cyber analyst training
play

Cyber Analyst Training Susan Adams, Elizabeth Fleming, Siobhan - PowerPoint PPT Presentation

Sep 02, 2023 •234 likes •399 views

Human Factors Approach to Cyber Analyst Training Susan Adams, Elizabeth Fleming, Siobhan Heiden and Liza Kittinger Presented by: Elaine Raybourn Sandia National Laboratories, United States of America The Team 2 Susan Adams, PhD Scottie

  1. Human Factors Approach to Cyber Analyst Training Susan Adams, Elizabeth Fleming, Siobhan Heiden and Liza Kittinger Presented by: Elaine Raybourn Sandia National Laboratories, United States of America

  2. The Team 2 Susan Adams, PhD Scottie Fleming Siobhan Heiden, PhD Liza Kittinger, MA Principal technical staff Senior technical staff Technical staff member Lindsley, PhD member member Senior technical staff member Specializations : Specializations : Process Specializations : Training, Specializations : Engineering design and systems analysis and technology adoption, Experimental design, processes, collaborative design, knowledge organizational task analysis, decision decision making management development making

  3. Sandia’s Cyber Mission Area 3 Sandia built a network intrusion detection Sandia’s research efforts in cybersecurity tool that helps cyber analysts detect: are focused in three broad areas: • Cyber attacks 1. Trusted hardware, software, and systems; • Data exfiltration 2. Networks and systems architectures and • System compromise analysis; and • Data manipulation 3. Effective cyber defense systems • Insider threat

  4. Background 4 Motivation: Current training for tool to help cyber analysts’ identify pertinent risks did not sufficiently address their knowledge gaps Goal: Create evidence-based training materials to support novice cyber analysts’ needs at various stages of their learning Source: Sandia Labs (CC BY-NC-ND 2.0)

  5. Challenges 5 • Limited access to end-users (i.e., cyber analysts) • End-users from a variety of organizations and cultural backgrounds • End-users separated by location and time from each other and the design team • Tool is constantly updated and modified • Need for both instructor-led training and post-training reference materials Source: Sandia Labs (CC BY-NC-ND 2.0)

  6. Human Factor Approaches Used 6 Expert Heuristic Task Analysis Elicitations Evaluations Iterative Ethnography Design

  7. Expert Elicitations 7 Expert Task Heuristic Elicitations Analysis Evaluations Definition: A process of obtaining judgements and knowledge from experts to a particular problem or scenario Iterative Ethnography Design Approach Explained the Elicitation Select Experts Refined Issues Context • Engineers and • Focused on issues of • Used task-oriented exercises with • Described the purpose designers of the tool learning and usability standardized question sets to elicit of the meeting and their conceptual understanding, expected outcomes • for the end user technical reasoning, and mental organization of the information most relevant for solving a particular issue. Findings ◦ Understand the decisions and reasons for solving particular cyber issues ◦ Identify commonalities and differences expert analysts might take ◦ Begin identifying locations where scaffolding would be appropriate

  8. Task Analysis 8 Expert Task Heuristic Elicitations Analysis Evaluations Definition : A process of breaking a job task into smaller parts Iterative Ethnography Design Approach ◦ Used a general task analysis method where we focused on identifying the relationships one task had with another task in addition to terminology used ◦ Think-Aloud-Protocol: Experts were asked to talk while performing a given task Findings ◦ Allowed for the design team to observe aspects of the analyst’s behavior with various levels of detail and at various stages of the task ◦ Allowed the design team to understand sequential steps in completing tasks Attribution

  9. Heuristic Evaluation 9 Expert Task Heuristic Elicitations Analysis Evaluations Definition : An analysis of the computer interface to ensure it is “user friendly” Iterative Ethnography Design Approach ◦ Used usability standards to evaluate how easy the interface was to use ◦ Considerations were given around: learnability, efficiency, memorability, errors and satisfaction Findings ◦ Results and recommendations for modern tool enhancements were given to developers (e.g. interface organization, features, search, etc.) ◦ Interface limitations influenced some aspects of how team designed training

