The Effectiveness of Simulation-Based Training in Cybersecurity

by Tom Marsland, Cloud Range Cybersecurity Training & Project Manager

Simulation-based training is utilized in many fields — including medical, military, law enforcement, emergency response, and others — but it has only recently begun to be used in cybersecurity training. Simulation training provides students and professionals with opportunities to practice their decision-making skills through real-life situations and experiences.  Most importantly to the business, if a trainee makes a mistake in simulation, there is no negative impact to the business — only quality training value. A study of simulation-based training in the nursing field, titled “Effectiveness of simulation-based nursing education depending on fidelity: a meta-analysis,” concluded that simulation-based educational interventions have strong educational effects, with particularly strong outcomes in the psychomotor domain, which is related to movement in conscious mental activity. 

The psychomotor domain also applies to cybersecurity. SkillsUSA Illinois, a state association servicing college, high school, and middle school students preparing for careers in trade and technical occupations, holds a championship event where students competing in the cybersecurity field take a cognitive domain performance test, covering knowledge of common cyber security tenets, but also a psychomotor domain performance test. This portion consists of several iterations of procedures to provision, test, deploy, operate, and maintain equipment with the end goals set by a technical committee. 

Simulation-based education is a technique-based approach that replaces and amplifies real experiences with guided ones that allow the trainee to interact with the simulation environment as if it were the real thing. Simulation training is utilized today in healthcare settings, such as practicing surgical procedures and techniques, in the driving and aviation/aerospace industries, and in the power generation industry. The Navy’s nuclear power field has successfully used simulation to train nuclear power plant operators for over 20 years and owes some of its success of safe operation to training simulators. 

With simulation-based training, like the cyber range provided by Cloud Range, trainees can practice their skills in a virtual environment, responding to cyberattack scenarios that mimic real-life attacks. In the range, instructors can observe the team’s performance and provide immediate feedback. Additionally, trainees are more likely to retain insights and learned knowledge by actually performing the actions and doing the incident response. Each trainee can be evaluated, and quantifiable metrics can be provided back to the customer to show growth of both the individual and the team. 

Another benefit of simulation training is the ability to cooperate and compete like never before. Cloud Range can design and manage Red vs. Blue style competitions, bringing out the fighting spirit in teams. An analysis of different team dynamics can also be done where different members take on different roles to see where strengths and weaknesses in a team setting lie. The range can also be customized to support refresher training for employees that want to strengthen their skills, or focus on a particular type of attack as well. 

Simulation-based training is standard in many industries — it’s time it becomes standard in cybersecurity as well.

Interested in learning more about simulation-based training in cybersecurity? Request a demo.