10/24/2019 Lizzie Roehrs
Written by Lizzie Roehrs
When the CIRI team at the University of Illinois developed the Department of Defense and Department of Homeland Security-funded Cyber Secure Dashboard, it was initially meant to be a tool to aid small and medium companies in meeting the cybersecurity standards detailed by the National Institute of Standards and Technology (NIST). A new collaboration with Scriyb, an AI-powered training platform for cybersecurity education, is helping to extend the Dashboard to include a full suite of education and training modules and learning management tools to further improve both the process of learning about cybersecurity and workforce development for future employees.
By working with the Scriyb Mission Critical Training Management System, the CIRI team hopes to educate the cybersecurity workforce of the present and future. According to CIRI Research Program Manager Jose Alejandro Medina Cruz, the collaboration would solve two problems.
“The first problem is to teach the future workforce how to use cybersecurity standards in general, in particular the NIST Framework,” says Medina Cruz. “A second aspect is helping people who are already in the workforce understand what they need to do to implement certain cybersecurity controls.”But Scriyb won’t just teach users how to implement these controls, it will also give them a space to practice what they’ve learned. Scriyb provides hands-on experience through the Cyber Range, a unique tool that CIRI Senior Research Program Manager Andrea Whitesell says will make a big difference to those learning about cybersecurity.
“It’s a virtual shop where you can set up computers, routers, and networks,” says Whitesell. “You set up a virtual environment where you can try things out. You can even set up your own company’s network.”
Chris Etesse, the President and CEO of Scriyb Mission Critical, says that as companies generate more and more data, their employees need to know how to protect that data.
“In the Cyber Range, companies are allowed to work within their own environment without actually putting their secured data at risk,” said Etesse. “Take a bank for example. You can set up an environment in the Cyber Range that allows you to watch what happens when an office worker opens up an email containing malware. You can learn about these risks while implementing and testing controls to combat them without ever affecting your business or production systems.”
The goal of this integration is to create both “in context” training to answer questions as they arise and also to serve as a sort of lesson plan for students learning about cybersecurity prior to entering the workforce. The Dashboard will serve as a reference to guide users in what they need to implement while Scriyb will serve as the instructor and the test monitor.
According to Medina Cruz, the need to train the current and future workforce is urgent and poorly trained workers can mean an unsafe cyber environment.
“There is a huge need for cybersecurity workers, says Medina Cruz, “There’s also a need to reskill those who work in fields where cybersecurity is important. There is also a strong need to train managers and employees who don’t realize they play an important role in cybersecurity.”
The CIRI team says this project will meet all three of their missions: outputs-oriented research, transitioning tools and technology to the field, and educating the growing workforce.
“This started as research,” says Whitesell. “It developed into a tool and then became an educational aid. The addition of Scriyb addresses the type of training needed to mature an organization’s cybersecurity risk management processes and to encourage an ‘all of company’ approach to cybersecurity.”
CIRI’s work with Scriyb is ongoing; however, the Dashboard is currently available as a tool for those looking for a way to navigate cybersecurity standards. For more information about the Dashboard visit cybersecuredashboard.com.