HOW TO MEASURE CYBERSECURITY COMPETENCIES?
Researchers and lecturers at the TalTech Centre for Digital Forensics and Cybersecurity not only
have extensive research experience in their field, but are also equipped to conduct various
cybersecurity training courses in Estonia and abroad. In addition to crisis training courses
intended for company management teams, the centre offers technical training courses on how to
protect IT systems from realistic threats. It is important to understand that cybersecurity is not
just the domain of hackers, and that protecting successfully against threats requires
interdisciplinary teamwork, where all members of a company, including IT professionals,
management, lawyers, data protection specialists, etc., have a role to play.
But how can you determine whether the participants in your training course have understood
what you have tried to teach them and whether their knowledge and competencies have
improved? This was the topic of Sten Mäses’ doctoral thesis , published at the end of last year.
According to Mäses, simulation exercises are particularly suitable for measuring and practising
computer skills, because it is much easier to accurately simulate the work environment of a
programmer or security tester than, for example, that of a surgeon or welder. “Although
cybersecurity exercises have developed greatly in technical terms in recent years, the evaluation
of their results is often still limited to feedback collected from the participants,” the researcher
noted. He elaborated that the reported feelings of the participants themselves, unfortunately, may
not provide an objective assessment regarding the skills demonstrated in the course of the
simulation. As a result of Mäses’ work, it is now possible to create simulations tied to specific
cybersecurity job descriptions and for participants to assess their suitability for these specialist
jobs. In addition, Mäses collaborated with other researchers and students to design innovative
virtual labs that also allow lab organisers to measure non-technical competencies (e.g. to assess