{"id":89860,"date":"2019-09-12T09:00:55","date_gmt":"2019-09-12T16:00:55","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\/?p=89860"},"modified":"2023-05-26T14:20:31","modified_gmt":"2023-05-26T21:20:31","slug":"students-prepared-real-world-cyber-curveballs","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2019\/09\/12\/students-prepared-real-world-cyber-curveballs\/","title":{"rendered":"Are students prepared for real-world cyber curveballs?"},"content":{"rendered":"
With a projected \u201cskills gap\u201d numbering in the millions<\/a> for open cyber headcount, educating a diverse workforce is critical to corporate and national cyber defense moving forward. However, are today\u2019s students getting the preparation they need to do the cybersecurity work of tomorrow?<\/p>\n To help educators prepare meaningful curricula, the National Institute of Standards and Technology (NIST) has developed the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework<\/a>. The U.S. Department of Energy (DOE) is also doing its part to help educate our future cybersecurity workforce through initiatives like the CyberForce Competition,\u2122 designed to support hands-on cyber education for college students and professionals. The CyberForce Competition\u2122 emulates real-world, critical infrastructure scenarios, including “cyber-physical infrastructure and lifelike anomalies and constraints.”<\/p>\n As anyone who\u2019s worked in cybersecurity knows, a big part of operational reality are the unexpected curveballs ranging from an attacker\u2019s pivot while escalating privileges through a corporate domain to a request from the CEO to provide talking points for an upcoming news interview regarding a recent breach. In many \u201ccapture the flag\u201d and \u201ccyber-range exercises,\u201d these unexpected anomalies are referred to as \u201cinjects,\u201d the curveballs of the training world.<\/p>\n For the CyberForce Competition\u2122 anomalies are mapped across the seven NICE Framework Workforce Categories illustrated below:<\/p>\n NICE Framework Workforce categories, <\/em>NIST SP 800-181<\/em><\/a>.<\/p>\n Students were assessed based on how many and what types of anomalies they responded to and how effective\/successful their responses were.<\/p>\n Frameworks like NIST NICE and competitions like the DOE CyberForce Competition\u2122 <\/span> are helping to train up the next generation of cybersecurity defenders. Analysis from the most recent CyberForce Competition\u2122 <\/span> indicates that students are comfortable with tasks in the \u201cProtect and Defend\u201d pillar and are proficient in many critical tasks, including network forensics and log analysis. The data points to areas for improvement especially in the \u201cCollect and Operate\u201d and \u201cInvestigate\u201d pillars, and for additional focus on forensic skills and policy knowledge.<\/p>\n Bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n The CyberForce work was partially supported by the U.S. Department of Energy Office of Science under contract DE-AC02-06CH11357.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" Are today\u2019s students getting the preparation they need to do the cybersecurity work of tomorrow? Read the findings from the U.S. Department of Energy (DOE) CyberForce Competition.\u2122<\/p>\n","protected":false},"author":96,"featured_media":89863,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3661],"topic":[3688],"products":[],"threat-intelligence":[],"tags":[3822],"coauthors":[2163,2164,1916],"yoast_head":"\n<\/p>\n
Tasks where students excelled<\/h3>\n
\n
Pillar areas for improvement<\/h3>\n
\n
Key takeaways<\/h3>\n