Programmed to defend
One of the main market activities of White Hat is the development and training of corporate „blue teams” responsible for the prevention and mitigation of cyber-attacks – closely related to which are the company’s incident response and adversary simulation profiles. (In NATO military exercises the home team is usually marked with the colour blue, while the enemy is played by the „red team” – hence the name.) Their job is, however, made more difficult by the fact that there are very few existing programmes training experts to defend enterprise networks. „Everyone is teaching hackers, but a hacker on his/her own cannot defend the company. This needs a different approach: what a defence strategy consists of, what roles are there in a defensive team, who does what, and how one should lead such a team. This is the knowledge we wish to pass on.” explains Sándor Fehér about the recently started course.
The academic partner for the training is the John von Neumann Faculty of Informatics of the prestigious Óbuda University, in exchange for which 25 of its students get to participate in the course for free. Feasibility is guaranteed by students of the paid WHCD training – for these places they expect primarily those already working in IT security, even experts with experience on the defensive field, who nevertheless have no comprehensive overview of „blue teaming”.
Its value lies in its difficulty
The complete course consists of 12 lectures over two semesters. The training is very much practice oriented, but during the lectures only the theoretical and academic basics are taught: the students have to work out the practical examples themselves, from home, via the online platform of Avatao. Throughout these they go over a fictional but very life-like APT scenario. The students have to do research and go after things themselves, as part of the concept. The exam, for which the model was that of the Israeli-American Offensive Security trainings, is also special. The first part takes 24 hours: the examinees have to avert and mitigate a partially automated – partially live attack in different defensive roles. The next 24 hours is documentation: they have to report the entire attack, its process and the defensive efforts to an imaginary IT manager or CISO. „We set the bar purposefully high, the exam will not be easy. But this is the only way to keep the WHCD certification valuable.” added Sándor Fehér.