News

No Password Required Podcast Episode 57 — Rob Allen

No Password Required Podcast Episode 57 — Rob Allen

Rob Allen — Chief Product Officer at ThreatLocker and Advocate of Buc-ee’s, Mascots and Buc-ee Mascots

On this episode, we sit down with Rob Allen, the Chief Marketing Officer at ThreatLocker, live from the 2024 Sunshine Cyber Conference. From his early days “locked” in an IT closet to his current role in the C-suite, Rob’s journey is one of curiosity, adaptation, and a passion for cybersecurity. At ThreatLocker, he takes customer ideas and use cases and transforms them into solutions for organizations of all sizes.

Rob shares why businesses shouldn’t fear the “deny by default” approach, explaining how the zero-trust mindset is essential in today’s threat landscape. He also discusses with hosts Jack Clabby of Carlton Fields, P.A., and Kayley Melton, Director for Strategic Initiatives at the Cognitive Security Institute and the Bob Ross of infosec, how media coverage often distorts public perception of cybersecurity by only highlighting major breaches and incidents.

In the Lifestyle Polygraph segment, Rob reveals his love for Apple products, why he wishes he could have met Steve Jobs, and his obsession with Buc-ee’s brisket sandwiches. He also shares a hilarious (and perhaps exaggerated) story about the Cyber Florida team “infiltrating” ThreatLocker and taking his backpack back to Tampa!

You can learn more about ThreatLocker, here: https://www.threatlocker.com
You can follow Rob Allen on LinkedIn here: https://www.linkedin.com/in/threatlockerrob/

No Password Required Podcast Episode 57 — Rob Allen2025-03-13T14:15:29-04:00

FEMA Offering “Recovering From Cybersecurity Incidents” Course in March

This 16-hour course provides guidance on building and executing a robust cybersecurity incident recovery program, covering both pre- and post-incident stages. It bridges IT and emergency management to help government, critical infrastructure, and private-sector personnel effectively respond to and recover from cyber disruptions.

Through interactive discussion and practical exercises, participants will learn best practices and tactical strategies for restoring operations following a cyber-attack. By the end of this course, you’ll be equipped to strengthen organizational resilience, manage cyber incidents more effectively, and build an action plan for continued readiness.

As part of a Department of Homeland Security/Federal Emergency Management Agency (DHS/FEMA) cooperative agreement training program, this course is available at no direct cost to state, county, and local government agencies.

Key Topics Include:

  • Understanding essential cyber terminology and the cyber incident life cycle
  • Recognizing threat levels and exploring emergency management practices
  • Examining the recovery continuum and government’s role in cybersecurity
  • Integrating cyber into the Incident Command System (ICS)
  • Leveraging federal resources and key programmatic elements that drive successful recovery
  • Learning how to plan, organize, equip, train, and exercise for cyber incidents
  • Implementing short-term and long-term recovery actions
  • Building a cyber incident recovery action plan tailored to your organization’s needs

Suggested Audience

  • Government and private sector IT staff
  • Local administrators and upper-level management personnel
  • System administration
  • Risk management personnel
  • Local government administration
  • Emergency management coordinators

Upon successful completion, you will be able to:

  • Describe fundamental concepts and resources related to cyber incident recovery.
  • Examine recovery preparedness for cybersecurity incidents.
  • Examine tactical, short-term and strategic, long-term recovery operations for cybersecurity incidents.
  • Produce a cyber incident recovery action plan based on the scenario information provided.

Enrollment Requirements

Participants must be U.S. citizens. A FEMA Student ID is required to register for and participate in any training provided by FEMA agencies. All FEMA training providers, registration systems, and enrollment procedures are required to use this FEMA SID, which can be obtained at the following website: https://cdp.dhs.gov/femasidopens in a new tab; or with TEEX assistance upon arrival for class.

FEMA Offering “Recovering From Cybersecurity Incidents” Course in March2025-04-14T11:18:58-04:00

Pinellas County Tabletop Exercise

Registration is closed for this event. If you would like to participate in a future event, please reach out to us – https://cyberflorida.org/connect

April 10, 2025 cybersecurity tabletop exercise tailored for Pinellas County

Participants will engage in an exciting tabletop exercise hosted by the NUARI, offering hands-on experience in responding to cyber incidents. A free lunch will be provided, along with opportunities to network with cybersecurity experts and industry peers.

