Symantec buys training firm to boost VR answer to skills shortage

Symantec has acquired two training firms to accelerate its virtual-reality platform that lets employees see the world through a hacker’s lens.

A week after selling Veritas, Symantec has acquired two related security firms — Blackfin Security and its hacker training unit Hacker Academy — to help it engage with enterprise customers that are feeling the pinch of the security skills deficit.

Blackfin Security provides phishing simulation and user awareness training, while delivering technical security training through Hacker Academy. Meanwhile, its ThreatForge platform provides training, skills assessments and simulation to IT and security pros.

Symantec said Blackfin Security will help it accelerate its gamification-led training efforts under “security simulation services”, which it uses to help customers become “cyber battle” ready and sharpen their incident response times following a breach. Symantec’s “virtual, live-fire environment” attempts to challenge players’ problem-solving skills as they familiarise themselves with the motives, tactics and tools of hacktivist, criminal, and nation state attackers.

Symantec hasn’t disclosed the value of the acquisitions, but Samir Kapuria, vice president and general manager of Symantec’s Cyber Security Services, said Blackfin will help it develop its virtual reality cyber programs to address the global shortage in security professionals.

“By expanding the Symantec team with Blackfin’s security talent and technical expertise, including their industry recognized Hacker Academy, we are positioned to advance the industry with new, forward-looking virtual-reality cyber programs focused on bridging the cyber skills gap for companies and countries,” he said.

As Kapuria explained, Symantec has taken a leaf from other high-risk industries like medicine and aviation, which have developed immersive learning through simulation to improve safety.

“By applying that same approach to cybersecurity,organizations will gain the advantage of having security practitioners ready to face a broad array of attacks, attackers, and operational security scenarios that exist in the wild. Otherwise, the current gap of cyber readiness ultimately increases incident response time and business impact for an organization when they are actively attacked,” he said.

“Fewer than two-thirds of organizations believe they have the staff or skillset necessary to address today’s growing cybersecurity challenges. Enterprises, universities, war colleges, government and industry leaders all need an ecosystem to build their security IQ and grow the cyber talent pool,” Kapuria added.

Symantec flagged the launch of its managed simulation training services and managed incident response services in Australia last year alongside a $12 million investment in new office space in Sydney.

As for the skills shortage that Symantec hopes will draw in customers, numerous studies have shown there has been a sustained shortfall of security professionals over the past five years, which has shown up in rising wages and governments being unable to fill growing cyber security programs.

Cisco has estimated there are one million security jobs vacancies worldwide. In Australia, the issue is expected to be canvassed in the Prime Minister and Cabinet’s now long overdue Cyber Security Review.

Symantec isn’t the first to look at gamification for security training. Salesforce last year reported some success in helping staff cut down on clicking phishing links and boosting reports of phishing email after it gamified security awareness training.

As Ira Winkler, president of Secure Mentem, explained, gamifying security awareness training usually means awarding points to employees who display good behaviours such as reporting things like phishing emails, social engineering attacks, or USB sticks found on the ground.

Want to know more?

Why not become a CSO member and subscribe to CSO's mailing list. 

Get newsletters, updates, events and more right here

Read more: Is penetration testing still effective?

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecurityhacker trainingSymantec’s Cyber Security ServicesVR answerhackerCSO AustraliaThreatForgeshortageHacker AcademySamir KapuriasymantecBlackfin Security

More about CiscoCSOSymantecVeritas

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Liam Tung

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place