By Debbie Gordon, CEO, Cloud Range
The ever-changing cybersecurity threat landscape requires cybersecurity operators to have up-to-date knowledge and skills. Cybersecurity defenders need to know what they should do during an attack, and it is even more important that they have the ability to do it. Unfortunately, actual job experience and industry standard certifications do not necessarily indicate whether a candidate is able to perform in a new work environment with different threat vectors. To address this ongoing challenge, hiring managers can ask candidates to perform exercises that simulate actual work roles as defined by the NICE Framework.
Disparities in Candidate Qualifications and Requirements
Simulation-based assessment exercises for evaluating candidate qualifications help overcome four difficulties that employers and candidates face in the hiring process:
Taking the Guesswork out of Hiring for Cybersecurity Roles
To help employers reduce hiring risk and provide ongoing employee development, Cloud Range developed an innovative solution. Using its cyber range, Cloud Range established simulation-based assessment exercises that mimic actual work roles as defined by the NICE Framework. These immersive assessments allow candidates to perform as they would on the job, in a safe yet realistic environment that enables employers to determine an individual’s abilities regardless of certifications, degrees, or experience. Each simulation exercise results in a detailed report that outlines TKSs from the NICE Framework plus the corresponding results of the application of each of those elements in the simulation exercise.
The suite of exercises can be customized and administered by employers to mimic specific roles, such as a Tier 1 SOC Analyst or a Forensics Examiner. The platform includes real security tools that a job may require, such as a specific Security Information and Event Management solution. For example, a candidate for a Tier 1 SOC Analyst role may use QRadar or Splunk during a simulation to look at live traffic and alerts or to investigate alerts to identify false positives.
Job seekers, including those currently in the cybersecurity workforce and those entering the workforce for the first time, may take a Cloud Range Assessment for a given NICE Work Role and then provide the results to potential employers. This may accelerate the hiring process and create a more level playing field for candidates.
Cloud Range has heard good things from hiring managers who have observed that the simulation-based assessments prepare candidates for real-world experience. Some even consider it irresponsible not to use this kind of pre-hire assessment method.
Immersive, simulation-based assessments allow employers to determine whether or not a candidate has the necessary capabilities for a job and also to assess what additional learning and experience the candidate would need to be fully job-ready. At the same time, job seekers looking to set themselves apart from the pack can use pre-hire assessments to demonstrate their real-world abilities. Ultimately, these methods enable better hiring, better job capability and training, and improved team morale and retention.