Don’t miss this chance to improve your cybersecurity posture and resilience!

Pinellas County Tabletop Exercise2025-04-02T09:13:47-04:00

Unlocking Potential: The Critical Role of Basic Research in Cybersecurity

This webinar will underscore the crucial role of basic research in driving cybersecurity innovation from a multidisciplinary perspective and raise awareness within the academic community about UC2’s interest in partnering to fund groundbreaking basic research in cybersecurity.

With a welcome introduction by National Defense University’s President, VADM Peter A. Garvin, USN, guest speakers from Space Force, Air Force and Minerva Research Initiative will address cyber strategy for Space Force, levels of basic research and technological applications, research requirements, future-focused discussions, and human-centered needs.

Speakers:

  • Lt Col Marouane Balmakhtar, Space Force
  • Dr. Lisa Bellamy, Senior Program Development Manager, AFCYBER/TD
  • Dr. Gregory Ruark, Program Manager, Dynamical Influences on Social Systems, Humans in Complex Systems Competency, Army Program Manager, Minerva Research Initiative DEVCOM ARL Army Research Office

Register today to join this conversation about the transformative potential of basic research in cybersecurity and discover exciting opportunities for academic partnerships with UC2.

Communication, Collaboration and Access: UC2 aims to fill this gap through its mission of increasing communication, collaboration, and access. UC2 funds basic and applied research. With a strong focus on partnerships, UC2 measures the impact of collaboration. UC2 believes that partnership will influence how research is transferred into the hands of users and also the DoD challenges are transferred back to the academic teams who can address them.

Unlocking Potential: The Critical Role of Basic Research in Cybersecurity2025-04-14T11:19:20-04:00

Sunshine Cyber Con 2025: Strengthening Cybersecurity Together

Sunshine Cyber Conference
SAVE THE DATE!

2026 Dates:

12 & 13 March 2026 

Sunshine Cyber Conference 2025 was an electrifying gathering of cybersecurity professionals, students, and industry leaders. With more than 500 attendees, the event was packed with energy, innovation, and invaluable insights. From cutting-edge keynote sessions to hands-on workshops, attendees had the opportunity to engage with some of the brightest minds in cybersecurity.

One of this year’s conference highlights was the 29 meet-ups scheduled through the Whova app, allowing participants to connect, collaborate, and exchange ideas seamlessly. The outstanding speakers and thought-provoking sessions left a lasting impact, covering topics ranging from emerging cyber threats to best practices in digital defense.

A Huge Thank You to Our Sponsors!

This event wouldn’t have been possible without the generous support of our sponsors. We extend our heartfelt gratitude to:

Your contributions helped make this event a phenomenal success!

Shoutout to Our Exhibitors

We were thrilled to host an incredible lineup of exhibitors, each bringing unique expertise and innovations to the table:

  • Armis
  • Automation Strategy & Performance, Inc.
  • Ballast Services
  • Blackwood
  • CodeBoxx
  • CommHIT
  • Cytrix LTD
  • DG Technology Consulting and Barracuda Networks
  • EC-Council
  • Florida Department of Law Enforcement
  • Florida International University Jack Gordon Institute for Public Policy
  • Florida Gulf Coast University
  • Global and National Security Institute at USF
  • Insight Assurance
  • National Cyber Security Alliance
  • Orca Security
  • Recorded Future
  • Rubrik
  • Scholarship for Services
  • StingBox LLC
  • Tampa Bay Economic Development Council
  • The University of Tampa
  • ThreatLocker
  • University of South Florida School of Information and MCPA
  • University of West Florida Center for Cybersecurity
Looking Ahead

Sunshine Cyber Conference 2025 was a testament to the power of collaboration in the cybersecurity space. We can’t wait to see what the future holds for this growing community. Thank you to everyone who attended, spoke, and contributed to making this event truly exceptional.

Stay tuned for details on Sunshine Cyber Conference 2026—we’ll be back bigger and better than ever!

Sunshine Cyber Con 2025: Strengthening Cybersecurity Together2025-03-06T13:55:21-05:00

From Military Service to a Rewarding Career in Cybersecurity

Bob King’s Journey with CyberWorks

Robert “Bob” King is a technical project manager for Northrop Grumman in Tampa, Florida. He currently develops cyber and space capabilities supporting multiple customers in the Department of Defense. Before this role, he worked on delivering data and intelligence solutions for Special Operations Command (SOCOM) at MacDill Air Force Base.

King’s transition from military service to the private sector led him to Cyber Florida’s CyberWorks training program. After graduating from Florida Southern College and commissioning as an officer in the U. S. Army, he contacted his professional network for guidance on breaking into the cybersecurity industry.

“Cyber Florida stood out immediately as a perfect opportunity to combine my previous experience with relevant industry training to launch a new career in cybersecurity,” King said.

 King enrolled in the New Skills for a New Fight 12-week program, which provided hands-on experience in cybersecurity fundamentals and real-world applications. The curriculum covered crucial topics such as the OSI model, the cyber kill chain, malware analysis using virtual machines, and advanced persistent threat (APT) identification.

“The program provides practical training and familiarization with cybersecurity concepts and tools essential to succeeding in today’s job market,” King noted. “From concepts including the OSI model and cyber kill chain to lab exercises, malware analysis utilizing virtual machines, and advanced persistent threat (APT) identification, the curriculum delivers a solid foundation and engaging experience.”

 The knowledge gained from the program has been instrumental in King’s role as a technical project manager. He regularly uses the concepts learned to plan projects, decompose requirements, and conduct security impact analyses.

“I apply the knowledge gained throughout the program regularly when planning projects and decomposing requirements to incorporate security impact analysis as well as network and security operations considerations,” he explained.

 For those considering CyberWorks, King offers simple advice: ask questions.

“The staff is engaging, experienced, and dedicated to ensuring your success throughout the course and your career,” he emphasized. “The team does a phenomenal job at identifying and incorporating industry trends, new technologies, and current events with each new class to maximize student success.”

CyberWorks served as the catalyst for King’s cybersecurity career, and he highly recommends it to anyone looking to transition into the field.

“The program was the catalyst for my career in cybersecurity,” he said. The program attracts a diverse range of students from various industries, backgrounds, and experience levels, creating a collaborative and enriching learning environment.

Additionally, King encourages professionals to network and participate in industry organizations such as ISC2 and AFCEA.

“I strongly recommend Cyber Florida to anyone looking to make a career pivot into cybersecurity,” he added. “Each class has a diverse student body from multiple industries, ages, and backgrounds. I also encourage networking and participating in professional organizations like ISC2 and AFCEA.”

Cyber Florida’s CyberWorks program is more than just a training course—it’s a launchpad for a successful career in cybersecurity. This program offers a valuable path forward for those looking to break into the industry, gain practical skills, and make meaningful connections.

Are you considering a career change? We can help!
Learn more about the CyberWorks program.

From Military Service to a Rewarding Career in Cybersecurity2025-03-05T08:49:12-05:00

SparkRAT: A Multi-Platform Remote Access Tool

I. Targeted Entities

  • Industries: Any (Opportunistic)
  • Operating Systems: Windows, macOS, and Linux

II. Introduction

Written primarily in Golang, SparkRAT is a feature-rich, multi-platform Remote Administration Tool (RAT) that allows for the granular control of infected devices via web interface [11]. It was first published on GitHub in March of 2022 by elusive, Chinese-speaking developer XZB-1248. However, the project went largely unnoticed until gaining steady popularity in early 2023. Since then, the tool has been observed in numerous threat campaigns, including those carried out by cybercriminal groups Winnti and DragonSpark, as well as its involvement in the Hello Kitty and TellYouThePass ransomware attacks [6].

Like most Remote Access Toolkits, SparkRAT has been widely leveraged by threat actors for post-exploitation operations, typically being installed after the payload delivery and initial compromise. Most notably, the tool has been used in conjunction with several critical vulnerability exploits: CVE-2023-46604, CVE-2024-27198, and CVE-2024-43451 [1][3][4]. After a period of dormancy, SparkRAT resurfaced in January, with security researchers at Hunt.io detecting new C2 servers and hints of a possible DPRK campaign targeting macOS users [7].

