compromise, you are potentially in an even more dangerous situation. If you get a good “health check” from a security assessment or penetration test, take it for what it is — a snapshot with a very limited view.

\n

These tests are not the only place where you can start to get the illusion that you are safe and protected. Vendors often sell elaborate, end-to-end solutions. Without any intention to impugn such vendors, what you are buying into there is the lens of a single company. Everyone has a bias because everyone sees things differently. Getting multiple views into what’s happening in your organization from the standpoint of information security can be very valuable. However, that’s not to say more is necessarily better. More information can be a good way to blind yourself because it takes so much time and effort to sift through all the data you have acquired.

\n

Perhaps even worse than a single vendor, end-to-end solution, though, is having multiple vendors whose products can’t communicate effectively. You may have the latest and greatest in information security technology but if the different pieces can’t play nicely together, you’re in a far worse position because you believe all the components will “do the right thing.” Modern attacks, though, are complex and far-ranging. You need to be able to correlate events across multiple devices to get a broader sense of an attacker’s actions. If you aren’t getting all the details from all the devices, you’re going to miss when the bad guys get in.

\n

This sounds bleak, for sure. It’s complicated. There aren’t perfect answers to these challenges. The important thing is to bring it back to basics — understand what the problems you have are, what resources you want to protect, and what adversaries you are most concerned about. All of this should be done rationally and realistically and not motivated by fear, uncertainty or doubt. It’s better to make decisions from a position of knowledge and awareness.

\n","title":"THE ILLUSION OF SECURITY"}},{"node":{"id":"f259e0b1-534a-5eec-98fa-3574695eb81a","slug":"project-ares-featured-on-computer-america-radio","status":"publish","template":"","format":"standard","featured_media":null,"date":"2018-06-11T16:51:21.000Z","content":"

Recently, our own Keenan Skelly, VP of Global Partnerships and Security Evangelist with Circadence®, was interviewed by Computer America’s Ben Crossman regarding Project Ares®, our flagship training and assessment platform for cybersecurity professionals. Keenan shared how Project Ares works, what it can be used for and the benefits of gamified training.

\n

The top 5 key takeaways from the interview include:

\n

1. The next generation way to cyber train is through gamification, allowing participants to train in a scalable way while improving information retention.

\n

2. A benefit to using the Project Ares platform is having access to its virtual cyber ranges that emulate enterprise networks, putting real-life tools in the hands of trainees, mirroring what they would be doing in the real world. 3. Increased diversity helps program AI technology to better account for “every-person’s AI.” We should consider how programming of these systems is unintentionally informed by our own personal biases.

\n

4. We need to adjust our messaging around what it means to be a woman in cybersecurity and introduce young women and girls to the different roles that exist in the field today to spark interest.

\n

5. It is critical to remain aware of how data privacy legislation will affect offensive and defensive work (not to mention personal cybersecurity practices) so companies remain compliant with industry regulations while staying vigilant against evolving threats.

\n

Keenan concluded that while the negative effects of cyberattacks are in the headlines every day, we have an opportunity to change the paradigm of cybersecurity for the better. Cybersecurity is not just an IT challenge, it’s everyone’s responsibility to stay vigilant in today’s interconnected world.

\n

To listen to the interview in full, visit https://computeramerica.com/2018/06/11/circadence-interview-us-super-computer-bitcoin-value-apple-bans-cryptomining/.

\n","title":"Project Ares Featured on Computer America Radio"}},{"node":{"id":"0ca0e534-20c0-570a-9218-14693982663d","slug":"cant-keep-ignoring-cyber-fatigue","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/geneic_team.jpg"},"date":"2018-06-07T15:40:17.000Z","content":"

The ever-present threat of cyber attacks is taking its toll on info sec newcomers and veterans alike who are struggling to keep pace and can lead to cyber fatigue, which is a growing concern among both cyber professionals and consumers.

\n

But just WHAT exactly is it? Most resources associate it with users who “just can’t be bothered with using a new password,” prompting users to make poor decisions with regard to their security efforts. In our experience working with government, academic, and commercial enterprises, cyber fatigue affects cyber professionals who are overworked, under-resourced, and lack proper training—leaving professionals throwing up their hands in fatigue and frustration.

\n

Many organizations do not have the right sized cyber teams to alleviate workloads and effectively combat attacks; cybersecurity employees are fatigued from long hours, lots of pressure, and unreasonable workloads. This leads to dissatisfied employees and high attrition rates. This is a serious problem because organizations that are trusting their data security to a fatigued cyber team is ultimately, a threat to us all.

\n

According to a new KPMG report, “How to Bounce Back from Cyber Fatigue,” a new model is needed to transform cybersecurity strategy from one that is draining and reactive to one that is energized and proactive.

\n

A Five-Pronged Approach to Combat Cyber Fatigue

\n

The KPMG report offers a five-pronged approach for organizations to combat the symptoms of cyber fatigue:

\n\n

Instead of a “spend more, more, more” mentality, organizations would benefit from taking these approaches and starting collaborative, C-suite involved conversations that advance them toward a culture of cyber awareness and proactivity.

\n

Cyber threats are only getting more sophisticated and intelligent and cyber teams need to do the same in their cyber workforce preparedness. By maximizing info security investments and protecting the firm’s assets with robust staff training and skills development, CISOs can sleep a little easier at night—and more readily tackle tomorrow’s cyber threats.

\n","title":"Why We Can’t Keep Ignoring Cyber Fatigue"}},{"node":{"id":"813c273f-56d6-5b7a-af68-28879d49467b","slug":"circadence-ranks-top-10-cybersecurity-training-firms-black-book-market-research","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/server_rrom.jpg"},"date":"2018-06-05T14:00:16.000Z","content":"

Black Book Market Research, the parent group for Black Book Rankings, recently ranked Circadence® among the top 10 cybersecurity training firms for 2018.

\n

Circadence’s premier cybersecurity training platform, Project Ares®, is an immersive, gamified, AI-powered platform designed to help cyber professionals hone their skills and knowledge to defeat evolving cyber threats.

\n

Black Book conducts an annual poll of cybersecurity clients across 17 functional areas of cybersecurity from training and education to blockchain to endpoint solutions. Firms were rated by industry client satisfaction and loyalty scores via independent key performance indicators. A total of 2,464 cybersecurity system users and senior level managers participated in the seven-month crowdsourced survey. Black Book collects ballot results on 18 performance areas of operational excellence to rank vendors by software, systems, products, equipment and outsourced service lines.

\n

Circadence is proud to be recognized within the top 10 list of companies making impressive strides in bettering the cybersecurity industry as a whole. We believe with the right training and continuous learning, enterprise, government, and academic institutions will be better positioned to defeat attacks so that we can all continue to enjoy the benefits of being connected without being compromised. It is this belief that drives our commitment to helping companies combat evolving cyber threats with persistent training and assessment tools customized to our customer’s industry and cybersecurity needs.

