To celebrate the End of the Year, we speak about our culture, people and growth with Patrick Kobly, Director of Security Curriculum at RangeForce.
Cybersecurity can be a defining aspect of any company’s livelihood and success. Most companies receive attacks daily, and, as the saying goes, if you don’t do a penetration test on your system, you will get a free one as soon as you access the internet.
This means every company must have the skill and know-how to defend itself against attacks, and that requires proper security training. This is where RangeForce comes in. Our key goal is to turn every IT professional into the strongest possible link in the security chain. We serve all IT professionals within all organizations with our unique approach to individual and team training. As a hands-on, simulated, continuous training solution, RangeForce fills a significant gap in our customers’ security posture.
Unique hands-on approach
We see ourselves as a security company and as such, we look to address specific concerns in the security posture of a wide range of companies. We do this through hands-on training programs aimed at security professionals of all sorts.
When it comes to security training, there are several approaches possible. While most cybersecurity providers have opted for an open-ended approach that relies more on the text and video-based materials and less on guidance and interaction, we make sure that our training materials are relevant, hands-on, and interactive, as well as based on virtualization technologies.
Training based on text or video does not really demonstrate or verify that the learner has acquired the necessary skills. RangeForce simulates a target environment for the learner to react with directly. In that environment, the learner carries out all the tasks similar to his/her everyday job and learns through experience.
Filling the gaps
There are two main types of security training: security awareness training which is aimed at everyone and technical training aimed at security professionals in particular. We address security professionals but in addition, there isn’t a lot going on in the middle and that’s where we come in. We address security from an IT perspective as well, teaching security to someone whose job is to manage switches or routers, which makes security an important aspect of their job, but not the focus of it.
We are actually broadening our scope but our main focus is training for penetration testing, vulnerability assessment, and detecting and responding to attacks. The first is important because if people understand how attacks are carried out, they are better able to defend themselves against one. The latter helps the learners to distinguish an attack from regular traffic.
Our modules entail creating a target environment and having the learners work their way through the tasks based on instructions. We also have challenge modules that are less educational and aimed more at assessing how well the learner has acquired the skills. Recently, we have also introduced theory modules that do not require a lot of hands-on experience and in which case text or video materials suffice.
RangeForce offers simulations in each module with the exception of the theory module. We have scripted simulations of attacks, which means that, as the learner is working through a challenge, the system is simulating an attack as well as normal traffic because one important part of defense is availability. It serves no real purpose to completely shut down services because it gets us no further in stopping the attack.
The important thing to remember about security is that it is never just one vulnerability that gets exploited. Attackers will compromise one machine and use that access to move laterally to another machine. This is something we address in our siege modules which are very challenging four-hour exercises. We are one of the first providers to demonstrate the defense against chain attacks.
In addition to training, we are also working to provide research on vulnerabilities, business continuity, and disaster recovery. Any company that wants to become a leader in the industry, must also do independent research.
The type of people we look to bring on to produce content have been strong individuals with thorough experience in cybersecurity, whether as security operations center managers, security agents, penetration testers, vulnerability assessors or security consultants. Our goal is to find people who have excelled at this type of work before and are able to pass their skills and knowledge on to others.
We have 100+ people on our team globally, and half of them are based in the US, 6 in the UK, one in India and the rest in Estonia. They are all talented bright individuals who are excited about new challenges and teaching. They work as a team like clockwork, and anything we produce is never just the work of one person but the result of people with different points of views and experience producing the best content together.
I have been in the industry for 23-24 years and 2.5 years in Estonia. I started work at RangeForce in May, and it has undoubtedly been the best place I have worked at so far, it is an excellent place to advance your career from any position.
Covid-19 has taught us the importance of being location independent, and RangeForce has certainly managed well. A number of our developers spend very little time at the office, and none of us really need to be face to face daily.
We are definitely not just a 9-5 office team, and because we enjoy each others’ company, we find ways to increase interaction both inside our Tallinn team as well as internationally.
We work for impact, solving the hard problems
Cybersecurity skills shortage is a real nightmare for all companies. As we are here to solve it, we are looking for people who are in it for the long run.
Our vision is that if you fix the security of one company it is just one company, but if you teach a lot of people to defend their own companies, you fix the vulnerability in many companies. This has much more value, and our people know that.