The Science of Simulation Learning in Cybersecurity

By Dr. Duane Dunston, Cloud Range Senior Adversarial Engineer

Did you know there is an evidence-informed practice that explains why Cloud Range live-fire attack simulation exercises on a cyber range are not only an effective learning method but also a crucial platform?

Evidence-informed practice means the learning principles have been informed by academic research and supported by direct experience from practitioners in the field who contribute what does and does not work within a given context.

Understanding Situated Cognition Theory

Collins, Brown, & DuGuid (1989) posited the theory of Situated Cognition Theory, which suggests learning, understanding, and application do not occur by acquiring information from abstract content alone.

Instead, authentic learning occurs when learners engage in real-world or simulated environments.

This theory emphasizes the importance of context and social interaction in the learning process. Indicating that knowledge is best acquired and understood when applied practically within its relevant setting.

Emphasis of Peer-Based and Mentored Learning

Situated Cognition Theory suggests that learning should occur in a social environment or from peers.

This suggestion is supported by the work of Lev Vygotsky, who also noted that learning is a social endeavor —  not teacher-centered but informed by peer-based learning. Such learning mirrors what occurs in the general work environment. 

However, peers must learn in cohorts with a mix of skill sets to help supplement knowledge gaps. These knowledge gaps can also be filled by someone more skilled, such as a teacher or mentor.

Situated Cognition in Cybersecurity Training

In cybersecurity training, this theory is applied through cyber ranges, and simulated environments where participants engage in hands-on exercises that mirror real-world security threats and defenses. 

These environments replicate challenges, allowing learners to gain valuable knowledge from peers and experienced attack instructors. 

Theoretical Knowledge: Cybersecurity Fundamentals

Foundational knowledge is crucial when aligning with the Situated Cognition Theory's emphasis on practical learning contexts.

This includes understanding principles like cryptography, network security, threat intelligence, and risk management, essential for effective cybersecurity practices. 

Professionals must stay updated on emerging threats to develop proactive defense strategies.

Theoretical learning also covers compliance (e.g., GDPR, PCI DSS, ISO 27001) and ethical considerations, promoting responsible practices such as ethical hacking. 

Active Learning: Realistic Security Challenges 

Situated Cognition Theory emphasizes learning through practical, hands-on experiences relevant to the participant’s role with the company. By engaging in simulated cyber incidents within cyber ranges, theoretical concepts are reinforced through direct application.

This approach ensures that professionals are well-prepared to handle and reduce the risks of real cyber attacks effectively, without having to wait until an actual attack occurs.

Teams will improve their teamwork, and decision-making skills, while also allowing them to stay updated on the latest cybersecurity challenges.

Ultimately improving the organization's organization's cybersecurity resilience and preparing its workforce for security challenges.

Social Activity: Sharing Knowledge of Capabilities

Participants might pause and note,

"At this stage, we would bring in X person or Y person because they have the subject matter expertise on this application or server."

More importantly, customers often stop to ask,

“Do we have the capability to detect this type of attack?” 

These questions initiate a discussion, allowing teams and attackmasters to evaluate and provide input on their organization’s security readiness.

Live-Fire Simulation Exercises vs. Traditional Security Methods

It’s important to note that the combination of live-fire simulation exercises and traditional security training methods creates a comprehensive training program.

This integrated approach ensures participants gain theoretical knowledge, targeted skill development, and dynamic hands-on experience, producing well-rounded security professionals. 

Cloud Range: Innovative Security Training Solutions

Within a Cloud Range live-fire simulation – which is called a mission – the experiential learning principles of Situated Cognition Theory are applied by situating our customers' cyber practitioners into a simulated, live-fire network environment with various computer systems, servers, software, and network-based applications—similar to what they work with every day. 

Participants also utilize Open Range™ to revisit simulated cyber-attacks, applying newfound skills directly within their operational environments. 

3 Key Benefits of Using Cloud Range:

1. Comprehensive Training Programs: One of the few training options in cybersecurity that includes live-fire simulations, FlexLabs™, assessments, and more, and that accommodates all positions, including SOC analysts, system administrators, firewall admin, and incident handlers.

2. Two Mission Debriefs: The first debrief takes place the day of the mission, with the Attackmaster™ reviewing the attack flow. The second debrief occurs with the leadership and highlights the knowledge gaps of each participant, addressed by the Attackmaster.

3. Flexible Subscriptions: Organizations engage with Cloud Range through one of our flexible, frequency-based subscriptions. This approach ensures that teams can maintain an ongoing and consistent simulation-based training program. This consistency is crucial for ensuring preparedness and allowing ample room for improvement among their cyber practitioners.

Conclusion

Cloud Range customers benefit from more than just traditional training methods; they gain hands-on, relevant experience in a simulated real-world environment.

This practical approach allows them to apply their learning directly to their roles, significantly enhancing their job performance and ability to defend against real cyber attacks.

With Cloud Range simulations, learners will gain practical, role-specific experience that highlights how their efforts contribute to safeguarding their organization's assets.

They also develop a comprehensive understanding of collaborative strategies to minimize the organization's cyber risk exposure.

Request a Demo with Cloud Range today! 

Stay tuned for my next article, when I’ll further discuss the training provided by Cloud Range and how using our Certified Attackmasters supports learning and the Cognitive Apprenticeship Theory.