The article was written with Grethe Østby, Basel Katt, and myself on 'Exercise Control teams in cybersecurity training' has now been published.
A cyber range is an arena where exercise will be used to expose individuals, public and private organizations, and government agencies to simulate socio-technical cyber security events and situations in a realistic but safe environment. Running these exercises is a demanding task, and the exercise control (EXCON)-team have vast and detailed tasks to run and coordinate during the exercise. Often the team-members in EXCON sit upon tacit knowledge and inherited experience rather than formal pedagogical knowledge. As cyber rangers will provide full-scaled cyber exercises for different organizations; on strategic, tactical and operational levels, there will also be a need of bringing in diverse experts in the EXCON-teams, such as experts from CERT’s and other real-life stakeholders. These vast tasks require excellent capabilities to manage such teams and will be one of the most important roles to frame. In this paper we suggest a framework for EXCON-team roles running full scaled cyber-incident exercises and want to test this framework during running the exercises.