Researchers and lecturers at the TalTech Centre for Digital Forensics and Cybersecurity not only have extensive research experience in their field, but are also equipped to conduct various cybersecurity training courses in Estonia and abroad. In addition to crisis training courses intended for company management teams, the centre offers technical training courses on how to protect IT systems from realistic threats. It is important to understand that cybersecurity is not just the domain of hackers, and that protecting successfully against threats requires interdisciplinary teamwork, where all members of a company, including IT professionals, management, lawyers, data protection specialists, etc., have a role to play.
But how can you determine whether the participants in your training course have understood what you have tried to teach them and whether their knowledge and competencies have improved? This was the topic of Sten Mäses’ doctoral thesis, published at the end of last year.
According to Mäses, simulation exercises are particularly suitable for measuring and practising computer skills, because it is much easier to accurately simulate the work environment of a programmer or security tester than, for example, that of a surgeon or welder. “Although cybersecurity exercises have developed greatly in technical terms in recent years, the evaluation of their results is often still limited to feedback collected from the participants,” the researcher noted. He elaborated that the reported feelings of the participants themselves, unfortunately, may not provide an objective assessment regarding the skills demonstrated in the course of the simulation. As a result of Mäses’ work, it is now possible to create simulations tied to specific cybersecurity job descriptions and for participants to assess their suitability for these specialist jobs. In addition, Mäses collaborated with other researchers and students to design innovative virtual labs that also allow lab organisers to measure non-technical competencies (e.g. to assess cyber-ethical behaviour).