Finding Exercise Equilibrium: How to Support the Game Balance at the Very Beginning? (Abstract Only)

Cyber defence exercises (CDX) represent a popular form of hands-on security training. Learners are usually divided into several teams that have to defend or attack virtual IT infrastructure (red vs. blue teams). CDXs are prepared for learners whose level of skills, knowledge, and background may be unknown or very diverse. This is evident in the case of high-profile international CDXs with hundreds of participants coming from government agencies, military, academia, and the private sector. In this poster, we present techniques for distributing learners into teams with respect to their level of proficiency and the prerequisite skills required by the exercise. Our aim is to reach a balance between proficiency and the exercise to make the exercise beneficial for the learners and an effective investment for sponsors. The poster describes three methods and compares their advantages and disadvantages. First, we present self-assessment questionnaires, which we have already used in four runs of a national CDX for 80 participants. We outline our findings from an analysis of the learners' self-assessment before and after the exercise, and the score they achieved during the exercise. Second, we introduce a promising method for testing the prerequisites of the exercise. This is still a work in progress but we believe that this method enables the better assessment of learners' skills with respect to the exercise content, and supports the game balance better. Finally, we compare both methods to a naïve one that shuffles participants into teams randomly.