Cyber Ranges Prepare Students for Cybersecurity Careers

“It’s a sandbox environment that’s completely separated from all other systems,” says Katerina Goseva-Popstojanova, program director of undergraduate studies in cybersecurity and a professor in WVU’s Lane Department of Computer Science and Electrical Engineering. “It lets you create all kinds of realistic scenarios that provide hands-on support for the principles that students learn in class.”

In that pen testing exercise, for example, the Linux and Windows machines are configured with flaws that a real attacker might try to exploit. The challenge for students is to “find the vulnerabilities, escalate the privileges and move laterally through the system” as if they were security professionals, Goseva-Popstojanova says. Students also learn to use tools driven by artificial intelligence for malware detection and data analytics, and they experiment with everything from firewalls to Internet of Things devices as they hone their cybersecurity expertise.

Designated as a National Center of Academic Excellence in Cyber Defense Education (CAE-CD) by the National Security Agency, leaders in WVU’s bachelor’s program in cybersecurity now see its cyber range as critical to its programming for students pursuing cybersecurity careers.

“This is about preparing future professionals with hands-on experience,” Goseva-Popstojanova says. “Employers are looking for people with the skills our students are developing here.”

Cyber Ranges Offer Risk-Free, Relevant Cybersecurity Experience

In fact, according to a recent survey by ISACA, while cybersecurity jobs remain in high demand, organizations across industries are reporting a decline in open entry-level positions in the field. Instead, explains Marty Barrack, CISO and chief legal and compliance officer at XiFiN and a member of ISACA’s Emerging Trends Working Group, companies are seeking tested candidates who can step in and add value on day one.

“When we go out and hire, even for an intern position, the more real-life experience you have, the more we’re going to be interested,” Barrack says. That’s because of the rapidly evolving cybersecurity landscape, an AI-enhanced world of tools and techniques that’s making the job more complex. “We may not require that you’ve actually worked in the field, but it’s important that you bring hands-on skills,” he explains.

At Regent University in Virginia, Cheryl Beauchamp, director of the Institute for Cybersecurity and Chair of the Department of Engineering & Computer Science, says she’s heard much the same message from companies that come to Regent for recruiting purposes. “They tell the students, ‘If you spend time on the cyber range, make sure to share that in your application because we see it as relevant experience,’” she says.

The university’s cyber range is an essential part of the educational process for students in its CAE-CD-designated, bachelor’s-level Cybersecurity program, Beauchamp explains. The facility, which opened in 2017, can be accessed in person or online, and is organized into two separate spaces, each equipped with about two dozen workstations. To simulate what it’s like to work in a security operations center (SOC), the computers are clustered together on tables in pods of six. “We want to see students communicating and working together as if they were part of a SOC team,” she says.

Beauchamp adds that when she shows the cyber range to prospective students, she sometimes compares it to a firing range. “If you’re in the military and you’re learning how to use a weapon, it’s important that you do so in a safe environment where you’re going to be protected,” she says. On the range, students gain exposure to detection tools, firewalls and data analytics solutions from industry leaders like Palo Alto Networks and Splunk, and they even learn to defend cyber-physical systems such as power grids and other critical infrastructure.

“Identifying threats, applying countermeasures, securing data — it all happens here, where they’re free to make mistakes without worrying about the consequences,” Beauchamp says.

Students Use Cyber Ranges To Put Theory into Practice

A similar teaching philosophy is in play at the cyber range at Pace University in New York. The facility opened in 2024 and is primarily used by undergraduates and master’s students in the university’s Seidenberg School of Computer Science and Information Systems.

Seidenberg School Dean Li-Chiou Chen says the range serves as a safe space for students to experiment with various cybersecurity scenarios.

“We might give them a case study in which they’re hired to help the CISO of a town, and they have to run a series of tests on their servers, for example.” Students have also practiced protecting the operational technologies used to control a hypothetical hydraulic dam, and the facility is often used for capture-the-flag competitions.

With a bank of 10 workstations and a wall with multiple monitors, the range is designed to resemble a SOC. But the physical space isn’t the only draw for the Pace community, Chen says. The university has three campuses, so many students choose to access the facility remotely, logging in to the virtualized environment with their school credentials.

In the classroom, students mostly learn the theories behind cybersecurity — an important part of their education, but typically just the tip of the iceberg in terms of their future as technology professionals, Chen says. Noting that Pace has been named one of the nation’s top universities for experiential learning, Chen says that the cyber range is different: “Here, they’re putting that knowledge to work. They’re learning what it’s like to do cybersecurity in the real world.”