III. SparkRAT Observed in DPRK Campaign

In a Twitter post by threat intelligence expert, Germán Fernández (@1ZRR4H) back in November 2024, a cyber espionage campaign attributed to the North Korean government was revealed, targeting macOS users and government organizations [5]. The threat actors behind this operation were reportedly distributing SparkRAT agents via fake online meeting platforms. Upon further investigation, researchers at Hunt.io and Cato Networks have recently identified additional C2 servers in South Korea and Singapore [2]. The findings suggest that this campaign is still active, although with a slight change in strategy and payload delivery method.

Interestingly, these uncovered C2 server domains were found to have open directories containing SparkRAT implants and bash scripts. Below are screenshots of an exposed directory and the content of its hosted scripts.

Screenshot of hxxps://gmcomamz[.]site/dev (Source: Hunt.io)

Curl results from hxxps://gmcomamz[.]site/dev/dev.sh

The bash script above downloads the Mach-O binary file (client.bin) from the hosting domain (updatetiker[.]site), saves it as “pull.bin” to the /Users/shared directory, changes its permissions to allow reading, writing, and execution by all system users, and runs the file as a background process. This is typical behavior of malware hosting servers.

The behavior of the test.sh script is similar, however, it points to another domain which has also been found to host SparkRAT agents (clients):

Curl results from hxxps://gmcomamz[.]site/dev/test.sh

IV. SparkRAT Analysis

SparkRAT Web Interface

Accessed through a browser, the SparkRAT Web UI provides an overview of active remote sessions along with system information of each connected machine. In addition to the basic operations listed below, the tool’s interface comes with several additional capabilities such as viewing a live instance of the victim’s screen, taking screenshots, and remote shutdown.

Client Creation

Generate Client creates an executable file that, when executed on a target machine, will create a backdoor connection with the associated C2 system. Clients can be customized to point to different hosts, connect over a specified port, and run on different operating systems (Windows, macOS/Darwin, and Linux).

Remote Terminal Window

As one would expect, the Terminal feature allows for attackers to execute commands on a target machine via a web-based PowerShell GUI. If used in combination with remote privilege escalation, attackers can carry out system-level operations like disabling the firewall, modifying registry keys, and disabling antivirus software.

Process Manager

The Process feature lists all running processes as well as the ability to stop them. This can be used to terminate security/monitoring software.

File Manager Tool

Explorer allows attackers to enumerate, create, and delete files/directories on the target system. It also allows files/directories to be downloaded to the attacker’s local machine or uploaded to the target machine.

Wireshark capture showing initial client-C2 communication

In this exchange, captured shortly after the execution of a SparkRAT agent, the target system sends a request to upgrade its connection to use the WebSocket protocol. A WebSocket handshake over port 8000 is a key characteristic of SparkRAT command-and-control (C2) traffic.

Client POST Request to update SparkRAT version

Following the WebSocket handshake, the target system sends a POST request with the commit query parameter storing the current version of the tool. This enables the RAT to automatically upgrade itself to the latest version available on the C2 server [10]. It is also worth noting the unusual User-Agent string as well as the JSON return value indicating that this client is using the latest SparkRAT version that the server can offer.

V. MITRE ATT&CK

  • T1059 – Command and Scripting Interpreter
    Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms.
  • T1571 – Non-Standard Port
    Adversaries may communicate using a protocol and port pairing that are typically not associated.
  • T1005 – Data from Local System
    Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
  • T1071.001 – Application Layer Protocol: Web Protocols (C2)
    Adversaries may communicate using application layer protocols associated with web traffic to avoid detection/network filtering by blending in with existing traffic. Protocols such as HTTP/S and WebSocket that carry web traffic may be very common in environments.
  • T1105 – Ingress Tool Transfer (C2)
    Adversaries may transfer tools or other files from an external system into a compromised environment.
  • T1573.001 – Symmetric Cryptography (C2)
    Adversaries may employ a known symmetric encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol.
  • T1082 – System Information Discovery
    An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture.
  • T1083 – File and Directory Discovery
    Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system.
  • T1106 – Native API
    Adversaries may interact with the native OS application programming interface (API) to execute behaviors.

