TY - GEN
T1 - Participants Prefer Technical Hands-on Cyber Exercises Instead of Organisational and Societal Ones
AU - Päijänen, Jani
AU - Salonen, Jarno
AU - Karinsalo, Anni
AU - Sipola, Tuomo
AU - Kokkonen, Tero
N1 - Funding Information:
This research was partially supported by the Cyber Security Network of Competence Centres for Europe (CyberSec4Europe) project funded by the European Union under the Horizon 2020 SU-ICT-03-2018 Programme Grant Agreement No. 830929.
Publisher Copyright:
© 2023 Curran Associates Inc.. All rights reserved.
PY - 2023/6/19
Y1 - 2023/6/19
N2 - The current shortage of cybersecurity professionals is about 2 million people worldwide, and in Europe the industry is seeking for about 350 000 skilled professionals. There is also an enormous need for dedicated cybersecurity training courses for existing professionals who wish to acquire completely new skills or maintain their current ones. Due to the lack of new skilled workforce, the current cybersecurity personnel are overworked in their work. In order not to waste the valuable time of cybersecurity professionals with unnecessary training, cyber exercises should be well prepared. This article is based on research conducted in a European collaborative project and more specifically, a cyber exercise organised in early 2022. The purpose of our research was to conduct a preliminary assessment of the participants to learn about their skills and expectations before the cyber exercise. This assessment was used for fine-tuning the exercise. To achieve this, we identified common trends in the participants’ interests during the cyber exercise. The preliminary assessment was carried out as a web survey. The responses were cross tabulated to find meaningful indicators related to skills and interests of the participant group. We identified the most and least preferred knowledge areas for both the industry and public sector participants. Our findings show that the most interesting knowledge areas of all respondents were primarily technical in nature (Data Security, Connection Security, System Security), but Organisational Security was also reported. The least interesting knowledge areas were mostly non-technical in nature (Human Security, Organisational Security, Societal Security) but also Component Security was reported. We also enquired about the preferred team size. The majority of the respondents preferred a team size of three to four persons. The preferred single session duration was 46–60 minutes. The results help cybersecurity professionals to match their knowledge needs with the existing cybersecurity proposition and to determine the right and most beneficial training for them. The results also assist the providers of cyber training and other exercises to describe the targeted development of specific cybersecurity and other knowhow in a coherent, standard-like, way.
AB - The current shortage of cybersecurity professionals is about 2 million people worldwide, and in Europe the industry is seeking for about 350 000 skilled professionals. There is also an enormous need for dedicated cybersecurity training courses for existing professionals who wish to acquire completely new skills or maintain their current ones. Due to the lack of new skilled workforce, the current cybersecurity personnel are overworked in their work. In order not to waste the valuable time of cybersecurity professionals with unnecessary training, cyber exercises should be well prepared. This article is based on research conducted in a European collaborative project and more specifically, a cyber exercise organised in early 2022. The purpose of our research was to conduct a preliminary assessment of the participants to learn about their skills and expectations before the cyber exercise. This assessment was used for fine-tuning the exercise. To achieve this, we identified common trends in the participants’ interests during the cyber exercise. The preliminary assessment was carried out as a web survey. The responses were cross tabulated to find meaningful indicators related to skills and interests of the participant group. We identified the most and least preferred knowledge areas for both the industry and public sector participants. Our findings show that the most interesting knowledge areas of all respondents were primarily technical in nature (Data Security, Connection Security, System Security), but Organisational Security was also reported. The least interesting knowledge areas were mostly non-technical in nature (Human Security, Organisational Security, Societal Security) but also Component Security was reported. We also enquired about the preferred team size. The majority of the respondents preferred a team size of three to four persons. The preferred single session duration was 46–60 minutes. The results help cybersecurity professionals to match their knowledge needs with the existing cybersecurity proposition and to determine the right and most beneficial training for them. The results also assist the providers of cyber training and other exercises to describe the targeted development of specific cybersecurity and other knowhow in a coherent, standard-like, way.
KW - cybersecurity
KW - cyber range
KW - cyber exercise
KW - capture-the-flag
KW - skills
UR - http://www.scopus.com/inward/record.url?scp=85167606516&partnerID=8YFLogxK
U2 - 10.34190/eccws.22.1.1196
DO - 10.34190/eccws.22.1.1196
M3 - Conference article in proceedings
SN - 978-1-914587-69-6
VL - 22
T3 - European Conference on Information Warfare and Security, ECCWS
SP - 349
EP - 357
BT - Proceedings of the 22nd European Conference on Cyber Warfare and Security
A2 - Andreatos, Antonios
A2 - Douligeris, Christos
PB - Curran Associates Inc.
T2 - 22nd European Conference on Cyber Warfare and Security, ECCWS 2023
Y2 - 22 June 2023 through 23 June 2023
ER -