  10. Ethnography: Participant Observation 10 Expert Task Heuristic Elicitations Analysis Evaluations Definition : A strategy of observation and direct participation to understand the trainee’s perspective Iterative Ethnography Design Approach ◦ Participated in training sessions similar to an end user of the tool ◦ Completed readings and exercises a new analyst would experience ◦ Tried triaging cyber issues the way a new analyst is expected to do Findings ◦ Identified gaps in the learning process and where information became too advanced too quickly ◦ Identified assumptions instructors had of their students

  11. Iterative Design 11 Expert Task Heuristic Elicitations Analysis Evaluations Definition : A method of prototyping, testing, analyzing and refining, then restarting the process. Iterative Ethnography Design • Non-linear process which involved continuous evaluation and feedback from users and designers to identify opportunities for improvement • Training was updated multiple times Design Evaluate Prototype

  12. Lessons Learned 12 • Understanding the end user is key to any training design • Experts in the field are great resources, but effort is needed to scale down their level of knowledge to be appropriate for novice learners • Anticipate small and big changes to software to occur throughout the development of training

  13. Conclusions 13 • Designing a learning program takes time • Some enhancements suggested by Human Factors may be beyond the scope of training (e.g., tool functionality) • The “ideal situation” is not always realistic – constraints, barriers and changes are inherent • Feedback and evaluation are key to a successful training program • Partnering with experts who were accessible was crucial to our success

  14. Acknowledgements 14 Special thanks to the subject matter experts who participated in the design and development of this training. This presentation describes objective technical results and analysis. Any subjective views or opinions that might be expressed in the paper do not necessarily represent the views of the U.S. Department of Energy or the United States Government. Sandia National Laboratories is a multi-mission laboratory managed and operated by National Technology and Engineering Solutions of Sandia, LLC, a wholly owned subsidiary of Honeywell International Inc., for the U.S. Department of Energy’s National Nuclear Security Administration under contract DE-NA0003525. SAND2019-5167 C.

  15. Questions? 15 Susan Adams – smsteve@sandia.gov

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Training in a Cyber-active Environment Using C2-Simulation Interoperation Dr. Mark Pullen George

Training in a Cyber-active Environment Using C2-Simulation Interoperation Dr. Mark Pullen George

Training in a Cyber-active Environment Using C2-Simulation Interoperation Dr. Mark Pullen George Mason University C4I & Cyber Center, USA James Ruth Trideum, Inc. Overview Introduction: Importance of cyber-active training

540 views • 24 slides
TRAINING IN THE INFORMATION AGE Cyber warfare and beyond Michael Pegelow Key Account Manager

TRAINING IN THE INFORMATION AGE Cyber warfare and beyond Michael Pegelow Key Account Manager

TRAINING IN THE INFORMATION AGE Cyber warfare and beyond Michael Pegelow Key Account Manager GESI 17.05.2018 Your worldwide training partner of choice Training today Focusing on Command And Staff Training (CAST) Your worldwide training

598 views • 21 slides
CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September

Eric Weston Wally Magda, CISSP, PSP, CISA Compliance Auditor, Cyber Compliance Auditor, Cyber Security Security CIP 101 Training CIP-007-3a Cyber Security System Security Management Overview September 24-25, 2013 Salt Lake City, UT No

2.02k views • 198 slides
EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot

EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot

EternalBlue: Exploit Analysis and Beyond WHO AM I? Emma McCall Cyber Security Analyst @ Riot Games @RiotNymia on Twitter JUST A LITTLE HISTORY Black Market Intelligence Auc1on Approx. August 2016 No bites April 14 th 2017 Group

462 views • 35 slides
KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A.

