I get it.
There is an intensifying cybersecurity skills gap because the attack surface is rapidly expanding.
We get it.
But the gap between academic learning and real-world applications in the field of cybersecurity is a notable challenge for many college graduates and “IT-transitioners” from other IT departments or industries into the cybersecurity realm.
In the weekly cybersecurity courses that I deliver and in the consulting practice with onsite and online customers, I can see that basic troubleshooting skills are lacking and the big problem with that is that the longer it takes to troubleshoot an incident, whether malicious or not, the speed and efficiency of the response are critical. For businesses, especially large-scale operations like a major hotel brand, the stakes are incredibly high.
Downtime not only costs millions of dollars but can also damage customer trust and brand reputation irreparably. In such high-pressure scenarios, having a team with solid troubleshooting skills is not just beneficial; it's essential. It is also welcome and appreciated. These skills ensure that the team can identify, understand, and resolve issues promptly, minimizing financial loss and restoring normal operations as quickly as possible.
The Case for Physical Labs and Workshops:
This discrepancy often stems from a lack of sufficient physical hands-on experience during their education and transition. Cybersecurity, with its ever-evolving threat landscape and complex technical demands, requires not just theoretical knowledge but also practical skills that can only be honed through direct engagement with real physical systems and scenarios. This is not just happening in our industry, it is also happening across the board in all industries.
Enhancing education with physical labs and workshops is crucial to bridge this gap, allowing students and IT-transitioners to build a solid foundation before moving to complex cloud-based environments. Physical labs and workshops offer a controlled yet realistic environment where students and IT-transitioners can experiment, troubleshoot, and understand the practical implications of cybersecurity principles.
Why Physical Hands-on Experience Matters:
While knowing the concepts behind firewalls, intrusion detection systems, SIEMs and encryption is valuable, the ability to use related tools and technologies is crucial. Physical labs allow students to get hands-on experience with these tools, understanding their practical application and gaining the proficiency needed to operate them effectively in a professional setting and while dealing with extreme high-pressure.
I remember one of my early mentors, Mr. Rojas, gave me two pieces of advice:
1-. Setup a two-computer wired home lab network and practice, practice, practice until working with Wireshark, NMAP, and TCP/IP becomes second nature. Then add wireless and practice some more and see the difference; then add virtualization and learn the different networking possibilities. Now, as I write this and if it’s my turn to mentor someone, I would add Cloud and AI knowledge to that sequence, for example the MITRE ATLAS framework.
2. The second thing was to learn and conceptualize all those topics within the 7-layer OSI model. Call me old-school, call me what you will, but the basics don’t change even in the Cloud or AI era. Can you believe many college graduates and IT-transitioners believe that a bunch of “youtube searches” or “Reddit” posts are going to help them solve a technical problem in a timely manner! It’s laughable, disturbing, and dangerous.
In one instance, I was walking someone through the deployment of a cloud sensor, and we got to the part where we had to choose the IP and subnet mask. The person was feverishly looking at google searches, etc. on how to figure out how to come up with the subnet mask. There are plenty of tools out there to help you come up with it, but that’s not the point. The point is the context of the current situation. Their environment was a very small server farm where a .248 would suffice. He was stuck on the idea of using a .255, which is unthinkable in that cybersecurity context. I guess fancy job titles will only get you so far.
Due to misinterpretation of facts and incorrect assumptions, a delayed and escalated response will often occur, adding to the unnecessary downtime. Business continuity can greatly be enhanced with in-person training across all industries, not just cybersecurity.
Enhancing Troubleshooting Education with Physical Labs and Workshops
Physical skills will always win over 100% virtual skills. Simply because of human intuition and trial and error. It’s a human sense that is impossible to achieve with machines or AI or software or virtual reality.
With in-person training and education, you can “Get totally off track” in the teaching method and thereby, expose a lot of deficiencies in knowledge and gaps in the process as well as find out where, maybe some flawed causal connections have occurred. In this manner we can anticipate a problem before you must wait for it all to play out and occur.
And sadly, that’s the normal thing: “Hey, we are going to teach you a bunch of stuff, but we are not going to figure out how much you really know, until stuff starts blowing up and then we are going to throw a bunch of Band-Aids on that”. Instead of realizing, oh, they didn’t really understand the basic premise, they were just memorizing a solution, and they didn’t really understand how we got to the problem in the first place. Because the problem can present itself in a myriad of ways and if they only memorized one solution or one of those ways, then they are not going to be proactive in their thinking.
Cybersecurity training has changed but not for the better. Watching a bunch of videos is not the solution! The lack of context when trying to solve a problem, and when you’re used to just practicing just one solution, or several possible solutions from “youtube videos” and blogs from some random guy from 2014, is just not going to work. Going into rabbit holes each time does not work and delays response.
Before the pandemic, my frequent onsite training travels around the globe allowed me to notice that students tend to engage more deeply in experimentation and trial-and-error learning when they're physically close to a mentor or instructor. It seems we're just beginning to understand the complexities of human information exchange.
Everything in the human body is a chemical and electrical reaction, firing of the synapse and chemicals are released through hormones. In person you can laugh, you can share, you can touch a shoulder when someone doesn’t get the topic, or simply go off-topic and fill in the knowledge gaps.
I remember time after time, onsite customers asking me to teach them about a topic that was not on the agenda, but part of a different paid class. For example when I was teaching the 4-day Developer class, I had to teach them a half-day of system administration so they could get the software up and running at a basic level, so they could at least reboot the thing without calling the IT folks.
How Can We Get There:
To enhance cybersecurity education, it's advised that IT-transitioners and educational institutions incorporate hands-on labs from the start and consistently throughout their learning or curriculum. This method helps in teaching students from basic to advanced cybersecurity concepts through practical experience that closely replicates real-world scenarios, including common vulnerabilities and threats.
When you’re in person and for little-understood reasons, people feel more comfortable asking questions in person than on Zoom or equivalent. Anybody that has attended any in-person meeting or brainstorming session, or a music concert can completely agree that the feeling is real, and it makes you feel something. And this is because we communicate in ways that are impossible to solely be captured by a visual camera and cannot be detected even with solely just the auditory and the video feed. There are many nuances to human communication that we still can’t identify.
Recommendations for Having Favorable Troubleshooting Skills.
Know your audience. Hands-on, practical workshops where participants actively engage and interact with the material, including role-playing, group discussions and simulations. Gamification, which fosters friendly competition can be a good thing to cement concepts.
1. Specialize in niche. You will be happier if you’re doing something you enjoy instead of slowly but surely getting into roles you don’t like. Not everybody is cut for compliance and policies, or customer training, or for digital forensics, or for monitoring a console for eight hours a day.
2. Setting up a small physical lab with Ethernet cables and a hub observing the implications of a broadcast domain using Wireshark or similar tool. Then introduce NMAP or similar tool and watch and analyze the packets flow; experiment with Layer 1 until you dream packets like in the Queen’s Gambit series. Then replace the hub with a network switch, experiment with Layer 2 and Layer 3. If you don’t have a simple network switch, use a crossover cable.
3. Experiment either way because from there you’ll really get the rest of the OSI Layers. Trust me; the feeling you get from that first Ping reply across a router will inspire you and you will be on your way to amazing troubleshooting skills and get you to resolving issues faster, thus increasing your real value. During job interviews you will shine and increase your chances of getting the position.
From there, setting up labs using tools like VirtualBox, Cloud etc. can provide practical experience in safe environments, but the basics must not be skipped.
In conclusion, the only sure way to improve troubleshooting skills is to totally “get” the basics and then continuously evolve and freshen up your skills so that they remain cybersecurity-effective and current.