Fundamental principles for the design and application of cyber ranges for training cybersecurity specialists
DOI:
https://doi.org/10.18372/2225-5036.31.20703Keywords:
cyber range, cybersecurity training, NICE Framework, Bloom’s taxonomy, Kolb’s cycle, Infrastructure as Code, scenario as code, digital twins, situational awareness, learning analytics, SIEM/SOAR, agentic RAG, multi-agent reinforcement learning, Purple TeamAbstract
This paper presents a comprehensive analysis of the fundamental principles for designing and applying cyber ranges as controlled learning and research environments for developing professional cybersecurity competencies. The evolution from static virtual labs to scalable cloud-based ecosystems and digital twins is outlined, emphasizing realistic network topologies, business services, and user behavior modeling. The study substantiates the need to combine technological automation with instructional design, including Bloom’s taxonomy and Kolb’s experiential learning cycle, and to align training outcomes with the NICE Workforce Framework. Particular attention is given to scenario lifecycle management, reproducibility through Infrastructure as Code and “scenario as code”, and objective performance assessment using learning analytics and situational awareness metrics. The paper also discusses the role of AI-driven automation, including agentic RAG approaches and multi-agent reinforcement learning, for adaptive scenario generation and dynamic adversary modeling, while highlighting the importance of verification and controlled use in training settings.
