Data to Defense: Shaping Tomorrow’s Cybersecurity Analysts with AI
OVERVIEW
We engineered a way to use AI to turn threat intelligence reports into real data, and we’re using it to transform the way cybersecurity is taught, and make the industry more accessible to everyone. At the core of our approach is a python engine that generates realistic intrusion datasets by mimicking the tactics, techniques, and procedures (TTPs) of real-world cyber threat actors. We augmented the engine by using a custom LLM that can turn intrusion reports into configurations that the engine can consume. This innovative use of AI accelerates our ability to provide story-driven, gamified training modules that immerse participants in the role of cyber defenders, where they confront authentic cybersecurity challenges, investigate threat actor behaviors, and learn to recognize sophisticated attack techniques.
In the resulting game, called KC7, participants are guided through investigations of simulated cyberattacks against fictional companies, created to reflect the complexity and nuance of genuine cyber incidents. They learn to navigate and analyze intricate datasets, mapping their findings to MITRE ATT&CK, enhancing their threat hunting and incident response capabilities. They learn to contextualize evidence, unravel the story behind cyber incidents, and develop critical thinking skills crucial for effective threat detection and response.
The use of AI to generate game data enabled us to deliver hundreds of hours of free, fun, and effective training to thousands of people at no cost. As a result, we’ve helped so many people, from different backgrounds, fall in love with cybersecurity defense, ranging from transitioning professions, to K-12 students.