KNOW YOUR ROLE DO YOUR JOB: A mapping of skills and building a Cyber Security Career EILEEN. A. Cyber Defense and Forensics Analyst The Dilemma Caught in a web, ever growing cyber attacks, changes in technology. Strategies seem to last an

452 views • 28 slides
90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO

90% OF CYBER ATTACKS ARE 90% OF CYBER ATTACKS ARE SUCCESSFUL DUE TO HUMAN SUCCESSFUL DUE TO HUMAN ERROR ERROR CYBER AWARE CYBER AWARE NEXT-GEN SECURITY AWARENESS TRAINING Cyber Crime Is Now A Cyber Crime Is Now A Business Opportunity

550 views • 25 slides
CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October

CYBER Overview Training for New Providers in the New Jersey Childrens System of Care October 2019 (01416) What is CYBER? A fully functional Electronic Health Record system, that is a tool for providers to make the maintenance of youth

736 views • 59 slides
OECD STUDY ON SUPPORTING AN EFFECTIVE CYBER INSURANCE MARKET Leigh Wolfrom, Policy Analyst,

OECD STUDY ON SUPPORTING AN EFFECTIVE CYBER INSURANCE MARKET Leigh Wolfrom, Policy Analyst,

OECD STUDY ON SUPPORTING AN EFFECTIVE CYBER INSURANCE MARKET Leigh Wolfrom, Policy Analyst, Directorate for Financial and Enterprise Affairs, OECD OECD Expert Workshop on Improving the Measurement of Digital Security Incidents and Risk Management

393 views • 12 slides
CUSD428 Cyber Security CUSD428 NetSec Team Ben Bayle Ben Yochem Marco Robles CTO System

CUSD428 Cyber Security CUSD428 NetSec Team Ben Bayle Ben Yochem Marco Robles CTO System

CUSD428 Cyber Security CUSD428 NetSec Team Ben Bayle Ben Yochem Marco Robles CTO System Analyst System Analyst We have combined 40+ years of experience in the field with certifications in Security, Network, Server, Storage, and

162 views • 15 slides
NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For

NSF Activities in Cyber Trust NSF Activities in Cyber Trust NSF Activities in Cyber Trust For ACM CCS I ndustry/ Govt Track Oct. 26, 2004 Carl Landwehr ( clandweh@nsf.gov ) Cyber Trust Coordinator National Science Foundation What s the

439 views • 17 slides
TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N

TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N

TeamDefend TeamDefend Organizational and Inter-Organizational Cyber Defense Training S C I E N C E A P P L I C A T I O N S I N T E R N A T I O N A L C O R P O R A T I O N Agenda Agenda Background on Cyber Exercises Introduction

428 views • 15 slides
CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College

3/29/2012 CYBER CYBER-SAFETY CYBER CYBER SAFETY SAFETY SAFETY BASICS BASICS Engineering Staff College of India I N T R O D U C T I O N What is Cyber-safety Consequences Threats of Inaction Cyber-safety? Cyber-safety Cyber-safety at

215 views • 7 slides
What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is

R egional C yber C rime U nit DC Louise Gibson Prepare, Prevent & Protect What is Cyber Crime? Cyber Enabled Crime Cyber Dependant Crime Traditional crime that is enhanced in scale or Crimes that can only be committed solely reach by use

316 views • 9 slides
NEW LEDGER REVIEW SYSTEM TRAINING MANAGEMENT LEDGER REVIEW (MLR) JULY 2015 JIM HEWLETT ANALYST

NEW LEDGER REVIEW SYSTEM TRAINING MANAGEMENT LEDGER REVIEW (MLR) JULY 2015 JIM HEWLETT ANALYST

NEW LEDGER REVIEW SYSTEM TRAINING MANAGEMENT LEDGER REVIEW (MLR) JULY 2015 JIM HEWLETT ANALYST Note on this Training This training module focuses on details and functionality of Management Ledger Review (MLR) and how to interpret and

549 views • 33 slides
IT 2 EC 2020 Cyber Training Architecture, Enabling Digital Twin Environments Amit Kapadia 1 ,

IT 2 EC 2020 Cyber Training Architecture, Enabling Digital Twin Environments Amit Kapadia 1 ,

IT 2 EC 2020 IT 2 EC Extended Abstract Template Presentation/Panel IT 2 EC 2020 Cyber Training Architecture, Enabling Digital Twin Environments Amit Kapadia 1 , Rick Osborne 2 , Brian Vermillion 3 1 Chief Engineer, U.S. Army PEO STRI, Orlando,

