Interviews | November 12, 2019

Traditional Cybersecurity Training Not Enough to Address Skills Gap

James Hadley
CEO and Founder

Immersive Labs

Q1. Immersive Labs recently became one of the first cyber skills training companies to integrate its platform with MITRE's ATT&CK framework. What prompted that move? How does it benefit your customers?

By integrating our platform with the MITRE ATT&CK framework we were able to provide labs based on the latest tactics and techniques that cybercriminals use.

Many organizations already use the framework to map their surface of attack, and by including it within our platform we enable security leaders to easily track their security team's skills. This means organizations can identify weaknesses within their team and dedicate more resources to upskilling those areas, making Immersive Labs an invaluable planning, reporting and forecasting tool for security and risk.

One of the most important elements of cybersecurity is people, as they are the first line of defense when it comes to stopping threats. However, until now it has been incredibly difficult for managers to track their people's skills. We have made this possible, and because Immersive Labs is available 24/7 — unlike traditional training methods — managers have an almost real-time ability to track their team's strengths and weaknesses.

Q2. Earlier this year Immersive Labs received $8 million in funding led by Goldman Sachs and you just announced Series B funding for $40 million. How is the funding being used?

Since the funding round we've focused on building out our platform and hiring the right people. One example is the integration of the MITRE ATT&CK platform, but we also worked with Digital Shadows to deploy real-time threat intelligence into the platform. We've been expanding our employee base to ensure we have the best talent around, too. Since the funding we have achieved 750% year-on-year growth, hired our 100th employee, and opened our North American HQ in Boston.

We want to ensure we are in the best possible place to help companies keep their security teams current with the latest threats. We have been able to attend global events, which are helping us put our brand in front of some of the biggest names around, including Citi, Bank of Montreal, BT and the Met Police. We have also just closed our $40m Series B round, which is going to be used to help fuel our expansion into the US.

Q3. Immersive Labs has positioned itself as offering an approach to cybersecurity training that is different from what others in this space offer. What do you want organizations at Black Hat Europe 2019 to know about the company and its approach?

Our labs enable anyone from specialist teams to everyday employees to experience real-world security situations. These help users to understand how attacks work but in a secure environment. They can test anything from how to avoid phishing attempts all the way to reverse engineering malware. By integrating Digital Shadows' data, we can use the latest malware in training exercises for cyber professionals. These skills are vital in defending companies against modern day threats.

Traditional cyber training is not enough to help combat the skills gap and the modern threats that we face. We believe that our approach can help solve both issues. Our platform opens a path to a career in cybersecurity to those who traditionally have been overlooked. For example, there are plenty of people who aren't able to attend university for whatever reason but have exactly the skills that you need as a cyber professional. You only need to look at the current state of the cybersecurity industry to realize that we need to innovate. It is clearly not suited to the fast-paced world of today, and our method can help change this.

The industry has been crying out for a new way to train security personnel. That is why we have achieved 750% year-on-year growth and now work with more than 100 organizations, including BT, Bank of Montreal, Citi Bank and Goldman Sachs.

Thorsten Stremlau


Q1. What are some of the factors driving the need for approaches/technologies like Lenovo's ThinkShield?

Since the beginning of IT there has always been a requirement to implement security. Some of the first hackers used the ROT13 hack in order to bypass authentication. There are no new factors that drive the need for security. What is new is the drive for IT to enable more exploratory projects as commercial accounts seek to implement intelligent transformation. They need to do this to maintain competitiveness. In these situations, companies need modular, employee experience centric security solutions that make it possible to drive new approaches, while avoiding incurring technical debt caused by having to retrofit security.

Thinkshield is a brand that was built to ensure we deliver a suite of solutions—hardware, software, services and processes-that have been built specifically with our customers pain points in mind. The portfolio was built to be modular, yet embracing and extending other leading security solutions, while providing the best employee experience around data, identity, online and device security.

Q2. Why has supply chain security become such a critical issue? What is Lenovo's approach for ensuring control over its global supply chain?

As corporations seek to secure their IT infrastructure and build stronger application, network and operating system security capabilities, hackers look for alternatives to inject malicious code and capabilities into this IT environment. One possibility is to attempt an attack before the device is secured and taken under the respective corporate protection.

Our approach is fairly simple, but [it] did take considerable effort to implement into one of the most successful global supply chains in the world. Firstly Lenovo firmly believes in the "security by design" mantra. We vet any supplier of an intelligent component—electronic components, services, manufacturing and distribution—with a comprehensive questionnaire and SLA process. Here we agree with our partners on coding practices, vulnerability disclosure and other security-related information that needs to be met to be compliant with Lenovo's security. If a partner chooses not to adhere to this program they are excluded from our supplier network.

Secondly, our entire logistics system complies with C-TPAT regulations. This regulation defines documentation and procedures to make sure our devices can't be tampered with for terrorist activities. Lastly, we implement a solution called "transparent supply chain" which uses a third party—Intel—in order to store a detailed, signed "as built" data file in the cloud that can be compared to the user deployed system. This will detect changes to the systems like different memory or other components. So overall, our approach here is to provide an end-to-end approach to supply chain security.

Q3. What is Lenovo's focus at Black Hat Europe 2019? What do you want organizations at the show to know about Lenovo's security capabilities and strategies?

Lenovo would like to take the opportunity at Black Hat to have a dialog with the top talent in the security space. We would like to validate our approach and take feedback from the security community on what we are currently, and should be, focusing on in the future. We take researcher and community feedback very seriously and are looking to use the information gained to improve on our strategy and establish new focus areas around Thinkshield.

Sustaining Partners