Abstract
Recent breaches like the WannaCry ransomware attack in 2017 are evidence of the rapidly evolving cyber security threat landscape. They demonstrate the ability of cybercriminals to take down individuals and businesses efficiently. This is an indication that few companies can sustain these challenges due to a shortage of professionals with essential specialist cyber security skills. It puts into perspective the urgent need to train and nurture new graduates who possess the minimum qualifications and aptitudes required in the cyber security profession. This study investigates the current cyber security skills gap (CSSG). It observes that cyber security skills are high in demand, yet short in supply, with employers facing problems attracting skilled personnel to fill the ever-growing cyber security roles within their businesses. The study noted that while there are some attempts to address the CSSG through education and training, some recruiting managers held that many cyber security graduates lacked essential business sustaining skills. It observed that graduates focused more on technical skills like hacking while ignoring critical, practical, hands-on abilities. The study identified 5 features of the CSSG and argued that they can be addressed through a serious games (SGs) training approach. This method makes use of SG elements like tabletop exercises (TTXs) which nurture and enhance practical hands-on skills. TTXs enhance the development of skills like problem-solving, communication, teamwork and business processes understanding thereby enabling cyber security incident teams (CSIRTs) to conduct their daily activities unperturbed.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Buvat, J., Turner, M., Puttur, R.K., Slatter, M.: Cybersecurity talent: the big gap in cyber protection. Capgemini Digital Transformation Institute (2018)
Deloitte, The Changing Faces of Cybersecurity. Closing the Cyber Risk Gap. Deloitte LLP, Ontario (2018)
Patriciu, V.V., Furtuna, A.C.: Guide for designing cyber security exercises. In: Proceedings of the 8th WSEAS International Conference on E-Activities and Information Security and Privacy, pp. 172–177. World Scientific and Engineering Academy and Society (WSEAS) (2009)
Beyer, M., et al.: Awareness is only the first step: a framework for progressive engagement of staff in cyber security. Hewlett Packard Enterprise (2015)
Hadley, J.: Why the cyber security skills gap won’t be solved in the classroom. Forbes Magazine, 12th September (2019). https://www.forbes.com/sites/jameshadley/2019/09/12/why-the-cybersecurity-skills-gap-wont-be-solved-in-the-classroom/
Pedley, D., McHenry, D., Motha, H., Shah, J.N.: Understanding the U.K. Cyber security Skills Labour Market – Research report for the Department for Digital, Culture, Media and Sport, Department for Digital, Culture, Media & Sport, London, UK (2018)
Fisher, T., Stevens, M.R.: Serious Games Humanitarian User Research. Imaginetec (2020)
Chen, S., Michael, D.: Serious Games: Games that Educate, Train, and Inform. Thomson Course Technology, Boston (2005)
Ulisack, M., Wright, M.: Games in Education: Serious Games. Futurelab (2010). www.futurelab.org.uk/projects/games-in-education
Angafor, G.N., Yevseyeva, I., He, Y.: Game-based learning: a review of tabletop exercises for cybersecurity incident response training. Secur. Priv. (2020). https://doi.org/10.1002/spy2.126
Klabber, J.H.G.: The emerging field of simulation & gaming: meanings of a retrospect. Simul. Gaming 32(4), 471–480 (2001). Sage Publications
Anderson, E., McLoughlin, L., Liarokapis, F., Peters, C., Petridis, P., Freitas, S.: Serious Games in Cultural Heritage, pp. 29–48 (2009)
Almeida, F., Simoes, J.: The role of serious games, gamification, and industry 4.0 tools in the education 4.0 paradigm. Contemp. Educ. Technol. 10(2), 120–136 (2019). https://doi.org/10.30935/cet.554469
