Training program teaches cyber operators to adopt an offensive mindset to defend against attacks
As a cyber engineer, he is more than familiar with the internet, cybersecurity and the threats that exist online.
But once he learned more about known cyber exploits and vulnerabilities, and started thinking like a hacker, he quickly realized that he needed to do more to protect his devices.
'It's like in
Raytheon Intelligence & Space, a
There is a worldwide shortage of cybersecurity experts. Currently, there are about 436,000 vacant cyber jobs in the
'We're approaching this from the perspective of a hacker and using our knowledge of offensive tactics to better inform how we do cyber defense,' said
In 2022,
'We have a couple of different paths depending on what the student's end goal is,' said
The CNO developer track is offering a new course for its students, designed to widen the applicability of the training to information technology and cybersecurity professionals.
'The CNO developer students that are now going through the program are brand new. We're calling it DEVCORE, which is a C programming-focused curriculum,' said
They've also made the course available to engineers across
'This shows that we're committed to investing in our engineers, giving them opportunities to either advance or broaden their skillsets,' Weldon said. 'We have quite a few junior-level engineers, but we've also had a handful of engineers who have been with Raytheon for 10 years or more, and they're very good at what they do. But they were looking for a change and joined the program.'
All of the course offerings start with a general knowledge track to give every student a common background.
'There's the opening, general knowledge module that I teach, that all of our students go through,' Light said. 'It gives everybody a background in topics that are common to all the learning paths. We cover x86 assembly language, the basics of reverse engineering, and give overviews of the training paths ahead. Our students come from different backgrounds and have a wide range of experience; we want to get everybody on the same page before going on to module two.'
From there, instruction divides between the VR track and the CNO development track with each cohort receiving tailored instruction.
'For the VR students, they proceed to war games, which is a platform that has 32 different reverse engineering and VR challenges that they'll work through,' Light said. 'Then we have an internal two-week class, called VR tradecraft, where we go more in depth on bug patterns and bug discovery, as well as different architectures and their protections and defeats. We conclude with a two-week capstone project, to put it all together and let students prove their mettle before they move out onto a program.'
'We're approaching this from the perspective of a hacker and using our knowledge of offensive tactics to better inform how we do cyber defense.'
The students in the VR course value the company and feedback they receive.
'I really enjoyed having actual lab work,' said
'For the CNO students, they'll have various challenges in their training. We start them off with four C programming projects,' said Light. 'These cover topics like using sockets, inter-process communications with shared memory, and other stuff to get them practice with programming. Students also take our four-week CNO tradecraft course where they learn how to hide processes, inject code into processes, and things like that. Finally, they take a training class on Windows or Linux internals and ultimately conclude with a two or three-week capstone.'
The opportunity to practice the skills taught during instruction is a highlight for the students.
'The assignments that they give you, they don't just give them to you and then you submit them, and they grade them - they give you feedback and then they ask you to resubmit them if they're not good enough,' said
Besides growing new talent that can immediately be assigned to projects,
'I think it was really cool that
The feedback from
'Overall, it seems that those individuals who went on to assignments have been highly useful,' Weldon said. 'We've heard great feedback from the program managers and the engineering teams. And also, the engineers who went through the program that it was useful training that set them up for success on their programs.'
Graduates of
'We need to come up with defenses before attacks and zero days happen,' said Ferguson, using a cybersecurity term for newly discovered methods of attack. 'We've got to be out there actively trying to hunt for these exploits, these vulnerabilities, ourselves, so we can learn to defend ourselves.'
(C) 2023 Electronic News Publishing, source