Cyber SandBox Challenge

Public·1 member

SME Security Operations Indicative Challenge

Project Overview

This 8-week project guides a team of 5 participants through the design, deployment, and operation of a comprehensive security operations solution tailored specifically for Small and Medium-sized Enterprises (SMEs) within the Cyber Security Operations Playground. The team will implement an integrated security monitoring and response platform using high-demand open source tools including Wazuh, ELK Stack (Elasticsearch, Logstash, Kibana), Suricata, OpenVAS, and OSSEC.

Team Roles, Competencies, and AI Impact

1. Security Project Lead

Competency 1: Cybersecurity Strategy Development Description: A senior cybersecurity student will develop a comprehensive security strategy (T0127) tailored for an SME environment by conducting organisational risk assessments, identifying critical assets, and creating a roadmap that aligns security controls with business objectives. The strategy will include a phased implementation plan, resource requirements, and measurable security objectives.

Degree of Completion: The strategy will be evaluated based on comprehensiveness (covering all seven phases of the Cyber Security Operations Process Cycle), alignment with SME constraints, and inclusion of concrete, measurable objectives. A successful strategy must identify at least 90% of critical assets, address all identified high-priority risks, and include realistic implementation timelines.

AI Assistance: Generative AI can help analyse industry benchmarks, generate risk assessment templates, and draft initial strategy documents based on defined parameters.

Future AI Impact: AI will increasingly assist in risk forecasting and strategy optimisation but is unlikely to replace the human judgment needed for contextual understanding of business needs and resource constraints.

Relevance Scale (0-10): 3 - The strategic thinking and business alignment aspects will remain predominantly human-driven.

Competency 2: Project Management for Security Implementation Description: A senior cybersecurity student will manage the end-to-end security implementation project (T0145) by developing detailed project plans, tracking task completion, resolving resource conflicts, and ensuring timely delivery of project milestones. They will coordinate cross-functional activities and adjust plans as needed to address emerging challenges.

Degree of Completion: Successful completion requires meeting at least 85% of planned milestones on schedule, maintaining comprehensive project documentation, conducting effective team meetings, and resolving issues within 24 hours of identification.

AI Assistance: Generative AI can create project plan templates, suggest task dependencies, generate status reports, and provide risk assessments for project timelines.

Future AI Impact: AI will enhance scheduling, resource allocation, and status tracking, but human oversight remains essential for stakeholder management and adaptive problem-solving.

Relevance Scale (0-10): 4 - While AI will automate routine aspects, complex security projects require human coordination and contextual decision-making.

Competency 3: Security Budget Management Description: A cybersecurity student will develop and manage cost-effective security budgets (T0012) for SME environments by evaluating open source alternatives to commercial solutions, calculating total cost of ownership, and creating financial justifications for security investments. They will maximise security capabilities while minimising expenditure.

Degree of Completion: The budget must cover all necessary security functions with open source tools, include maintenance and operational costs, and achieve at least 30% cost reduction compared to commercial alternatives while meeting the same functional requirements.

AI Assistance: Generative AI can compare costs across different solutions, generate cost-benefit analyses, create budget spreadsheets, and suggest areas for cost optimisation.

Future AI Impact: AI will increasingly assist with budget optimisation and cost forecasting but requires human judgment for balancing security needs against financial constraints.

Relevance Scale (0-10): 4 - Financial decision-making in security contexts will continue to require significant human input.

Competency 4: Security Team Leadership

Description: A cybersecurity student will lead a security team (T0384) by setting clear objectives, facilitating effective communication, providing technical guidance, and fostering collaboration among team members with diverse skills. They will ensure team alignment with project goals while developing team members' capabilities.

Degree of Completion: Leadership effectiveness will be measured through team member feedback (minimum 80% positive rating), on-time completion of assigned tasks (minimum 90%), and quality of team deliverables meeting or exceeding project specifications.

AI Assistance: Generative AI can suggest communication strategies, create meeting agendas, generate team progress reports, and provide conflict resolution recommendations.

Future AI Impact: While AI can support administrative aspects of leadership, the human elements of motivation, mentorship, and adaptive team management remain difficult to automate.

Relevance Scale (0-10): 2 - Leadership competencies involving emotional intelligence and interpersonal dynamics will remain predominantly human-driven.

Competency 5: Security Documentation Development

Description: A cybersecurity student will create comprehensive security documentation (T0417) including policies, procedures, technical guides, and training materials appropriate for SME environments. Documentation will be clear, actionable, and accessible to technical and non-technical users.

