Traboda successfully delivered an intensive, practical cybersecurity training program for a government organization. The training focused on blue teaming techniques and was designed to provide participants with real-world, hands-on experience through guided lab exercises and team-based problem-solving.

Duration: The training included one week of online sessions (14 hours) followed by two days of intensive onsite practical sessions (13 hours).

Participation: The workshop was attended by 75 participants with technical expertise ranging from beginner to advanced levels, presenting a challenge in designing content that engaged everyone effectively – a challenge that Traboda promptly addressed.

Format:

• • Online Sessions: Introduced the participants to core concepts in cybersecurity management, system administration, network security, and incident response.
  • Onsite Sessions: Participants were divided into teams and assigned virtual machines (VMs). They worked collaboratively on pre-designed hands-on labs, simulating real-world cybersecurity tasks and scenarios.

Cybersecurity Management

Cybersecurity Policies and Frameworks: Participants explored organizational cybersecurity practices aligned with industry standards such as NIST, ISO/IEC 27001, COBIT, and CIS Controls.

Risk Management and Compliance: The training covered conducting risk assessments, developing mitigation strategies, and maintaining compliance with regulations (GDPR, HIPAA, PCI DSS). Continuous risk monitoring and stakeholder reporting mechanisms were also explored.

Security Audits

Frameworks and Tools: Participants leveraged vulnerability scanning tools, SIEM systems, and open-source software management strategies.

Defensive Tools: Emphasis on the practical use of SIEM tools, intrusion detection/prevention systems, and strategies for managing risks associated with open-source components.

System Administration

OS Hardening: OS Hardening – utilizing scripts to address and patch various vulnerabilities in both Linux and Windows environments.

Backup and Disaster Recovery: Comprehensive insights into implementing backup strategies and disaster recovery plans to mitigate data loss and maintain business continuity.

Network Administration

Secure Server and Device Management: Best practices for updating firmware/software and network traffic analysis using Wireshark. Participants learned to use firewalls and intrusion detection systems to understand how to monitor, analyze, and manage network traffic, identify potential threats, and implement measures to block unauthorized access or malicious activities.

Incident Response and Analysis

Incident Response Planning: Participants gained expertise in incident response, handling procedures, and lifecycle management from detection to post-incident review.

Threat Hunting with SIEM and EDR Solutions: Participants leveraged SIEM and EDR tools to investigate and mitigate threats. The training included recreating attack scenarios inspired by well-known APT groups, enabling participants to practice identifying threats through analysis of Windows logs, firewall logs, filesystem changes, etc. This hands-on approach provided practical experience in leveraging advanced tools for comprehensive threat detection and response.

The hands-on lab exercises included both individual and team-based activities. Each participant or team was assigned a set of VMs to configure and secure based on the provided tasks. The labs covered:

Scenario-Based Exercises

• • Overview of various compliances and frameworks which are used in the industry. Case studies to identify which compliances and frameworks are used in various scenarios, their use cases, and applications.
  • Participants were provided with a Security Information and Event Management (SIEM ) instance, a popular open-source security monitoring tool, to write custom queries and conduct threat-hunting exercises. They worked through 5+ scenarios to identify and fingerprint various attacks that are happening in the endpoints (Linux and Windows) where the agents run. Conducted network traffic analysis using tools like Wireshark, with hands-on labs demonstrating attacks on WEP and WPA.
  • Configuring pfSense firewall and writing snort rules to protect and mitigate threats to a web server: The team members set up the web server and configured pfSense to create an internal network. They then re-configured both pfSense and Snort to stop 3+ attack scenarios safeguarding the web server.
  • Each participant was assigned a vulnerable Linux instance to secure, testing their ability to apply Linux OS hardening techniques, patch vulnerabilities, and implement essential security controls. They then ran a checker script to assess the OS security posture.

Evaluation Process

• • Quizzes: The knowledge gained from the hands-on labs was evaluated, covering topics such as
    • Network analysis techniques.
    • Regulations, compliance, and frameworks.
    • Windows server hardening procedures.
  • Practical Exercises:
    • Participants were assessed on their ability to perform threat hunting using an SIEM instance, demonstrating their understanding of incident response and real-time defense. They were required to write queries to filter specific events that happened within the endpoints.
    • Participants were required to reconfigure pfSense to mitigate additional attack scenarios. This included writing rules in WAN interface, changing the order of rules, writing snort rules, etc.
    • Participants were graded on their technical proficiency in securing a Linux server by mitigating vulnerabilities and applying security best practices.

The hands-on, team-focused training approach by Traboda helped participants gain practical skills and confidence in executing blue team strategies. The combination of theoretical instruction, collaborative lab work, and scenario-based evaluation ensured a well-rounded learning experience.

Knowledge Development

Objective: Enhance understanding of blue teaming principles and compliance standards.

Outcome: Participants grasped defensive cybersecurity strategies (OS hardening, network hardening, incident response strategies) and regulatory frameworks, with quiz results showing an average comprehension rate of 90%.

Practical Skills

Objective: Build hands-on experience in system hardening and vulnerability mitigation.

Outcome: Teams successfully hardened Linux and Windows systems using OS-level scripts and patched over 80% of identified vulnerabilities.

Team Collaboration

Objective: Foster collaboration in real-world threat-hunting exercises.

Outcome: Teams demonstrated effective teamwork, using an SIEM and EDR instance to detect and mitigate threats, scoring an average of 80% in scenario-based evaluations.

Individual Proficiency

Objective: Improve individual technical problem-solving abilities. Outcome: Participants secured vulnerable Linux instances with a 95% success rate, showcasing their ability to apply security best practices independently.

Participants appreciated the hands-on approach and the real-world application of cybersecurity principles. Building on the success of this training, Traboda plans to offer advanced follow-up programs focused on automated threat detection and more complex incident response simulations.

Traboda’s tailored training program effectively strengthened the cybersecurity capabilities of the government organization’s employees. The practical, immersive nature of the training ensured that participants were well-equipped to apply their new skills in real-world cybersecurity operations. The training effectively bridged the gap between theoretical knowledge and practical application, enabling participants to develop and refine their skills in cybersecurity.