Cobb, S.: Mind the Gap: Criminal Hacking and the Global Cyber security Kills Shortage, A Critical Analysis, Virus Bulletin Conference 2016, ESET, USA (2016)
Cisco, Mitigating the Cyber security Skills Shortage. Top Insights and Actions from Cisco Advisory Services (2015)
Crumpler, W., Lewis, J.A.: The Cybersecurity Workforce Gap, Center for Strategic and International Studies (CSIS) (2019)
Cobb, M.J.: Plugging the skills gap: the vital role that women should play in cybersecurity. Comput. Fraud Secur. (1) (2018)
Semafone, B.R.: Dangerous skills gap leaves organisations vulnerable. Network Secur. 2016(8) (2016)
ZeroNorth, Why the Cybersecurity Skills Shortage is a Real Nightmare (2019). https://securityboulevard.com/2019/10/why-the-cybersecurity-skills-shortage-is-a-real-nightmare/. Accessed 21 May 2020
(ISC)2: Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens, 2018. (ISC)2 Cybersecurity Workforce Study (2018). https://www.isc2.org/-/media/7CC1598DE430469195F81017658B15D0.ashx. Accessed 21 May 2020
FitzGerald, N.: What the Cybersecurity Skills Gap Really Means. https://www.csoonline.com/article/3331983/What-the-cybersecurity-skills-gap-really-means.html. Accessed 19 May 2020
Selensec: Addressing the Cyber security Skills Gap – A Reading for Policy Makers, Employers and Young Professionals, Selensec Academy, Sheffiel (2019)
ISACA, State of Cybersecurity 2017, February 2017, ISACA, IL (2017)
ISACA: State of Cybersecurity 2019 – Part 1: Current Trends in the Workforce Development, ISACA, IL (2019)
Indeed, Indeed Spotlight: The Global Cybersecurity Skills Gap. http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/. Accessed 19 May 2020
McAfee: Cybersecurity Talent Study. A deep dive into Australia’s cybersecurity skills gap, McAfee, LLC. September 2018
Ferrara, J.: Why Most Cybersecurity Training Doesn’t Work, (2012). https://www.wombatsecurity.com/news/why-most-cyber-security-training-doesnt-work. Accessed 19 May 2020
Sitnikova, E., Foo, E., Vaughn, R.B.: The power of hands-on exercises in SCADA cyber security education. In: Dodge, R.C., Futcher, L. (eds.) WISE 2009/2011/2013. IAICT, vol. 406, pp. 83–94. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39377-8_9
Carnegie Mellon University: What Skills are Needed When Staffing Your CSIRT?. Software Engineering Institute, Pittsburgh (2017)
Pfleeger, S.L., Improving Cybersecurity Incident Response Team (CSIRT) Skills, Dynamics and Effectiveness, Air Force Research Laboratory, Dartmouth College, Hanover, NH (2017)
Peacock, D., Irons, A.: Gender inequality in cyber security: exploring the gender gap in opportunities and progression Int. J. Gender Sci. Technol. 9(1). ISSN 20400748 (2017)
Fortinet, Exploring the Benefits of Gender Diversity in Cybersecurity (2019). https://www.fortinet.com/blog/business-and-technology/exploring-benefits-gender-diversity-cybersecurity.html. Accessed 19 May 2020
Wakefield, A.: Diversity, and Inclusion: What should this mean in the security sector, Security Institute, Warwickshire, UK, December 2018
KPMG: Hire a hacker to solve a cyber skills crisis’ say UK companies (2014). http://www.kpmg.com/uk/en/issuesandinsights/articlespublications/newsreleases/pages/hire-a-hacker-to-solve-cyber-skills-crisis-say-ukcompanies.aspx. Accessed 17 May 2020
Vogel, R.: Closing the Cyber security Skills Gap. Salus J. 4(2) (2016)
California Association of Health Facilities: Emergency Preparedness Training Exercise Guide for Nursing Homes, California: California Association of Health Facilities (2008)
Kick, J.: Cyber Exercise Playbook, Mitre Corporation (2014)
Everett, M.: Tabletop Exercise for Cybersecurity: Maintaining a Healthy Incident Response. Essextec, New York (2016)
