Raytheon is offering specialized training academies around the world to strengthen private organizations and government agencies against cyberattacks.
The company's unique training curriculum is based on its decades of cybersecurity experience. Academy classes follow the model established by Raytheon's existing Cyber Academy in a Middle Eastern country, where the first class of 20 students recently completed a three-week introductory course. The students learned to defend networks and systems against cyber threats.
“A lot of commercial training focuses on teaching you how to take and pass a test,” said Tom Goodman, business development director for Raytheon Cybersecurity and Special Missions. “Our training takes a completely different approach, focusing on hands-on, experiential learning. Students learn by failing at first, improving their skills and then becoming successful. It's not just theory; it's practical application.”
Raytheon piloted the program in February 2016, at Khalifa University in the United Arab Emirates, where 55 students took part in a four-day, cyber-skills workshop.
The school limits class sizes to 20 students, with two instructors who have real-world cybersecurity experience. The academy offers three tiers of instruction – a three-week foundational course, a four-week intermediate course and a four-week operational course.
“As the training progresses, students get an opportunity to focus on becoming security operations center operators, malware analysts, penetration testers, forensics examiners, all the way up to managing and leading cybersecurity operations teams,” Goodman said.
Conscripts fulfilling their national service obligation have comprised the first two academy classes, with students coming from different backgrounds, ages, education and professions.
“We focus on aptitude,” Goodman said. “They could be art history majors, but they've just got an affinity to be able to look at things a little bit differently.”
For example, during the first class, a facility engineer without a cyber background scored so low on the pre-assessment test that the instructors didn’t think he’d pass.
“But he had a hunger for a knowledge, and was one of the most engaged students, always staying after class asking questions,” said Ryan Bagby, Raytheon Cyber Academy product and program manager. “His work ethic and drive combined with the knowledge he gained helped him become one of our best students.”
Academy students learn from their mistakes. Instructors introduce new malware, threats and attacks the students have never seen before, resulting in them getting hacked. From those failures and with additional training, students learn how to contain, mitigate and clean up the environment the next time they see that threat.
“It’s kind of like learning to ride a bike,” Goodman said. “The first or second time you get on it, you fall over, you’re a little bit wobbly, you skin your knees, but after a while, you find where you can go little bit further. You find you’re able to keep your balance, and then, the next thing you know, you're cruising around the neighborhood with your friends.”
Goodman said the interest and demand for the academy is unlike anything he’s seen in his 40-year cyber career. His team is getting inquiries from the Middle East, Western Europe and Eastern Europe, among other regions. They’ve talked with representatives from industries that include financial services, energy companies, health-care organizations, oil and natural gas, law enforcement and government ministries.
“I think people recognize whether you are private industry, government ministry or academia that cybersecurity is no longer an IT problem, it is an operational problem,” Goodman said. “And they need to invest in training that gives employees, at all levels, a good understanding of how to recognize cybersecurity problems and how to protect their organization regardless of their role or position.”