NEW TECH: Circadence deploys ‘gamification’ training to shrink cybersecurity skills gap

By Byron V. Acohido

It’s clear that closing the cybersecurity skills gap has to happen in order to make our internet-centric world as private and secure as it ought to be.

Related: The need for diversity in cybersecurity personnel

One of the top innovators in the training space is Circadence®. The Boulder, CO-based company got its start in the mid-1990s as a pioneer of massive multi-player  video games. It then took its expertise in moving massive amounts of gaming data and applied it first to training military cyber warfare specialists, and, next, to training security analysts in the enterprise, government and academic communities.

I had the chance at RSA 2019 to visit again with Circadence security evangelist Keenan Skelly. We discussed the thinking behind using vivid, persistent learning modules, to both upskill cyber teams and attract fresh talent. Give a listen to the full interview via the accompanying podcast. Here’s a summary of the big takeaways:

Gamification defined

Gamification is an increasingly popular teaching tool, used everywhere from board rooms to kindergarten classrooms. Could it play a role in closing the skills gap?

Even though game is in the name, gamification isn’t about turning a Power Point presentation into an interactive Angry Birds tournament. Instead, it sets up an environment that’s immersive but fun for the user, taking them down an engaging path that makes them want to continue learning.

The way people are trained in cybersecurity right now is the opposite of gamification. It isn’t very exciting and not necessarily something the user wants to continue to train. But what if that training looked more like the game Call of Duty? And what if alerts and detailed mission tactics were delivered by an AI-based natural-language processing advisor named Athena, who got smarter and more helpful over time?

Skelly

Suddenly, cybersecurity training comes across as a lot more appealing, especially for the next generation of cyber warriors who grew up immersed in video games. “By using gamification, we’re reaching out to that target group and saying this is a welcoming and immersive way for you to learn a very technical skill,” Skelly explained.

And it’s not just the younger generation. Everyone wants to compete. Everyone likes to win. And everyone wants to be successful. Gamification reinforces these natural instincts everyone shares.

Automated trainers

Through gamification, cybersecurity professionals (or future professionals) learn how to use the tools they’ll need to combat cybercrime within their vertical industry. You practice those hands-on technical skills with the tools you’d be using in in real life: small virtual networks, with active users in the background conveying the look and feel of a real network.

Then, after you’ve demonstrated you have that basic level of skill, you can play with other team members and go through an entire incident.

The AI takes the gamification up a notch. Circadence offers three levels of activity in terms of artificial intelligence. First, an in-game adviser called Athena answers questions as an instructor but also can answer context relevant questions. Athena is found inside Project AresÒ, a gamified cyber learning platform running on Microsoft Azure.

Second, AI acts as an automated opponent, which can replace outsourced red teams. Third, there’s a product called Orion that allows organizations to build their own content within Project Ares. “If you have very specific network, you can create that within Orion,” said Skelly. Through Orion, you can customize Athena to train for a very specific tool in your business, customizing the program for your needs.

Skilled defenders

The threat landscape is always shifting, but most cyber technical training fails to keep up with the most current threats. Customizable gamification tools can address the changing landscape within weeks, rather than the months it takes traditional training classes.

It’s all about scale and velocity. Cyber skills training must match the torrid pace of cyberattacks, and continually incorporate fresh intel about how to defeat cutting-edge threats.

Gamification can also foster organizational leadership by giving a detailed look at all individuals, showing what they are really good at, and where they need to improve their skills. It’s an honest assessment that can result in utilizing cyber professionals’ strengths to the organization’s advantage.

“One of the other things we’ve tied in to get the data to be as rich as possible is the concept of work rules certifications within the platform,” said Skelly. By coordinating training modules with best security practices comprehensively set forth by the National Institute of Standards and Technology, Circadence keeps the focus on the skills that are most vital for security personnel to master. And this puts security personnel on a path to achieve higher-level certifications.

If you think about it, the video gaming industry has been the driver behind much of the computing horsepower we now take for granted. Where would we be without superfast processors and graphics memory cards, for instance? It makes sense that gaming has emerged as a driver of cyber skills training. It will be fascinating to see how far this can take us. Talk more soon

Acohido

Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.


(Last Watchdog’s Sue Poremba contributing.)

 

 

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone