Paper

This is my final paper for this class, Entreperneurship. While it was a trip to get this paper done, I did it with the best of my ability.

Introductory Overview

A problem circulating the industry has been the growing need for online training. Since covid has messed up many in-person jobs and internships, companies have been trying to get their foot back into proper job training. However, many people will not be able to attend training due to problems that may prevent them. So, we have come up with a software-based company that will help to improve the workplace for other companies. Our name is CoVR (pronounced cover) – Cybersecurity Virtual Reality.

What problems will our software address with company training? Interns and new hires may have transportation issues for work, which will hinder their work and training. This is due to the location of the office being too far from their homes, and not having the necessary funds and resources to transfer to a new place. Another problem would be the need to get “on-the-field” training for their jobs. With a potential lack of transportation and even with care for having a new hire/ intern being injured, companies are very complacent and iffy on sending people who have little to no knowledge of their company’s work out to experience real life. This is especially worrisome in jobs like healthcare and security, where emergencies can come up while showing new workers the ropes. These problems may not just stem from the new hires either. As I mentioned before, the quarantine laws for COVID messed up a lot of companies and their employees, causing many issues with availability in the workplace.

Our company looks to address these issues and change the world of cybersecurity training with this idea. We will create a software program that uses Virtual Reality to allow companies to simulate training programs and work environments. The plan is to create this program using a virtual workspace in a VR program, like Meta Quest. From there, a company can pay for our software and implement its training programs for interns and new hires. We want to start with smaller companies first, as these will have most of the problems I mentioned beforehand. If a larger company reaches out to us about interest, we would be more than welcome to provide them with our product.

            How does this software work and what are the steps to allow companies access to this? As we are a software company, we will most likely require any companies using our services to obtain the main hardware required for this, which will most likely consist of a VR headset and a PC/ laptop that can run our software. When adequate payment is met, we will provide the company with the software which hosts a moldable and customizable environment that any person with proper authorization can adjust to meet their training requirements and simulate the workplace. For example, a forensics company can make a simulated crime scene for new hires to get “on-the-field” experience by collecting mock evidence and writing reports on it later for a court case. From there, we can work with companies to help distribute and prepare different simulations for any interns and new hires and will provide basic installation help for anyone struggling to figure it out. This also can help current employees to keep up with their in-office tasks. We believe that with enough funding and time, we can expand our meta verse programs to allow the potential to complete tasks and group activities while at home. This may be more suited for things like team meetings, teaching, and even social events. So how will the process work? By these steps:

  1. Have the host company acquire the necessary hardware needed to run our software (VR headsets, Laptops, etc.)
  2. Install a program to run on the companies’ remote network for employees and new hires.
  3. Teach company administrators how to customize their virtual environment to emulate their real office space/ workspaces.
  4. From there, monitor how the product works for companies and take any feedback they may have. Provide necessary troubleshooting if needed.

Literature Review

            There is a ton of literature on cybersecurity-related incidents that only furthers the need for efficient training. One such article is titled, “Evaluating Self-Efficacy Pertaining to Cybersecurity for small businesses.”    A quick summary on this one is that small businesses fail to understand the need for cybersecurity, as they believe they are not likely to be attacked. However, small businesses have been involved in numerous cyber attacks. This article shows what effects cybersecurity training can have on peoples’ self-efficacy toward small business cybersecurity practices.

            Small businesses are not invincible and can be prone to different types of cyberattacks. Some examples include SQL injections (an attacker sends SQL code to a victim for malicious purposes) Denial of Service and Distributed Denial of Service attacks (flooding a network server to cut users out) Viruses, worms, trojan horses (all types of malware), and even Man-in-the-Middle attacks (attackers intercept cyber messages to collect or alter information). There are also psychological-based attacks such as social engineering, that can occur through phishing, baiting, vishing, smishing, and tailgating. This only proves that small businesses are not safe from cyber-attacks; they might be more at risk due to potentially lower security (https://www.proquest.com/docview/2497240123?parentSessionId=eIDP3CI%2F3lXai3u59fh22%2B5Q90fR0x27dw10cMg2%2BlU%3D&pq-origsite=primo).

            This proves why cybersecurity training is important. The article shows an increase in self-efficacy in cybersecurity due to the constantly growing cyber threats lurking everywhere. A study was conducted on the impact of reflective and embodied training on creativity and self-efficacy. It was a success and increased creative self-efficacy and expression. Another impact of training for self-efficacy happened within healthcare. Why I chose this article in the first place because self-efficacy motivated people to practice cybersecurity awareness, which is what we want to help achieve with our Innovation. With VR, this can be expanded and grow even more exponentially.

            Another article talks about the lack of VR usage in cybersecurity. It is a shame too, because VR has so many possibilities for uses besides just training. There have been attempts at collaborative practices between cyber organizations and other environments, however, it is a hassle to uphold any activities with cybersecurity operators and their tasks, as the article quotes them as “very demanding” and “usually works alone.” This hinders tools and collaborative practices for cyber environments, which increases the need for training to boost teamwork efficiency. Cybersecurity, up until we came along, has not harnessed Collaborative Virtual Environments which are used for both immersive and interactive data visualization, and serious gaming for training. The group in the article has made a cyber collaborative activity model as a reference to create a 3d Cyber Common Operation Picture. Using this innovation, they aim to take advantage of CVE practices to enhance cyber collaborative activities.

            I feel the approach they are taking is almost the same as ours. We want to use VR to enhance Cybersecurity training for everyone who might have trouble accessing Cyber training methods. The authors of this article want to use create a collaboration platform to help cyber operators resolve teamwork issues in the field. Both of us want to use the virtual environment to create something fun and beneficial to the field of cybersecurity. The main difference between our group and theirs is who is our main target for our innovations. As our group wants to look at the future of cyber training, their group looks to expand on the present of cyber work. With our idea of VR in cyber training, we can help expand the increase in cybersecurity training, and provide the same fun and beneficial experience that the people from this article want to express as well (https://link.springer.com/chapter/10.1007/978-3-030-05171-6_14). 

This article is a study on understanding and measuring the effectiveness of incorporating realism into cyber training. Training deficiencies have plagued the world of cybersecurity because of the lack of realism in training and education. While traditional academic settings and certification training teach cybersecurity skills through classroom environments, they lack experience-building opportunities for students which extends the need for cyber professionals. A hands-on approach is a way that this article thinks should be taken to effectively train students and upcoming cybersecurity professionals into learning more about the field and what they can expect and be ready for. An example for students would be labs and simulations to give an immersive experience for students to engage in training that matches their skill levels. Doing this adds realism to the training and learning that cybersecurity interns and students will need to help gain experience in their field, as realism training can allow more job positions to willing open their doors to potential new hires that match their education requirements (https://www.proquest.com/docview/2512684617/abstract/A7B33DB2D2DB462APQ/1?accountid=12967).

            Our innovation looks to solve this issue that plagues the cybersecurity world. With VR, we can create simulated situations to match the needs of a cybersecurity workplace. This can include computer systems, workplace areas for monitoring, required in-person tools to help complete tasks, and whatever needs to be adjusted for cybersecurity training. It also helps new businesses expand and obtain new cyber professionals that will have the workplace readiness that they would want. At Old Dominion University, if we implemented VR software and provided it to a small business that was promoted to the school, they can provide interested and approved students with these VR training headsets to understand how the work environment will be. This means that when that student eventually comes into the office, be it after or before their graduation, they can have an idea of what kind of job to expect.

            There is something else that the use of VR can assist with. Like the last article stated, using more hands-on approaches to cybersecurity training and learning can help trainees learn more about the potential threats that plague cyberspace. However, there is another place where simulated cyber security awareness training can be efficient in showing why cybersecurity training is needed: Cybersecurity risks in VR. In an awareness post on a site called Technical.ly, author Holly Quinn brings up the potential threats of VR. She goes on to explain that while VR may not threaten your security with traditional cyber attacks and threats, there is another way that a person’s security may be at risk. VR does take biometrics to work properly and companies that own VR equipment may take the biometric data taken from these headsets and store them somewhere. If someone has your biometric data, they can falsify your physical appearance and mimic you to spread misinformation, scam other people in the metaverse, and even commit other cybercrimes. She wants people to be aware of the potential problems that VR may have by using its programs, like meta quest (https://technical.ly/software-development/vr-virtual-reality-cybersecurity/).