Frégeau A., et al.: Use of tabletop exercises for healthcare education: a scoping review protocol, BMJ Open 10, e032662 (2020). https://doi.org/10.1136/bmjopen-2019-032662, (2019)
California Hospital Association: What is the difference between a tabletop exercise, a drill, a functional exercise, and a full-scale exercise? (2017). https://www.calhospitalprepare.org/post/what-difference-between-tabletop-exercise-drill-functional-exercise-and-full-scale-exercise. Accessed 13 Aug 2020
Gamelearn: Eight examples that explain all you need to know about serious games and game-based learning (2020). https://www.game-learn.com/all-you-need-to-know-serious-games-game-based-learning-examples/. Accessed 13th Aug 2020
Abdellatif, A.J., McCollum, B., McMullan, P.: Serious games: quality characteristics evaluation framework and case study. In: 2018 IEEE Integrated STEM Education Conference (ISEC): Proceedings, pp. 112–119. IEEE (2018). https://doi.org/10.1109/ISECon.2018.8340460
Hobbs, C., Lentini, L., Moran, M.: The utility of table-top exercises in teaching nuclear security. Int. J. Nucl. Secur. 2(1) (2016)
Hoffman, L.J., Rosenberg, T., Dodge, R., Ragsdale, D.: Exploring a national cyber security exercise for universities. IEEE Secur. Priv. Mag. 3(5), 27–33 (2019)
Dodge, R.C., Ragsdale, D.J., Reynolds, C.: Organization and training of a cybersecurity team. IEEE Conf. Syst. Man Cybern. 5, 4311–4316 (2003)
Thompson, S.: Apprenticeships as the answer to closing the cyber skills gap. Network Security 2019(12), 9–11 (2019)
Marquardson, J., Gomillion, D.L.: Cyber security curriculum development: protecting students and institutions while providing hands-on experience. Inf. Syst. Educ. J. (ISEDJ) (2018)
Jewer, J., Evermann, J.: Enhancing learning outcomes through experiential learning: using open-source systems to teach enterprise systems and business process management. J. Inf. Syst. Educ. 26(3), 187–201 (2015)
Sauls, J., Gudigantala, N.: Preparing Information Systems (IS) graduates to meet the challenges of global IT security: some suggestions. J. Inf. Syst. Educ. 24(1), 71–73 (2013)
Seker, E., Ozbenli, H.: The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation, 1–9 (2018). https://doi.org/10.1109/cybersecpods.2018.8560673
Yukiko, Y., Atsushi, F., Takeo, F., Kazuyo, S.: Enhancement of incident handling capabilities by cyber exercise. NEC Tech. J. 12(2), Special Issue on Cybersecurity (2018)
Dawson, J., Thomson, R.: The future cyber security workforce: going beyond technical skills for successful cyber performance. Front. Psychol. 9, 744 (2018). https://doi.org/10.3389/fpsyg.2018.00744
Adinoyi, J.A.: Games and Simulations, Drills and Exercises: In-Basket Exercise, Tabletop Exercise, Monodrama, Role Playing and Role (2014). Reversal. Accessed from https://www.researchgate.net/publication/327861197
Dewar, R.S.: Cyber Defense Report: Cyber Security and Cyber Defense Exercises. In: Center for Security Studies (CSS), ETH Zürich (2018)
Crimando, S.: The 10 Steps Model for Designing Tabletop Exercises. Everbridge, Inc., London, UK (2017)
Vandendriessche, T. (ed.): Exercitium: European Handbook of Maritime Security Exercises and Drills. Antwerp Port Authority (2015)
Bartnes, M., Moe, B.N.: Challenges in IT security preparedness exercises: a case study. Comput. Secur. 67 (2016)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Angafor, G.N., Yevseyeva, I., He, Y. (2020). Bridging the Cyber Security Skills Gap: Using Tabletop Exercises to Solve the CSSG Crisis. In: Ma, M., Fletcher, B., Göbel, S., Baalsrud Hauge, J., Marsh, T. (eds) Serious Games. JCSG 2020. Lecture Notes in Computer Science(), vol 12434. Springer, Cham. https://doi.org/10.1007/978-3-030-61814-8_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-61814-8_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-61813-1
Online ISBN: 978-3-030-61814-8
eBook Packages: Computer ScienceComputer Science (R0)