The Remediation Series — Part 2

On Kill Chains, Threat Cycles, and the Cybersecurity Process

Part Two of the Remediation Series

For the purpose of framing the discussion on what hard and soft skills industry leaders request prospective applicants possess, let us first understand what the typical cybersecurity process entails. Establishing a standard model will afford each skill the benefit of contextual relevance, leading to the creation of a priority matrix that may clarify what Knowledge, Skills, and Abilities (KSAs) current prospects and future students should devote their efforts to learning and mastering.

Defensive cyber infrastructure exists to ensure the confidentiality, integrity, and availability of digital assets. This is the well-known CIA triad that forms the ideological basis of cybersecurity. And as cybersecurity exists in an adversarial state, it is worth first examining the cyber-attack process. The process of attacking an organizations cyber infrastructure can be broken down into a six-step cyclical process, as follows[1]:

The first step is always reconnaissance of the intended target, whether through passive or active means. Once sufficient intelligence has been gathered, vulnerabilities can then be detected, which in turn determine what exploit payloads or techniques can be deployed. Following deployment of the chosen exploit method or tool, an attacker will then determine whether the attack was successful. After a successful attack, a malicious actor can then use tactics such as privilege escalation to pivot throughout the target system. Perhaps even more damaging is the ability of attackers to persist within a compromised system long after the attack has occurred, allowing said actor to replay the cycle until detected or having reached the point of diminished returns.

Knowing this process and understanding that the timeline of this cycle may run over the course of weeks, months, and even years with the rise of Advanced Persistent Threats (APTs)[2], is essential to understanding the various roles of the cybersecurity industry. Such awareness provides organizations with the opportunity to neutralize one or more points in the cyber-attack cycle to prevent or mitigate intrusions. This is called “killing the chain”. The chief hurdle organizations face in killing the chain is staff. To effectively enact this “Kill Chain” strategy, personnel must possess the KSA’s that enable identification of the tools and techniques needed to detect, analyze, and mitigate attacks. These KSA’s collectively function as a form of predictive capability that reinforces an organizations defensive posture[3]. With only three percent of undergraduates leaving college with a cybersecurity-oriented degree[4], it is imperative that the proper knowledge, skills, and abilities are taught and mastered to ensure organizations can continue to kill the chain.

Next, we shall examine the various hard and soft skills industry leaders have designated as the most critical to possess and what the industry is in the direst need of.

[1] Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (1). Lockheed Martin Corporation. https://www.ciosummits.com/LM-White-Paper-Intel-Driven-Defense.pdf

[2] Hutchins, E. M., Cloppert, M. J., & Amin, R. M. (2011). Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains (1). Lockheed Martin Corporation. https://www.ciosummits.com/LM-White-Paper-Intel-Driven-Defense.pdf

[3] RAND Corporation. (2014). Hackers Wanted: An Examination of the Cybersecurity Labor Market (RR-430). https://www.rand.org/pubs/research_reports/RR430.html

[4] Kroll, S. T. (2019, March 6). Only 3 percent of U.S. bachelor’s degree grads have cybersecurity related skills. Cybercrime Magazine. https://cybersecurityventures.com/only-3-percent-of-u-s-bachelors-degree-grads-have-cybersecurity-related-skills/