Francis Hahn (USF)

While the work force for the field of cybersecurity grows, the supply of trained and experienced individuals lags behind the demand. This issue coupled with a lack of emphasis on secure software design has led to a growth in opportunity for adversarial actors as evidenced by the consistent occurrence of headline-making cyber threat incidences such as data breaches and supply chain attacks. This paper describes the rationale behind a research effort to discover and improve the quality and efficiency of cyber training pedagogies. The development and testing of these pedagogies was guided by initial discussions with practitioners who work in a SOC (Security Operations Center) and had different levels of work experience and responsibilities. These discussions indicated that both critical thinking and technical skills matter to being successful within a SOC. Technical skills were viewed as “perishable”, given how security tools and specific types of attack change over time and how companies use different systems and proprietary programs. Critical thinking skills, in comparison, are viewed as “non-perishable” since they persist despite the changing threat and technology landscape. In the subsequent development of our Mock SOC training scenarios for students, we focus on how critical thinking matters for successfully analyzing and mitigating threats. We perform a case study review of real-world cyber threat incidents to design, build, and collect synthetic incident and attack data. We identify and eliminate where tool-based analysis is needed, thus reducing the need to draw on perishable knowledge during the Mock SOC investigation. Our training scenarios thus emphasize critical thinking in how to analyze and address security breaches. Research on this scenario-based training blends computer science and anthropology expertise to better understand how particular scenarios engage students and how students problem solve within a scenario. We use grounded theory to analyze the scenario data and to refine our hypotheses for what works and what doesn’t through multiple rounds of scenario-based training. Based on these results, we are designing a framework for building scenariobased training modules based on accumulated insights into what is and what is not effective for developing non-perishable critical analysis skills. The overall aim is to be able to train students for industry positions by providing them critical skills that are useful in any given organization’s technology stack. This paper details how we have designed our framework and used it to conduct human-subject research on building effective scenariobased trainings utilizing the concept of a Mock SOC. We discuss preliminary findings behind our initial training sessions using the scenarios designed based on this framework.

View More Papers

What’s Done Is Not What’s Claimed: Detecting and Interpreting...

Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science, Worcester Polytechnic Institute), Yi Yang (Institute of Information Engineering, Chinese Academy…

Read More

A Systematic Evaluation of Novel and Existing Cache Side...

Fabian Rauscher (Graz University of Technology), Carina Fiedler (Graz University of Technology), Andreas Kogler (Graz University of Technology), Daniel Gruss (Graz University of Technology)

Read More

TME-Box: Scalable In-Process Isolation through Intel TME-MK Memory Encryption

Martin Unterguggenberger (Graz University of Technology), Lukas Lamster (Graz University of Technology), David Schrammel (Graz University of Technology), Martin Schwarzl (Cloudflare, Inc.), Stefan Mangard (Graz University of Technology)

Read More

On the Realism of LiDAR Spoofing Attacks against Autonomous...

Takami Sato (University of California, Irvine), Ryo Suzuki (Keio University), Yuki Hayakawa (Keio University), Kazuma Ikeda (Keio University), Ozora Sako (Keio University), Rokuto Nagata (Keio University), Ryo Yoshida (Keio University), Qi Alfred Chen (University of California, Irvine), Kentaro Yoshioka (Keio University)

Read More