\n","title":"Circadence ranks in top 10 cybersecurity training firms by Black Book Market Research"}},{"node":{"id":"915bdd9b-739a-5e8a-8d91-2d10ad8182af","slug":"youre-not-alone-common-cybersecurity-challanges","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-19-at-2.20.25-PM.png"},"date":"2018-05-31T19:29:15.000Z","content":"

We’re taking a 30,000-foot view of cyber security to understand the state of the industry from an enterprise perspective and share some common challenges faced by diverse industries. Doing so provides infosec leaders insight into how challenges emerge in their workplace and potentially a sense of relief knowing their industry (and themselves, as professionals) are not alone in this struggle.

\n

Cyber security remains dynamic and turbulent as businesses and technologies grow in complexity and hackers become more sophisticated. There is much discussion regarding the need to increase cyber security spending to expand cyber teams to cover more ground. And, we know that many businesses lack confidence in their current cyber readiness, due in part to many of these common challenges detailed below.

\n

Lack of qualified cyber security experts

\n

Finding cyber security professionals who possess specific technical skill sets is an uphill battle for many infosec leaders who are trying to grow and expand their cyber teams. According to Harvard Business Review, one of the main reasons is that businesses tend to look for people with traditional technology credentials instead of individuals possessing a wide variety of professional and technical skills. As attacks get more sophisticated varied skill sets of both technical (forensics, network analysis, malware detection) and professional (communication, problem-solving, analysis) will be required to combat them effectively, so leaders would be wise to expand their talent searches to include more diverse skill sets moving forward.

\n

Lack of structured upskilling among talent

\n

Senior staff often have a significant advantage over newer hires because they understand the ins and outs of their company. However, simply because they have advanced in their careers, they are not necessarily the most effective when trying to teach junior staff new skills and approaches to cyber security since conducting effective training is often a full-time job itself. Concurrently, it is difficult for IT professionals to consistently remain up-to-date on best practices across all aspects of cyber security. The 2019 IT Security Employment Outlook report and many other resources note a 3 million staffing gap in cyber positions. Skills needed include the ability to identify key cyber terrain and risks, protect organizational assets and data, detect unauthorized access and data breaches, respond to cybersecurity events and attacks, and recover normal operations and services. Investing in consistent, structured, measurable training to upskill existing team members is an effective way to assess and combat these deficiencies. 

\n

Staff retention and fatigue

\n

Since many organizations do not have the proper resources to alleviate heavy workloads and to effectively combat cyber threats, information security employees are often fatigued from long hours, immense pressure, and unreasonable workloads. These issues contribute to dissatisfied employees and high attrition rates across the industry. All of these issues taken together pose a serious problem because organizations that are trusting their security to a fatigued and undermanned or under-skilled cyber team is ultimately a threat to us all. CSO magazine recommends that companies assess “the state of mind of key staff members, create work schedules to rotate personnel off the front lines, and provide the right levels of support, stress relief programs, and career counseling.” 

\n

Combating common cyber security challenges

\n

These challenges are daunting and exist across many industries, keeping many infosec professionals up at night. Fortunately, by expanding the pool of candidates for positions by looking for more diverse skill sets, investing in immersive cyber security training, and understanding the state of mind of key staff members including monitoring their level of job satisfaction and fatigue, firms can more effectively combat these common challenges.

\n

 

\n","title":"Common Cyber Security Issues and Challenges"}},{"node":{"id":"75f7fb63-5c9c-551a-811e-c298c2c9fa80","slug":"lessons-learned-cybercrime-incidences-financial-services-industry-can-learn","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/infrastructure_financial_splash.jpg"},"date":"2018-05-30T16:11:05.000Z","content":"

Banks, credit unions, credit card companies, investment firms, and insurance companies are all under cyberattacks—making financial cyber security a hot topic of discussion. For years, the finance industry has been one of the hardest hit with cybercrime according to Deloitte. And it continues to rank in the top five most vulnerable industries. In 2017, 69 material cyber incidents were reported to the Financial Conduct Authority, an increase from the 38 incidents in 2016, according to Information Age. Financial cyber security regulations are keeping companies in check but the pace at which threats evolve in sophistication requires a persistent approach to stay ahead of hackers.

\n

If you bank online or have an insurance policy, you likely understand the convenience of single keystroke access to financial information. It’s easy, convenient and useful to transfer funds from mobile device to mobile device; electronically sign a form; or get a quote for a mortgage company just by entering in new financial details. Unfortunately, the rapid pace of adoption of new technologies that make these everyday transactions convenient is widening the attack surface for hackers and prompting security professionals to consider even stronger finance cyber security risk management processes.

\n

Financial Cyber Security Incidents

\n

Below are some of the most notable cybercrime attacks on financial services firms that we can learn from in order to take a more proactive approach to cyber security readiness.

\n

Equifax 

\n

The consumer credit reporting agency was breached in 2017, exposing the sensitive personal information of more than 147 million Americans. Partial driver’s license data was the primary data leaked. Equifax representatives said the vulnerability that allowed for the attack to occur was the failure to keep its computer systems adequately up to date.

\n

Bank of Chile

\n

State-backed hackers infiltrated the Bank of Chile’s ATM system in January 2019 and stole $10 million. The cyber heist was deployed via hackers initiating a virus as a “distraction” then prompting banks to disconnect 9,000 computers to “protect customer accounts.” Meanwhile, hackers sneaked in and used the global SWIFT bank messaging service to deploy fraudulent transactions.

\n

India’s Cosmos Bank

\n

Unauthorized users accessed their system and siphoned nearly $13.5 million through withdrawals across 28 countries. Unidentified hackers created a proxy switch that approved all the fraudulent payments.

\n

Lazarus group

\n

North Korea’s hacking operations are targeting financial institutions nationwide—completely indiscriminate of a brand or geographic location. The country is linked to attacks in 18 countries, according to a report from Russian cyber security firm Kaspersky Lab. The hacking operation known as “Lazarus” targeted employees at banks who visited the hackers’ list of 150 specified internet addresses. Experts say the attacks are at a “level of sophistication not generally found in the cybercriminal world,” and companies should take proactive measures to carefully scan their networks for the presence of Lazarus malware samples, disinfect their systems and report the intrusion.

