Skip to main content
SpringerLink
Log in
Book cover

Joint International Conference on Serious Games

JCSG 2020: Serious Games pp 117–131Cite as

Bridging the Cyber Security Skills Gap: Using Tabletop Exercises to Solve the CSSG Crisis

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 12434))

Abstract

Recent breaches like the WannaCry ransomware attack in 2017 are evidence of the rapidly evolving cyber security threat landscape. They demonstrate the ability of cybercriminals to take down individuals and businesses efficiently. This is an indication that few companies can sustain these challenges due to a shortage of professionals with essential specialist cyber security skills. It puts into perspective the urgent need to train and nurture new graduates who possess the minimum qualifications and aptitudes required in the cyber security profession. This study investigates the current cyber security skills gap (CSSG). It observes that cyber security skills are high in demand, yet short in supply, with employers facing problems attracting skilled personnel to fill the ever-growing cyber security roles within their businesses. The study noted that while there are some attempts to address the CSSG through education and training, some recruiting managers held that many cyber security graduates lacked essential business sustaining skills. It observed that graduates focused more on technical skills like hacking while ignoring critical, practical, hands-on abilities. The study identified 5 features of the CSSG and argued that they can be addressed through a serious games (SGs) training approach. This method makes use of SG elements like tabletop exercises (TTXs) which nurture and enhance practical hands-on skills. TTXs enhance the development of skills like problem-solving, communication, teamwork and business processes understanding thereby enabling cyber security incident teams (CSIRTs) to conduct their daily activities unperturbed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Buvat, J., Turner, M., Puttur, R.K., Slatter, M.: Cybersecurity talent: the big gap in cyber protection. Capgemini Digital Transformation Institute (2018)

    Google Scholar 

  2. Deloitte, The Changing Faces of Cybersecurity. Closing the Cyber Risk Gap. Deloitte LLP, Ontario (2018)

    Google Scholar 

  3. Patriciu, V.V., Furtuna, A.C.: Guide for designing cyber security exercises. In: Proceedings of the 8th WSEAS International Conference on E-Activities and Information Security and Privacy, pp. 172–177. World Scientific and Engineering Academy and Society (WSEAS) (2009)

    Google Scholar 

  4. Beyer, M., et al.: Awareness is only the first step: a framework for progressive engagement of staff in cyber security. Hewlett Packard Enterprise (2015)

    Google Scholar 

  5. Hadley, J.: Why the cyber security skills gap won’t be solved in the classroom. Forbes Magazine, 12th September (2019). https://www.forbes.com/sites/jameshadley/2019/09/12/why-the-cybersecurity-skills-gap-wont-be-solved-in-the-classroom/

  6. Pedley, D., McHenry, D., Motha, H., Shah, J.N.: Understanding the U.K. Cyber security Skills Labour Market – Research report for the Department for Digital, Culture, Media and Sport, Department for Digital, Culture, Media & Sport, London, UK (2018)

    Google Scholar 

  7. Fisher, T., Stevens, M.R.: Serious Games Humanitarian User Research. Imaginetec (2020)

    Google Scholar 

  8. Chen, S., Michael, D.: Serious Games: Games that Educate, Train, and Inform. Thomson Course Technology, Boston (2005)

    Google Scholar 

  9. Ulisack, M., Wright, M.: Games in Education: Serious Games. Futurelab (2010). www.futurelab.org.uk/projects/games-in-education

  10. Angafor, G.N., Yevseyeva, I., He, Y.: Game-based learning: a review of tabletop exercises for cybersecurity incident response training. Secur. Priv. (2020). https://doi.org/10.1002/spy2.126

  11. Klabber, J.H.G.: The emerging field of simulation & gaming: meanings of a retrospect. Simul. Gaming 32(4), 471–480 (2001). Sage Publications

    Google Scholar 

  12. Anderson, E., McLoughlin, L., Liarokapis, F., Peters, C., Petridis, P., Freitas, S.: Serious Games in Cultural Heritage, pp. 29–48 (2009)

    Google Scholar 

  13. Almeida, F., Simoes, J.: The role of serious games, gamification, and industry 4.0 tools in the education 4.0 paradigm. Contemp. Educ. Technol. 10(2), 120–136 (2019). https://doi.org/10.30935/cet.554469

  14. Cobb, S.: Mind the Gap: Criminal Hacking and the Global Cyber security Kills Shortage, A Critical Analysis, Virus Bulletin Conference 2016, ESET, USA (2016)

    Google Scholar 

  15. Cisco, Mitigating the Cyber security Skills Shortage. Top Insights and Actions from Cisco Advisory Services (2015)

    Google Scholar 

  16. Crumpler, W., Lewis, J.A.: The Cybersecurity Workforce Gap, Center for Strategic and International Studies (CSIS) (2019)

    Google Scholar 

  17. Cobb, M.J.: Plugging the skills gap: the vital role that women should play in cybersecurity. Comput. Fraud Secur. (1) (2018)

