Identifying Security Gaps
The CISO workshops revealed that not all NRENs were meeting the basic security requirements, they also showed that some organisations were not even utilising the GÉANT Security Baseline, a framework developed by and for NRENs to meet their needs and requirements. Recognising this critical gap and the lack of resources that some NRENs face, GÉANT sought a solution to address these vulnerabilities.
The Security Bootcamp
The solution came in the shape of the Security Bootcamp initiative. This innovative programme aims to provide hands-on experience and training sessions to NRENs. Its primary objective is to support the implementation of the GÉANT Security Baseline, as well as to demonstrate its benefits and ease of use. Specifically, the bootcamps target NRENs that face resource constraints (both human and time), however the programme can also support NRENs that would like to use it as a knowledge chain and redeploy it for their connected members (e.g. universities, research institutions). During these interactive workshops, participants gain hands-on experience with the security baseline, moving beyond theoretical learning to practical application. It’s a tailor-made programme which delivers benefits deriving from the shared experience with peers from NRENs with a similar security maturity level.
Tailored Programmes
Each bootcamp programme is based on pre-defined objectives agreed with each NREN and on the results of the security baseline assessment, and covers the following essential areas:
- Structure: understanding the organisational security setup, roles and responsibilities within NRENs.
- Strategy: developing effective security strategies aligned with NREN goals.
- Objectives: defining clear security objectives to guide implementation.
- KPIs (Key Performance Indicators): measuring progress and success.
- Planning: creating actionable plans to enhance security posture.
- Policy: establishing and provide robust security policies and guidelines.
Senior Management Involvement
Crucially, senior management participation is vital. Their engagement ensures alignment between security initiatives, top management strategy and overall organisational goals. By actively participating, senior leaders contribute to an open culture of security awareness and commitment.
Peer Learning and Collaboration
The bootcamps set-up favours a micro-network environment of up to four NRENs with similar maturity levels, where participants engage in open and trusting discussions, sharing knowledge, experiences, and best practices. This collaborative approach aims to allow NRENs to learn from their peers, improving their cybersecurity status.
“Key to a successful bootcamp is openness and communication with peers. In this environment participants can openly speak about the gaps in their security management and learn from each other. It is all about learning from and contributing to the NREN community.” – says Michel Gerdes, Senior Consultant and DPO, DFN-CERT.
Michel has been involved in the bootcamp concept’s preparation and delivery from the start working closely with Ana Alves.
Successful Launch: Eastern Partnership NRENs
The inaugural GÉANT Security Bootcamp took place in March 2024 and involved the Eastern Partnership NRENs: GRENA (Georgia), ASNET-AM (Armenia), AzScienceNet (Azerbaijan), RENAM (Moldova).
“The Security Bootcamp event was very important for GRENA as we are in the process of developing a Data Protection Policy and an Information Security Policy for our organisation. The experience shared by GÉANT in this field was valuable, interesting and useful.” – Ramaz Kvatadze CEO, GRENA, Georgia
“The GÉANT Security Bootcamp gave us an understanding of how to stand on the front lines of information security to ensure a safer tomorrow for all.” – Babak Nabiyev, Head of AzScienceNet NOC, Azerbaijan
Expanding Horizons
Ana Alves, GÉANT CISO closes: “The security bootcamps give us the opportunity to share our expertise and offer our support to the R&E community. Our aim for our members is to reach a robust security maturity level and achieve a more proactive security posture. I firmly believe that by investing in awareness and prevention we can improve our security landscape. We are also working on a pilot to extend the initiative beyond Europe with the hope to strengthen cybersecurity practices across continents.”
Read or download the full magazine here
