But how can you determine whether the participants in your training course have understood what you have tried to teach them and whether their knowledge and competencies have improved? This was the topic of Sten Mäses’ doctoral thesis, published at the end of last year. 

According to Mäses, simulation exercises are particularly suitable for measuring and practising computer skills, because it is much easier to accurately simulate the work environment of a programmer or security tester than, for example, that of a surgeon or welder. “Although cybersecurity exercises have developed greatly in technical terms in recent years, the evaluation of their results is often still limited to feedback collected from the participants,” the researcher noted. He elaborated that the reported feelings of the participants themselves, unfortunately, may not provide an objective assessment regarding the skills demonstrated in the course of the simulation. As a result of Mäses’ work, it is now possible to create simulations tied to specific cybersecurity job descriptions and for participants to assess their suitability for these specialist jobs. In addition, Mäses collaborated with other researchers and students to design innovative virtual labs that also allow lab organisers to measure non-technical competencies (e.g. to assess cyber-ethical behaviour).