T3: Train-the-Trainer Intro
Welcome New Trainers!
First off, we are excited that you have decided to join us in our goal to make cybersecurity more diverse. Thank you for helping us with our goal of making cybersecurity more accessible by putting KC7 within reach of every high school and university student in the world!
- KC7 Architects
Simeon Kakpovi, Greg Schloemer, & Emily Hacker
[Check out our interview on the SANS podcast.]
Know Your Why
In order to effectively teach this course, it is important for you to know your why. For us, it’s that we know that luck played a big part in each of us being exposed to threat hunting in a way that made it a viable career choice. Someone in our lives introduced us to cybersecurity and opened doors that led to us gaining the right skills to land a threat hunting job. There are so many people out there with just as much potential who are never introduced to it, we want to change that.
As the volume and sophistication of cyberattacks continues to grow, cybersecurity has become an increasingly important career field. The US Bureau of Labor Statistics cites that employment of information security analysts is projected to grow 35% from 2021 to 2031, which is much faster than the average for all occupations (5%).
Threat intelligence (TI) is a facet of cybersecurity that focuses specifically on tracking and understanding the adversaries who are responsible for cyber attacks. TI has traditionally been inaccessible to students and entry-level professionals, since it requires a very specific set of skills. These skills are hard to develop, since they can only be learned by practicing using cybersecurity data; but often it’s impossible to get access to cybersecurity data without a job in the field.
KC7 gives students access to realistic cybersecurity data and provides them with the training they need to develop crucial cybersecurity and threat intelligence skills.
What is KC7?
KC7 is an immersive cybersecurity analysis simulation that was developed by security experts at Microsoft’s Threat Intelligence Center, a team that focuses on tracking the most sophisticated cyber actors in the world. KC7 gives participants the opportunity to learn and apply cyber threat analysis skills as they defend a simulated company from hackers. Participants will learn and apply the analysis skills used daily by security analysts at Microsoft.
What will you as a trainer learn while going through this course?
After completing KC7, you will be able to:
- Use Kusto Query Language (KQL) to manipulate data in Azure Data Explorer (ADX)
- Pivot across multiple data sets to answer targeted questions
- Identify malicious cyber activity in audit logs including: email, authentication, web traffic, and endpoint logs
- Use multiple “pivoting” techniques to track the activity of one or more Advanced Persistent Threat (APT) actors
- Leverage third party data sets such as PassiveDNS to discover unknown actor infrastructure based on known actor indicators (e.g. domains and IPs)
- Analyze third-party reporting on APT actors and their infrastructure and capabilities
- Validate a threat actor’s Techniques, Tactics, and Procedures (TTPs)
- Cluster threat activity using the Diamond Model and other threat analysis frameworks
- Utilize training material to teach others
Who is KC7 for?
KC7 is for anyone! The goal of this project is to create opportunities in cybersecurity for those students who may not have ever considered it as a possible career option. We encourage students from all backgrounds to try KC7 and see if cybersecurity is something they’re passionate about.
Since many of the concepts introduced in KC7 are quite advanced, we feel it is most appropriate for students at the high school level or higher. We are working on developing content for students in lower grade levels.
What do I need to get started?
- Internet access
The data students will use to play KC7 is hosted in Azure Data Explorer, Microsoft’s cloud-based data analytics platform. The entire KC7 experience takes place in a web browser, which means students can play the game on any desktop or laptop that can run a browser. Students will only need a Microsoft account in order to get started. If they don’t already have one, they can create one for free.
Microsoft volunteers will partner with your school to schedule and host an event using KC7. We recommend dedicating a full school-day to allow students to dive deep into the KC7 material and get the most out of the experience. Microsoft volunteers will join students from your school virtually or in-person to facilitate the event and guide your students through the experience.
Students will be provided with a training packet that helps guide them through the experience. This guide helps students learn and practice key cybersecurity concepts.