Francis Hahn (USF)

While the work force for the field of cybersecurity grows, the supply of trained and experienced individuals lags behind the demand. This issue coupled with a lack of emphasis on secure software design has led to a growth in opportunity for adversarial actors as evidenced by the consistent occurrence of headline-making cyber threat incidences such as data breaches and supply chain attacks. This paper describes the rationale behind a research effort to discover and improve the quality and efficiency of cyber training pedagogies. The development and testing of these pedagogies was guided by initial discussions with practitioners who work in a SOC (Security Operations Center) and had different levels of work experience and responsibilities. These discussions indicated that both critical thinking and technical skills matter to being successful within a SOC. Technical skills were viewed as “perishable”, given how security tools and specific types of attack change over time and how companies use different systems and proprietary programs. Critical thinking skills, in comparison, are viewed as “non-perishable” since they persist despite the changing threat and technology landscape. In the subsequent development of our Mock SOC training scenarios for students, we focus on how critical thinking matters for successfully analyzing and mitigating threats. We perform a case study review of real-world cyber threat incidents to design, build, and collect synthetic incident and attack data. We identify and eliminate where tool-based analysis is needed, thus reducing the need to draw on perishable knowledge during the Mock SOC investigation. Our training scenarios thus emphasize critical thinking in how to analyze and address security breaches. Research on this scenario-based training blends computer science and anthropology expertise to better understand how particular scenarios engage students and how students problem solve within a scenario. We use grounded theory to analyze the scenario data and to refine our hypotheses for what works and what doesn’t through multiple rounds of scenario-based training. Based on these results, we are designing a framework for building scenariobased training modules based on accumulated insights into what is and what is not effective for developing non-perishable critical analysis skills. The overall aim is to be able to train students for industry positions by providing them critical skills that are useful in any given organization’s technology stack. This paper details how we have designed our framework and used it to conduct human-subject research on building effective scenariobased trainings utilizing the concept of a Mock SOC. We discuss preliminary findings behind our initial training sessions using the scenarios designed based on this framework.

View More Papers

Understanding Miniapp Malware: Identification, Dissection, and Characterization

Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University)

Read More

TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption

Martin Unterguggenberger (Graz University of Technology), Lukas Lamster (Graz University of Technology), David Schrammel (Graz University of Technology), Martin Schwarzl (Cloudflare, Inc.), Stefan Mangard (Graz University of Technology)

Read More

PowerRadio: Manipulate Sensor Measurement via Power GND Radiation

Yan Jiang (Zhejiang University), Xiaoyu Ji (Zhejiang University), Yancheng Jiang (Zhejiang University), Kai Wang (Zhejiang University), Chenren Xu (Peking University), Wenyuan Xu (Zhejiang University)

Read More