\n

Bangladesh Bank 

\n

Bangladesh Bank experienced a hack in February 2016 that drained $81 million from accounts in a few short hours. Attackers subverted the bank’s SWIFT accounts, the international money transfer system, to get what they wanted, reports Wired magazine. Hackers sent more than three dozen fraudulent money transfer requests to the Federal Reserve Bank of New York asking the bank to transfer millions of Bangladesh Bank’s funds to accounts in the Philippines, Sri Lanka, etc. Reports indicate lax computer security practices were to blame (e.g. lack of firewalls installed on the networks), allowing hackers to easily infiltrate the network and find the credentials needed to proceed. The concept of attacking systems on the weekend isn’t a new approach either—other banks like Tesco experienced the same timing in November 2016 when thousands of current account customers were hit with fraudulent transactions by hackers.

\n

Learning from Financial Cyber Security Incidents

\n

Outdated systems, employee exploitation, weakened network security, and a poor ratio of defenders to hackers all contribute to the severity of these financial cyber security incidents.

\n

These attacks tell us a lot about what preventative steps can be taken. To ensure financial services firms have the latest systems updated and in place requires an experienced cybersecurity team to perform regular system checks and updates.

\n

Financial cyber security compliance leaders need to empower their teams with the right tools and persistent learning opportunities so they can be prepared for any malware infection or system overwrite that occurs.

\n

The increase in reported attacks reflects a greater need for accountability across all financial institutions. As the attack frequency grows, so must our cybersecurity vigilance. Cyberattacks will adapt to defense strategies so financial firms need to ensure they are always one step ahead. The best way to achieve this goes beyond hiring our way out of the issue. Training your cyber workforce proactively using gamified cyber range training to combat the latest threats is the key to sustained success.

\n

For more information on how financial firms can upskill their security workforce
\ndownload Project Ares subscription brochure.

\n
\n
\n
\n
\n
\n
Photo by Alexander Mils on Unsplash
\n
\n
\n
\n
\n
\n","title":"Learning from the Top 5 Financial Cybersecurity Incidents"}},{"node":{"id":"62a098a0-5177-5a01-88c1-ab4ad622bb7c","slug":"measuring-security","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/09/testimonybg.jpg"},"date":"2018-05-24T19:44:59.000Z","content":"

What do you think of when you hear the term ‘information security’ or even the term ‘cybersecurity’? If you think about how it all works, you may think about vulnerabilities, firewalls, intrusion detection systems, anti-virus or perhaps something else entirely. What probably doesn’t come to mind are terms like metrics and measurement. These are elements of information security that seems to get short shrift a lot, in spite of their importance. No matter what aspect of a company’s security posture, metrics are essential.

\n

As an example, if we start on the low end of the scale, the one where everyone has an impact on the company, we talk about security awareness. Companies today generally have security awareness programs to help their employees know how to do the right things when it comes to interactions outside the company and especially with corporate resources and sensitive information. These awareness programs often start with some form of training — computer-based or video. The question is: how do we measure the effectiveness of this training? Ultimately, what is the goal of a security awareness program? To make sure employees know what information security is and the impact they have on it? Of course not. It’s to ensure that employees alter their behavior in order to better protect the organization and its resources. So how do you measure behavior change?

\n

Metrics aren’t always about numbers. Sometimes we just need help retracing the steps after something has happened (e.g. qualitative information). Recently, I was looking at trying to measure some behaviors with respect to firewalls – asking: what happened and when did it happen? What I discovered was that neither iptables nor firewalls, the two Linux-based firewalls, provided any persistent details when rules were changed or what the rule changes were. It doesn’t appear as though it’s possible to even turn on that level of logging. One open source firewall where a Web interface is used to make changes is PFSense. This is a firewall based in the BSD operating system. After making changes to the rules, there was no indication of a change having been made in any of the log files. How do we measure over time the changes to rulesets and the impact they have had if there is no record of the changes to begin with?

\n

Measurement comes down to identifying the problem, much like many other aspects of information technology (or even other industries and endeavors). In the first case above, what is the problem? The problem is that humans can have a negative impact on the security posture of an organization. So, what are we measuring? Are we measuring whether we’ve trained all the people in the organization? We could, and it’s easy to measure that, but what would be the purpose? If your organization has to demonstrate compliance to a set of standards, this may be useful. It’s more important to measure behavior, and more importantly, changes in behavior as a result of training.

\n

One way to measure behavior changes, is to send e-mails with links that should look like they are untrustworthy. If the links are clicked (the URL would be one that goes to a site controlled by information security or information technology), there is evidence that the behavior hasn’t changed. What do you do with the information when behavior hasn’t changed? Put people through the training again? If it didn’t work the first time, what would suggest that it may work the second time?

\n

And this is why measurement is important. Without this data, you don’t know when something is going wrong. You also won’t know what is going wrong. Unfortunately, there are no easy resolutions. More data isn’t necessarily better. The best approach when it comes to measuring security is to clearly identify the problem or situation. It’s essential to take a logical and rational approach to this and not feel like you have to protect against absolutely everything. Once you have identified the situation, you can determine what you need to measure, as in the case of awareness training. The really hard part is in interpreting the data. In the case of security awareness, we know that people are not making decisions based on the training they have had. Do you address that by sending the people through training again? Do you re-evaluate the training?

\n

It’s not always easy to make the right decisions but having the right data to inform your decision is essential. You can only have that if you think through ahead of time what the right data is, so you can ensure you are collecting it.

\n

Sign Up For Our Newsletter

\n","title":"MEASURING SECURITY"}},{"node":{"id":"7a511534-02dc-51ed-bff3-9637fc8e08b6","slug":"importance-cybersecurity-awareness-education-easily-attack-friends-enemies","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/05/customer_education_splash.jpg"},"date":"2018-05-07T17:47:51.000Z","content":"

While it hasn’t received as much conventional press as, say, the Equifax data breach, there was recently a significant event that took place on the Internet. A service called Memcached, which allows chunks of data to be shared between websites, is or was vulnerable to being misused to send large amounts of data to unsuspecting targets. One of these targets was Github, though there were others that have not been named. What made these attacks so significant is their sheer volume. According to Arbor Networks–a company that has made denial of service attack protection their life’s work for more than 20 years–one of their customers received roughly 1.7 terabits per second of attack traffic.

\n

Think about that for a second. Let’s say that you have a fairly conventional 100 megabits per second connection to the Internet at home. It would take you 17,000 seconds to transmit the same amount of data and that’s assuming you had 100 megabits per second outbound at home (you likely don’t) and you were able to saturate the connection. It would take you nearly 5 hours to send that same amount of traffic that it took just a second to push out.

\n

How does this happen? This was an amplification attack, which means the attacker sends a very small amount of data to one place and that place responds with something much, much larger to someone else. Let’s say that Bob wanted to attack Edgar. He sends a box that weighed 1 pound to Alice (using common Internet naming conventions, Alice and Bob regularly do things with each other). However, he tells Alice that the box came from Edgar. As a result, Alice sends a box weighing 15,000 pounds to Edgar. Edgar won’t be able to get that box through his front door. Let’s also say that not only Bob is sending these boxes to Alice to go to Edgar, but Charlie, Fred and Daniel are in on the act too. That’s suddenly several very large boxes

\n

Now back to the recent incident. Some researchers have indicated the amplification rate for the service used isn’t 15,000 as in our example but instead, more like 52,000. What was already a lot of very large, very heavy boxes is suddenly increased by a factor of 3-4x.

\n

The problem here comes, in part, because the developers used the user datagram protocol (UDP). UDP is often used where a lack of overhead is considered a useful feature. Because there is no actual connection between the system sending and the one receiving — the data is just sent, sort of like if you were to start talking into an intercom without having any idea if the person on the other end of the intercom was there — the data can be sent faster, theoretically. When developers use UDP for transmission, they expect that the messages they are sending will never be checked to ensure arrival. They also don’t check to see if the receiving party is at home.

\n

Not checking to see if the receiving party is home allows attackers to use UDP. UDP is an easy protocol to launch spoofing attacks with because there is never any check to see whether the sending address is correct. That allows Bob to send a message to Alice saying he is Edgar. Alice assumes the sending address is correct and so responds to that address. There is no checking by anyone for address validity and veracity.

\n

Any service that listens for messages on the open Internet (meaning there are no or few restrictions on who can send messages in) that doesn’t do some form of validation and verification, is exposing others on the Internet to attack. This is why cybersecurity is everyone’s problem and why cybersecurity awareness is so critical.

\n

The people responsible for these attacks are not the attackers. They are the developers who didn’t consider the potential for misuse and abuse of their service. They are the system administrators who stood up servers running this service without considering the potential for bad people on the Internet who misuse and abuse servers to cause problems for other people and businesses. The servers that were misused and abused were not owned by the attacker. They were owned and maintained by legitimate businesses.

\n

If developers and administrators (not to mention executives who should be expected to sign off on these sorts of decisions), continue to make bad choices because they are not aware of the security implications of their actions, people and businesses will continue to be exposed to these overwhelming amplification attacks. When businesses can’t respond quickly enough to shut down their servers that are being abused and misused, other businesses will continue to have to pay their price for the lack of education, awareness and caring about the welfare of these other people and companies.

\n

Sign Up For Our Newsletter

\n","title":"The Importance of Cybersecurity Awareness and Education (or, how to easily attack your friends and enemies)"}},{"node":{"id":"c2621883-1b1f-500e-9a48-158089257b0c","slug":"socal-cyber-cup-challenge-finals-wrap-6-month-long-cyber-program","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/04/original_photo3.jpg"},"date":"2018-04-04T15:46:15.000Z","content":"

This past month, the SoCal Cyber Cup Challenge wrapped up a six-month long program and competition intended to educate and prepare the nation’s next generation of cybersecurity professionals. Organized and backed by Securing Our eCity Foundation, National Defense Industrial Association, National University and Circadence, the Challenge provided high school and middle school students the opportunity to learn and practice cyber skills using a gamified, persistent training platform, Project Ares®.

\n

More than 500 students from across five counties in Southern California participated in the Challenge that began September 2017. After two Practice Rounds and a highly-competitive Qualification Round, 14 teams of 5-8 student competitors made it into the Finals held on March 24th, 2018, at the Supercomputer Center at UCSD.
\nThe competition kicked off with a Digital Forensics challenge, during which Varsity students rushed to investigate an on-site “crime scene” for physical evidence. Varsity competitors presented their physical evidence in exchange for digital evidence, which was then used to unlock and complete forensic tasks built into Project Ares as a Battle Room. Both JV and Varsity completed the digital forensics Battle Rooms and were simultaneously tasked with executing Project Ares’ Mission 12: Operation Bold Hermit. This was a complex incident response mission involving OWASP Top 10 Vulnerabilities affecting a satellite communications system.

\n

Cyberattacks are some of the biggest threats facing many of the nations in the world today, and the demand for qualified cybersecurity workforce professionals has been made clear. Circadence is proud to lead the way towards real change by re-imagining cybersecurity education and delivering hands-on, gamified, technical opportunities to students at all levels of proficiency.

\n

The students who participated developed a love for the profession, with many of the winners stating their intent to continue their studies into college and the workplace. It is part of Circadence’s mission to successfully educate, train, and augment the cyber warriors of the future, and sponsoring hackathons and challenges such as the SoCal Cyber Cup Challenge is an important part of that mission.

\n

Congratulations to The Cambridge School and Del Norte High School for winning 1st place in their respective divisions, Junior Varsity and Varsity. Both schools took home $6,000 Grants to further cybersecurity programming on campus. We look forward to their continued success stories. Click here to see the winners interviewed by local news station, KUSI.

\n","title":"SoCal Cyber Cup Challenge Finals Wrap Up 6-Month Long Cyber Program"}},{"node":{"id":"2fa20d09-4edf-51df-ac31-e7976136f5c2","slug":"youre-infosec-n00b","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-19-at-2.20.25-PM.png"},"date":"2018-03-19T22:09:32.000Z","content":"

You may be an InfoSec n00b but not all is lost. You are far from alone. Now more than ever, security is everyone’s problem but it’s difficult. So much is taken out of our control in the name of making our life easier that in the end, it can be harder to protect ourselves and, by extension, the companies we may be working for.

\n

As a starting point, let’s talk about something that everyone is probably familiar with. You likely have either received them or at least you have one or two sitting in your Junk folder that your mail provider kindly put there for you because they recognized what it was. They don’t always catch them, though, so how would you identify a phishing attempt from a legitimate e-mail message? This ends up hitting on two important tenets of information security – confidentiality and integrity. By way of illustrating the point, we will use an e-mail message I recently received that had been identified as Junk for me. You can see the message below.

\n

\"\"

\n

Of course, the line that says this message appears to be junk mail is a dead giveaway but let’s pretend that doesn’t exist. What makes this a phishing message and why is it a security problem? First, if you look at the line that has the sender’s information, you can see that where a name would normally be, there is an e-mail address saying service@paypal.com. Except that where the e-mail address is, there is a different e-mail address entirely. The fact that the real e-mail address has nothing to do with PayPal is a giant red flag that should say, “stay as far away from this message as you can.” This is a failure of integrity. The message didn’t come from who it purports to come from.

\n

However, your e-mail client may only present the name of the sender, so it would look like it was from service@paypal.com. This is a common problem with modern e-mail clients. They hide what can be important information in order to not distract you. You can see this in the To: line where it’s just my name. I have several e-mail addresses that all go into the same mailbox, so knowing what e-mail address it was actually sent to may be helpful to me in determining whether this is something I should be taking seriously. If you can, make sure to look closely at the From: and To: field.