VI. Indicators of Compromise (IOCs)

As is the case with most open-source malware toolkits, the list of IOCs associated with SparkRAT activity is extensive. Currently, the project’s GitHub repository has over 500 forks and 16,000 latest-release downloads, indicating that the tool is likely adapted for use in the development of custom malware (all of which would have their own IOCs). Below are the most recent and most frequently observed SparkRAT IOCs.

Type Indicator
SHA-256 Hashes fcf9b70253437c56bb00315da859ce8e40d6410ec405c1473b374359d5277209

3bfb4f5c328d57b647ba81045eae223ff292f0caa216fee97e98127b2934c6b0

cd313c9b706c2ba9f50d338305c456ad3392572efe387a83093b09d2cb6f1b56

9c4d6d66dcef74f4a6ce82369830a4df914becd7eb543bdcc5d339b7b3db254b

cd313c9b706c2ba9f50d338305c456ad3392572efe387a83093b09d2cb6f1b56

52277d43d2f5e8fa8c856e1c098a1ff260a956f0598e16c8fb1b38e3a9374d15

ffe4cfde23a1ef557f7dc56f53b3713d8faa9e47ae6562b61ffa1887e5d2d56e

065d2b17ad499587dc9de7ee9ecda4938b45da1df388bc72e6627dff220f64d2

f015f91722c57cdb7ee61d947fb83f395d342e3d36159f7a470e23b6c03681bf

5802d266c6fd8f45323b7d86d670059f1bd98de42a173fbc2ac66399b9783713
Associated Filenames msoia.exe

client.bin

client.exe

3261cbac9f0ad69dd805bfd875eb0161.exe

one68_1_1.0.apk
IPs 67.217.62[.]106

152.32.138[.]108

15.235.130[.]160

118.194.249[.]38

51.79.218[.]159

37.230.62[.]73
Domains gsoonmann[.]site

gmnormails[.]site

gmoonsom[.]site

nasanecesoi[.]site

gmoocsoom[.]site

gmcomamz[.]site

namerowem[.]site

gmoosomnoem[.]site

mncomgom[.]site

ggnmcomas[.]site

updatetiker[.]net

updatetiker[.]site

gomncomow[.]site

gooczmmnc[.]site

gnmoommle[.]space

one68[.]top

remote[.]henh247[.]net

remote[.]henho247[.]net

VII. Recommendations

Exercise Good Cyber Hygiene – The easiest, most effective way to prevent system compromise via Remote Access Trojans like SparkRAT is to simply practice good cyber hygiene. This includes not opening unknown files, being suspicious of email attachments from untrusted sources, avoiding downloading software from unofficial websites, and regularly updating operating systems.

Isolated Virus Scans – Performing a malware detection scan (via crowdsourced tools like VirusTotal or antivirus software like Microsoft Defender’s custom scan option) on an untrusted file before executing it can be an easy way to verify its legitimacy. Fortunately, most AV solutions are privy to common SparkRAT indicators and will prevent infected files from executing. However, custom malware leveraging the tool may go undetected. If further analysis is required, it is advised to run any suspected file within a sandbox environment to examine its behavior.

Update Virus Signatures – Ensuring that endpoint solutions and antivirus software are up to date with the latest virus signatures is crucial for detecting and quarantining known variations of SparkRAT malware. Signature databases used by AV software are typically populated with new signatures when applying the latest security patches. For this reason, it is recommended to frequently update (daily) or configure automatic system/application updates.

Active Network Monitoring – A system infected with SparkRAT malware establishes a connection to its C2 server via WebSocket, a web-based application protocol that enables full-duplex communication between client and server [8]. Though sometimes used by legitimate software, such as instant messengers and multiplayer games, the use of this protocol over port 8000 (the default port for SparkRAT agents) could be a strong indicator of SparkRAT activity. To detect this traffic, network monitoring and deep packet inspection tools can be deployed to look for abnormal connections over port 8000, WebSocket handshakes by unknown applications, and JSON error messages indicative of SparkRAT C2.

Stay Informed – As SparkRAT gains traction, it is likely to be featured in future malware campaigns. Thankfully, threat hunters and intelligence agencies are vigilantly discovering and sharing IOCs linked to the tool. Engaging with threat intel networks and staying aware of new SparkRAT trends will allow for better preparation of systems and aid in detection efforts of emerging threats.

