By: Rob Beason, CISSP, GSLC, Security+
At the Houston Security Conference, 2018; fellow LEOs Clint Bodungen and Kevin Lackey put on a red versus blue team training for attendees. The course was a one-day workshop intended to educate ICS practitioners, network defenders and the security conscious on the topics of basic attack methodologies and the important areas of focus in order to defend critical assets. This topic has been taught in numerous courses that range in cost from free to $5k as a one-week block of instruction. Most of the courses are lectures, college format labs, and vary in levels of depth.
What was particularly unique in the training was the “gamified” instruction in a one day format. After a couple hours of traditional classroom instruction, the rest of the training was broken into phases wherein, after each phase, attendees could play the Red versus Blue game as a turn-based strategy game. This game pitted the students against each other in a way less focused on the tech used, but more focused on attack methodology and blue team tactics, techniques and procedures.
Why this resonates with engineers and information technology professionals is straightforward: We like to game! And we like to compete across the room or across the globe. Competition is what draws a lot of us to the cybersecurity industry and keeps us engaged. There is an adversary actively targeting the resources we are trying to protect.
The Red vs Blue training provided a simulation of the types of attacks that are happening every day. But there was also a huge value in being able to debrief with the adversary across the room and discuss the good, the bad, and areas for improvement. The skills to learn the game was appropriate enough that everyone could play and have fun. The folks with the most knowledge, skills, and abilities came out on top. The folks with fewer skills could be seen learning and starting to have those “Eureka!” moments not often found in a classical lecture and lab course.
We are all looking forward to the Red versus Blue game moving from Beta to general release. We highly recommend it to all levels of practitioners from entry-level analysts to CISO’s looking for a new way to teach others and build awareness.