            This will present a worrisome problem for businesses looking to partake in VR for cybersecurity purposes. Our program will provide software that allows full customization with the server, so meta quest will most likely not be used. However, if we do use programs that may have a security risk, our team is willing to provide any troubleshooting and will take all feedback to heart on what must be protected.

            Back to the main topic of Cybersecurity, many industries and countries have been calling for more cybersecurity training, causing its demand to skyrocket. Europe is one such country that needs cybersecurity experts and professionals in its workforce, as its labor workforce market has a lack of cybersecurity skills. In a paper by Borka Jerman Blazic, they summarize an analysis of topics that are missing in higher education for cybersecurity students and trainees. A survey was conducted from 104 educational programs in most of Europe’s member state universities with master programs in cybersecurity. The question being asked was if there was there sufficient building of cybersecurity skills during their education or not. The study showed that all the specified cyber topics in the survey were covered in mandatory courses; the following topics are what the survey brought up:

  • data security: Cryptography, digital forensics, data integrity, authentication
    • present in 92% of mandatory courses, while absent in 46%
      • the highest frequency
    • connection security: hardware architecture, distributed systems, network architecture
      • Present in 84% of mandatory courses.
    • System Security
      • Present in 75% of mandatory courses.

However, the real lack of sufficient study coverage came from areas of organizational, human, social, operation, and maintenance subjects. This is an issue since most cybersecurity positions require proper maintenance and operation knowledge, and to have good people and teamwork skills to get projects done. Our VR training can provide workplaces for trainees and students to work together to build these missing social and management skills that are required for proper work in day-to-day cybersecurity positions (https://www.sciencedirect.com/science/article/pii/S0160791X2100244X).

            This next article focuses on how implementing VR can be executed in training. It brings up valid points and mentions that compared to real-life training, there are fewer safety risks in VR training. With VR, many factors affect training and learning. One of the main factors is multisensory feedback. Multisensory feedback has been known to be very effective in situations like,

  • Dual manipulation tasks
  • Surgical simulation
  • Rehabilitation
  • Flight training

VR scenarios usually rely on movement-based actions as their main source of sensory stimulation, but audio and haptic signals can facilitate performance in these virtual environments. According to the journal, bad performance of simulated haptic feedback results in negative training outcomes for surgical training, as having these extra details will provide learners and trainees with a more lifelike encounter, as well as improve presence and immersion in VR environments and reduce cognitive loads (https://www.proquest.com/docview/2504776513?accountid=12967&parentSessionId=p%2BxRB9m9KX4K6tOk7DgNYfGnU8kvjMDia7hftdoMi7I%3D&pq-origsite=primo).

            This final article focuses on improving the accessibility of remote higher education since the pandemic occurred. It mentions challenges that remote learning may cause, what to expect from it, and what limitations it may have. For example, since this was about remote school learning, about 23% of students who took a survey said they were uncertain about the way courses would be presented remotely. This can apply to our study of cybersecurity training in VR, as many small businesses would have an uncertainty of trying something new and not being tested in their own eyes. It also talks about the flexibility of using remote options in classes, which allows students to determine what services they can access, the content they can take in, and participation. It also can help with social barriers that many students may have while being in a lecture hall. In a VR environment, since most people won’t see your real face, social anxiety is something that you won’t have to think about. As for the limitations, there may be some limits to what can be done in a remote environment as presenting things to a teacher may prove to be difficult in remote. In VR, a possible limitation would be that a simulated work environment only needs to match what a trainee will need to do and not the entire office(https://heqco.ca/wp-content/uploads/2020/10/Formatted_Accessibility_FINAL.pdf).

How may this relate to material outside cybersecurity?

            While our focus is more on the field of cybersecurity, I will say that this innovation can help others outside of this field. Before I was a cybersecurity major, I studied in the field of Computer Science. While this field may rely more on actual computer programming to complete tasks and material, I feel that our innovation could lead to helping those in the Computer Science field. CS sometimes takes a more, hands-on, approach instead of straight Java/C++/Python coding. And training may still require an in-person teacher to help with ensuring code is compiled together and properly managed and well-made. This falls back to the issue of transportation and secrecy. Most software developers work in person, at their business building, but there is a chance that they may not be able to appear in person due to transportation issues. And if a software developer works from home, there is a chance that their code could be attacked or exposed by a hacker or rival company who has secretly found the IP of said employee’s home computer (should’ve practiced safe cyber security discipline). VR could ensure that these employees can be in a workspace that gives them a sense of their normal place of business.

