Full Text

Abstract: With the increase in technology adoption, quality assurance in terms of the technical skill level of cybersecurity experts working on a task is crucial. Educating employees and ensuring that they have the necessary tools and skills required to resolve cyber attacks against assets are essential. If a novice is assigned to resolve an attack on a critical asset, the attack may not be resolved as successfully and as timeously as when an expert is assigned to resolving the attack. Unfortunately, the classification of technical skill levels are often difficult to quantify and subject to personal opinion and experience. By developing a capability that allows for the assessing of technical skill level based on index similarity, it becomes feasible to more accurately classify the level of technical skills that an individual has. In testing the application of this assessment capability, an experimental test was designed where two test groups of participants skilled in cybersecurity took part in a challenge to resolve a simulated cyber attack against a specified asset. An analysis is done on the ways in which the various participants resolved the attack, considering amongst other metrics the time to resolution, the number of commands entered, and the similarity index to the optimal solution. Such a capability will contribute to correctly inventorying technical skills within an organisation. The benefit of knowing exactly what technical skills the cybersecurity experts have will result in the more timeous resolution of any cyber incidents within an organisation's domain. The focus of this paper will be the design and implementation of the experiment, and the analysis of the experimental results. The contribution of the paper will be a recommendation on the viability of such a classification capability pertaining to skillsets.

Keywords: capability, classification, cyber range, experimental, technical skills assessment