Three years ago, Roland Kaur joined RangeForce as a Security Content Expert. Today, he is the Head of Content Development, responsible for coordinating and planning the entire security content development process. Before that, he worked in different IT and security-oriented positions at IBM for almost 10 years. Roland’s interest in cybersecurity started back at IBM when he was slowly working himself up from being a monitoring operator to eventually leading a global security management team.
On Roland’s three-year anniversary at RangeForce, he sat down with the Head of Recruitment Marketing, Triin, to describe the mission and role of a Cybersecurity Content Specialist at RangeForce. Here’s what he had to say.
Please introduce yourself. Tell us what you do at RangeForce and why you are interested in cybersecurity?
Working more on the process and policy part of cybersecurity atIBMI always felt that I was a bit sidelined. I almost never got an opportunity to get my hands dirty, and, at times, that was frustrating. It’s like you’re given a puzzle, but you’re not allowed to solve it yourself, and, instead have to watch other people do it. It wasn’t all bad of course; there were times I could break a few systems apart myself, but not as much as I would have liked.
It was only when I started studying at the Estonian IT College that I could really quench my thirst for learning cybersecurity. During my time there I was able to meet like-minded people (including our CTO, Margus Ernits) and get my hands on all the cool and intricate security tools and practice advanced security techniques.
Please describe the typical day of a Cybersecurity Content Specialist?
In the business world, security specialist is a catchall description for a wide variety of introductory cybersecurity jobs. In most cases, you will be responsible for investigating security alerts, monitoring network, and endpoint security tools, patching existing systems with vulnerabilities, and supporting the implementation of new security products.
This is not the case at RangeForce. Our Cybersecurity Content Specialists spend most of their time researching new security vulnerabilities, trying out the latest hacker techniques and building gamified cybersecurity training modules that allow our customers to practice their defensive and offensive skills in real-world challenges.
Our daily hangout is the Content Factory, as we call it, the hub where we exchange ideas and dig into the latest exploits. When our Cybersecurity Content Specialist is not busy building a security module, he/she is hard at work researching a hot cyber topic or getting ready to participate in a CyberSiege (that’s what we call a cyber range simulation).
What is the career outlook for this role? Where does it lead?
Our Cybersecurity Content Specialists have an opportunity to grow into a senior role that will have them building more sophisticated training modules, teaching new team members and playing a greater role in designing modules and CyberSiege exercises.
If they want to move beyond the Cybersecurity Content Specialist role, we provide advanced malware reverse engineering and CVE exploit training to all of our cybersecurity specialists. Eventually, they can move over to our Cybersecurity Research Team. In this role, you will spend your time researching new cybersecurity threats, experimenting with the latest POCs and going to conferences to present your security research, thus, solidifying RangeForce’s position in the cyber community and ensuring we deliver cutting edge training.
Why should anyone join RangeForce as a Cybersecurity Content Specialist?
From my own experience, engineers and developers hate boring routines. We are always after the hottest technologies and frameworks. We never want to get stuck in a never-ending process or forced to follow stifling procedures. At RangeForce, we offer a dynamic and open security culture. For young, creative open-minded security enthusiasts, developers, and system engineers, there is nothing more exciting than spending your days digging into new technologies, working in advanced frameworks, and creating new learning scenarios based on the latest vulnerabilities that are headlining the news. You will be building the systems and scenarios that enable our customers to experience and learn from being in a cyber battle without any serious consequences. Trust me, it’s never boring here.
Are there any prerequisites to becoming a Cybersecurity Content Specialist in RangeForce? Any programming languages or technologies you should be familiar with?
Requirement number one is a passion for all things cybersecurity. This is the single ethos that binds us all together here at the Content Factory. If you’re coming here, be prepared to get out of your daily routine.
We are looking for developers and engineers who embrace a hacker mindset. Our team of Cybersecurity Content Specialists consists of hackers, cybersecurity professionals, and engineers.
For seasoned cybersecurity enthusiasts who enjoy tools like Metasploit and Nmap, and have tried out different vulnerabilities and exploitation tools, you’re in the right place. The more familiar you are in these areas, the more you are qualified to join our team. A lot of our daily work is done in the Linux command line so there is no escaping from Bash. Building an automated cyber simulation platform requires automation (as unbelievable as it sounds), so knowing one or two scripting languages (like Python or Ruby) is a definite prerequisite.
What makes a cyber battle enjoyable and educational, is the story and study materials. So we are always looking for people with security experience who are also creative and have the ability to write great stories. Finally, you get bonus points if you have experience compiling programs or payloads in C.
What has it been like working with hackers thus far? Anything surprising?
Working with people who have a hacker mindset keeps everyone on their toes. There is always a healthy level of paranoia in the room. I am constantly reminded of how insecure our digital world is. Cybersecurity Content Specialists and Experts at RangeForce are characterized by their curiosity and drive to change the status quo. We don’t see this as a job, we are united by our mission to enable our customers to reduce the risk of cyberattacks and have the mandate to make everyone’s digital life safer.
We have people here who compete (and win) regularly in different nationwide cyber competitions, people who have an enterprise security background, and people who are just crazy security enthusiasts. We have people from across the entire playing field, and it is a great group to be a part of. You get a taste of cybersecurity from various angles. Just being a part of the team gives you a thorough understanding of the many different sides of cybersecurity work.
RangeForce has over 100 security training modules. Please bring out a few of your favorite ones or the most interesting ones?
I would personally go for the challenge-type modules because they are more fun to solve. Challenge modules remove the training component and force the user to solve a cybersecurity problem based on what they know and what they have learned.
We have one challenge we call “Bulkhead.” This challenge puts you in a situation where you must defend against multiple web application attacks, but with only an IPS (Intrusion Prevention System) at your disposal. It gives you a new perspective on how to defend against situations where you would usually go for an easy and by-the-book approach. Not having the easy tools available forces you to really learn web application attack methodologies.
“System Compromised” is another challenge module that, on a really simple level, shows the user what bad things can happen when he/she installs an untrusted application. In this case, a Sudoku game. It also won’t let the user move on until he/she has fixed the problem and cleaned all the malicious content out of the system.
From the training modules, I would highlight three: “Reflected XSS“, “Stored XSS“ and “XSS Stored-based Phishing”. I like these modules because together they form an intricate story about a detective who is trying to get access to a website that is used to sell illegal substances. You learn different XSS techniques and at the same time, you join a crime unit to take down criminals. A good bargain I would say.