            Another good contender for VR training is musical rehearsals. I did marching band for 4 years at Old Dominion and I have a lot of music friends who are in their own ensembles and big group ensembles. One thing that those people, and I, always found annoying is when everyone could not meet on an agreed date for effective group practice. For example, if someone in the drumline is sick, we are missing out on our normal projection sound. The problem there is safety and transportation. If someone who was sick but could still move around normally came into practice, they could put the entire band at risk, which no one wants. But if said sick person was a bass drum player in the drumline and they were sick the rehearsal before a big game, that can cause very bad problems. With VR training, a rehearsal could be set up in a mock band room and allow everyone in the drumline to hop in and start a rehearsal/ info session for the next day. While it may seem crazy to think this could happen, some apps in virtual reality allow open-area social interactions with others, like Vrchat. Vrchat also has games and other items that people can mess around with in the game. Placing a musical instrument in there would be a fun and innovative way to ensure that the sick person does not miss out on any important info, but allows them to practice with their section while on VR.

            The last class I can relate this problem and innovation with is any classes that require mandatory lab work. Specifically, any scientific classes that have mandatory lab work. These can include biology, chemistry, earth science, and any other science-like classes. If you miss a lab class due to sickness or something coming up, sometimes, the professor will not allow you to make up the missed class, causing a 0 to stay on your grade book for the entirety of the course and impacting your final grade. With VR, professors or TAs can give these lab lectures in a virtual environment that allows everyone to simply hop in a VR workshop to interact and be present for the class. Another good reason for using VR is that it provides way better safety precautions when dealing with chemical labs, and will save the school money from having to purchase said chemicals and other required materials needed.

           

Is it effective?

I believe that it is a long-term effective idea that will change the landscape of cybersecurity training forever. The benefits of switching to VR training provide businesses and employees with opportunities that they would struggle to get beforehand, and allow for a fun and effective training experience for all new hires; shining a good light on the company’s name.

            When we finally create the program and get our budget figured out, we will start experimenting with the program to fix anything that does not meet our set standards and guidelines for the program. I have access to a VR headset already, so my headset can be the main experimentation device to see where problems arise and what can be added/ removed for a better experience.

            To confirm that the practice has been effective, we will provide surveys and customer feedback for people who purchase our software. Using this feedback, we will make changes according to any complaints they may have, until we finally create a program that will benefit all in the cybersecurity field, and eventually, all disciplines. We may also monitor how our products are being used, who uses them the best, and if there are any cracks in security. We want to provide the best possible experience for new trainees looking to get into the field of cybersecurity; while also providing a safer, cost-effective, and efficient alternative to normal training for small businesses.

 

 

Turning an idea into reality

            There are several things we need to make sure our idea becomes a reality. These include a company budget, a list of materials, necessary tools, and programs to create the software, and ensuring that no laws are being broken by our idea. Once we have identified these issues, we can truly begin turning this idea into a reality.

            A company budget will be the hardest thing to look for. When we eventually make contact and connections with a business, we have to take in the salaries of each position in the business that will be using our software and tally that up with our budget. Along with that, we also have to debate how we will pay for equipment and how much we will charge small businesses that want to use VR training. The required materials needed would be:

  • VR headsets
  • A laptop/ PC/ phone to run the program
  • Wi-fi/ VPN
  • The software

While it is not that much-needed a material, it is pricey. However, with how much more is required for other training methods, we can find a good price that would convince small businesses to switch to Virtual Reality training.

            The next step is to find the right tools and resources to produce and create the product. I don’t have much knowledge of the coding and hardware of VR, so our group will have to do research and examples to make a successful Virtual/ Augmented reality program/ software. Thankfully, there are a lot of games, software, and ideas that can help put us at the right start. The first step is to look at games like Meta Quest and Vrchat. These two social gaming programs are used as online meet n’ greets, as well as virtual hangouts. There are a ton of things that can be done in these games that leave the world open for imagination, making these the first step to creating the software necessary for VR training. After taking the time to study those two games, we will move to lay out the program and what it is to do. Our goal is to allow full customization and uniqueness for each business customer who wants to partake in this training method. While creating the software, I will plan on using my own VR headset to trial and error the software and work out any kind of problems that may exist.

