The University of Pisa is a Full Scale Pilot in CYBERWISER.eu with a view to helping to meet the high demand for cybersecurity professionals with hands-on training using an advanced and customisable cyber range. Training sessions are organised for bachelor, Master and post-graduate master students with courses at multiple levels, spanning generic web vulnerability applications, firewall and network filtering, among others.
To collect feedback on the drivers and benefits of using the CYBERWISER.eu cyber range, we’ve been talking to a group of Master Degree students from diverse backgrounds but with a keen interest in cybersecurity as they plan to use their qualifications in both public and private sectors in the future, combining broad technical skills with security expertise and an understanding of business risk.
Giorgio Leonarduzzi: Corso di magistrale in computer engineering and Cybersecurity Risk management and cybersecurity method and validation in the computer science department
Francisco Payés, from the Dominican Republic: Fundamentals of cybersecurity, best practices for web and computer programming basic security. Goal was learning about fundamental aspects of these topics and also cybersecurity market needs.
Luca Di Gregorio: Fundamentals in cybersecurity, Cryptography and Risk assessment. I want to improve my skills related to these skills and living in the digital age is important to face these kinds of issues. Organisations need to have this kind of skills in place.
Riccardo Bertini: Cybersecurity systems, fundamentals of cybersecurity. Cybersecurity is very underestimated by companies but this is needed today.
Q1: What were your expectations of the CYBERWISER.eu training? What did you learn and what would you recommend to others?
GL: I chose the course at the University of Pisa by chance but now I am glad I did as I see the real potential of these courses.
The courses were very hands-on in the university’s lab. The courses are really outstanding considering the many labs that exist but that have limited exercises. CYBERWISER.eu is an opportunity to have a complete machine to hack and play with in new ways.
FP: At first I thought it was going to be very easy like a questionnaire on basic topics, but my expectations were exceeded. I was really impressed with the environment and all the things we could do and how easy it is to manage the environment.
LdG: I thought it would be like things I can already find on the web, but I was surprised by the rich content. I particularly appreciated how the scenarios are designed, you can play both attacker and defender and this is an added value. Another extremely important point is the possibility to go into the actual code and play with it and also get real insights into how vulnerabilities can be exploited.
RB: Like my colleagues, I was expecting a simple eLearning environment. Giving students the opportunity to use a cyber range is a brilliant idea with access to VMs (virtual machines) and show us how to handle cyber-attacks and defence. On the downside, the system was a little slow in responding but this may be because of the network.
Q2: What did you learn and would you recommend the CYBERWISER.eu Cyber Range to others?
FP: I learned about SQL injection, the environment helped me learn about the front end and more importantly the back end, in terms of how an SQL attack could be harmful for the system. I was very happy to be able to test this with my own hands.
LdG: I learned about many concepts related to web application vulnerabilities, from basic to advanced, I would definitely recommend it to other people as it is a very easy user experience. The predefined path is also an added value if you're new to this.
RB: I learnt new aspects of SQL vulnerabilities, hands on testing on a real virtual machine was really a plus together with the possibility to play both as an attacker and defender and see what this means in real life. I would definitely recommend it.
Q3: In your view, what cybersecurity skills do you think are the most important?
GL: Lots of people don’t have enough awareness about technologies they use on a daily basis. Many companies don’t realise the impacts of not having proper cybersecurity solutions against spam emails and phishing. Unfortunately, a lot of small businesses think cybersecurity is beyond their budget and give a lower priority to protecting their IT assets, users and network. Ethical hackers could be helpful in showing them their vulnerabilities to cyber threats and change their mindsets. While technical skills are essential for tackling threats, people are often the weakest link in the company and need soft skills.
FP: One of the most important skills is knowing about cybersecurity best practices and how you can develop them in a controlled environment. Cyber ranges can help put these to practical use.
LdG: It's hard to select a specific skill in an evolving landscape so I would say the commitment to keep up to speed with cyber threats and vulnerability testing. Understanding basic programming languages to detect attacks and countermeasures as well as network basics are very important as more and more enterprises are moving to the cloud. Finally, I also think cryptography is important.
RB: Mastering the security cost trade-offs to implement the right security measures to allow organisations to be cyber secure based on costs and budget. Best practices are also important.
Q4: What are your plans for the future (e.g. type of job/further education)?
GL: I’d like to be involved in risk assessment or work in a company as a cyber expert, including certification to help cover legal aspects.
FP: Coming from a very small country like the Dominican Republic, I have very specific plans as I would like to first open a business to offer cybersecurity solutions and services and would also like to teach as education on cybersecurity is very important.
LdG: I would like to work in open-source intelligence, such as Internet security and especially OSINT by collaborating with companies and government agencies such as police or national security agencies.
R: I'd like to join a big company and work in various IT security levels.
Q5: How important do you think it is to have a professional cybersecurity register?
CYBERWISER.eu is currently working to develop a Cybersecurity Professional Register (CyPR). The CyPR will be built as a dedicated section on www.cyberwiser.eu where qualified cybersecurity experts working in the domain of cybersecurity or having obtained an official certification can showcase their experience and get in touch with industries, SMEs, and institutions searching for a professional role to insert in their organizations.
GL: For sure having a register of cyber experts will increase awareness of people’s skills and help companies find the right skills sets for their business assets, also from a budget perspective. Often, companies aren’t aware there are people who can help improve their cybersecurity so it would be nice to bring the two sides together.
FP: This registry is a very good idea so professionals can find support within the community. I would join it.
LdG: For ethical hackers this does not exist so this could be really useful, this should help businesses look for the right cybersecurity skill sets, bridging the big gap between the white and black hats.
RB: This is a great idea. It should be applied not only to cybersecurity but also be a reference directory for companies and public sector organisations as a centralised source of skills. I am not interested in joining it yet as I'm still studying and learning.
Do you want to become a Pilot user of the CYBERWISER.eu cyber range platform and train your staff for free?