Black hat training of white hat resources: The future of security is gaming

It is now necessary to have a better understanding of the mindset of a hacker in order to provide better protection for your network systems. The large scale and well organized targeted attacks that have been recently uncovered, demonstrate that system administrators can ill afford to take the wait and see approach. Also it has been shown that on-the-job training is limited in how well it can prepare organization´s defensive capacity. Another issue is the lack of a standardized approach on gauging the technical proficiency of staff or the robustness of the network they protect. Attacks to computer networks are on the increase as the tools used by attackers are getting more automated and easier to use for the non-technical person. Staying one step ahead of the enemy has never been more important with the rise of the number of script kiddies, the proliferation of increasingly advanced one click automated attack tools and the apparent destructive force available to hacker groups such as anonymous. Defining and profiling the enemy is a large part of this problem. Recent anonymous arrests have shown these attacks originated from stereotypical disgruntled teenagers whom lack the cause and effect understanding that adults posses. We must somehow begin to deliver effective industrial training to the system administrators. “If a system has not been compromised to-date, does it mean it will not be compromised tomorrow?” and “How do we know that the defenses of the system can withstand an attack if it has not already done so.” This paper outlines the merits of utilizing the Security Shepherd white-hat gaming framework as a mechanism for rapid up skilling of front-line computer network defensive staff to the mindset of hackers.