VIII. References

[1] Arctic Wolf. (November 3, 2023). Exploitation of CVE-2023-46604 in Apache ActiveMQ Leads to TellYouThePass Ransomware. https://arcticwolf.com/resources/blog/tellmethetruth-exploitation-of-cve-2023-46604-leading-to-ransomware/

[2] Bittner, D. (Jan 29, 2025). Cats and RATS are all the rage. https://thecyberwire.com/podcasts/daily-podcast/2234/transcript

[3] Broadcom (January 31, 2025). SparkRAT – a cross-platform modular malware. https://www.broadcom.com/support/security-center/protection-bulletin/sparkrat-a-cross-platform-modular-malware

[4] ClearSky (November 13, 2024). CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild. https://www.clearskysec.com/0d-vulnerability-exploited-in-the_wild/

[5] Fernández, G. (Nov 27, 2024). SparkRAT: Server Detection, macOS Activity, and Malicious Connections. https://x.com/1ZRR4H/status/1861667506328334589/

[6] Fortinet. (February 13, 2024). Threat Coverage: How FortiEDR protects against SparkRAT activity. https://community.fortinet.com/t5/FortiEDR/Threat-Coverage-How-FortiEDR-protects-against-SparkRAT-activity/ta-p/299271

[7] Hunt.io. (Jan 28, 2025). SparkRAT: Server Detection, macOS Activity, and Malicious Connections. https://hunt.io/blog/sparkrat-server-detection-macos-activity-and-malicious-connections

[8] IETF. (Dec 2011). The WebSocket Protocol. https://datatracker.ietf.org/doc/html/rfc6455

[9] Mishra, A. (Jan 29, 2025). Hackers Attacking Windows, macOS, and Linux systems With SparkRAT. https://gbhackers.com/hackers-attacking-windows-macos-and-linux-systems/

[10] SentinelLabs. (Jan 24, 2023) DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation. https://www.sentinelone.com/labs/dragonspark-attacks-evade-detection-with-sparkrat-and-golang-source-code-interpretation/

[11] XZB-1248. (Mar 16, 2022). SparkRAT GitHub Repository. https://github.com/XZB-1248/Spark

Additional Resources

[12] Open Threat Exchange. “SparkRAT”. https://otx.alienvault.com/browse/global/pulses?q=SparkRAT&include_inactive=0&sort=-modified&page=1&limit=10&indicatorsSearch=SparkRAT

[13] Malpedia. “SparkRAT”. https://malpedia.caad.fkie.fraunhofer.de/details/win.spark_rat

[14] ThreatFox. SparkRAT IOCs. https://threatfox.abuse.ch/browse/malware/win.spark_rat/

[15] Hybrid Analysis. client.bin Sandbox Report. https://www.hybrid-analysis.com/sample/cd313c9b706c2ba9f50d338305c456ad3392572efe387a83093b09d2cb6f1b56

[16] VirusTotal. client.bin Scan. https://www.virustotal.com/gui/file/cd313c9b706c2ba9f50d338305c456ad3392572efe387a83093b09d2cb6f1b56

Threat Advisory created by The Cyber Florida Security Operations Center.

Contributing Security Analyst(s): Isaac Ward

SparkRAT: A Multi-Platform Remote Access Tool2025-03-04T14:33:16-05:00

Teacher Spotlight: Bettina McCormick

Bettina McCormick

Teacher: Bettina McCormick

School: Boone High School

County: Orange

Meet Bettina McCormick! Bettina is a dedicated educator in Orange County, where she teaches AP computer science principles and digital multimedia at Boone High School in Orlando, Florida. She earned a Bachelor of Science degree in computer science from the University of Central Florida and was part of the first graduating class for UCF’s Computer Forensics Graduate Certification program.

Before transitioning to K-12 education, Bettina worked for many years as a programmer analyst in the industry. She is passionate about introducing students to computer science and cybersecurity, helping to prepare them for careers in our growing cyber-related economy. We are grateful for her contributions to the cybersecurity field!