    Google Scholar 

  18. Semafone, B.R.: Dangerous skills gap leaves organisations vulnerable. Network Secur. 2016(8) (2016)

    Google Scholar 

  19. ZeroNorth, Why the Cybersecurity Skills Shortage is a Real Nightmare (2019). https://securityboulevard.com/2019/10/why-the-cybersecurity-skills-shortage-is-a-real-nightmare/. Accessed 21 May 2020

  20. (ISC)2: Cybersecurity Professionals Focus on Developing New Skills as Workforce Gap Widens, 2018. (ISC)2 Cybersecurity Workforce Study (2018). https://www.isc2.org/-/media/7CC1598DE430469195F81017658B15D0.ashx. Accessed 21 May 2020

  21. FitzGerald, N.: What the Cybersecurity Skills Gap Really Means. https://www.csoonline.com/article/3331983/What-the-cybersecurity-skills-gap-really-means.html. Accessed 19 May 2020

  22. Selensec: Addressing the Cyber security Skills Gap – A Reading for Policy Makers, Employers and Young Professionals, Selensec Academy, Sheffiel (2019)

    Google Scholar 

  23. ISACA, State of Cybersecurity 2017, February 2017, ISACA, IL (2017)

    Google Scholar 

  24. ISACA: State of Cybersecurity 2019 – Part 1: Current Trends in the Workforce Development, ISACA, IL (2019)

    Google Scholar 

  25. Indeed, Indeed Spotlight: The Global Cybersecurity Skills Gap. http://blog.indeed.com/2017/01/17/cybersecurity-skills-gap-report/. Accessed 19 May 2020

  26. McAfee: Cybersecurity Talent Study. A deep dive into Australia’s cybersecurity skills gap, McAfee, LLC. September 2018

    Google Scholar 

  27. Ferrara, J.: Why Most Cybersecurity Training Doesn’t Work, (2012). https://www.wombatsecurity.com/news/why-most-cyber-security-training-doesnt-work. Accessed 19 May 2020

  28. Sitnikova, E., Foo, E., Vaughn, R.B.: The power of hands-on exercises in SCADA cyber security education. In: Dodge, R.C., Futcher, L. (eds.) WISE 2009/2011/2013. IAICT, vol. 406, pp. 83–94. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39377-8_9

    Chapter  Google Scholar 

  29. Carnegie Mellon University: What Skills are Needed When Staffing Your CSIRT?. Software Engineering Institute, Pittsburgh (2017)

    Google Scholar 

  30. Pfleeger, S.L., Improving Cybersecurity Incident Response Team (CSIRT) Skills, Dynamics and Effectiveness, Air Force Research Laboratory, Dartmouth College, Hanover, NH (2017)

    Google Scholar 

  31. Peacock, D., Irons, A.: Gender inequality in cyber security: exploring the gender gap in opportunities and progression Int. J. Gender Sci. Technol. 9(1). ISSN 20400748 (2017)

    Google Scholar 

  32. Fortinet, Exploring the Benefits of Gender Diversity in Cybersecurity (2019). https://www.fortinet.com/blog/business-and-technology/exploring-benefits-gender-diversity-cybersecurity.html. Accessed 19 May 2020

  33. Wakefield, A.: Diversity, and Inclusion: What should this mean in the security sector, Security Institute, Warwickshire, UK, December 2018

    Google Scholar 

  34. KPMG: Hire a hacker to solve a cyber skills crisis’ say UK companies (2014). http://www.kpmg.com/uk/en/issuesandinsights/articlespublications/newsreleases/pages/hire-a-hacker-to-solve-cyber-skills-crisis-say-ukcompanies.aspx. Accessed 17 May 2020

  35. Vogel, R.: Closing the Cyber security Skills Gap. Salus J. 4(2) (2016)

    Google Scholar 

  36. California Association of Health Facilities: Emergency Preparedness Training Exercise Guide for Nursing Homes, California: California Association of Health Facilities (2008)

    Google Scholar 

  37. Kick, J.: Cyber Exercise Playbook, Mitre Corporation (2014)

    Google Scholar 

  38. Everett, M.: Tabletop Exercise for Cybersecurity: Maintaining a Healthy Incident Response. Essextec, New York (2016)

    Google Scholar 

  39. Frégeau A., et al.: Use of tabletop exercises for healthcare education: a scoping review protocol, BMJ Open 10, e032662 (2020). https://doi.org/10.1136/bmjopen-2019-032662, (2019)

  40. California Hospital Association: What is the difference between a tabletop exercise, a drill, a functional exercise, and a full-scale exercise? (2017). https://www.calhospitalprepare.org/post/what-difference-between-tabletop-exercise-drill-functional-exercise-and-full-scale-exercise. Accessed 13 Aug 2020

  41. Gamelearn: Eight examples that explain all you need to know about serious games and game-based learning (2020). https://www.game-learn.com/all-you-need-to-know-serious-games-game-based-learning-examples/. Accessed 13th Aug 2020

