Business owners worldwide have to protect their companies and clients against cybersecurity attacks, which occur every day. Unfortunately, the gap in the cybersecurity workforce totals about 4.8 million people, leaving businesses vulnerable.
While the industry faces a talent shortage, some reports suggest that technically skilled people, including teenagers and recently laid-off professionals, are turning to the dark web for work. Creating a cybersecurity curriculum informed by real-world attackers may help combat this issue by redirecting existing talent from malicious activity.
The Rising Need for Offensive Security Training
With forums on the dark web hosting resumes for cyberattackers, some technically skilled and talented people are shifting toward illicit opportunities. Because some adversaries were once part of the professional workforce, they know how to target businesses and exploit vulnerabilities.
For instance, Google mitigated a distributed denial-of-service attack in October 2023. This attack peaked at 398 million requests per second, placing significant strain on the targeted infrastructure. Events like these showcase the sophistication of some attacks and underscore the need for ethical hacking education.
The Disconnect Between Cybersecurity Professionals and Cyberattackers
When people with cybersecurity experience lack a strong ethical foundation or mentorship from established professionals, they may seek out opportunities in unethical ways. Many cybercriminals are teenagers.
Their introduction to criminal activity may start small, with minor account takeovers or DDoS attacks against gamers. Every time someone exploits a system vulnerability, it creates a sense of accomplishment and promotes boundary-crossing behavior, especially when they receive accolades from their peers.
Pushing technically skilled young people toward a better path through mentorship and education may help deter criminal behavior. The skills that make someone valuable to hackers and security teams are the same.
Starting a Cybersecurity Curriculum Informed by Real-World Attackers
Rather than taking a theoretical approach to cybersecurity training, consider using real-world tactics from attackers to learn how they operate. Here's how:
Strengthen Cybersecurity Knowledge
Cybersecurity professionals must have a solid foundation in the fundamentals. They should understand how systems communicate, authenticate, and fail so they have the context they need to interpret real-world situations. Revisit core security concepts to support improved decision-making during investigations, hands-on activities, and analysis.
Include Labs
Hands-on labs are integral to understanding attacker tactics. In penetration testing labs, professionals can practice their skills on vulnerability exploitation, cloud environments, and defenses without impacting actual systems.
They can deepen their understanding of adversary emulation techniques in red team exercises that mimic real attacks. Participation in simulations can sharpen their ability to detect and respond to an ethical hacker's attacks while learning how to uncover weaknesses in systems, processes, and human behavior.
Identify Skill Gaps
As professionals move through simulations and labs, gaps in their skillset and workflow should become more apparent. Traditional studies may not reveal workflow gaps. Identifying them provides opportunities for effective improvements.
The more cybersecurity professionals understand real-world attacker tactics, the more likely they are to prevent them. Embracing a cybersecurity curriculum informed by real-world attackers helps business owners be more confident in their cybersecurity team's ability to understand and mitigate attacks.