Degree of Completion: Documentation must cover 100% of implemented security controls, include step-by-step operational procedures, comply with relevant standards, and pass usability testing with both technical and non-technical reviewers.

AI Assistance: Generative AI can draft initial documentation, generate diagrams and flowcharts, suggest appropriate formatting, and help maintain consistency across document sets.

Future AI Impact: AI will increasingly automate documentation generation and maintenance but requires human oversight for accuracy, completeness, and contextual relevance.

Relevance Scale (0-10): 7 - Documentation tasks will become increasingly automated, though human review remains essential.

2. IT Infrastructure Specialist

Competency 1: Secure Network Architecture Design

Description: A cybersecurity student with networking fundamentals knowledge will design a secure network architecture (T0128) for an SME environment using pfSense, implementing proper network segmentation, secure remote access, and defence-in-depth principles. The architecture will balance security requirements with operational needs.

Degree of Completion: The network design must include properly segmented zones for different security levels, documented traffic flows, appropriate security controls at network boundaries, and pass penetration testing with no critical findings.

AI Assistance: Generative AI can suggest network topologies, generate configuration templates for pfSense, create network diagrams, and identify potential security vulnerabilities in proposed designs.

Future AI Impact: AI will increasingly assist with design optimisation and security analysis, but human judgment remains crucial for balancing security, functionality, and usability.

Relevance Scale (0-10): 4 - Network architecture design requires contextual understanding and trade-off decisions that AI cannot fully automate.

Competency 2: Identity Management Implementation

Description: A cybersecurity student will implement and configure FreeIPA (T0097) as an identity management solution for an SME environment, establishing user authentication, authorisation policies, and directory services. They will ensure secure access control across the IT environment.

Degree of Completion: Implementation must include configured user authentication with multi-factor capabilities, role-based access control policies, group management, and successful integration with at least three different services or applications.

AI Assistance: Generative AI can generate configuration scripts, suggest best practices for identity policies, create testing scenarios, and develop user provisioning workflows.

Future AI Impact: While AI will increasingly automate configuration and policy management, the integration aspects and security architecture decisions require human expertise.

Relevance Scale (0-10): 5 - Identity management requires balancing security, usability, and compliance considerations that AI cannot fully address independently.

Competency 3: System Hardening Implementation

Description: A cybersecurity student will develop and implement system hardening procedures (T0216) for servers and endpoints using CIS Benchmarks and security best practices. They will create automated scripts for consistent application of security configurations across multiple systems.

Degree of Completion: Hardening procedures must be applied to all systems with 100% consistency, achieve at least 90% compliance with relevant CIS Benchmarks, and pass vulnerability scanning with no high or critical findings related to system configuration.

AI Assistance: Generative AI can generate hardening scripts, analyse compliance with benchmarks, suggest remediation actions, and prioritise security controls based on risk.

Future AI Impact: AI will increasingly automate hardening processes, compliance checking, and remediation, though human oversight remains necessary for context-specific exceptions.

Relevance Scale (0-10): 6 - System hardening tasks will become increasingly automated, though security architecture decisions require human judgment.

Competency 4: Secure Baseline Configuration Management

Description: A cybersecurity student will establish and maintain secure baseline configurations (T0478) for different system types, creating configuration management processes, version control for baselines, and compliance monitoring to ensure systems remain securely configured over time.

Degree of Completion: Baseline management must include documented configurations for all system types, configuration drift detection, automated compliance checking, and successful version control with at least three baseline iterations.

AI Assistance: Generative AI can generate baseline templates, analyse configuration drift, create comparison reports, and suggest security improvements to baselines.

Future AI Impact: AI will increasingly automate baseline definition, compliance monitoring, and drift detection, though human judgment remains necessary for evaluating security implications of configuration changes.

Relevance Scale (0-10): 6 - Configuration management processes will become increasingly automated, though contextual decision-making still requires human expertise.

Competency 5: Disaster Recovery Implementation

Description: A cybersecurity student will implement disaster recovery capabilities (T0501) using open source tools such as Duplicati or Bacula, establishing backup policies, testing recovery procedures, and ensuring business continuity in the event of system failures or security incidents.

Degree of Completion: The solution must successfully back up all critical systems, demonstrate recovery capabilities through at least three different recovery scenarios, maintain recovery point objectives within one hour, and recovery time objectives within four hours.

AI Assistance: Generative AI can generate backup policy templates, create testing scenarios, develop recovery procedure documentation, and analyse backup performance metrics.