\n

Another indicator to me for this particular message is I haven’t had any dealings with PayPal in a long time. I certainly haven’t done anything out of the country. If you see addresses out of the country, that may be a warning to stay clear of the message as well. You will notice, though, as you look closely at the e-mail message, that it looks completely legitimate. It has PayPal’s logo, after all. This is another failure of integrity because it’s easy to copy the look of PayPal e-mails and also copy their logo. Creating a message that says it’s from PayPal when it, in fact, isn’t, means the message lacks integrity. It’s not what it claims to be.

\n

Finally, and here is where we get away from integrity a little, is the Cancel link in the message. I hovered my mouse over the link to reveal the URL the link will take me to. You will notice this is also not PayPal.  If PayPal was going to send you a link to cancel a transaction, you can be sure that the URL would be to a PayPal site that was at paypal.com and not at mysp.ac. When you go to that site, you can be pretty sure they will ask information of you like, perhaps, your PayPal user ID and maybe your password. This would be a breach of confidentiality because you are exposing information to someone who shouldn’t have it.

\n

The mysp.ac URL highlights an interesting point, though. Phishing attacks and other, similar, attacks are collectively called social engineering. You are using social cues to get someone to do something they shouldn’t be doing – especially revealing information that shouldn’t be exposed. There will be a lot of tricks done to fool you. This URL is another one. You will notice that it bears a little resemblance to myspace (myspace.com). This is likely not a coincidence. You will regularly find URLs and e-mail addresses that include portions of a legitimate domain name. As an example, I was asked to look at something recently where the URL was something along the lines of Microsoft.com.f4587.bogushosting.com. It included Microsoft.com in hopes that people will see that and be fooled into thinking that it is actually Microsoft.com.

\n

Take a look through your own e-mail folder and your junk folder. See if you can find instances of phishing attacks. Compare the important pieces of a legitimate message (sender, receiver, any links, etc.) to one that is not legitimate. See if you can spot the differences on your own. Being more aware of phishing scams is everyone’s responsibility.

\n

 

\n

Sign Up For Our Newsletter

\n","title":"So, You’re An InfoSec N00b"}},{"node":{"id":"391d6d06-9653-5518-be96-91310271882a","slug":"circadence-teams-md5-support-t9hacks-event-cu-boulder","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/02/IMG_0018.jpg"},"date":"2018-02-08T21:35:20.000Z","content":"

T9Hacks

\n

Feb 10th-11th

\n

Major League Hacking opens its 2018 Season at the University of Colorado Boulder with T9Hacks, February 10-11, 2018.

\n

Welcome to 24 hours of research, learning, designing, building and solving. With no experience required, T9Hacks is an event planned by college students, for college students, and focuses on creating a unique and engaging venue for women, non-binary, and other gender minority students. With three tracks to explore, participants will attend workshops and compete in challenges around creative technology, humanitarian technology, or cybersecurity.

\n

The cybersecurity track, presented by MD5, is open to students at all levels of cyber proficiency. Via Circadence’s Project Ares®, attendees will work individually or in teams to learn the basics, hone their skills, explore cybersecurity job roles, and execute simulated mission scenarios.

\n\n[Saturday, February 10th from 12:00p-8:00p]\n\n[Saturday, February 10th 8:00p to Sunday, February 11th 12:00p]\n

“Our goal is to create fun and creative environments where marginalized students – particularly women and non-binary students – can learn and solve compelling problems,” said B.A. Kos, T9Hacks Event Director.

\n

Circadence’s Project Ares

\n

Project Ares, the only gamified, artificial intelligence (AI) powered cyber training solution, changes the paradigm for cybersecurity education by engaging learners interested in or pursuing a STEM-focused path by utilizing real-world tools and tactics in immersive, virtual environments.

\n

Project Ares’ virtual gaming environment adapts to the experiential learning style of next generation students, and supports customized, task-oriented training, skill-specific games, and mission scenarios for both individual and team-based exercises. This approach encourages the repetition necessary to develop lasting skill and knowledge retention, while keeping students excited and engaged.

\n

 

\n

Image Courtesy of T9Hacks.org

\n","title":"Circadence Teams up with MD5 to Support T9Hacks Event at CU Boulder"}},{"node":{"id":"130c3f4a-068f-5d03-aaef-1c5951dec69a","slug":"understanding-malware-analysis","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-19-at-2.22.53-PM.png"},"date":"2018-01-18T13:00:15.000Z","content":"

The malware industry has come a long way and currently, it’s a very lucrative business. This is one of many reasons that makes studying malware so fascinating. It’s an interesting mix of technology, psychology, and commerce. Psychology is what makes malware effective, and commerce is what ensures more hackers continue to develop new and interesting malware. 

\n

Information security has long been considered an arms race. According to G DATA Software, a new malware specimen emerges every 4.2 seconds. The good guys develop responses to things the bad guys do, causing the bad guys to develop new ‘weapons’ that get around the defenses the good guys put into place. Perhaps nowhere is this more evident than in malware. In 1987, the first antivirus software was released for the Atari ST. Coincidentally, also in 1987, Fred Cohen of IBM said, “There is no algorithm that can perfectly detect all possible computer viruses.” In spite of having detection and removal capabilities for 30 years, we are more plagued with virulent and destructive software than ever before.  

\n

All this is to say that a need exists to better understand malware by performing malware analysis. This work is primarily relegated to the antivirus vendors. However, the details of how the malware behaves are often hidden, primarily because exposing the details in the code can provide others hints on how they could start and improve that code for future malware. This is, of course, happening already in the malware development community.  

\n

To understand how to assess malware, you need to look at a few important elements. First, you inspect the infection vector – which is understanding how the malware infected your system in the first place. While there are many pathways, including compromising a system, the popular ones today are often based in social engineering, which relies on psychology and manipulation of the user. For example, using e-mail to either deliver the malware directly or to get a user to visit a website that includes the malware used to infect your system. This type of attack is called a drive-by attack. The idea is that you are “driving by” the website and get attacked in the process. 

\n

Another, related, attack is the watering hole attack. In a watering hole attack, the malware is still hosted on a web server the user is expected to visit. The difference is that with a watering hole attack, the attack is more targeted. The attacker infects a website that the targets are known to use in order to infect the targets. The attacker may be aware of the demographics of a site like ESPN, for example, and infect that site to infect people who are regular visitors there.  

\n

Knowing the infection vector and tracking the malware back to the point in time when it entered your system is important. The reason for that is in some cases, the initial infection may be small, but the malware may download a lot of other software, including other malicious software. A small infection program that installs more software is often called a dropper. Identifying the time when the malware entered a system can provide a reference point to look for other software that was installed about that time. This way, you aren’t just finding the initial attack and leaving all the other landmines behind. 

