At the X-Force Command Cyber Range in Cambridge, Massachusetts, we’ve seen hundreds of companies practice their response to a simulated cybersecurity attack. Teams from some of the world’s top intelligence and law enforcement agencies and financial institutions, and from a variety of industries from energy to technology, have trained in various scenarios in our range, which is modeled after a fusion team security operations center (SOC). These are all highly competent people, but many of them struggle in our breach challenges.

When we opened the Cyber Range, we knew our experts would be training security professionals in technical skills with hands-on-keyboard exercises. What we didn’t anticipate was the massive demand for the type of training we offer for those outside of the SOC. That’s why we strive to teach business leaders how the whole organization should respond to an event that affects every level of the business.

A Different Kind of Decision-Making Process

What we’ve learned from watching these teams of executives, board members and other leaders is that people need the most help when dealing with what comes after a breach — what we call “right of boom.” Many leaders come out of business school having studied a decision-making process that is slow, deliberate and based on mountains of data. But you don’t have that luxury after a breach — you are working against a ticking clock and with incomplete information. You have to learn a more military-style decision-making process, where you stand up an incident command team, designate a commander who is in charge, start walking down a runbook that’s been predetermined, and make hard decisions without hesitation.

Classroom-style learning, tabletop exercises and even talking to security leaders who’ve been through the experience of a breach aren’t enough to prepare you for the intensity of a rapidly changing situation where the survival of your business is on the line. You need to experience it yourself. That’s where the X-Force Command experience is different from other kinds of preparation, and even the other cyber ranges out there.

Our technical advisors and gamification experts have mastered the art and science of creating an experience that feels like a real breach. When the phones start ringing and you’re forced to react when the action is coming at you fast, there is a palpable sense of pressure. Going through this experience shows people what they’re made of, helps them learn how to respond in a stressful situation, and highlights where they need to improve their decision-making capacity.

In the heat of the moment, there’s no time to fumble through the playbook and figure out what to do next. That’s when your training and muscle memory kicks in and you execute your plan.

3 Takeaways From the X-Force Command Cyber Range

In the past couple of years, my team has learned a lot, too, about how to build the X-Force Command experience into a laboratory of cyber best practices. With more than 2,000 customers that have come through the range, we can share what some of the world’s most mature customers are doing to stay one step ahead of threats. We help teams conduct a gap analysis based on business key performance indicators (KPIs), and we teach you what a full business response looks like, both before and after an incident.

Below are three common themes we’ve noticed that tend to have a big impact on whether teams are successful in the range.

1. Culture Counts

Your company culture makes a big difference in how well you perform in a crisis. Some cultures are more inclined to run toward a problem, and those that do tend to fare better. It takes a cohesive unit and a common understanding in which people know their roles, but aren’t afraid to speak up or take charge when the time is right.

2. Playbooks Crack Under Pressure

Having a playbook is just the beginning. In the heat of the moment, there’s no time to fumble through the playbook and figure out what to do next. That’s when your training and muscle memory kicks in and you execute your plan. If you don’t practice it, you are exposed to an avoidable disadvantage.

3. Leadership Matters

Last but not least, you need leaders. Sometimes those leaders are not your executives. More often it’s someone who has done a tour in Iraq or Afghanistan or has spent time as an EMT. Some kinds of leadership can be taught in a classroom, but the true test of leadership happens in the arena. Leaders thrive in tough situations, and every tough situation needs leaders. If you’re like many organizations struggling to find qualified talent to fill empty cybersecurity chairs, you might need to look beyond the traditional places. Recruit and train leaders.

What’s Next: The X-Force Command Cyber Tactical Operations Center

There has been such tremendous demand to visit our X-Force Command Cyber Range that we decided pretty early on that we would need to expand our operations. But rather than trying to choose a location for customers to come to us, we want to bring the X-Force Command experience to you. This week, we reached the culmination of a months-long project to do just that, and I’m so excited to launch our new IBM X-Force Command Cyber Tactical Operations Center (C-TOC).

The X-Force Command C-TOC is a mobile command center, modeled after the tactical operation centers used by the military and first responders, but with a singular focus on cybersecurity. It’s the industry’s first mobile cyber range and watch floor — and it’s a technical wonder. To fit all the equipment necessary for an X-Force Command experience, the 23-ton trailer expands to more than twice its width. The whole thing is powered by a 47 kilowatt generator, allowing us to create an entire IT environment on a 100 TB VMware solid-state disk array. It’s easy to be impressed by the C-TOC’s size and appearance — like something straight out of a “Transformers” movie — but form really follows function.

Building on the mission of the Cyber Range, the primary goal of the C-TOC is to give more customers access to the cutting-edge simulations and response training we’ve developed from our experiences in Cambridge. However, the mobility of the C-TOC opens up many additional possibilities, such as education with students and the public, and even helping with cybersecurity efforts on-site at major events.

Check out the X-Force Command C-TOC website to learn more about why we built it and what it can do.

https://www.youtube.com/watch?v=U_4fZ6wYQFw

Take a closer look

More from Incident Response

3 recommendations for adopting generative AI for cyber defense

3 min read - In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The EU and US are beginning to put new regulatory frameworks in place to manage AI risks.Amid all this commotion, hackers and other cybercriminals are hardly…

What we can learn from the best collegiate cyber defenders

3 min read - This year marked the 19th season of the National Collegiate Cyber Defense Competition (NCCDC). For those unfamiliar, CCDC is a competition that puts student teams in charge of managing IT for a fictitious company as the network is undergoing a fundamental transformation. This year the challenge involved a common scenario: a merger. Ten finalist teams were tasked with managing IT infrastructure during this migrational period and, as an added bonus, the networks were simultaneously attacked by a group of red…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today