Earlier on this year, representatives from the Eastern Partnership NRENs took part in the inaugural GÉANT Security Bootcamp. The launch event involved GRENA (Georgia), ASNET-AM (Armenia), AzScienceNet (Azerbaijan) and RENAM (Moldova).
“The Security Bootcamp workshop was very important for GRENA as we are in the process of developing a Data Protection Policy and an Information Security Policy for our organisation. The experience shared by GÉANT in this field was valuable, interesting and useful” commented Ramaz Kvatadze CEO of GRENA.
How it started
In 2023, a series of international NRENs workshops hosted by the GÉANT Chief Information Security Officer, had not only revealed that a number of NRENs was not meeting the basic security requirements, but also that some organisations were not even utilising the GÉANT Security Baseline – a framework developed by and for NRENs to meet their security needs and requirements. Recognising this critical gap and the lack of resources that some NRENs face, GÉANT went ahead to develop the Security Bootcamp initiative to address these vulnerabilities.
The security bootcamp for EaP NRENs was built on pre-defined objectives agreed with the participating NRENs and also on the results of each NREN’s security baseline assessment.
Babak Nabiyev, Head of AzScienceNet NOC, reflecting on the impact of the initiative, said: “The GÉANT Security Bootcamp gave us an understanding of how to stand on the frontline of information security to ensure a safer tomorrow for all.”
About the Security Bootcamp
An innovative programme that aims to provide hands-on experience and training sessions to NRENs. Its primary objective is to support the implementation of the GÉANT Security Baseline, as well as to demonstrate its benefits and ease of use. Specifically, the bootcamps target NRENs that face resource constraints (both human and time), however the programme can also support NRENs that would like to use it as a knowledge chain and redeploy it for their connected members (e.g. universities, research institutions). During these interactive workshops, participants gain hands-on experience with the security baseline, moving beyond theoretical learning to practical application. It’s a tailor-made programme which delivers benefits deriving from the shared experience with peers from NRENs with a similar security maturity level.
The Bootcamp focusses on the essential areas of security:
Structure: understanding the organisational security setup, roles and responsibilities within NRENs.
Strategy: developing effective security strategies aligned with NREN goals.
Objectives: defining clear security objectives to guide implementation.
KPIs (Key Performance Indicators): measuring progress and success.
Planning: creating actionable plans to enhance security posture.
Policy: establishing and provide robust security policies and guidelines.
Participation and collaboration
Senior management participation is vital as their engagement ensures alignment between security initiatives, top management strategy and overall organisational goals. By actively participating, senior leaders contribute to an open culture of security awareness and commitment.
The bootcamps set-up is better suited for a micro-network environment of up to four NRENs with similar maturity levels, where participants engage in open and trusting discussions, sharing knowledge, experiences, and best practices, and improving their NREN’s cybersecurity status whilst learning from peers.
Anastasia Zagorodniuc from RENAM shared her experience of the bootcamp: “For me the bootcamp emphasises the importance of adhering to security policies to mitigate risks and maintain the integrity of organisational security frameworks whilst providing a comprehensive understanding of how policies serve as the backbone of effective cybersecurity practices.”
Ana Alves, GÉANT CISO closed: “These bootcamps give us the opportunity to share our expertise and offer our support to the R&E community. Our aim for our members is to reach a robust security maturity level and achieve a more proactive security posture. I firmly believe that by investing in awareness and prevention will improve our security landscape. I am impressed and delighted with the active involvement of each EaP NREN participant and hope that this experience will contribute to strengthening cybersecurity practices in the region.”