Real-world scenarios are the future of cyber security certification programs, validating a cyber security professional's ability to defend organizations against increasingly sophisticated cyberattacks and exploits that target specific vulnerabilities.
Hands-on, real-world scenario-based testing must be a critical component of cyber security certifications given the current threat environment in which major data breaches continue to impact organizations of all sizes and sectors. For example, malicious nation-state adversaries continue to probe and attack the networks of government organizations and private sector companies responsible for critical infrastructures, such as financial services, oil and gas production, telecommunications, utilities and water.
Moreover, "advances in technology such as artificial intelligence and fifth-generation cellular network technology (5G) communications could provide new opportunities for threat actors to achieve their objectives," according to Accenture Security iDefense's 2019 Cyber Threatscape Report.
GIAC, known for the highest standard in cyber security certifications over the past two decades, recognized that businesses, government agencies and educational institutions need cyber security professionals with the technical, hands-on skills to defend our nation's networks and critical infrastructure from all forms of threats. As a result, GIAC raised the bar for cyber security certifications even higher with CyberLive - hands-on, real-world-testing - to fill the gaps in the market.
The demand for hands-on testing is growing among both cyber security professionals and hiring managers. Cyber security professionals need the combination of discipline-specific certifications with practical testing to enhance their ability to build and maintain a strong career path, with increased opportunities for new responsibilities and better pay. Companies need a way to validate that the cyber security professionals they hire have the necessary knowledge and skills to protect their organizations from existing and emerging attacks. The need for CyberLive has never been greater.
What does practical testing really mean?
The practical, hands-on component of a cyber security certification simply means that a candidate must interact with a program, a computer and network to determine the correct answer to the question that has been presented. "The value of asking multiple-choice questions, while using various cognitive levels, remains valuable and a key tool within exam-performance measurement," says Tommy Adams, a GIAC engineer who helped develop CyberLive. "The benefit of adding hands-on questions is that it allows a test to better validate that a certification holder has the skills related to that specific certification."
For instance, to validate that a cyber security professional knows basic Linux commands, a multiple-choice question might ask the candidate to identify the correct bash command that would display the contents of a hidden file.
However, a hands-on item would literally present a Linux computer and ask the candidate to determine the contents of a hidden file. The candidate would need to know what program to use and what commands to use in order to answer the question. The candidate is interacting with a live virtual machine to correctly determine the answer, or is alternatively struggling on the computer, unable to perform the task or accomplish the necessary analysis.
"Hands-on training really helps solidify that certification. When you have that capability integrated into the testing mechanism, we are confirming that this individual can sit in front of a computer and do that job," says Tony Knutson, a cyber security professional who holds multiple GIAC certifications, including GPEN, GNFA and GAWN.
GIAC currently includes CyberLive in the following five certifications, with more to come in the near future:
- GXPN -- Exploit Researcher and Advanced Penetration Tester (SEC660)
- GCIA -- Intrusion Analyst (SEC503)
- GCIH -- Incident Handler (SEC504)
- GPEN -- Penetration Tester (SEC560)
- GCFA -- Forensic Analyst (FOR508)
Is there a way to prepare for scenario-based tests?
Hands-on scenarios test tried and true skills within various certification objectives. The best approach to success is to use labs to practice the skills that are required for the exam, GIAC's Adams advises. If candidates take a training course in preparation for a certification, they should utilize any lab exercises that are covered in the training. If a person is approaching the certification with self-study, build labs and practice.
There is still a need for knowledge-based testing that require candidates to exercise their cognitive or "thinking skills," which is why CyberLive is not replacing - but enhancing - the traditional GIAC certification process. Hands-on, real-world testing adds additional depth and demonstrates that the cyber security professional has core skills to address today's security challenges.
Cyber criminals are persistent and inventive, finding new avenues to penetrate networks and systems. Today's cyber defenders must be even more persistent and inventive and need to be equipped with specific skills and specialized knowledge to combat multiple, varied threats. GIAC is taking the lead in ensuring that cyber security professionals have the tools and training necessary to succeed in this challenging environment.