            The final part is to make sure our program and practices do not impede on any laws. While I believe we will remain within the confines of the law, you can never be sure if the process of getting to our final product will be ethical. I have no fear that our product will be harming anyone due to the nature of being able to work from home with effective training. I believe this would help certain laws that look to help better our nation, specifically cybersecurity laws like HIPAA. After confirming the final product, we can move to promoting, reaching out, and giving test runs to anyone who might have an interest in taking another pathway for training cybersecurity trainees.

 

 

What the future holds

This project has been an interesting research topic. Working with my groupmates to find an effective solution to lingering cyber security problems has not only expanded my knowledge but also proved to me that ideas like this can be well-received when given time and presented right. What I learned in this class was that entrepreneurship is not limited to certain people; rather anyone with an idea and a plan can be considered an entrepreneur. Having ideas that you feel will benefit a business(es) should not be ignored; instead, they should be experimented with, talked about with peers, and then maybe presented to a willing investor/ boss. What I feel like I would have done differently in this project and class is stay up-to-date with my work and try to get things in on time. But, the project turned out to be a success that even I would be interested in investing in in the future.

If this project is to continue, our next steps would be to keep expanding to small businesses that want to move to remote training; even seeing if we can pitch our ideas to schools and larger companies as well. This would require proper marketing approaches, researching potential competitors, and finding anything that can shine a light on our innovation. That could include laws, like HIPAA, finding different problems that can be solved with VR training, and expanding our innovation as far across the nation as possible. Our end goal is to help promote more cybersecurity awareness, by allowing new potential cybersecurity professionals to get the training they need to protect our cyber world from those who wish to exploit us.

 

 

References

Beveridge, R. (2021). Efficacy of Increasing Realism in Cybersecurity Training (Order No. 28413696). Available from ProQuest Dissertations & Theses Global. (2512684617). http://proxy.lib.odu.edu/login?url=https://www.proquest.com/dissertations-theses/efficacy-increasing-realism-cybersecurity/docview/2512684617/se-2

Borka Jerman Blažič, The cybersecurity labour shortage in Europe: Moving to a new concept for education and training, Technology in Society, Volume 67, 2021, 101769, ISSN 0160-791X, https://doi.org/10.1016/j.techsoc.2021.101769.

Cooper, N., Millela, F., Cant, I., White, M. D., & Meyer, G. (2021). Transfer of training—Virtual reality training with augmented multisensory cues improves user experience during training and task performance in the real world. PLoS One, 16(3)https://doi.org/10.1371/journal.pone.0248225

  1. Quinn, “VR and cybersecurity: The threat comes from inside the House,” Technical.ly, 25-Apr-2022. [Online]. Available: https://technical.ly/software-development/vr-virtual-reality-cybersecurity/

Kabil, A., Duval, T., Cuppens, N., Le Comte, G., Halgand, Y., Ponchel, C. (2018). From Cyber Security Activities to Collaborative Virtual Environments Practices Through the 3D CyberCOP Platform. In: Ganapathy, V., Jaeger, T., Shyamasundar, R. (eds) Information Systems Security. ICISS 2018. Lecture Notes in Computer Science(), vol 11281. Springer, Cham. https://doi.org/10.1007/978-3-030-05171-6_14

Pichette, J., Brumwell, S., Rizk, J. (2020) Improving the Accessibility of Remote Higher Education: Lessons from the Pandemic and Recommendations. Toronto: Higher Education Quality Council of Ontario.

Raineri, E. M., & Resig, J. (2020). Evaluating Self-Efficacy Pertaining to Cybersecurity for Small Businesses. The Journal of Applied Business and Economics, 22(12), 13-23. http://proxy.lib.odu.edu/login?url=https://www.proquest.com/scholarly-journals/evaluating-self-efficacy-pertaining-cybersecurity/docview/2497240123/se-2