Running Internal Hands-On Cyber Security Training Programs

Note: This article is intended to cyber security executives as well as for CERT/CSIRT, Blue/Red Teams leaders that run cyber security training programs.

TL;DR. If you run internal hands-on cyber security training program, CTF365 helps you with all technical tasks (training platform, creating and deploying challenges, monitoring KPIs, performances and skills).

You need skilled people that stay on top of new emerging threats. If you don’t have continuous hands-on security training programs, you are risking your company’s well-being.

To cope with the emerging cyber threats, there is a need to develop new hands-on training concepts based on gamification and inspired by the Internet, guided by capture the flag (CTF) competitions, and specially crafted for the ITC industry. Robust Security Training Platforms where users and teams can train and improve their offensive or defensive security skills and flexible enough to be used as add-on layer or standalone solution to improve your organization’s core security training capabilities.

Internal cyber security training programs are a must and this cannot be reached without specially designed cyber security training platforms. A platform because you need much more than just a simple lab with “vulnerable by design” machines in it.

The Problem

Developing effective hands-on security training programs needs three ingredients: An instructor, a curricula and a training platform.

Instructor: As a cyber security executive or leader it shouldn’t be hard to find within your company a security professional whose skills and capacity match an instructor’s best criteria.

Curricula: As a leader you know best what are the skills-set you’re looking for and this gives you the upper hand to develop internal hands-on cyber security training curricula based on company’s needs. Writing a curricula is very important and more important is that at the end of the training program you must have KPIs to assess, monitor and measure from the beginning until the end of the training program. Those two ingredients (finding an internal instructor and write a cyber skills curricula) are easy comparing to the last one.

Training Platform: Building state of the art hands-on security training platform is The Pain.

The Pain

The platform has to be practical, functional and attractive (for trainees) with high ROI (minimum effort with maximum outcome). A training platform is different than a simple security training lab. It implies all the tools to monitor and measure trainees performances, skills improvements and more.

Building from scratch such a platform, maintaining and keeping it up and running is difficult because implies a lot of man hours, different specialties like UX/UI design, game design, virtualization, backend, middleware, frontend –just to add a few. Not to mention the time and budget to be spent for designing, testing and deploying it.

The Solution

Why build one when you can get one “All Inclusive” for a fraction of the cost?

At CTF365 we’ve developed a platform that takes this pain out of your organization, helping you to fast deploy internal hands-on cyber training programs. We made sure it is cost effective, easy to deploy and easy to use. CTF365 will lower your costs, improve student’s training experience and transform your trainings into a great experience.

The platform offers a sealed environment in which you can assess network, system attack/defend, penetration testing, attack/defend strategies and forensics. Using scenario-based exercises and CTF competitions, CTF365 gives users the ability to test, evaluate, and train for current and next generation threats.

We encompasses a cyber security gamification engine designed to transform training programs into a real world game scenario. Using gamification mechanics will help trainees to improve retention rate and speed-up the learning curve.

Benefits and Features

• Flexibility – the possibility to create any number of virtual environments, ranging from simple servers to entire networks and intranets. This feature eliminates the risks when mirroring an operational environment allowing for an effective test bed for attack and response testing. The platform can be connected to existing training capabilities if any.
• Challenging – Perfect for different assignments like Attack, Defend, Attack-Defend, Pen Testing and Forensics. Designed to provide, hands-on game style training on a variety of software and hardware security topics. Users participate in Capture the Flag where advancing through various scenarios of ranging difficulty levels
• Dynamic – Players are required to work in teams in order to take control or defend servers and networks using skills developed in the challenges.
• Accessibility – The platform is easily accessible from anywhere and anytime through a secure VPN connection.
• KPIs – The platform provides real-time scoring by monitoring 24/7 trainees activity so you can quickly identify which skills are great and which skills need improving

Infrastructure, Access & Deliverables:

• Custom Access Point (e.g. https://TrainingLab.YourCompany.com).
• Private interface
• Private CTF365 network
• Custom leaderboard
• Access to both private (CTF365 private network) and Main Arena (CTF365).
• Private “vulnerable by design” servers (e.g. Metasploitable2, Security-Shepherd etc) for easy practice.

Extra (Fee & Project based)

In addition we can offer the following:

• Design, build, test, deploy and conduct custom CTF competition — for internal use. Technical support & write-ups included.
• Design, build, test & deploy custom challenges (Top 10 OWASP, Network, Forensic etc).
• Custom features & KPIs

Last but not least, running hands-on cyber security training programs helps you identify strong candidates when looking for new talent, strengthen and retain the skillsets of existing employees, and provide KPIs to ensure your IT professionals are skilled for the increasingly difficult cyber landscape.

Need a hands-on security training platform? Let’s talk. Happy to help.