84 views • 4 slides
Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright,

Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright,

Cybersecurity Shorts: Short Cyber Training Videos for Todays Workforce Dr. Kelly S. Wright, CISSP Instructional Systems Specialist IT Workforce Development (ITWD) Office of Information & Technology Department of Veterans Affairs Why

360 views • 24 slides
Introducing the new Meta-Ethnography Reporting Guidance What it is and how to use it. Project

Introducing the new Meta-Ethnography Reporting Guidance What it is and how to use it. Project

Introducing the new Meta-Ethnography Reporting Guidance What it is and how to use it. Project team: Emma France, 1 Nicola Ring, 2 Maggie Cunningham 1 , Isabelle Uny 1 , Edward Duncan, 1 Rachel Roberts, 1 Ruth Jepson, 3 Margaret Maxwell, 1 Ruth

215 views • 18 slides
INTRODUCTION PHN practice is population-focused requiring unique knowledge, competencies, and

INTRODUCTION PHN practice is population-focused requiring unique knowledge, competencies, and

OBJECTIVES To examine the evolution of advanced public health nursing (APHN) roles that address extant, complex community level problems such as rural substance abuse. To apply an ethnographically-informed and community participatory

358 views • 20 slides
ETHNOGRAPHY NEO ETHNOGRAPHY CATEGORIES Old Ethnography New Ethnography DIFFERENCES New

ETHNOGRAPHY NEO ETHNOGRAPHY CATEGORIES Old Ethnography New Ethnography DIFFERENCES New

ETHNOGRAPHY NEO ETHNOGRAPHY CATEGORIES Old Ethnography New Ethnography DIFFERENCES New Ethnography Old Ethnography Fact Collection Influenced by Cultural Linguistics Either from natives or from Focus on analysis

448 views • 13 slides
Quantitative Ethnography Well be doing some work in groups, so decide whether you want to sit

Quantitative Ethnography Well be doing some work in groups, so decide whether you want to sit

Quantitative Ethnography Well be doing some work in groups, so decide whether you want to sit with people you already know, or meet new folks. Either is fine! David Williamson Shaffer Vilas Distinguished Achievement Professor of Learning

1.95k views • 165 slides
Ethnographic and field observation Dan Smith 2 Overview Aims History Practice 1

Ethnographic and field observation Dan Smith 2 Overview Aims History Practice 1

6/11/18 Ethnographic and field observation Dan Smith 2 Overview Aims History Practice 1 6/11/18 3 Ethnographic observation for HCI Close observation of human behaviour in the field What do people really do? How do

591 views • 13 slides
Field and diary studies Michelle Mazurek Some slides adapted from Lorrie Cranor, Blase Ur, Vibha

Field and diary studies Michelle Mazurek Some slides adapted from Lorrie Cranor, Blase Ur, Vibha

Field and diary studies Michelle Mazurek Some slides adapted from Lorrie Cranor, Blase Ur, Vibha Sazawal 1 Administrative HW1 almost done grading HW2 out soon Course project discussion soon! (2/28) 2 FIELD STU FI TUDIES 3 What

226 views • 21 slides
Social Psychology Session 2 Doing Research in Social Psychology- Part 1 Lecturer: Dr. Peace

Social Psychology Session 2 Doing Research in Social Psychology- Part 1 Lecturer: Dr. Peace

SOCI 323 Social Psychology Session 2 Doing Research in Social Psychology- Part 1 Lecturer: Dr. Peace Mamle Tetteh, Department of Sociology Contact Information: ptetteh@ug.edu.gh College of Education School of Continuing and Distance

678 views • 23 slides
Examples of Field Research Examples of Field Research Research Research Studying the

Examples of Field Research Examples of Field Research Research Research Studying the

Chapter 10: Qualitative Field Chapter 10: Qualitative Field Examples of Field Research Examples of Field Research Research Research Studying the Satanists (Randall Alfred, 1976) Studying the Satanists (Randall Alfred, 1976) Topics

62 views • 5 slides

More recommend