Cyber attackers aren’t passive; defenders can’t be either

Training program teaches cyber operators to adopt an offensive mindset to defend against attacks

As a cyber engineer, he is more than familiar with the internet, cybersecurity and the threats that exist online.

But once he learned more about known cyber exploits and vulnerabilities, and started thinking like a hacker, he quickly realized that he needed to do more to protect his devices.

“It's like in Harry Potter where they had ‘Defense Against the Dark Arts’ teachers who taught the wizarding students all the dark arts so they knew how to defend themselves against it,” said Ferguson, who works in computer network operations at Raytheon Intelligence & Space’s Cyber Offense and Defense Experts, or CODEX.

Raytheon Intelligence & Space, a Raytheon Technologies company, recognizes that cyber defenders need to know the techniques, tactics, and tools that hackers — be they state actors, ransomware criminals, or lone-wolfs — use, so they’ll be better able to defend against them.

There is a worldwide shortage of cybersecurity experts. Currently, there are about 377,000 vacant cyber jobs in the U.S. and 2.7 million globally, according to a report from (ISC)2, a non-profit organization specializing in cyber training and certification programs that issues an annual study on cybersecurity workforce trends.

CODEX is addressing this shortfall through an in-house program to develop and increase these rare skillsets. Called Offensive Labs, it’s a training program that is teaching students topics such as vulnerability research, computer network operations, and binary reverse engineering, the process of dissecting and understanding source code when the original software code is unavailable.

“We’re approaching this from the perspective of a hacker and using our knowledge of offensive tactics to better inform how we do cyber defense,” said Tim Zentz, acting director of CODEX. “To help individuals adapt to this mindset, we’re working with them to determine their current capabilities and guiding them in expanding their skills and knowledge.”

The first class had seven students, many of whom had worked at the company for only a year or two. By the end of 2022, the program’s organizers plan to have 50 graduates.

The training is virtual, meaning the program can teach students wherever there’s a need — a critical advantage that allows Raytheon Intelligence & Space to better meet customer requirements, wherever they might be. Many in the first group of cohorts worked out of CODEX’s facility in Greenville, South Carolina, because of customer needs and a shortage of employees with the required skillsets.

“Cyber operators with these skillsets are highly sought after, and whether we’re losing them to the great resignation, competitors, startups, you name it, we needed to find a way to keep the great people we have,” said James Thompson, Offensive Labs director and CODEX Digital Technologies director. “Offensive Labs is allowing individuals to retool for the future, get new opportunities and take on new challenges.”

The course starts with a recap of basics including assembly language, a low-level programming language designed to communicate instructions with specific computer hardware, then moves on to more advanced exercises like analyzing ready-to-run programs in the Linux operating system and using the Python programming language to develop exploits against them.

“It’s our assessment phase in which we expose the students to a broad range of things ranging from vulnerability research to binary exploitation to reverse engineering,” said Thompson. “We really expose them to a lot of content, which helps us gauge where they are. Once we're finished with the general knowledge and assessment phase, we then break them down into that first tier of specialization for their skills.”

“We’re approaching this from the perspective of a hacker and using our knowledge of offensive tactics to better inform how we do cyber defense.” 

Tim Zentz, CODEX acting director

The students went on to learn how to analyze 64-bit Linux executables and develop Python-based exploits against each one. As they progressed, the focus shifted toward bypassing exploit-mitigations commonly used by modern applications. They also learned to uncover web browser exploits.

In the capstone project, the students put all their knowledge to the test to uncover a bug in an Android-based target platform and exploit it.

“We had tight deadlines with multiple things going on simultaneously,” Thompson said. “They had deliverables that were at a pace and quality that we expect. We provided them with same tools that the program execution teams use, and the same sets of software. It also let managers watch how they might perform on their programs. It was like an on-the-job interview.”

Besides growing new talent that can immediately be assigned to projects; Offensive Labs is also helping retrain and recruit talent.

“This shows that we’re committed to investing in our engineers, giving them opportunities to either advance or broaden their skillsets,” said Mike Weldon, Offensive Labs program manager. “We have quite a few junior-level engineers, but we’ve also had a handful of engineers who have been with CODEX for 10 years or more, and they’re very good at what they do. But they were looking for a change and joined the program.”

Graduates of Offensive Labs are eager to put their new skills into action. They know their work directly supports national security, and the course has shown them the extent and how nation-state and black-hat hackers pose a threat to the country’s infrastructure.

“We need to come up with defenses before attacks and zero days happen,” said Ferguson, using a cybersecurity term for newly discovered methods of attack. “We’ve got to be out there actively trying to hunt for these exploits, these vulnerabilities, ourselves, so we can learn to defend ourselves.”

For more information on cybersecurity jobs at Raytheon Technologies please visit our cyber careers site.