\n

Understanding how malware works and gets onto your system is an important and complex task. It requires understanding operating system internals as well as a reasonably deep understanding of how programs are constructed. Considering what can be at stake with your system and the files that are stored on it, people who perform malware analysis with the goal of finding ways to prevent or remove the malware are performing a critical function in our interconnected world. 

\n

Join Ric Messier for a LIVE webinar Saturday, January 20th at 12 pm ET.

\n","title":"Understanding Malware Analysis"}},{"node":{"id":"f0b92fbb-5425-5d90-ae29-067ffa1f1c6c","slug":"four-reasons-security-team-training-cyber-range","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2017/12/CyRaaS_01_wallpaper_1920x1080.jpg"},"date":"2017-12-14T17:51:44.000Z","content":"

It seems that every other week another mega-breach is making headlines. Cyber teams barely have time to bolster their cyber defenses before a new attack vector is revealed. It is nearly impossible for teams to train in such a rapidly evolving threat landscape through traditional lecture-based methods. Today’s threats demand an immediate shift in approach.

\n

The next generation of cybersecurity training involves active learning through realistic, immersive training missions performed in high-fidelity cyber ranges. These virtual environments, which replicate actual enterprise environments, allow cyber warriors to practice with real-world tools defending against simulated threats.

\n

Here are four reasons why you should consider modernizing your cybersecurity training program by implementing a cyber range-based approach:

\n

1) Authenticity – The most critical aspect of any cybersecurity training program is that it provides an authentic experience to the trainee. The cyber threat landscape changes rapidly so your training must be agile and responsive. Face-to-face simulation exercises attempt to replicate this experience and certainly go beyond what is offered in a classroom. However, they must be updated frequently to be truly impactful, which isn’t realistic.

\n

Additionally, these table-top drills address an incident in theory. Cyber ranges allow a team to practice identifying and mitigating threats in a replicated environment using real-world tools. True-to-life representations of network, host traffic, and user activity more effectively challenge professionals to consistently hone their skills. This authentic experience ensures a cyber team is ready to act quickly and effectively when the time comes.

\n

2) Repetition – Studies show that information loss following lecture-based learning is rapid—as much as 90 percent within the first week, according to Learning Solutions Magazine. However, when applying the principles of active learning through doing and repetition, long-term information retention increases to 75 percent (National Training Laboratories Institute). This means security professionals who are actively training in cyber ranges are more likely to retain—and be able to act upon—the skills they acquire. Therefore, they are better prepared for attacks and able to respond more quickly to mitigate threats, ultimately saving their organizations money in the long run.

\n

3) Scale – Even a top-notch course is limited in value if it cannot scale to train all personnel. Week-long trainings out of the office offer point-in-time content and take critical resources away that can leave your organization vulnerable. A cyber range enables security leaders to train teams of any size—from individual skill-building exercises to full-scale missions involving both red and blue teams. Additionally, instruction can happen on demand—weekly or even daily—without taking cyber defenders away from the front lines.

\n

4) Gamification – Much has been said in the last five to ten years about gamification and its role in motivating teams. Cybersecurity professionals, perhaps more so than any other type of team, crave the agility, technical prowess and competition that comes with their roles. If they are not engaged in the cyber fight, they want to train in a way that is meaningful and have a record of progress and growth. Cyber ranges give teams a platform to engage as teams in gamified training. Red teams and blue teams can train head-to-head in real-world scenarios. Also, range-based platforms like Circadence® Project Ares® provide security leaders and team members with full visibility into skills progression.

\n

As the technology landscape grows in complexity, enterprises, more than ever, are relying on people as their first line of defense. This approach demands a shift in our approach to training cyber professionals. It’s no longer enough for cybersecurity professionals to attend yearly or quarterly trainings. Professionals need realistic, immersive and responsive training achieved through cyber ranges.

\n

Malicious hackers are persistent; our training must be as well. By utilizing cyber ranges, we can begin modernizing our approach. Contact the team at Circadence for more information on range-based cybersecurity training with Project Ares.

\n

REQUEST DEMO

\n","title":"Four Reasons Your Security Team Should Be Training on a Cyber Range"}},{"node":{"id":"7adafe85-deb3-5f12-839d-3ef4f5c1e1e4","slug":"circadence-project-ares-training-next-generation-cyber-experts-socal-cyber-cup-challenge","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2017/10/students2.jpg"},"date":"2017-10-31T13:30:45.000Z","content":"

Teaching a new generation to become experienced cyber professionals, trained to deal with the latest cyber threats, is critical to ensure the safety of information. Because there is an ever-present threat of cyber criminals who are intent on hacking into systems and causing chaos worldwide, there will always be a need for skilled cybersecurity professionals. And, we know that active learning is one of the best ways to train them, since the National Training Laboratories Institute reported that active learning results in a 75% retention rate, versus 5% using traditional learning methods like lectures.

\n

Since 2008, middle and high school students from the San Diego area have been competing in a cyber challenge, competing for the San Diego Mayor’s Cyber Cup. The competition expanded last year to include the entire Southern California region — the SoCal Cyber Cup Challenge, which is backed by Securing Our eCity Foundation, National Defense Industrial Association and National University. This year, Circadence is proud to provide students and mentors the opportunity to use Project Ares, supported by ScaleMatrix. Project Ares is a top-level cybersecurity training, education and assessment platform for cyber students and professionals of all skill levels.

\n

Project Ares gamifies cyber skill training, allowing students to use the platform to learn and practice, then to compete with their peers. The SoCal Cyber Cup Challenge is divided into three phases – a practice phase, a qualifying round, and then finals where the students participate in head-to-head competitions to complete realistic mission scenarios. The practice round began on October 14th, with finals and awards beginning in late March 2018. The schools with the top teams are awarded scholarship funds.

\n

Within the instructor portal provided through Project Ares, trainers can review progress and performance. The automatic, artificial intelligence (AI) powered umpire grades the student’s performance and eliminates the need for instructors to comb through logs to score homework or tests. Game play is recorded and saved for visibility into students’ activity history. These records serve institutions and teams with data on engagement and skills acquisition, and allow for mission playback for play-by-play instructor/student review. These features enhance learning for the student and allow instructors to focus less on assessments and more on training our next generation of cyber professionals.

\n

The SoCal Cyber Cup Challenge finals are scored on five essential skills:

\n\n

Allowing students to learn and compete in STEM-related challenges like the SoCal Cyber Cup is an important part of exposing them to the possibilities of a career in cybersecurity or other tech-related professions. Learn more about the SoCal Cyber Cup Challenge at their website, or find out how Project Ares is equipping government, enterprise, and academic institutions with the skills necessary to defeat cyber criminals.

