Summary
Matthew J. Harmons SANS @ Night presentation Emerging Cyber Ranges: Competition to Compliance, delivered on June 27, 2018, explores how purpose-built environments can accelerate offensive and defensive security practice, foster competitive e-sports, and underpin formal compliance and product validation efforts .
Cyber Range
First, Harmon defines a cyber range as any isolated, refreshable networkvirtual or physicalused to detonate malware, test exploits, or simulate advanced threats. He surveys existing platforms from SANS NetWars (both virtual challenges and the physical CyberCity model) to JYVSECTECs SCADA-focused ranges and the Michigan Cyber Range, and even the DARPA-led National Cyber Range. Each example illustrates how controlled environments enable realistic training, product proof-of-concepts, and large-scale team competitions without risking production assets .
Principles to Proof of Concept
Second, the talk shifts to design principles and hands-on constructs. Harmon outlines key requirementscontainment, auto-scaling, encrypted peer tunnels, explicit authorization, rapid restoration, and portabilityand presents a Raspberry Pi-based proof-of-concept leveraging OPNsense, HardenedBSD routing, iPXE booting, and YubiKey-backed hardware security modules. He also covers adversary simulation using MITRE CALDERA, Uber Metta, and Netflixs Simian Army, and shows how cyber ranges can be woven into compliance lifecyclesfrom requirements gathering through vendor evaluation, baseline verification, and resilience testingtransforming these playgrounds into governance-grade testbeds .