Trainings for SOC and cybersecurity teams: why it matters





Professional development of employees is a must for any company. Especially when it comes to specialists in charge of cybersecurity. Not only the quality of their work depends on this, but also the stability of the business as a whole.



What is SOC



Cybersecurity issues remain relevant for companies around the world. Tens of billions of dollars are spent annually on its provision, and the amounts are constantly growing. For example, according to forecasts of the consulting company Frost & Sullivan, in 2021 global cybersecurity spending will amount to more than $ 200 billion. But simply purchasing and implementing equipment is not enough. The main thing is to have a well-coordinated team of specialists who would work with security systems.



It is for this purpose that enterprises are increasingly organizing a Security Operations Center (SOC, security operations center). It performs the function of monitoring, assessing and protecting corporate IT systems, as well as resolving information and cybersecurity issues in the enterprise. SOC can be defined as a combination of people, processes and security technologies that continuously monitor the state of information systems, design and configure them, track unwanted user behavior, prevent and minimize damage from cyber attacks.



Now on the market there are a lot of offers of software and hardware tools to ensure cybersecurity. But at the same time, if there are no specialists who will work with them, these solutions by themselves will not be able to protect the company from cyber threats. Therefore, having a well-coordinated security team is one of the main advantages of the SOC. SOCs are especially important in critical infrastructure enterprises and government bodies, but ordinary business also requires this kind of protection against cyber threats.



The SOC concept, especially for the CIS countries, is still quite new. Many enterprises are just thinking about implementing such units, while others prefer traditional information security departments within existing IT departments. This approach to information security also has the right to exist, but in terms of efficiency it is still somewhat inferior to SOC.



Challenges facing SOC teams



Building a SOC is a difficult task in itself. In addition to creating a robust security and incident reporting system that consists of many interconnected components, it also needs to be maintained 24/7. According to the SANS Institute's Common and Best Practices for

Security Operations Centers: Results of the 2019 SOC Survey ”, 49.6% of IT professionals working in SOC, cited the lack of a sufficient level of automation and orchestration of security systems as a problem, 43% noted the presence of many tools that are not integrated with each other, and 32 % cited too many security warnings as a problem that they could not properly examine. These are far from all the variants of the answers given in the survey, but even from them it is clear that the problems facing the SOC teams are very different - from purely technical to organizational.



But these are not the main difficulties. According to the same report, 57.7% of respondents named the lack of qualified personnel as one of the main challenges facing their company. As we can see, according to the IT specialists themselves, among all the problems in the first place is the lack of qualified personnel. This means that this is what you need to pay attention to in the first place - professional and well-coordinated teams are able to solve most of the above issues.



Practical trainings are the key to improving the qualifications of employees



Where to get qualified specialists? The answer is seemingly simple - to hire. But, again, there is a serious shortage of them on the market. In addition, even the coolest professionals in the modern world must constantly improve their skills. Another way is to improve the skills of your own employees. One way is through professional training. At such events, specialists receive relevant and demanded technical skills, learn to work with new tools, replenish their knowledge base in general and, as a result, acquire the ability to resist modern cyber threats.



As we noted above, not every enterprise has its own SOC. But cybersecurity is essential for all companies. Therefore, even in the absence of a security information center, specialists and managers of IT / IS departments need to improve their qualifications. The importance of training and education of personnel is generally understood by the companies themselves. For example, according to a joint ESG and ISSA study titled The Life and Times of Cybersecurity Professionals, 42% of IT professionals surveyed believe that additional courses and training for cybersecurity team members will bring the most benefit to their organization in protecting against cyber threats in the future. At the same time, 34% of respondents believe that cybersecurity training should be taken by all IT departments, and 40% are sure thatthat such courses and trainings should be taken even by employees of departments not related to IT.



But trainings are different. Listening to a course of lectures is important and useful, but without consolidating the knowledge gained in practice, a significant portion of the information received will soon be forgotten. Thus, according to the β€œforgetting curve” of the German psychologist Hermann Ebbinghaus, people forget about 80% of the information received during training within 48 hours if it is not consolidated. Thus, many courses and trainings (this applies not only to cybersecurity, but also to other industries) turn out to be very ineffective - people take them, but very soon they forget a lot of what they learned there.



The introduction of practical elements into trainings significantly increases their effectiveness. Especially when it comes to areas such as cybersecurity and networking. Now the complexity of networks is growing at an exponential rate, attackers are becoming more sophisticated, and ever-changing risk vectors have fundamentally changed the nature of cyber defense. Therefore, the new approach to training, which Cyberbit specialists offer, is very important for SOC teams and IT / IS specialists: it not only provides new knowledge and skills, but also helps to gain real experience in repelling cyberattacks and investigating incidents.



What is this approach? During the training, specialists do not just acquire theoretical knowledge and hone practical skills. For them, cyberattacks are simulated that are most similar to real ones with all their surprises and difficulties. At the same time, many situations are simulated several times, which makes it possible to well consolidate the experience gained, developing in specialists "muscle memory" for the most important skills. Such trainings are as close as possible to real conditions, they contribute not only to increasing the competence of specialists, but also develop their critical thinking, decision-making skills and work in stressful situations.



Cyberbit Range β€” , .




To date, Cyberbit has already provided over 500,000 hours of training for IT professionals and managers from a wide variety of areas - banking and financial institutions, service providers, the corporate sector, and higher educational institutions. For example, the Cyberbit program is used by Purdue University in Indiana and the University of Maine to teach IT students. According to the professor of cybersecurity and computer information systems Henry Filch, such trainings allow students to be ready for full-fledged work in the field of information security during their studies. And, of course, practical training is important for government bodies. Here they are especially relevant, since often in this sector, cybersecurity issues are not given enough attention and the issues of staff development are very acute.



This approach to training specialists fully justifies itself. According to Cyberbit, completing this kind of hands-on training cuts the time it takes for a new SOC or cybersecurity employee to get ready for work by 66%. And it allows experienced professionals to hone their professional skills in situations close to reality. Therefore, if you want your organization's cybersecurity to be at the proper level, and the professionalism of your employees to meet the modern challenge, do not neglect the opportunity to organize practical training for managers and specialists of your SOC, IT department or information security department.



You can get advice on the Cyberbit Range cyber attack simulation platform from Softprom, the official distributor of Cyberbit .



Author: Vladislav Mironovich



All Articles