\n

 

\n

*Photos sourced from SoCal Cyber Cup Challenge website.

\n

 

\n","title":"Circadence® Project Ares® is Training the Next Generation of Cyber Experts in the SoCal Cyber Cup Challenge"}},{"node":{"id":"f9bcedae-6763-5ce6-87b1-1951ec60748b","slug":"cyber-practitioners-students-accept-2017-cybersecurity-gaming-challenge-uncc","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/customer_education_splash.jpg"},"date":"2017-10-06T18:27:07.000Z","content":"

Each year, the University of North Carolina at Charlotte hosts the Cybersecurity Symposium, bringing world class speakers together to discuss top security challenges, cutting edge technology and best practices for mitigating risk and defending the enterprise.

\n

Drawing more than 600 attendees, the conference serves as a platform for important industry dialogue as well as a forum for cybersecurity students to engage with security experts and practitioners. Circadence® is honored to play a key role in this year’s conference by hosting the 2017 Live Gaming Café: Cyber Hunting from 10-4 p.m. Wednesday, October 11.

\n

Hosted on Circadence’s AI-powered, next generation cybersecurity training platform, Project Ares®, the event will challenge cybersecurity professionals and students through individual and team play covering a broad set of skills from beginner to expert. Participants can choose from red or blue team scenarios, mini game and battle room challenges.

\n

The team competition will feature a live event leaderboard showing mission status and points earned as participants engage in full-scale cyber missions in the Project Ares immersive, high-fidelity environment using real-world tools, such as Wireshark, Metasploit, Splunk and more.

\n

The opportunity to engage future cyber leaders is an important part of Circadence Corporation’s ongoing efforts to bridge the cybersecurity skills gap and build a better trained, more highly skilled workforce.

\n","title":"Cyber Practitioners & Students Accept the 2017 Cybersecurity Gaming Challenge at UNCC"}},{"node":{"id":"7eabd309-0d5c-573e-ad42-807c82acc0bf","slug":"circadence-awarded-cybersecurity-training-education-security-software-innovation","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/circadence_splash_no_logo.jpg"},"date":"2017-09-22T18:14:54.000Z","content":"

Circadence® was recently named the Gold Winner for Training and Education and the Bronze Winner for Security Software Innovation in the 2017 Golden Bridge Awards. These annual industry and peer-selected awards encompass the world’s best in organizational performance, product management, and customer satisfaction.

\n

Winners were honored September 18, 2017 at the Red Carpet Award Ceremony in San Francisco.

\n

Circadence has always put innovation at the forefront of its business. With more than 20 years’ experience, 34 patents and a history of cutting-edge software development, the company solves complex customer problems using robust, industry-leading solutions.

\n

The ever-evolving threat landscape requires cybersecurity professionals to constantly learn and sharpen their skills, but traditional training methods bring a number of challenges. Not only are they ineffective and unable to keep pace with emerging threats, but many require travel to a training facility or conference, which pulls defenders off the front lines leaving organizations vulnerable.

\n

Circadence’s Project Ares® solves these challenges by combining the most advanced gaming technology with authentic tools and threat scenarios to create a modern solution to cybersecurity training and education. Cyber professionals train more effectively and on-demand in realistic, high-fidelity learning environments with gamified training missions powered by artificial intelligence and virtual machine orchestration.

\n

Today’s threat environment demands a modern, agile training solution. This award-winning combination positions Circadence as a leader in both cybersecurity training and security software innovation.

\n","title":"Circadence Awarded for Cybersecurity Training and Education, Security Software Innovation"}},{"node":{"id":"fe36f5b1-83d7-577f-a063-37bf452dccaa","slug":"new-draft-nice-cybersecurity-workforce-framework-expands-skills-team-approach-simplicity-needed","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/infrastructure_government_splash2.jpg"},"date":"2017-08-25T16:57:19.000Z","content":"

A new draft of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF) (NIST Special Publication 800-181) was just released and among the many revisions, the framework draft includes most of the tasks and knowledge/skills/activities (KSAs) supporting the 52 work roles previously outlined.

\n

Work role details are nearly 95 percent defined—a significant improvement from approximately 50 percent completion in the previous version—with much of the new content focused on categories that would be considered offensive in nature (penetration testing, for example). Notably, the tasks and KSAs supporting Cyber Protection Team work roles still require additional details. I expect future versions will address this critical area.

\n

The NCWF is a positive step toward defining the tasks and skills needed across cybersecurity in general. It provides traceability to many other standards and brings all of those references together in the framework. However, it stops short, by design, and only defines what needs to be done, not how or by whom. Unfortunately, the omission causes many organizations to struggle in applying the NCWF to real-world situations.

\n

A Team Approach Is Needed

\n

The ultimate challenge in workforce development is not in the adequacy of individual work roles, but rather in the completeness of the set of work roles as applied to a given scenario that the organization or business expects to face. Only by considering a full set of work roles in a scenario can the gaps in a cyber defense strategy be seen.

\n

The Circadence® Project Ares® platform maps cybersecurity training missions and skill building to the tasks and KSAs for all work roles outlined in the NCWF. Within the platform, cybersecurity professionals can work individually or in teams to fulfill both offensive and defensive missions to defeat real-world threats in high-fidelity environments. Missions, security tools and objectives are based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. This gives us at Circadence a unique perspective on the practical application of both the NIST and NICE frameworks.

\n

It seems we continue to define individual work roles without looking at how to practically combine them into teams. The NIST Cybersecurity Framework outlines everything an organization must do (as an integrated team), but most organizations don’t know how to take all the work roles from NICE/NIST 800-181 and map those to build out a workforce.

\n

Circadence wants to postulate different team structures (and sizes) for all of our missions in order to capture what is and is not working. We can then share this data so organizations can adapt their concepts around team approaches to both offense and defense.

\n

Simplicity Is Key to Widespread Adoption

\n

Another challenge with the NCWF is the complexity of work roles. Although the 52 work roles outlined are aligned with job codes for the Office of Personnel Management (government), this is not the case for corporate America, where the tasks and KSAs for a security analyst can vary greatly among organizations.

\n

Because of this, we spend a lot of time trying to create a common lexicon so that different people who use different tools can work together and pass information quickly. I’m advocating for SIMPLICITY built around TEAM requirements to ensure there are no gaps or substantial overlaps (although some overlap of skills makes sense for timeliness in the response). This will allow organizations to make a more practical application of the NIST and NICE frameworks, encouraging a more widespread adoption.

\n

Next Steps

\n

Future versions of the NCWF should offer more of a practical application through team concepts and simplified definitions of work roles. Embracing the TEAM APPROACH and SIMPLICITY will encourage more widespread adoption of the framework from enterprise security organizations, bringing more standardization of work roles and the associated skills. This will also help to define cybersecurity career paths for the next generation, which in turn will address the growing workforce shortage.