Future AI Impact: AI will increasingly optimise backup strategies and predict potential failures, though recovery orchestration in complex environments still requires human oversight.

Relevance Scale (0-10): 5 - Disaster recovery planning requires contextual understanding of business priorities that AI cannot fully automate.

3. Open Source Security Monitoring Engineer

Competency 1: SIEM Implementation with ELK Stack

Description: A cybersecurity student will implement a Security Information and Event Management (SIEM) solution (T0162) using the ELK Stack (Elasticsearch, Logstash, Kibana) by deploying the components, configuring data ingestion from multiple sources, establishing data retention policies, and optimising performance for an SME environment.

Degree of Completion: Implementation must include successful data collection from at least five different source types, proper data indexing and storage, query performance meeting defined benchmarks, and compliance with defined retention requirements.

AI Assistance: Generative AI can generate configuration files, create data mapping schemas, develop Logstash parsing rules, and suggest performance optimisation strategies.

Future AI Impact: AI will increasingly automate SIEM deployment and configuration, though architecture decisions and performance tuning require human expertise.

Relevance Scale (0-10): 5 - SIEM implementation involves technical complexity and environment-specific considerations that limit full automation.

Competency 2: Security Monitoring Rule Development

Description: A cybersecurity student will develop and implement detection rules (T0166) for Wazuh and Suricata by analysing threat intelligence, understanding attack patterns, and creating correlation logic to identify security events of interest within an SME environment.

Degree of Completion: Rule development must include at least 20 custom detection rules covering different threat categories, successful detection of all simulated attack scenarios, and a false positive rate below 10% during testing.

AI Assistance: Generative AI can suggest rule syntax, generate rules based on threat descriptions, analyse rule effectiveness, and recommend improvements to reduce false positives.

Future AI Impact: AI will increasingly assist with rule generation and optimisation, though contextual understanding of the environment and emerging threats requires human expertise.

Relevance Scale (0-10): 6 - Rule development will become more automated, but adaptation to specific environments and evolving threats requires human oversight.

Competency 3: Security Dashboard Development

Description: A cybersecurity student will design and implement security monitoring dashboards (T0177) using Kibana and Grafana by identifying key security metrics, creating visualisations, and developing an intuitive interface for security operations suitable for SME environments with limited security personnel.

Degree of Completion: Dashboards must include at least 10 distinct visualisations covering different security aspects, provide actionable insights without overwhelming operators, and pass usability testing with non-specialist users.

AI Assistance: Generative AI can suggest dashboard layouts, generate visualisation configurations, recommend effective metrics, and help optimise dashboard performance.

Future AI Impact: AI will increasingly automate dashboard creation and optimisation, though effective security visualisation design requires human understanding of operational needs.

Relevance Scale (0-10): 7 - Dashboard development will become increasingly automated, though human input remains important for usability and operational context.

Competency 4: Network Monitoring with Suricata

Description: A cybersecurity student will implement network security monitoring (T0160) using Suricata IDS/IPS by deploying the solution at appropriate network points, configuring detection capabilities, establishing alert workflows, and tuning the system to balance security visibility with performance.

Degree of Completion: Implementation must achieve network visibility of at least 95% of relevant traffic, successfully detect all simulated network attacks, generate actionable alerts, and maintain system performance within defined parameters.

AI Assistance: Generative AI can generate Suricata configurations, suggest rule optimisations, create deployment architecture diagrams, and help with performance tuning parameters.

Future AI Impact: AI will increasingly automate deployment and tuning, though architecture decisions and context-specific optimisations require human expertise.

Relevance Scale (0-10): 5 - Network monitoring implementation involves technical complexity and environment-specific considerations that limit full automation.

Competency 5: Security Monitoring Integration

Description: A cybersecurity student will integrate multiple security monitoring tools (T0150) including Wazuh, ELK Stack, and Suricata by establishing data flows between systems, creating unified alerting mechanisms, and developing a cohesive security monitoring ecosystem appropriate for SME environments.

Degree of Completion: Integration must enable seamless data flow between all tools, provide centralised visibility across security controls, establish unified alerting, and demonstrate end-to-end monitoring capabilities for at least five security use cases.

AI Assistance: Generative AI can generate integration scripts, suggest API configurations, create architecture diagrams, and help develop correlation rules across platforms.

Future AI Impact: AI will increasingly assist with integration tasks, though architecture decisions and tool selection for specific environments require human expertise.

