Zusammenfassung
The shortage of skilled cybersecurity professionals poses a significant challenge for organizations seeking to protect their assets and data. To address this shortage, onboarding and reskilling employees for cybersecurity positions becomes a daunting task for organizations. Cyber ranges mirror digital infrastructures to provide a realistic yet safe environment for cybersecurity training. To date, ...
Zusammenfassung
The shortage of skilled cybersecurity professionals poses a significant challenge for organizations seeking to protect their assets and data. To address this shortage, onboarding and reskilling employees for cybersecurity positions becomes a daunting task for organizations. Cyber ranges mirror digital infrastructures to provide a realistic yet safe environment for cybersecurity training. To date, the potential of cyber ranges has been leveraged primarily in academic education. This paper investigates how cyber range exercises (CRX) can enhance the onboarding and reskilling of cybersecurity professionals in organizations. To this end, we conducted semi-structured interviews with seven cybersecurity professionals from organizations in different industry sectors in Germany and India. Our findings indicate that the main potential of CRXs lies in conveying universal cybersecurity concepts that are transferable to the particular systems, technologies and tools of an organization. Thereby, CRXs represent a promising complement to existing organizational training strategies. Challenges to overcome were identified in establishing an organizational CRX infrastructure, building the necessary competencies to conduct the exercises, and ensuring the comparability of CRXs to validate personal competence development.