Cyber Range Market Analysis finds a solution to the skills gap
Small Projects build the hands-on experience employers demand
Open-source projects like the AWSCyberRange provide the foundation to increase your technical skills across 3 enormous domains of knowledge:
Cloud, Cyber Security, & DevOps.
Goals
The goal is to create an academic alliance w/ enterprises to address (3) core issues:
- Closing the skills-gap by providing an opportunity for businesses to connect with a motivated network of emerging talent & established professionals.
- Influence the readiness of talent by providing the ability to compete in the marketplace.
- Establish an academic alliances which provide fellowship like funding of research to support informal & formal learning initiatives across the most complex & in-demand technology domains
The Potential for World-Wide Influence
The SecDevOps@Cuse Cyber Range is an Open-Source Project with well noted academic value. The NIST 1 pager (visual below) clearly outlines a strong value add in a greatly under-served community.
The Syracuse Surge initiative is gaining momentum, there are many conversations, follow-ups, and alliances to create over the next couple years. There will be many brands to partner, promote, and highlight as sponsors. Unfortunately, Indeed has decided to not be one of the Innovative business sponsors.
The Cyber Range initiative is a massive movement aimed at improving the lives millions of people by identifying, crowdsourcing, and solving the most in-demand talent needs across every industry, vector, domain, and space with a virtual workforce of world-wide talent.
I promote the best experiences & tools across the industry, share knowledge openly, and seek to grow future generations of highly motivated & skilled talent.
Talent is key to automation & optimization of critical infrastructure services, business processes, and policy compliance in both public & private industries. It would only seem natural for Indeed to view Syracuse Surge as a huge opportunity.
Analyzing the Market
Indeed provides an awesome talent recruiting platform & an ability to reach millions of users rapidly.
That is exactly why I tapped into the platform. The goal of the Cyber Range project is to positively impact millions of users.
To gain momentum and visibility across the country, I decided to tap into the job market insight Indeed has. My intent was to identify & quantify a known problem — the gap between experience & knowledge.
Every great business leader knows how to identify a real-business problem, create measurable objective metrics, then quantify the impact of a solution across the market it serves.
The first recruiting campaign started right before Blackhat 2019, the beginning of August. I was able to collect data & create a market niche, identify the solution & execute the plan. I recall the account mgr & a sales pitch around Aug. 3 — I posted a positive outcome of recruiting capabilities, interaction, and results as a outcome of my effort.
I thought there was a reasonable understanding of the open-source recruiting initiative.
Looking the Actual Results
The Cyber Range project is unique & it benefits anyone across the world. What concerns me the most, Indeed simply wants $ now w/o being able to guarantee results.
My creative use of the Indeed job boards highlighted an immediate group of resources who are ready to start training, learning your systems, and providing a value-add to your company’s mission statement.
The AWS Cyber Range project provides a way to build a niche of knowledge & experience. Provides the mentoring needed to tap into the market, & then identifies how the talent provides value-add to the business.
One of the early FormAssembly visuals provides an awesome view of classification of candidates.
This proves the project is able to target ideal candidates, partners, and sponsors.
Open-source projects like the AWSCyberRange provide the ability to create Market Talent rapidly and provide business with critical cyber security knowledge & experience.
Interpreting Results
The form had 2 simple questions: 1) what do you bring to the table, known as current skills & 2) what do you want to learn, known as desires.
Out of the roughly 200 initial respondents who signed up to support the grant/project initiative:
- 67% of them indicated a desire to learn DevOps, Cloud Computing, and/or Cyber Security (Penetration Testing, Engineering, Vuln).
- A significant portion of the candidate we connected with are targeting the 3 domains this project will gain experience in.
- The other domains are closely related to the Mission Statement of the Cyber Range.
Candidate Skills
When I review the skills individuals brought to the table, the 3 technical domains make up 30% of the Candidate pool actual skills. This 70% gap is what others call the “Cyber Shortage” / “Skills gap.”
Cyber Range initiatives across the industry aim to identify undeveloped talent, provide training & mentoring, then translate that knowledge into business value across enormous technical domains.
This simply requires an approach which fuels someone’s passion to succeed through adversity and failure over a lifetime. Then the technical learning becomes part of the individual “habits and rituals”.
Most are proprietary closed source for-profit, yet this open-source Cyber Range initiative is different.
A goal of the open-source project is to inspire a community of passionate technical contributors & learners. I believe we can highlighting growth opportunities, track personal development, and establishing risk-taking milestones to fuel failure/success evolution. That is what creates real business value.
Clearly there is a gap to close, so now the question is how?
Using a Training Matrix to maximize growth opportunities
In previous roles, I’ve leveraged skills / knowledge matrices to help document knowledge, identify strengths, and evolve fragmented departments into cost-saving globally resilient operations teams. This project aims to inspire the evolution of a skilled remote informally learning workforce so a similar skill assessment allows me focus on the individual’s desire across the program’s goals.
I decided to mesh the desired & current skill(s) inputs together to understand demand & identify potential training tracks.
Here’s what I see…
- Individuals who bring “DevOps” skills to the table have a strong desire to stay within DevOps and move into Penetration Testing. DevOps is the most imporant in-demand skill across a wide variety of technical domains.
- Penetration Testing, Cyber Security Engineering, and Vulnerability Replication are best grouped together yet make up just a small portion of overall responses. While one of the most technically challenging domains for this candidate base, Penetration Testing is the 2nd most in-demand set of skills.
- Individuals who bring “Sales, Marketing, Media” skills to the table are interested in 3 core areas: a)DevOps b) understanding & articulating business problems into engineering requirements [business analyst], & c) Sales, Marketing, & Media.
I believe these results suggest that the current Cyber Range applicants could benefit greatly from an informal learning initiative that provided real projected-related experience — this is exactly what the Academic Alliance initiative aims to do.
Solving The Engagement Issue w/ Slack
In Tech — We know there’s an engagement problem, a growing skills gap, & the need to provide fresh eyes w/ a diversity body of students to solve the most challenging business & enterprise problems & hands-on leadership.
I believe we need to continue to focus on understanding the market looking to break into Tech while increasing the ability to engage & help the under-served populations.
Therefore I’ve opened up the Slack Beta-group invite. If you are actively using the cyber range then I encourage you to add yourself to the invite list using this FormAssembly form.
This approach allow me to balance out the flow of new users / questions / etc and while juggling my own personal responsibilities, goals, objectives, and expectations.
Collaboration not Competition…
Business Leaders are inquiring about advanced enterprise-level features and desire to use the open-source project for monetization. This is a great sign of the market interest however private feature development goes against the core spirit & intent of an open-source project.
While I’m encouraged by the interest in these advanced features & the only way to deliver them is to be a sponsor of this project.
The Cyber Range is focused on developing core talent using proven tooling directly to the business systems. Ideally we’ll collaborate on code, provide automated testing, documentation, and troubleshooting support.