Relevance Scale (0-10): 4 - Security tool integration involves complex decisions about interoperability and environment-specific requirements that limit full automation.

4. Vulnerability Management & Incident Response Analyst

Competency 1: Vulnerability Management Implementation

Description: A cybersecurity student will implement a vulnerability management programme (T0028) using OpenVAS by establishing scanning policies, configuring regular assessments, developing remediation workflows, and creating a vulnerability prioritisation framework appropriate for resource-constrained SME environments.

Degree of Completion: Implementation must include automated scanning of all in-scope assets, accurate vulnerability detection validated through testing, prioritisation based on risk factors, and documented remediation workflows with SLAs appropriate for SMEs.

AI Assistance: Generative AI can generate scanning policies, suggest scan schedules, create prioritisation frameworks, and develop remediation guidance for common vulnerabilities.

Future AI Impact: AI will increasingly automate vulnerability identification and prioritisation, though remediation planning requires human judgment about business impact and resource allocation.

Relevance Scale (0-10): 6 - Vulnerability management processes will become more automated, though context-specific remediation decisions require human input.

Competency 2: Incident Response Plan Development

Description: A cybersecurity student will develop incident response plans and procedures (T0163) tailored for SME environments by defining incident categories, establishing response workflows, creating communication protocols, and designing escalation procedures that account for limited security resources.

Degree of Completion: Plans must cover at least five incident categories, include detailed step-by-step response procedures, define roles and responsibilities, establish communication templates, and pass validation through tabletop exercises.

AI Assistance: Generative AI can generate response procedure templates, suggest communication protocols, create decision trees for incident handling, and develop documentation formats.

Future AI Impact: AI will increasingly assist with procedure development and documentation, though effective incident response planning requires human understanding of organisational context and capabilities.

Relevance Scale (0-10): 4 - Incident response planning requires organisational context and resource consideration that limits full automation.

Competency 3: Security Automation Implementation

Description: A cybersecurity student will implement security automation workflows (T0295) using open source tools such as n8n or Shuffle by identifying manual processes suitable for automation, creating workflow definitions, and establishing automated responses to common security events appropriate for SME environments.

Degree of Completion: Implementation must include at least 10 automated workflows covering different security processes, demonstrate successful end-to-end execution, achieve at least 40% reduction in manual effort for covered processes, and include proper error handling.

AI Assistance: Generative AI can suggest automation candidates, generate workflow definitions, create integration scripts, and develop testing scenarios for automated processes.

Future AI Impact: AI will increasingly enable advanced automation capabilities, though workflow design and integration requires human expertise for context-specific requirements.

Relevance Scale (0-10): 7 - Security automation will become increasingly sophisticated, though human oversight remains essential for complex workflows and exception handling.

Competency 4: Incident Investigation and Forensics

Description: A cybersecurity student will perform security incident handling (T0175) using open source forensic tools by establishing evidence collection procedures, conducting malware analysis, investigating indicators of compromise, and documenting investigative findings in a manner suitable for SME environments.

Degree of Completion: Investigation capabilities must be demonstrated through at least three different incident scenarios, include proper evidence handling documentation, produce actionable findings, and follow forensically sound methodologies.

AI Assistance: Generative AI can suggest investigation procedures, help analyse log patterns, generate investigation documentation, and identify potential additional indicators to investigate.

Future AI Impact: AI will increasingly assist with automated analysis and pattern recognition, though investigative decision-making and contextual interpretation require human expertise.

Relevance Scale (0-10): 4 - Incident investigation involves analytical thinking and contextual interpretation that limits full automation.

Competency 5: Security Event Triage

Description: A cybersecurity student will perform security event triage (T0163) by analysing alerts from multiple tools, determining incident severity, initiating appropriate response actions, and documenting findings in accordance with established procedures for an SME environment.

Degree of Completion: Triage processes must accurately classify at least 90% of security events, initiate correct response actions for all high-priority incidents, properly document all triaged events, and meet defined time objectives for initial assessment.

AI Assistance: Generative AI can help prioritise alerts, suggest initial response actions, generate triage documentation, and provide contextual information about potential threats.

Future AI Impact: AI will increasingly automate initial triage and enrichment, though investigative decisions in complex cases require human judgment.

Relevance Scale (0-10): 6 - Alert triage will become increasingly automated, though human judgment remains essential for complex cases and context-specific decision-making.

