Solving the Key Issue of Role-based Security Professional Training

Phillip M. Sparks, MBA CISM CISADirector Innovation and Technology, CypherPath

Professor HULT International Business SchoolEx. RCERT-Europe Site manager

Instructional designer for: Enterprise Network Security, AFRAID, Incident Response Planning and Forensics, and 3 x5-day DoD Information Assurance training program, Europe

Information security is strategic, requires technology and skilled personnel to be effective and successful.

• Foundstone provides strategic consulting, technology and education services for Fortune 500 clients globally

• Experts put right processes and procedures in place and provide tools to support them and educated staff to use

• Has 18+ courses and continues to identify new global issues through McAfee Labs that need to be known by clients

Situation Current stable facts

• Scale and role out of instruction based learning is inefficient and hard to maintain global quality and instruction

• Clients starting to value more practical experience training based upon actual procedures and processes

• Time to develop and deliver new security training is long

ComplicationUncertainties

• Can a scalable role based learning platform enable rapid delivery of process based skills to capture value ?Key Issue

There are five basic questions that must be answered to ensure that we can capture value from a role based

platform

Can a scalable role based learning platform enable rapid delivery of process based skills to capture value ?

Can foundstone learning be delivered online?

Can online training

scale while maintaining quality?

Can new relevant

knowledge be

delivered efficiently?

Can we capture

value from clients?

Can training align to

processes and

procedures of services

offered?

YES, a scalable role based learning platform will enable Foundstone for rapid delivery of process based skills to capture

value.

•Hands on practical labs can be delivered via Lab-on-Demand from single or multiple global sites with users just needing Internet Explorer

•instructor assisted delivery through Elluminate or other web conference is available

Yes learning can be delivered online.

•Over 30,000 labs/ month already proven from one data center, just add hardware/bandwidth for more concurrent users to access

•Step by Step ability of Lab-on-Demand ensures consistency of experience

Yes, online can scale while maintaining quality

•CertME Process combined with Modular Environments allow for rapid knowledge capture that is needed near real time

•Capture and distribution of the knowledge with Lab-on-Demand is hours or days, not weeks and months

Yes, new relevant knowledge can be

delivered efficiently

•Clients get the performance based training they desire with better processes aligned to their environments

•Paid subscriptions and consulting engagements increase revenue

Yes, Foundstone can capture value from clients

•The Modular environments can mirror production environments so process alignment is feasible

•LOD interface produces printed Process documentation (LAB manual) that can complement the Visio process swimlanes and RACI charts

Yes, training can align to processes and procedures.

The CertME Topology can support many tiers of networks all interconnected with routing and be build from a library of pre-

existing virtual machines to build relevant

Modular Environment Library of virtual systems

By Network SegmentBy Operating SystemBy System Role

W2k8r2std-dbW2k8r2webWin7officeWin7adminWin7hackerWinxphackerw2k3HacME-bankingwinxpHacme-casinio

Relevant training can be created in hours and distributed to registered users

Build the ME• Build a modular environment from preexisting systems or create own/new

system from base OS

Collect all Tools into ISO resource• DVD Media is available to users on remote systems, so collecting into a

*.ISO image is easy

Define the Role-based Scenario• Use RACI and BBP to define a Lab Profile so user is put into a job

performance scenario lab profile and lab series if multiple tasks

Provide level of Guidance Desired• LOD supports content less and content guided labs, where you can add

detailed procedure and work instruction level steps

Assign Users Lab Series• Once labs are assigned to users, they will have access to run the lab and

interact all in own sandboxed Modular Environments

McAfee GSL is available for demo but does not meet the training needs of the McAfee Foundstone Practice, but can be leveraged as

Modular Environments were applicable

Modular Environments support Foundstone strategic consulting, technology consulting and education

A typical Modular Environment for Foundstone could support Penetration testing, assessment techniques, and secure coding practices in a three tier and DMZ deployment.

NOTE: Not ALL systems have to be turned on for each lab. Each Lab Profile can define the virtual machines that are active from the modular environment.

Lab 1: winxp-hacker + R1G1O1 router + Hacme-banking + win7-foundstone

1

1

1

1

User has a simple login and access to the labs’ modular environment with or without content (step by step

guides)

Login Select My Assignments

Launch or Resume Lab Interact Save or Exit

CertME Lab-on-Demand™ Components can be “mobile” to support hosting Seminars via wireless or

hosted in a datacenter(s) distributed globally

Modular Enterprise Host (MEHost-XX)Dell PowerEdge R710, 72-96GB RAMMaximum Speed Raid for 300GB DrivesEACH: Support about 20 concurrent users depending upon lab resource requirements. 72 GB = 60 GB usable resources20 users of about 3 GB each (3 System lab)

EXPANDABLE by just adding another MEHOST

LOD SoftwareVirtual Server 4GBIIS 6 or IIS 7:a. LOD Web Servicesb. Data Mover Services

NAS Drive Cache, 3TB RAID, 2x Gigabit NIC

24 port Gigabit Switch User Stations:

1 GB RamInternet Explorer with Java

Learning Management Server integrates with LOD Web Services

Role-based Processes can be converted from workflows to online environment via Lab-on-Demand in just hours

and delivered by URL or LMS.

Existing environment can be converted into a Modular Environment for use with LOD and business processes

captured with Subject Mater Expert into LOD

1. Select what systems are needed2. Capture with Disk2Vhd (~ 2 hours 3. Clean system capture and ensure working in LOD4. Add to LOD virtual system list5. Create VMOnly lab 6. Configure correct IP and settings for systems7. Save as stable virtual system for development

LOD systems can be used for Real training

using replicated production environment

Cyber Security workforce must be proficient in tasks they will be expected to perform under stress

Validate process proficiency

Ensure “Certified” by 3rd party

Test against live environments

Test they can do on the job

Identify specific skills neededAwareness topics Hands on tasks Knowledge levels

Define Role-based tasks requiredMap tasks to realistic job

expectationsBase upon best practice

Process workflowsBook

knowledge is NOT enough!

Certify with CertME

against actual job skills needed.

The Lab-on-Demand Platform will be used to build the SPA (Scalable Proficiency Assessment) engine to certify

performance based skills.

Job Description

• Identify the top 10 tasks for Job

Create Modular Environment

• Replicate the On-the-job environment in CertME and build Lab Profile

Task Signature Analysis

• Capture the task signatures for real-time tracking of

Deploy SPA agents

• When taking exam, SPA agents monitor lab activity and report back to SCORM LMS

The Lab-on-Demand has X primary features

System

ME Admin

Lab Profiles

Lab Management

•Add/Delete Users

•Assign

User Management