Authors:
Gencer Erdogan
1
;
Antonio Álvarez Romero
2
;
Niccolò Zazzeri
3
;
Anže Žitnik
4
;
Mariano Basile
5
;
Giorgio Aprile
6
;
Mafalda Osório
7
;
Claudia Pani
8
and
Ioannis Kechaoglou
9
Affiliations:
1
Software and Service Innovation, SINTEF Digital, Oslo, Norway
;
2
Research & Innovation, Atos, Seville, Spain
;
3
Trust-IT Services, Pisa, Italy
;
4
XLAB, Ljubljana, Slovenia
;
5
Department of Information Engineering, University of Pisa, Pisa, Italy
;
6
Ferrovie dello Stato Italiane, Rome, Italy
;
7
Energias de Portugal, Lisboa, Portugal
;
8
AON, Milan, Italy
;
9
Rhea Group, Redu, Belgium
Keyword(s):
Security Education, Security Awareness, Cyber Range, Cyber Risk, Course, Training, Cybersecurity, Security Roles, Security Skills, White Team, Green Team, Red Team, Blue Team.
Abstract:
The use of cyber ranges to train and develop cybersecurity skills and awareness is attracting more attention, both in public and private organizations. However, cyber ranges typically focus mainly on hands-on exercises and do not consider aspects such as courses, learning goals and learning objectives, specific skills to train and develop, etc. We address this gap by proposing a method for developing courses and training material based on identified roles and skills to be trained in cyber ranges. Our method has been used by people with different background grouped in academia, critical infrastructure, research, and service providers who have developed 22 courses including hands-on exercises. The developed courses have been tried out in pilot studies by SMEs. Our assessment shows that the method is feasible and that it considers learning and educational aspects by facilitating the development of courses and training material for specific cybersecurity roles and skills.