5. Compliance and Resilience Specialist

Competency 1: Security Policy Development

Description: A cybersecurity student will develop security policies and procedures (T0149) aligned with frameworks such as CIS Controls or ISO 27001 by creating documentation appropriate for SME environments, establishing security requirements, and ensuring policies are practical for implementation with limited resources.

Degree of Completion: Policy development must include at least 10 core security policies covering different control areas, align with selected frameworks, pass review for clarity and practicality, and include implementation guidance appropriate for SMEs.

AI Assistance: Generative AI can generate policy templates, suggest framework-aligned controls, create implementation checklists, and help adapt industry standards to SME contexts.

Future AI Impact: AI will increasingly automate policy generation and framework mapping, though effective policy development requires human judgment about organisational context and practical implementation.

Relevance Scale (0-10): 6 - Policy development will become more template-driven, though adaptation to specific organisational contexts requires human input.

Competency 2: Compliance Assessment and Gap Analysis

Description: A cybersecurity student will conduct compliance assessments (T0294) against relevant frameworks and standards by evaluating existing controls, identifying gaps, and developing remediation plans that prioritise actions based on risk and resource constraints for an SME environment.

Degree of Completion: Assessment must evaluate compliance against at least one industry framework, identify all significant gaps, provide risk-based prioritisation for remediation, and include realistic implementation recommendations suitable for SMEs.

AI Assistance: Generative AI can generate assessment questionnaires, analyse control coverage, create gap reports, and suggest remediation approaches for identified gaps.

Future AI Impact: AI will increasingly automate compliance mapping and assessment, though contextual interpretation and prioritisation require human judgment.

Relevance Scale (0-10): 5 - Compliance assessment involves contextual interpretation and judgment that limits full automation.

Competency 3: Security Awareness Programme Development

Description: A cybersecurity student will develop and implement a security awareness programme (T0130) for SME environments by creating training materials, establishing awareness campaigns, developing measurement mechanisms, and focusing on high-impact behaviours appropriate for non-technical users.

Degree of Completion: Programme must include at least five training modules covering different security topics, establish a training delivery schedule, include materials appropriate for different user roles, and develop metrics for measuring effectiveness.

AI Assistance: Generative AI can create training content, generate awareness materials, suggest campaign strategies, and develop assessment questions for measuring knowledge retention.

Future AI Impact: AI will increasingly automate content creation and personalisation, though effective awareness programme design requires human understanding of organisational culture and learning needs.

Relevance Scale (0-10): 5 - Security awareness programmes require understanding of human behaviour and organisational culture that limits full automation.

Competency 4: Business Continuity Planning

Description: A cybersecurity student will develop business continuity plans (T0178) appropriate for SME environments by identifying critical functions, establishing recovery objectives, creating continuity procedures, and ensuring resilience of essential operations during disruptions.

Degree of Completion: Plans must identify all critical business functions, establish realistic recovery time objectives, include detailed continuity procedures for at least three disruption scenarios, and pass validation through tabletop exercises.

AI Assistance: Generative AI can generate continuity plan templates, create business impact analysis frameworks, develop recovery procedure documentation, and suggest testing scenarios.

Future AI Impact: AI will increasingly assist with plan generation and documentation, though effective continuity planning requires human understanding of business priorities and operational dependencies.

Relevance Scale (0-10): 4 - Business continuity planning requires deep understanding of organisational operations and priorities that limits full automation.

Competency 5: Security Metrics and Reporting

Description: A cybersecurity student will develop security metrics and reporting (T0286) appropriate for SME stakeholders by identifying key performance indicators, establishing measurement methodologies, creating executive dashboards, and producing reports that effectively communicate security status to technical and non-technical audiences.

Degree of Completion: Metrics programme must include at least 10 relevant security metrics across different control areas, establish automated data collection where possible, produce clear executive reports, and demonstrate alignment with business objectives.

AI Assistance: Generative AI can suggest appropriate metrics, generate report templates, create data visualisations, and help develop narrative explanations for technical findings.

Future AI Impact: AI will increasingly automate data collection and visualisation, though effective security reporting requires human judgment about stakeholder needs and business context.

Relevance Scale (0-10): 6 - Security reporting will become increasingly automated, though contextual interpretation and communication strategy requires human expertise.

Project Deliverables

Fully operational SME security operations environment using in-demand open source tools
Complete documentation for installation, configuration, and operations
Set of incident response playbooks for common security scenarios
Custom dashboards in Kibana and Grafana for security visualisation
Vulnerability management framework using OpenVAS
Presentation demonstrating the integrated solution and lessons learnt