Real-world scenarios are the future of cyber security certification programs, proving a cyber security practitioner’s ability to defend enterprises against increasingly sophisticated cyberattacks and exploits that target specific vulnerabilities.
Hands-on, real-world scenario-based testing needs to be a critical component of cyber security certifications given that major data breaches continue to impact companies of all sizes and sectors. For example, malicious nation-state adversaries continue to probe and attack the networks of government organizations and private sector enterprises responsible for critical infrastructures, such as financial services, oil and gas production, telecommunications, utilities, and water.
Moreover, “the COVID-19 pandemic presented businesses globally with cybersecurity challenges, including opportunistic phishing campaigns, discontinuity of information security operations and long-term financial constraints., according to the Accenture Security 2020 Cyber Threatscape Report.
GIAC, known for providing the highest standard in cyber security certifications, recognized that companies, government agencies and educational institutions need cyber security professionals with the technical, hands-on skills to defend our nation's networks and critical infrastructure from all forms of threats. To meet this need, GIAC raised the bar for cyber security certifications even higher with CyberLive - hands-on, real-world practical testing.
The demand for hands-on testing is growing among both cyber security professionals and hiring managers. Cyber security practitioners need discipline-specific certifications with practical testing to enhance their ability to build and maintain a strong career path, with increased opportunities for new responsibilities and better pay. Companies need a way to confirm that the cyber security professionals they hire have the necessary knowledge and abilities to protect their organizations from existing and emerging attacks. The need for CyberLive has never been greater.
What does hands-on testing really mean?
The practical, hands-on component of a cyber security certification simply means that a candidate must directly interact with a program, a computer and network in a virtual machine environment to solve the question that has been presented. "The value of asking multiple-choice questions, while using various cognitive levels, remains valuable and a key tool within exam-performance measurement," says Tommy Adams, a GIAC engineer who helped develop CyberLive. "The benefit of adding hands-on questions is that it allows a test to better validate that a certification holder has the skills related to that specific certification."
For instance, to validate that a cyber security professional knows basic Linux commands, a multiple-choice question might ask the candidate to identify the correct bash command that would display the contents of a hidden file.
However, a hands-on item would literally present a Linux computer and ask the candidate to determine the contents of a hidden file. The candidate would need to know what program to use and what commands to use in order to answer the question. With CyberLive, the candidate is interacting with a live virtual machine to determine the answer.
"Hands-on training really helps solidify that certification. When you have that capability integrated into the testing mechanism, we are confirming that this individual can sit in front of a computer and do that job," says Tony Knutson, a cyber security professional who holds multiple GIAC certifications, including GPEN, GNFA and GAWN.
GIAC currently features CyberLive in the following seven certifications, with more to come in the near future:
- GXPN-- Exploit Researcher and Advanced Penetration Tester (SEC660)
- GCIA-- Intrusion Analyst (SEC503)
- GCIH-- Incident Handler (SEC504)
- GPEN-- Penetration Tester (SEC560)
- GCFA-- Forensic Analyst (FOR508)
- GWAPT – Web Application Penetration Tester (SEC542)
- GSEC – Security Essentials (SEC401)
How should candidates prepare for CyberLive exams?
Hands-on scenarios test essential skills within various certification objectives. The best approach to success is to use labs to practice the skills that are required for the exam, GIAC's Adams advises. If candidates prepare for their certification exam with a training course, they should utilize any lab exercises that are covered in the training. If a person is approaching the certification with self-study, build labs and practice.
There is still a need for knowledge-based testing that require candidates to exercise their cognitive or "thinking skills," which is why CyberLive is not replacing - but enhancing - the traditional GIAC certification process. Hands-on, real-world testing adds additional depth and demonstrates that the cyber security practitioner has the core skills needed to address today's security challenges.
Cyber criminals are persistent and inventive, finding new avenues to penetrate networks and systems. Today's cyber defenders must be even more persistent and must be equipped with specific skills and specialized knowledge to combat multiple, varied threats. GIAC is taking the lead in ensuring that cyber security practitioners have the tools and training necessary to succeed in this challenging landscape.