Skip to main content

DoD Taps DEF CON Hacker Traits For Cybersecurity Training Program

Famed capture-the-packet contest technology will become part of DoD training as well.

The Defense Department for the second year in a row sent one of its top directors to DEF CON in Las Vegas this month, but it wasn’t for recruiting purposes.

So what was Frank DiGiovanni, director of force training in DoD’s Office of the Assistant Secretary of Defense for Readiness, doing at DEF CON? “My purpose was to really learn from people who come to DEF CON … Who are they? How do I understand who they are? What motivates them? What sort of attributes” are valuable to the field, the former Air Force officer and pilot who heads overall training policy for the military, says.

DiGiovanni interviewed more than 20 different security industry experts and executives during DEF CON. His main question:  “If you’re going to hire someone to either replace you or eventually be your next cyber Jedi, what are you looking for?”



The DEF CON research is part of DiGiovanni’s mission to develop a state-of-the-art cyber training program that ultimately helps staff the military as well as private industry with the best possible cybersecurity experts and to fill the infamous cybersecurity skills gap today. The program likely will employ a sort of ROTC-style model where DoD trains the students and they then owe the military a certain number of years of employment.

With the help of DEF CON founder Jeff Moss, DiGiovanni over the the past year has met and then picked the brains of, seasoned hackers and the people who hire them about the types of skills, characteristics, and know-how needed for defending organizations from today’s attackers.

DiGiovanni, who is also responsible for helping shape retention and recruitment policy efforts in the DoD, has chatted with CEOs of firms that conduct penetration testing, as well as pen testers and other security experts themselves, to get a clearer picture of the types of skills DoD should be teaching, testing, and encouraging, for future cybersecurity warriors and civilians.

This is the second phase of the development of a prototype cyber training course he spearheads for DoD at Fort McNair: the intensive six-month prototype program currently consists of 30 students from all branches of the military as well as from the US Department of Homeland Security. It’s all about training a new generation of cybersecurity experts.

The big takeaway from DiGiovanni’s DEF CON research: STEM, aka science, technology, engineering, and mathematics, was not one of the top skills organizations look for in their cyber-Jedis. “Almost no one talked about technical capabilities or technical chops,” he says. “That was the biggest revelation for me.”

DiGiovanni compiled a list of attributes for the cyber-Jedi archetype based on his interviews. The ultimate hacker/security expert, he found, has skillsets such as creativity and curiosity, resourcefulness, persistence, and teamwork, for example.

A training exercise spinoff of DEF CON’s famed capture-the-packet (CTP) contest also will become part of the DoD training program. DiGiovanni recruited DEF CON CTP and Wall of Sheep mastermind Brian Markus to repurpose his capture-the-packet technology as a training exercise module. “In October, he will submit to the government a repackaged capture-the-packet training capability for DoD, which is huge,” DiGiovanni says. Also on tap is a capture-the-flag competition, DoD-style, he says.

One of the security experts DiGiovanni met with at DEF CON this year was Patrick Upatham, global director of advanced cybersecurity at Digital Guardian. “I was a little apprehensive at first,” Upatham says. “After learning what they are doing and the approach that they are taking, it totally made sense.”

“He [Frank] is looking for a completely different mindset and background, and [to] then train that person with the technical detail” to do the job, Upatham says. “They are looking for folks who are more resourceful and persistent, and creative in their mindset.”

DoD’s training program is about being more proactive in building out its cybersecurity workforce. That’s how it has to work now, given that more than 200,000 cybersecurity jobs were left unfilled last year overall. DoD’s Cyber Mission Force is calling for some 6,200 positions to be filled.

The goal is to train that workforce in both offensive and defensive security skills. That means drilling down on the appropriate problem-based learning, for example. The current prototype training program doesn’t require a four-year degree, and it’s more of a “journeyman apprentice” learning model, DiGiovanni says.

About 80% or so is hands-on keyboard training, he says, with the rest is lecture-based. “A lot of the lectures are by the students themselves, with a learn-by-teaching model,” he says.

