Toyota has been a part of the cultural fabric in North America for more than 60 years and is committed to advancing sustainable, next-generation mobility through its Toyota and Lexus brands, plus its more than 1,800 dealerships. As such, Toyota is a proactive leader in secure mobility, committed to the safety and security of its supply chain, data, intellectual property, products, dealers, distributors, and the motoring public, not just its customers.
Toyota Motor North America (TMNA) is a leader in key forums around the world to advance automotive cybersecurity and has a highly skilled team of experts in the field of cybersecurity. The team actively works to address cybersecurity challenges with effective and practical solutions in partnership with public and private-sector stakeholders to raise the defenses of the entire automotive ecosystem, improve and enhance cybersecurity standards, and share near real-time threat intelligence.
Led by Gabe Lawrence, VP of Information Security Cyber Protection, and Kell Rozman, Cybersecurity Lead, TMNA searched for a solution to practice new skills hands-on while looking to bridge the knowledge gap between security and cloud to make sure the team was as up to date as possible on the latest techniques and prepared for any cyber incident.
Finding good training was challenging, especially when the team wanted a hands-on approach to learning. The team is made up of a mix of different backgrounds and experience levels including blue teamers specializing in SOC analysis, so TMNA was looking for an interactive solution that catered to everyone. They enjoyed the Capture The Flag (CTF) style of learning because it was collaborative, but it was difficult and time-consuming to create and set up challenges themselves. Some beginners were also a little intimidated by CTFs, so they needed to prioritize a collaborative approach versus team members trying to figure it out on their own.
“You don’t need to be a hero, it’s okay to ask for help! We’ve encouraged our team to lean on each other to learn, collaborate, which makes a more successful and happy security team.” - Kell Rozman
They also wanted to bridge the gap between traditional security and emerging cloud technologies with a cloud training provider.
They turned to Hack The Box’s Dedicated Labs after Gabe enjoyed using HTB as an individual.
Now, the team hosts a CTF using the Dedicated Lab instances every Friday afternoon for the team to collaborate in a fun and casual environment. Each week, five to 15 team members participate from a variety of backgrounds and skill levels, including blue team security engineers. They’ve been hosting CTF Fridays for over a year and enjoy learning through each other and have even set up a buddy system for team members to continue collaboration outside of the live event.
Gabe and Kell participate in the Friday CTFs as well and love the “show and tell” style of learning they’ve been advocating to their team. Their goal is to reduce the stigma of feeling like cybersecurity professionals should know everything by showing that asking questions and getting stuck is normal. It has been crucial for the team to see that these problems are hard across the board for all skill levels, even though Gabe has participated in many CTF activities, we all have the opportunity to struggle together and see how important it is to develop new skills in the evolving world of cybersecurity.
“We use the Dedicated Labs instances for CTFs we host every Friday afternoon. It’s a fun and casual way for the team to gather and work together to solve challenges - and our favorite way to end the work week!” - Gabe Lawrence
The team also recently signed up for BlackSky, Hack The Box’s Cloud Enterprise Labs, to train the team and gain more knowledge on cloud security. Continuing education and cyber readiness are extremely important to the TMNA team, so they invested in the future of the industry, cloud.
“Since implementing BlackSky Cloud Labs, the team has really bridged the knowledge gap between traditional security and cloud. The labs are both challenging and engaging, and we’ve definitely noticed an improvement in our cloud security posture.” - Kell Rozman
Since launching the training sessions on May 1, 2021, the team has
Worked through 22 HTB machines getting both user and system access and 26.67% through BlackSky Cloud Lab
Seen a 150% increase in team learning session participation
Improved knowledge and skillsets within 11 months
The Friday CTF initiative has been a huge success for the team. People are curious about and excited about the events, and it’s also been a big help for recruitment in the cybersecurity department.
Learning by building and doing has been the best approach for the team. Kell is happy with the analytics of the manager dashboard and uses it often to gather insights on how well the team is performing. The analytics tool has been helpful to understand pain points, but also to see what team members are learning and what they are going back to learn more of. It’s also helped them utilize their buddy system: by pairing people up based on blockers they are experiencing, TMNA has greatly increased productivity.
The analytics tools HTB provides are extremely helpful to me and my team. We can easily identify pain points and establish a buddy system to pair colleagues together to work through any challenges.” - Kell Rozman
The team has not only developed new skills with Dedicated Labs and BlackSky labs, but they’ve also learned how to apply that knowledge to real-world situations. For example, after the log4j vulnerability, when discussing the issues with the team, they contributed great insight and understanding of how to respond and approach the exploit.
To narrow it down, here are the top three results TMNA has achieved since implementing Hack The Box as their training solution:
Hack The Box has made their team more engaged in cybersecurity, both inside the department and cross-functionally
Talent recruitment efforts are strengthened because training and development opportunities are a tangible benefit that candidates look for when choosing an employer
The team has been able to apply security knowledge to other areas of IT
“There’s a stigma of cybersecurity being magic or as easy as it’s portrayed in shows, but it’s not. Hack The Box has helped us learn to address that stigma and get prepared for anything by updating our skills and knowledge base.” - Gabe Lawrence
emmabro & egre55, May 26, 2022