In the recent episode of the PrOTect OT Cybersecurity Podcast, host Aaron Crowe had the chance to interview Debbie Gordon, the founder and CEO of Cloud Range. Debbie is a well-known technology entrepreneur in the cybersecurity industry, and she founded Cloud Range with the aim of providing organizations with better cybersecurity simulation training. With the growing cyber threats that organizations face today, the need for ongoing and up-to-date training in cybersecurity has become a crucial aspect of protecting sensitive information and assets.
Recognizing the severe shortage of cybersecurity talent and the need for continuous training, and her mission is to help organizations increase their readiness by providing a platform that accelerates experience and helps train and upskill the current cybersecurity workforce. The platform is designed to help spread awareness and train not only traditional cybersecurity professionals but also those who may not realize that their jobs are also related to cybersecurity, such as those wearing multiple hats in an organization. This approach helps organizations create a more talented cybersecurity workforce and helps current employees become more aware of their role in security.
It’s important that training is not just about getting a certification but about providing hands-on experience and continuously upskilling individuals in the field. And while many people have the technical knowledge to create firewall rules, they don't necessarily understand the reasoning behind them or how they affect the rest of the organization. This is where simulation exercises can play a critical role.
Simulation trainings allow organizations to craft their own experience based on their industry, team structure, and the tools they use. To be effective, simulation exercises must mimic the people, process, and technology involved in cyber defense. This is why Cloud Range partners with all the technology companies that their customers and the market use (like Industrial Defender), so that they can access those tools in “the range” and use them together in realistic scenarios. Furthermore, the exercises must allow organizations to practice on their own playbooks and runbooks and must be conducted as a team, just as cyber defense would be in a real-world scenario. The goal of simulation exercises is to be proactive, rather than just crossing one's fingers and hoping that nothing will happen.
With the physical consequences involved in OT, the importance of practicing OT cyber defense cannot be overstated. The shortage of skilled and knowledgeable cybersecurity professionals is affecting the ability to secure critical infrastructure and industrial control systems. These systems are often complex and require a specific set of skills and knowledge to secure, making it difficult to find qualified personnel to fill the necessary roles. By practicing OT cyber defense, organizations can ensure that they are prepared to respond in the event of an incident.
Simulations are like going to the gym. They help employees learn from their mistakes and engage them more in their jobs, which also has the added benefit of improving job satisfaction and retention. Trainings like those offered by Cloud Range are hands-on and practical, allowing users to get their hands dirty and see the results of their efforts. Cloud Range's training is designed to help employees become better prepared for the future and respond to attacks more effectively, even if you’re starting from zero experience in security or in OT environments.
Debbie and Aaron also touched the challenge that cyber insurance companies face in assessing customers' risk. Debbie shared that Cyber Range is launching a new risk dashboard that will quantify risk by mapping a company's current knowledge and skills against what they should have. The purpose of the dashboard is to mitigate risk, and will provide risk scores based on the knowledge, skills, and abilities of the people in a company compared to what the NIST NICE (National Initiative for Cybersecurity Education) framework says they should have. They are also working with a non-profit to create a framework for OT security in buildings and facilities and are creating cyber ranges for different sectors in critical infrastructure, such as maritime, manufacturing, and aviation.
Deeper training through simulation exercises is addressing a vital requirement in the field of cybersecurity, particularly in the realm of OT security. Despite the obstacles of workforce shortages and the rapidly evolving threat landscape, Debbie and the Cyber Range team are doing exciting work and playing a critical role in developing cyber talent and attracting more individuals to the profession.
To get the full effect and insights of this great discussion with Debbie, be sure to listen to the full episode.