DiGiovanni gave an example of one student in the DoD training program who came in knowing nothing about security. The young man was a self-professed  “cable dog” at Fort Meade, a reference to his job of pulling cable through pipes. But when he finished the six-month DoD course, he was reverse-engineering malware.

“When he came to the course, he didn’t know what a ‘right-click’” of a mouse was, nor did he have any software technology experience, DiGiovanni recalls. “To me, that’s a heck of a success story.”

The next step is determining how to scale the DoD training program so that it can attract and train enough cyber warriors for the future. The goal is to hand off the training program to a partner organization to run it and carry it forward, possibly as early as this fall, he says.

Meantime, DiGiovanni says the DEF CON hacker community is a key resource and potential partner. “The security of our nation is at stake. I think it’s imperative for DoD to embrace the DEF CON community because of the unique skill they bring to the table,” he says. “They want to serve and contribute, and the nation needs them.”

Kelly Jackson Higgins is Executive Editor at DarkReading.com. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comments

Popular posts from this blog

CONCERNED CITIZENS OF SOUTH-CENTRAL LOS ANGELES ANNOUNCES SECOND CHANCE JOBS PROGRAMS FOR JUSTICE INVOLVED CALIFORNIA'S

CONCERNED CITIZENS OF SOUTH-CENTRAL LOS ANGELES ANNOUNCES SECOND CHANCE JOBS PROGRAMS TO GIVE FORMERLY INCARCERATED CALIFORNIANS FREE EMPLOYMENT TRAINING TIED TO GUARANTEED JOB OPPORTUNITIES May 15, 2020                                                                              For Immediate Release LOS ANGELES - Noreen McClendon the Executive Director of Concerned Citizens of South  Central Los Angeles (CCSCLA), announced today that in partnership with RyPul Threat  Assessments, BlacTree Inc, White Rhino Group Inc., Paxton Co., and other entities within the State of California, CCSCLA will provide a cost-free jobs training program connected to guaranteed sponsored employment through her nonprofit organization Concerned Citizens of South-Central Los Angeles. This partnership according to McClendon looks to provide stable employment for justice-involved men and women who have turned their lives around and who are seeking a life of freedom through hope, education, and

Urban Sniper Skills

Photos by Jake Swanson A Former SEAL Schools Us On the Finer Points of Fieldcraft and Marksmanship in the Concrete Jungle According to the U.S. Census Bureau, 80 percent of the American population lives in urban areas. Yet, whenever we see classes or articles about precision marksmanship, they’re usually set against a backdrop of wide-open spaces, with emphasis on the mythical “1,000-yard shot.” Charles Mosier, lead sniper with Las Vegas SWAT and a former Navy SEAL, aims to change that with his urban sniper course. Basic skills of fieldcraft, navigation, stalking, and trigger pulling don’t change, whether the environment is the tundra of northern Norway or the mountains of Afghanistan. But the methods used to ensure a successful shot and the survival of the shooter must be adapted to circumstance. This is why Mosier teaches through doing. Each student gets the chance to practice with his or her equipment in a hands-on setting to see what works, and if it doesn’t, to come up with

Navistar has developed the SOTV-B, a purpose-built tactical vehicle

 (Navistar) If you’ve ever seen videos from an African or Asian warzone, you’ve probably noticed most of them have something in common: midsize pickups. Lots of them. Usually Toyotas, but increasingly Chinese, the typically white, crew cab trucks are a favorite mode of transportation for both combatants and folks just going about their business in developing nations. So, if you’re from out of town and looking to fit in, say on a secret recon mission with your special ops team, they’re a good way to go, but not exactly military spec. That’s why Navistar has developed the SOTV-B, a purpose-built tactical vehicle that was designed to look like your average pickup, but isn’t. Related Image Expand / Contract  (Navistar) Based on the SOTV-A, which wears a more official uniform, the SOTV-B is fitted with the most generic bodywork imaginable. There’s nothing distinguishing about it at all, but if you’re still concerned the locals have gotten wise to your presence, th