Eran Goldstein, Cympire CTO: “Our training and assessment platform offers hundreds of hours of ready-made training scenarios, but it also provides you with the ability to create or customize your own”

In the digital world we live in, business leaders are on constant vigil to scout the best of talents and solutions to manage their cyber security efforts. Cyber security professionals need hands-on experience to understand how attacks take place and be prepared to face them. Industry experts are certain that using simulation platforms is perfect for companies to train their cybersecurity responders because it provides a true to life, virtual environment where companies can train for the critical moment when a company is breached. These environments are designed to help companies practice and handle real-world situations. In recent times, cyber training platforms have gained significant traction and are being used actively by government agencies, private entities, and private corporations with a keen focus on cyber security.

Globally, there are various companies delivering excellent cyber range services, but Cympire stands out from the rest. Cympire has created the most advanced and comprehensive training and assessment platform for cyber professionals. Cympire allows trainees to practice their response when encountering real cyber-attacks through real-to-life simulation in a gamified environment. The company’s platform is completely cloud-native, making it an ideal fit for the enterprise market and a remote workforce.

In conversation with Eran Goldstein, CTO of Cympire

Q. What are some of the significant challenges you faced in initial years? How did you overcome them?

The biggest challenge is also our biggest driver – to give maximum value to our customers and partners. We achieve this through constantly striving to improve the platform. Key drivers are making the platform easier to use, continuously offering new and relevant content, and releasing features to allow our customers to create a training environment that best suits their needs. One example of this is our Campaign Studio which allows customers and partners to customize existing training campaigns or build their own from scratch. Each key component – creative backstory, network topology, integration of cyber defensive tools, and the attack vectors – is easily deployed and interchangeable.

Q. A person who performs well in a simulated environment sometimes fails in real-life scenarios. Can we erase that thin line between virtual reality and the real environment by creating a more realistic ecosystem?

There are three distinct ways that we ensure a person is fully equipped to handle threats in real life:

• First, we use real-life attacks, for example, actual malware that has been found plaguing the Internet, so the person is exposed to the behavior and consequences of that malware
• Second, we support the use of the security tools used by businesses across the globe, enabling the person to understand how their security tools detect and alert (and log) that attack.
• Third, we implement a cycle of continuous training so that the person is always exercising their security muscles against new attacks

Q. Do you provide industry specific solutions based on the clients’ requirement? If yes kindly explain in brief.

While there is a lot of cross-pollination across markets when it comes to cyber threats and actors, we do get different requests from different industries. Our platform addresses these requests by offering different content based on industry. While all of our content is available to every customer, it is up to the customer to customize his/her experience to suit their needs. As an example, we recently created a training campaign for a high-value customer from the banking industry that featured compromised ATMs.

Q. How do you monitor the performance of the solution? What guidance and direction did you find most effective to train individuals to use your solution?

We have implemented a scoring system that will track the performance of an individual for every security topic that they train on. The scoring takes into account the hints that may be taken and the score at the end of the session. If a person does not complete the training within the time limit, they won’t be able to achieve the maximum score. To help management see the progress, we track these scores in our Readiness Dashboard, allowing them to see at a glance where there are weaknesses and how their teams are progressing.

Q. Do you have any new services ready to be launched?

We release new features and services on a weekly basis. Our feedback loop with our customers is one of our most valued inputs when it comes to product design and delivery. We go over these new features and functionalities in monthly webinars available to all platform users. The launch of a second training and assessment platform is slated for the end of this year and will mark a perfect transition into an exciting new year.

Q. What does the future hold for your company and its customers? Are exciting things on the way?

Cympire is constantly growing and expanding, and so are our ideas and visions for the future. Apart from our ever-increasing training content, we are also looking to take a more holistic approach to cyber security. While we do not intend to move into any parallel markets, such as, for example, the cyber awareness market, we do have some solutions cooking that our partners and customers are requesting. These will address more people in the organization and look at the bigger picture.

Meet the leader behind the success of Cympire

Eran Goldstein is an experienced R&D leader, Cyber Security Expert, and gifted software architect. Eran has successfully led R&D and Cyber teams in Lockheed Martin, Check Point, and Samsung Electronics.

“We significantly INCREASE an organization’s CYBER RESILIENCE through CONTINUOUS TRAINING and ASSESSMENT thus mitigating the risk of a detrimental cyber-attack.”