Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NICE eNewsletter Summer 2021 Industry Spotlight

Remove the Guesswork in Cybersecurity Hiring with Simulation-Based Assessments

Let job candidates demonstrate their actual capabilities

By Debbie Gordon, CEO, Cloud Range

Debbie Gordon
Debbie Gordon, Cloud Range

The ever-changing cybersecurity threat landscape requires cybersecurity operators to have up-to-date knowledge and skills. Cybersecurity defenders need to know what they should do during an attack, and it is even more important that they have the ability to do it. Unfortunately, actual job experience and industry standard certifications do not necessarily indicate whether a candidate is able to perform in a new work environment with different threat vectors. To address this ongoing challenge, hiring managers can ask candidates to perform exercises that simulate actual work roles as defined by the NICE Framework.

Disparities in Candidate Qualifications and Requirements 

Simulation-based assessment exercises for evaluating candidate qualifications help overcome four difficulties that employers and candidates face in the hiring process: 

  • Employers face challenges when outlining the requirements for a job opening. Often, there is a disparity between the listed requirements and the knowledge and skills necessary to actually perform the tasks. This may occur when the person writing the job description isn’t part of the hiring manager’s team and isn’t familiar with the details of the work.
  • Resumés and certifications do not tell the whole story about what a candidate is capable of doing. In fact, someone may actually meet the requirements in a job description and as a result be “qualified” for the job, but until they are assessed on the actual activities required to succeed in such a role, an employer does not have enough information to ensure they are making the right hire. 
  • There are plenty of potential applicants who may never apply because they are alienated by overly restrictive job requirements, even though they would be perfectly capable of performing the job. 
  • Adoption of the NICE Framework solves part of the problem of matching talent to the required work. By outlining and standardizing the specific TKSs (tasks, knowledge, and skills) for a given “Work Role”, an employer still can’t reliably confirm that a candidate can actually perform the work, especially in a live, high-pressure, heavily-tooled cybersecurity defense environment. Some employers may use lab type assessments, but labs simply assess pieces of what a role would require and are not reflective of a candidate’s abilities to perform the job as a whole.

Taking the Guesswork out of Hiring for Cybersecurity Roles

To help employers reduce hiring risk and provide ongoing employee development, Cloud Range developed an innovative solution. Using its cyber range, Cloud Range established simulation-based assessment exercises that mimic actual work roles as defined by the NICE Framework. These immersive assessments allow candidates to perform as they would on the job, in a safe yet realistic environment that enables employers to determine an individual’s abilities regardless of certifications, degrees, or experience. Each simulation exercise results in a detailed report that outlines TKSs from the NICE Framework plus the corresponding results of the application of each of those elements in the simulation exercise. 

The suite of exercises can be customized and administered by employers to mimic specific roles, such as a Tier 1 SOC Analyst or a Forensics Examiner. The platform includes real security tools that a job may require, such as a specific Security Information and Event Management solution. For example, a candidate for a Tier 1 SOC Analyst role may use QRadar or Splunk during a simulation to look at live traffic and alerts or to investigate alerts to identify false positives.

Job seekers, including those currently in the cybersecurity workforce and those entering the workforce for the first time, may take a Cloud Range Assessment for a given NICE Work Role and then provide the results to potential employers. This may accelerate the hiring process and create a more level playing field for candidates.

Cloud Range has heard good things from hiring managers who have observed that the simulation-based assessments prepare candidates for real-world experience. Some even consider it irresponsible not to use this kind of pre-hire assessment method.

Immersive, simulation-based assessments allow employers to determine whether or not a candidate has the necessary capabilities for a job and also to assess what additional learning and experience the candidate would need to be fully job-ready. At the same time, job seekers looking to set themselves apart from the pack can use pre-hire assessments to demonstrate their real-world abilities. Ultimately, these methods enable better hiring, better job capability and training, and improved team morale and retention. 

NICE eNewsletter Summer 2021

Created June 16, 2021, Updated June 28, 2021