A use case from a public research institution in the Western U.S.

Circadence’s Project Ares is an award-winning, immersive, gamified cybersecurity learning platform that helps students of all cyber competency levels apply learned concepts to real-world scenarios to build skills for the workforce. Project Ares delivers persistent, true-to-life experiences that match and adapt to current threats. The platform uniquely combines machine learning, single- and multiplayer exercises, and offensive and defensive missions that mirror real-life scenarios.

Project Ares Delivers
In-game advisor adds in-mission support to help students through activities.
Trainer View allows for real-time instructor engagement and additional depth in assessing, monitoring and reporting.
Functional virtual machines simulate Windows, Linux, and Industrial Control System devices for comprehensive preparation on any system.
Hyper-scalability with Microsoft Azure cloud enables cyber range learning capacity for classes, clubs, and competitive events of all sizes.

Project Ares in the Classroom
An adjunct professor taught a graduate level cybersecurity course using the platform at a public research institution in the Western U.S. To complement classroom taught concepts in the course focused on immersive cybersecurity defense, the professor holistically incorporated the Project Ares platform into the course curriculum.  Lectures coupled with the Project Ares lab environment allowed students to learn cyber theory and immediately apply it to real-world scenarios.

The following course syllabus is a sample to help fellow academic instructors visualize and conceptualize how a cyber range environment can be used to enhance student learning objectives within a cybersecurity course.

Course: Immersive Cyber Defense
Students practice offensive skills in password cracking and exploit development to understand vulnerabilities and then focus on defensive tactics to reduce cyber risk and respond to cyber attacks. At the conclusion of the course, students will have experienceusing several real-world tools against actual threat attacks.

The course is split into three units of study:
Unit 1: Adversary tools and tactics
Unit 2: Cybersecurity work roles: Harden, Monitor, Pursue, Coordinate (Lead/Intelligence)
Unit 3: Defense teams tactics and procedures following the NIST Cybersecurity Framework

Students successfully completing this course should have an understanding of pathways to building expertise in the field of cybersecurity and the types of technical careers available.

[/vc_wysiwygblock1][/vc_column][/vc_row][vc_row][vc_column width=”1/6″][/vc_column][vc_column width=”2/3″][vc_column_text]

Learning Goals

Understand how an adversary develops a campaign to attack a network, including the types of motivations, tactics, and the kill chain pathway. These concepts help defenders understand the data points that are present in an attack and where indicators of compromise can be found.  
Understand the different types of work roles and technical competencies involved in cybersecurity defense. Students will be exposed to multiple work roles and then choose the one that interests them for concentration during the course. Their selected work role will also be the basis of their specific midterm exam.  
Apply cybersecurity defense knowledge across the full scope of the NIST Cybersecurity Framework to understand what defenders should do before, during and after a breach.  

Textbooks and Materials
Required: None
Recommended: Project Ares Media Center materials (or other sources on-line) on Linux System administration, Windows System Administration, Wireshark, Nmap, Snort/SecurityOnion, Metasploit
Basic Tools: Command line tools, Nmap, Wireshark, Snort (Security Onion), Metasploit


Assignments
Weekly homework will be assigned as an activity in the Project Ares environment.

Example Grading Mechanics
Grading: Midterm (20%) Final Exam (20%), Weekly homework (60%)
To do well in this course, students need to use the Project Ares environment to practice the concepts discussed in the classroom. Students are expected to explore the concepts and research the necessary topics and tools to be used. All homework will be assigned as an activity in the online lab environment. The exams will also be activities in Project Ares to be completed during the exam period.

Sample Course Outline

Week Primary Topic  Objectives  Homework  
1 Course Introduction
• Course overview

• Project Ares intro
• Cyber defender roles (NICE/NIST and careers in defense applicable to the course)
• CIA Triad and Adversary thinking
• Kill Chain Methodology
.
• Player Profile in Ares
• Battle Room (BR) 6 and 7 for Basic Linux and Windows
• Game – Cylitaire
 
2 Adversary Tools and Techniques
• Project Ares variability and scoring

• Intro to Kali/Metasploit tools
• Reconnaissance tactics (Nmap, Dig)
• Common Ports (ssh, telnet, vnc, http)
• Password Cracking techniques/tools
• M1 Easy walk through
.
• Game – PortFlow
• Mission 1 (M1) Easy + Medium (for extra credit)
 
3 Adversary Planning
• Using Nmap, hping3, Burp etc to understand network, fingerprinting, protocols

• Attack Surface/ATT&CK Framework
• Weaponization and Exploitation with Metasploit
• M2 Easy walk through
.
• Game – TacChain
• Mission 2 or Mission 3 (Easy or Medium)
 
4 Individual Work Role: Harden
• NIST/NICE and Work Roles for Teams

• Review Harden tasks and contrast with BR1
• Software Assurance and other common issues, OWASP
• Importance of Active Dir, OU/GPOs
• Firewalls
.
• Game – CyQual (Either Host, Net, Sys) Assessment
• Battle Room 1 (BR1) – system integrator
 
5 Individual Work Role: Monitor
• Review Monitor tasks and contrast with BR2

• IDS/IPS with Snort and Bro (Security Onion)
• Host and Network Monitoring
• Log Aggregation Techniques
.
• Game – RegExile
• Battle room 2 (BR2) – network analyst
 
6 Individual Work Role: Harden
• Review Pursue tasks and contrast with BR11

• Network Analysis with Wireshark
• System Integrity Checking
• Forensics
.
• Game – CyberVault
• Battle Room 11 (BR11) – host analyst
 
7 MID TERM Work Role Assessment in class

Assessment Path, step 4 for either Network, Host or System Integrator

.
 
8 NIST CSF: Identify
• Critical assets and Key Terrain

• Mission Impact Model (MIM)
• Vulnerability Assessment (Nmap, Nessus)
• Understand Risk Management
.
Occam Analysis  
9 NIST CSF: Protect
• Security Architecture

• Tailored Defense
• Lockdown Key Terrain (services)
• M5 walk through (malware analysis, alert, prevent malware)
.
Mission 5 (Easy or Medium)  
10 NIST CSF: Detect
• IDS/IPS Rule Review

• Log Aggregation
• M4 walk through (packet capture, process analysis)
.
Mission 4 (Easy or Medium)  
11
SPRING BREAK

.
 
12 NIST CSF: Respond
• Incident Response Process

• Workflow and hand off
• Role of Intel (and tension of rapid response)
.
Mission 10 (Easy or Medium) team play  
13 NIST CSF: Recover
• Reporting

• Forensics
• BR9 walk through
.
Battle Room 9 (BR9) forensics  
14 Team Tactics
• SOC Operations and Team Play

• A look at famous attacks (ransomware) and groups like Lazarus
.
Battle Room 10 (BR 10) Scripting  
15 Review Course Q&A
• Trivia Loot Review

• Mission Walkthrough
• Prep for Final Exam
.
Mission 13 (M 13) individual or teams  

Features and Student Benefits:

Instantaneously spin up 3-50+ virtual machines to support classroom exercises
Modify the Media Center to support course concepts and exercises
Cyber learning games provide fundamental concept learning via consistent repetition
Battle rooms help users practice foundational skills and explore cyber tools
Mission scenarios offer individual or team-play (available at Professional Subscription only)
Assessment hot spots mirror certification requirements for users
Cloud deployment makes on-demand access flexible from a browser, available 24/7