USE OF VIRTUALIZATION TO TEACH INFOSEC PRACTITIONERS OFFENSIVE AND DEFENSIVE SECURITY
With the daily security breaches in both private and public organizations, stakeholders are demanding protection of their personally identifiable information (PII). Yet despite the continued increase in IT budgets to enhance the overall security posture of organizations’ infrastructure, large data breaches that affect millions of records per security breach is becoming all too common. Effective protection of modern network infrastructures requires a new generation of security experts skilled at identifying, assessing, preventing, and effectively responding to security attacks. However, universities and colleges continue to fall short of producing graduates with the level of expertise who can implement security controls that meet organizational needs. Current teaching model relies almost entirely on defensive safeguards that are inadequate to address modern security attacks. Continual reliance on teaching the next generation mainly defensive security skills will lead to an expansion in skill gap between attackers and defenders of enterprise data assets. This paper investigates how a hybrid model built on virtualization technology addresses both attack and defense of data assets will better prepare future security practitioners.