  42. Abdellatif, A.J., McCollum, B., McMullan, P.: Serious games: quality characteristics evaluation framework and case study. In: 2018 IEEE Integrated STEM Education Conference (ISEC): Proceedings, pp. 112–119. IEEE (2018). https://doi.org/10.1109/ISECon.2018.8340460

  43. Hobbs, C., Lentini, L., Moran, M.: The utility of table-top exercises in teaching nuclear security. Int. J. Nucl. Secur. 2(1) (2016)

    Google Scholar 

  44. Hoffman, L.J., Rosenberg, T., Dodge, R., Ragsdale, D.: Exploring a national cyber security exercise for universities. IEEE Secur. Priv. Mag. 3(5), 27–33 (2019)

    Article  Google Scholar 

  45. Dodge, R.C., Ragsdale, D.J., Reynolds, C.: Organization and training of a cybersecurity team. IEEE Conf. Syst. Man Cybern. 5, 4311–4316 (2003)

    Google Scholar 

  46. Thompson, S.: Apprenticeships as the answer to closing the cyber skills gap. Network Security 2019(12), 9–11 (2019)

    Google Scholar 

  47. Marquardson, J., Gomillion, D.L.: Cyber security curriculum development: protecting students and institutions while providing hands-on experience. Inf. Syst. Educ. J. (ISEDJ) (2018)

    Google Scholar 

  48. Jewer, J., Evermann, J.: Enhancing learning outcomes through experiential learning: using open-source systems to teach enterprise systems and business process management. J. Inf. Syst. Educ. 26(3), 187–201 (2015)

    Google Scholar 

  49. Sauls, J., Gudigantala, N.: Preparing Information Systems (IS) graduates to meet the challenges of global IT security: some suggestions. J. Inf. Syst. Educ. 24(1), 71–73 (2013)

    Google Scholar 

  50. Seker, E., Ozbenli, H.: The Concept of Cyber Defence Exercises (CDX): Planning, Execution, Evaluation, 1–9 (2018). https://doi.org/10.1109/cybersecpods.2018.8560673

  51. Yukiko, Y., Atsushi, F., Takeo, F., Kazuyo, S.: Enhancement of incident handling capabilities by cyber exercise. NEC Tech. J. 12(2), Special Issue on Cybersecurity (2018)

    Google Scholar 

  52. Dawson, J., Thomson, R.: The future cyber security workforce: going beyond technical skills for successful cyber performance. Front. Psychol. 9, 744 (2018). https://doi.org/10.3389/fpsyg.2018.00744

  53. Adinoyi, J.A.: Games and Simulations, Drills and Exercises: In-Basket Exercise, Tabletop Exercise, Monodrama, Role Playing and Role (2014). Reversal. Accessed from https://www.researchgate.net/publication/327861197

  54. Dewar, R.S.: Cyber Defense Report: Cyber Security and Cyber Defense Exercises. In: Center for Security Studies (CSS), ETH Zürich (2018)

    Google Scholar 

  55. Crimando, S.: The 10 Steps Model for Designing Tabletop Exercises. Everbridge, Inc., London, UK (2017)

    Google Scholar 

  56. Vandendriessche, T. (ed.): Exercitium: European Handbook of Maritime Security Exercises and Drills. Antwerp Port Authority (2015)

    Google Scholar 

  57. Bartnes, M., Moe, B.N.: Challenges in IT security preparedness exercises: a case study. Comput. Secur. 67 (2016)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. De Montfort University, Leicester, UK

    Giddeon N. Angafor & Iryna Yevseyeva

  2. Nottingham University, Leicester, UK

    Ying He

Authors
  1. Giddeon N. Angafor
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Iryna Yevseyeva
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ying He
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Giddeon N. Angafor .

Editor information

Editors and Affiliations

  1. Falmouth University, Penryn, UK

    Minhua Ma

  2. Staffordshire University, Stoke-On-Trent, UK

    Bobbie Fletcher

  3. Multimedia Communications Lab - KOM, TU Darmstadt, Darmstadt, Germany

    Stefan Göbel

  4. KTH, Royal Institute of Technology, Södertälje, Stockholms Län, Sweden

    Jannicke Baalsrud Hauge

  5. Griffith University, Brisbane, QLD, Australia

    Tim Marsh

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Angafor, G.N., Yevseyeva, I., He, Y. (2020). Bridging the Cyber Security Skills Gap: Using Tabletop Exercises to Solve the CSSG Crisis. In: Ma, M., Fletcher, B., Göbel, S., Baalsrud Hauge, J., Marsh, T. (eds) Serious Games. JCSG 2020. Lecture Notes in Computer Science(), vol 12434. Springer, Cham. https://doi.org/10.1007/978-3-030-61814-8_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-61814-8_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-61813-1

  • Online ISBN: 978-3-030-61814-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation