Awareness & Training
Leveling the Playing Field in Cyber Defense
Successful cyber attacks often arrive via email that targets employees. Employees play a critical role in cyber threat defense. The best strategy for detecting and thwarting attacks combines advanced technology with a vigilant and cyber-aware workforce.
At MITRE, our employees form a "human sensor network" that plays a key role in our cyber defense. Their involvement ranges from promptly installing software patches to reporting suspicious email and even clicks they wish they hadn't made. Our cyber-awareness program provides insight into actual incidents and issues timely threat bulletins with practical and usable advice. We also emphasize the need to keep software current by tying the security-based computer "patching" to actual threat activity.
Our cyber awareness program is different from traditional security training programs that rely on annual training, posters, and broadcast messages. Instead, we personalize computer security for our employees—helping them to understand that all of us have a role in reducing risks to the company's networks and data.
We have also embedded our program within our cyber operations. This provides us with access to the information and metrics we need to tell the cybersecurity story, nurture our human defense "infrastructure," and tune our human sensor network.
Telling the Story for Secure Behavior Change
A cyber-aware culture can make a difference, and telling stories about an organization's culture can create shared experiences that transfer knowledge memorably. MITRE uses storytelling to better equip employees for cyber defense—our True Stories series describes actual incidents to show how uncomfortably close some threats have come, and how employees have played a role in sensing them and defending against them.
This series has been a success due to a willingness to openly tell the story and identify (voluntarily) those involved. A "thrilling" story about colleagues is a compelling way to make an underlying point and reinforces current topics of most concern to an organization.
Finally, to help our employees remember the steps to working safely online, we created an acronym, EARNEST, which is fully explained here: "Using Cyber Common Sense to Combat Threats to Privacy and Security." With EARNEST, employees ask themselves questions such as "Was this email expected?" and "Is the message normal for me to receive from this email sender, including spelling and grammar?" If the answers to the questions are no, then there may be cause for suspicion.
Training Resources & Professional Development
MITRE contributes training material through Creative Commons licensing to Open Security Training. This site teaches computer security to software developers, analysts, and others charged with protecting an organization's computer systems and networks.
MITRE Cyber Academy
MITRE's Cyber Academy fosters educational opportunities and collaboration among cyber professionals, government sponsors, and students by providing free training videos and courses for individual learning needs. The academy is also a driving force behind preparing students for the annual Capture the Flag student competition (see below).
Cybersecurity Intern Program
MITRE's cyber internships provide an opportunity for undergraduate and graduate students to help solve current, real-life cybersecurity problems facing government agencies. By addressing immediate problems about cyber threats, interns can have a real impact. Interns typically support missions dealing with national defense and intelligence or homeland security. Summer, co-op, and post-graduation internships are available. For more information, check out Student Programs.
Capture the Flag Cyber Challenge
MITRE hosts students online in a nationwide Capture the Flag competition, part of our Cyber Security Intern Program and Science, Technology, Engineering, and Mathematics (STEM) outreach activities. MITRE engineers developed the challenges and gaming software. The competition has doubled since the inaugural event in 2011, growing from 120 participants with 6 high school students, to 212 participants with 73 high school students in just two years. Challenges cover a range of topics, including cryptography, networking, Web exploitation, binary exploitation, and computer forensics.
Community and Secondary School Outreach
MITRE is working with STEM educators to develop a formalized and comprehensive cybersecurity education program for secondary school and technical education students. A pilot program is underway in Florida high schools.