\n","title":"New Draft of NICE Cybersecurity Workforce Framework Expands on Skills, but Team Approach & Simplicity Are Needed"}},{"node":{"id":"ef67e994-a88c-5113-b287-b6e64e4427b7","slug":"test-skills-cyber-mission-cafe-afcea-technet-augusta-booth-802","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-11-13-at-2.24.28-PM.png"},"date":"2017-08-08T17:17:11.000Z","content":"

Security practitioners of all skill levels are invited to join Circadence® at Booth #802 during the TechNet Augusta Conference August 8-10. Spend some time in our Cyber Mission Café testing your cyber skills or practicing offensive and defensive tactics in the gamified, AI-powered Project Ares® platform.

\n

The focus of this year’s conference is the integration of cyberspace, electronic warfare, and intelligence and many conference sessions will address cyber warfare strategies, preparation and training. In between these hard-hitting conference sessions, visit the Cyber Mission Café to kick back, test your skills and assess your cyber expertise on the Circadence Project Ares platform.

\n

Combining artificial intelligence with virtual machine orchestration, Project Ares offers a completely immersive, interactive, real-world environment for training and assessment. In the café, you can spend time honing your skills in the Battle School or get the true, gamified experience by facing off with peers in realistic, mission-specific virtual environments.

\n

Circadence Project Ares has taken cyber training out of the classroom, and with a full ‘rucksack’ of real-world tools and a large library of mission scenarios it is already a trusted source of continuous cybersecurity training, education and preparedness for many entities in the defense and government sectors.

\n

As you plan your TechNet Augusta experience this week, make time to visit the Circadence Cyber Mission Café at Booth #802 for a unique, immersive cybersecurity training experience.

\n

 

\n","title":"Test Your Skills in the Cyber Mission Café during AFCEA TechNet Augusta, Booth #802"}},{"node":{"id":"9051c4d6-16d8-58b9-8ecd-1f9eb31f491c","slug":"educational-institution-roadmap-women-cybersecurity","status":"publish","template":"","format":"standard","featured_media":{"source_url":"https://staging.circadence.com/wp-content/uploads/2018/11/Screen-Shot-2018-06-19-at-1.24.36-PM.png"},"date":"2017-06-28T16:42:14.000Z","content":"

When I was in school, just five percent (5%) of my engineering class were women. Today, according to the 2017 Global Information Security Workforce Study: Women in Cybersecurity, just 11 percent of information security jobs are held by women. And if you look at many security technology providers, you often won’t see a single woman on the executive team. (I’m proud to say that Circadence® is a rare exception to this).

\n

There’s a dire need for more cybersecurity professionals – and that gap is only growing. According to ISACA, there will be a global shortage of two million cybersecurity professionals by 2019. It’s a huge challenge for the industry, but also an opportunity to bring more people, and especially women, into computer sciences and specifically careers in cybersecurity.

\n

There are some terrific programs for women in technology. Girls Who Code is one of the best. It helps volunteers and clubs aimed at closing the gender gap, but more can be done to make it a standard in primary education. Google.org is also instrumental in (almost counter-intuitively) taking digital content offline for people who don’t have internet to help show a computer sciences and cybersecurity path to individuals born in remote and rural areas.

\n

We need to bolster educational institutions, which lack resources, to deliver computer sciences (and specifically cybersecurity) training. In the U.S., the underlying curriculum for tech and cybersecurity is Computer Science, which is typically relegated to a single AP class in high school. It is viewed as a separate field from the Arts and Sciences, and frequently portrayed in media as appropriate for male nerds. Unless a young lady was exposed to the field earlier through a special program or perhaps from a parent role model, they are not likely to take an “introductory” AP class stigmatized in that manner.

\n

So how do we get there?

\n

Start Early and Often. The U.S. should take cues from other countries, such as Singapore, Hong Kong and Israel, where elementary school children are taught computer science and robotics as early as kindergarten. We should offer computer science and coding programs starting in kindergarten with safe online resources, and then offer specialization and a variety of experiences built on that base level of knowledge as they progress in age. Progress to logic and coding in Python and then introduce robotics in secondary school. And later in age, introduce competition and more advanced scenarios that mimic real-world challenges.

\n

Modern, Immersive Mediums. We also need to look at the medium in which the training is delivered. Right now the security industry as a whole needs to migrate from its reliance on older, static training formats (classroom presentations, etc.). We need to leverage the technology readily available to create interesting and immersive experiences. Hackathons remain popular, but only crack what’s possible when you combine virtual reality, gamification, and team competition together into an ongoing training and learning experience.

\n

One great example of how these combine is the CyberPatriot program supported by Circadence. In the CyberPatriot program, more than 4,400 schools (including 600 middle schools) compete in regions around the United States. Students are put in the position of a “newly hired” IT professional and tasked with managing and defending the network of a small company in an immersive, virtual platform.

\n

With the daily race to stay ahead of threats, it’s tempting to not think long-term about information security. But with such a large skills shortage ballooning in cybersecurity, our industry needs to start children, and especially women, early on in computer sciences and information security, with modernized curriculums, and coach them to grab the opportunity just ahead.

\n","title":"An Educational Institution Roadmap for Women in Cybersecurity"}},{"node":{"id":"d958a38a-2b89-53e8-be30-ad5dd310d7b4","slug":"circadence-project-ares-honored-innovation-cyber-training","status":"publish","template":"","format":"standard","featured_media":null,"date":"2017-06-06T16:41:25.000Z","content":"

Network Products Guide, the IT industry’s leading technology research and advisory guide, named Circadence® Project Ares® a Gold winner in both the IT Products and Services for Education, as well as the Training, Awareness and Educational Programs categories in the 2017 IT World Awards®. Additionally, Circadence was named a Bronze winner for Innovative IT Company of the Year.

\n

The Circadence cyber range solution and next generation cybersecurity training platform, Project Ares, enables commercial, government and academic organizations to address the critical lack of experienced cybersecurity professionals in the workforce today.

\n

Circadence is shifting the cyber training paradigm from static, lecture-based learning to active, artificial intelligence (AI) powered, game-based learning. Within the Project Ares platform, trainees – individually or in teams – hone their skills, practice with real-word tools and solve relevant problems in high-fidelity environments as they prepare to protect their organizations.

\n

By providing immersive, realistic cyber training anytime – anywhere, Project Ares provides organizations with a tremendous opportunity to revolutionize the speed, efficacy and relevancy of training in the quickly-evolving cybersecurity landscape.

\n","title":"Circadence® Project Ares® Honored for Innovation in Cyber Training"}}]}}}