Would you like to be featured in our Teacher Spotlight? To nominate yourself or another deserving teacher, complete the interest form below!

Teacher Spotlight: Bettina McCormick2025-02-28T09:32:52-05:00

Meet Ben & Ben

Ben Price and Ben Dailey at FLGISA

Ben Price and Ben Dailey at FLGISA

“Both Ben Price and Ben Dailey are superb technical leaders in the field. They are forward-thinking and proactive workers who are invaluable assets to the team. They come into the ARCS team at the right time to augment our workforce to ensure our success for this year and beyond.”

Bruce Caulkins, ARCS Director

Meet Ben & Ben: The Newest Members of the ARCS Team

Cyber Florida’s Aligned Realistic Cyberattack Simulation (ARCS) range is an invaluable tool for strengthening Florida’s cybersecurity workforce. As a no-cost training resource for state and local government employees, the ARCS range provides hands-on, real-world cybersecurity exercises to help teams stay prepared for evolving threats. Now, with the addition of Ben Dailey and Ben Price to the Cyber Florida team, the ARCS range is positioned to offer even more expertise and innovation.

Meet Ben Dailey, Cyber Range Coordinator

Ben Dailey comes to Cyber Florida with an informatics and information science background. With a bachelor’s in cybersecurity-focused informatics from Indiana University and a master’s in information science, he understands cybersecurity concepts and how data is structured and used—a perfect combination for managing the ARCS range.

As a Cyber Range Coordinator, Dailey ensures the range is always up-to-date and ready for training exercises. He’s also responsible for scheduling and maintaining ARCS activities, ensuring everything runs smoothly for participants.

Dailey believes ARCS is one of Florida’s best cybersecurity training tools. It allows teams to experience real-world threats in a controlled, risk-free environment, so their first encounter with a cyberattack isn’t when real data is at risk.

Dailey is focused on keeping ARCS updated with the latest threats and training tools. He also highlights the range’s extensive training catalog, which offers valuable materials for cybersecurity professionals and non-technical users.

Meet Ben Price, Cyber Range Analyst and former SOCAP Intern

Ben Price brings a unique mix of military intelligence and hands-on cybersecurity training to Cyber Florida. As a former all-source analyst in the Army, he developed analytical skills that now help him assess and improve cybersecurity training programs. However, it was his experience in the Security Operations Center Apprenticeship Program (SOCAP) that prepared him for his role with ARCS. During that time, he gained hands-on experience in cybersecurity operations, earned GIAC Cyber Threat Intelligence (GCTI) and Blue Team Level One certifications, and completed a bachelor’s degree in cybersecurity at the University of South Florida.

Price optimizes and expands the ARCS range experience as a Cyber Range Analyst. He works to standardize processes, manage range events, and assess computer security incident response teams. His passion lies in the mission—helping to strengthen Florida’s cybersecurity defenses and provide world-class training to government agencies at no cost.

According to Price, the ARCS range provides more than just theory—it offers real-world cybersecurity exercises. In a risk-free environment, participants can train in incident response, red teaming, and malware analysis while experiencing simulated cyberattacks. This kind of hands-on experience is crucial for improving security postures across Florida.

One of Price’s biggest goals is to spread awareness of the ARCS range to all state and local government employees. “I believe everyone can benefit from being on the range,” he says. His message to agencies? The ARCS range is free and easy to access—visit cyberflorida.org/arcs-range to get started.

Ready to Train?

Whether you’re a cybersecurity professional or a public-sector employee looking to strengthen your cyber awareness, the ARCS range is free, accessible, and ready for you.

Visit cyberflorida.org/arcs-range today!

Meet Ben & Ben2025-02-21T08:33:18-05:00

CONTACT US

Cyber Florida at USF
4202 E. Fowler Avenue, ISA7020
Tampa, FL 33620

Office meetings by appointment only

PRIVACY POLICY

Copyright 2026 The Florida Center for Cybersecurity at the University of South Florida. Information on this website is made available for general educational purposes only and should not be used in lieu of obtaining competent legal advice from a licensed attorney or cybersecurity professional with sufficient expertise necessary to address your specific needs. Use of this website does not create any special or fiduciary relationship between you and the Florida Center for Cybersecurity or the University of South Florida.