How Are Cybersecurity and Baseball Alike?
How Are Cybersecurity and Baseball Alike?
by Debbie Gordon
Becoming a great baseball player takes a lot more than just knowing how to play the game. It also takes more than being a great hitter or a great pitcher. Similar to baseball, cyber defense is a team sport.
Effective learning — ultimately, becoming an expert professional — comes from multiple methods. The three elements of knowledge, skills, and abilities, often referred to as KSAs, are each required to reach a mastery level. The three categories can sound very similar at first glance, but they highlight different methods of learning to ultimately achieve expert status.
THE BASEBALL ANALOGY
A great way to understand KSAs is to start with a well-known sport like baseball. (Go Red Sox!)
Knowledge:
Before baseball players can play, they have to understand the rules of the game, strategy, and what “should” occur when certain situations arise. It’s the facts, procedures, objectives, and other information that build a practical and theoretical foundation for what comes next. This is an ongoing process because new methods, new plays, and other new developments are constantly being introduced.
Just because you know the rules doesn’t mean you’re a baseball player. We all know people who think they know everything about a sport, but it doesn’t mean they can play!
Skills:
This stage includes batting practice, fielding drills, learning how to throw accurately, and other exercises. The goal is to develop and hone skills through focused practice and training to build muscle memory that becomes second nature during game situations. And it’s important to note that this is not a one-and-done step – players of all levels still need to practice and run drills.
Just because you can throw a ball doesn’t mean you are a great player!
Abilities:
This stage puts the team on the field together where each person can use their knowledge and skills to play the position they’ve been training for. Team practice builds confidence that they can perform together in real time, while still receiving guidance from their coach to get even better. The more they play as a team, the more they improve. That helps the team know they’re prepared for any situation during an actual game. Why? Because they’ve already experienced those situations literally hundreds of times in practice.
Abilities mean you not only have knowledge and skills, but you know how and when to use them. It requires judgment and critical thinking too.
CYBERSECURITY TRAINING AND KSAS
Now that we understand how KSAs work, here’s what that looks like with cyber training.
Knowledge:
These are the courses, books, videos, and other learning materials that are the groundwork for becoming cyber defenders. Self-study from publicly available resources and many certification prep courses would fall into this category.
Skills:
Hands-on cybersecurity development labs enable individuals to hone specific skills. Cloud Range's lab exercises include hundreds of modules to help people learn and perform specific skills. Whether it is configuring a firewall or finding a back door in an Ubuntu server, lab exercises are a valuable way for individuals to work on short, focused, specific skills required to perform effectively in cyber defense.
Abilities:
Now it’s time to work as a team. Cloud Range’s robust, hyper-realistic cyber range allows full security teams to upskill together and collaborate in detecting, investigating, and remediating cyber threats. Unlike skills training using lab exercises, live-fire team training teaches participants what to do, how to do it, when to do it, and why to do it. These elements create a multidimensional learning experience that ultimately proves the true capabilities of a cyber defender. The range provides a safe, controlled environment and incorporates the same security tools that SOC and DFIR teams use every day. The result is that team members can build on their knowledge and skills to improve their abilities. They can perform real work in a real-world environment that yields real results.
THE A OF KSAS
In the cybersecurity industry, there are many ways for newcomers and advanced professionals alike to hone their knowledge and skills. However, there haven’t been many options to improve one’s abilities. Reason being — cyber defense can’t be effectively or safely learned on the job.
And yet, it’s vital to focus on all three areas – knowledge, skills, and abilities. Having knowledge is not enough. Practicing a specific skill is not enough — even if someone gets really good at that skill. A team will never play the game if people are just good at their individual skills.
Many times, people don’t focus on abilities until they are in a live situation where they must use them. But that is too late, especially in cybersecurity.
People need to practice performing the skills they have learned. The crucial “abilities” piece of KSAs combines knowledge and skills with action and proficiency to yield desired outcomes.
GET CYBER DEFENSE TEAMS BATTLE-READY
When it comes to cybersecurity, a robust cyber range program allows security teams to benefit from a comprehensive, layered approach that incorporates all three KSAs. Cyber simulation exercises conducted in a hyper-realistic, live-fire environment are the most effective method to not only quickly train and upskill cybersecurity workers but also to provide the space for them to show their abilities.
When teams have real-world practice and work together in a simulated environment to defend against cyberattacks, they improve their communication and teamwork. They get more context about their work and how it plays into the bigger picture. They get a chance to try things and fail without consequences — or they succeed and validate their critical thinking skills and processes. The result is that organizations are more proactive in their cyber defense initiatives, reducing the chances of a costly or even deadly cyberattack.
While baseball practice gets teams game-ready, cybersecurity simulation practice gets security teams battle-ready. Either way, improving KSAs ensures you can knock it out of the park.
Want your security team to be battle-ready? Learn more about cyber simulation here.
---
Founder and CEO of Cloud Range, Debbie Gordon is a globally recognized entrepreneur leading a new category in cybersecurity. Cloud Range was founded on the premise of closing the cybersecurity skills gap by giving security teams the ability to gain real-life experience and practice defending against live cyber attacks in a protected customized dynamic environment. A consummate entrepreneur, Debbie began her career 25+ years ago in the technical education/certification space and has since built and sold several companies in eCommerce, IT asset management, and training.