What is Cyber ​​Workforce Optimization?


First in a 3-part series based on the CyberRisk Alliance/Immersive Labs eBook “Achieving Cyber ​​Resiliency Through Workforce Optimization”.

Cyber ​​Workforce Optimization is a skill set learned not through rote memorization, but through interactive, dynamic exercises that build each key employee’s ability to respond to unforeseen threat scenarios.

New security threats will not fit pre-played scenarios. A decision-maker or IT or SOC staff member needs to be able to think things through, and Immersive Labs’ Cyber ​​Workforce Optimization Micro-Exercises will prepare them for this.

Traditional cybersecurity training and its drawbacks

Most of us are familiar with traditional cybersecurity training. Large segments, if not all, of an organization’s staff must attend an all-day group seminar. Slideshows are presented describing different common threat scenarios. Employees receive quizzes at the end of each section to see what they’ve absorbed. Almost everyone passes, which lets the company say that its workforce has received proper training over the next 12 months.

But is it really the right way to do it? There is no doubt that this type of training helps employees recognize threats such as phishing emails and fake invoices. Yet many staff will view these long, boring sessions as a chore to be endured rather than an opportunity to learn. Go through the slideshow, take the quiz, see you next year, and in the long run, is your business better prepared?

Organizations that rely on these traditional passive methods will not be prepared for new, unforeseen scenarios during training sessions. Skills will rust as the memory of the past year’s training drill fades. Executives, IT staff and SOC personnel may not know how to react to the latest threats and may not be confident in their own abilities.

In short, organizations that rely on traditional cybersecurity training will be less cyber-resilient than other, better-trained organizations in their ability to mitigate and bounce back from potentially damaging incidents.

“Traditional training is about giving people the knowledge and skills they need, but metrics tell you nothing more than who has completed training versus who hasn’t,” said John Blythe. , Director of Cyber ​​Workforce Psychology at Immersive Labs and a psychologist and behavioral scientist. . “It’s no longer enough to be cyber-resilient. Organizations must be able to test, measure and improve the cyber capabilities of all their staff at all times.”

The Cyber ​​Workforce Optimization Approach and Its Benefits

Immersive Labs Cyber ​​Workforce Optimization Platform offers a different and more effective approach. Instead of infrequent passive sessions, Cyber ​​Workforce Optimization offers each key decision-making employee a set of short, intense interactive exercises – Immersive Labs calls them “micro-exercises” – that can be completed in a web browser as well. just 20 minutes.

Each exercise doesn’t cover as much ground as a one-size-fits-all group workout, but that doesn’t have to be. Micro-exercises are tailored to the employee’s experience and skill set, so they don’t waste time reviewing what the employee already knows.

Drills should also be done every six to eight weeks, so that different scenarios and threats can be handled each time, but each keeping the employee’s responses accurate to react quickly to new scenarios. Even better, the employee can choose to do these exercises on their own schedule or even outside of work hours, so the sessions don’t add up to a busy workday.

Optimizing the cyber workforce is about “ensuring the right people have the right levels of skills, knowledge and judgment at the right time,” said Bec McKeown, director of humanities at Immersive Labs. and psychologist who previously worked with the UK Ministry of Defence. . “It’s the optimal way to do things. You don’t waste time, money and energy giving everyone the same kind of training when they just don’t need it. “

Why cyber workforce optimization may not be ideal for all organizations or all employees

Yet these short, engaging micro-exercises may not be suitable for all of your staff. Immersive Labs focuses on key decision-making personnel who need to prepare for or respond to a crisis, such as the management team, IT and SOC personnel, software developers, and even communications teams.

Other segments of the workforce may not benefit as much from this training method. An advertising sales representative or human resources staff member will not be tasked with making important decisions during a cyberattack. It might be best for this person to take traditional passive cybersecurity training just to learn the basics of good workplace safety hygiene.

“Some people will prefer traditional training,” said McKeown of Immersive Labs. “There’s a lot of reflection in our training, and people don’t necessarily like to do that. They just prefer to move on.”

The key to cyber workforce optimization is discerning which members of your workforce will benefit the most from this next-gen training. For more advice, check out our article on “The Case for Cyber ​​Workforce Optimization”.


Comments are closed.