homepage
Open menu Go one level top
  • Train and Certify
    • Get Started in Cyber
    • Courses & Certifications
    • Training Roadmap
    • Search For Training
    • Online Training
    • OnDemand
    • Live Training
    • Summits
    • Cyber Ranges
    • College Degrees & Certificates
    • NICE Framework
    • DoDD 8140
    • Specials
  • Manage Your Team
    • Overview
    • Security Awareness Training
    • Voucher Program
    • Private Training
    • Workforce Development
    • Skill Assessments
    • Hiring Opportunities
  • Resources
    • Overview
    • Reading Room
    • Webcasts
    • Newsletters
    • Blog
    • Tip of The Day
    • Posters
    • Top 25 Programming Errors
    • The Critical Security Controls
    • Security Policy Project
    • Critical Vulnerability Recaps
    • Affiliate Directory
  • Focus Areas
    • Blue Team Operations
    • Cloud Security
    • Digital Forensics & Incident Response
    • Industrial Control Systems
    • Leadership
    • Offensive Operations
  • Get Involved
    • Overview
    • SANS Community
    • CyberTalent
    • Work Study
    • Instructor Development
    • Sponsorship Opportunities
    • COINS
  • About
    • About SANS
    • Why SANS?
    • Instructors
    • Cybersecurity Innovation Awards
    • Contact
    • Frequently Asked Questions
    • Customer Reviews
    • Press Room
    • PGP Key
  • Log In
  • Join
  • Contact Us
  • SANS Sites
    • GIAC Security Certifications
    • Internet Storm Center
    • SANS Technology Institute
    • Security Awareness Training
  • Search
  1. Home >
  2. Blog >
  3. Cyber42 Cybersecurity Leadership Simulation Games
370x370_Frank-Kim.jpg
Frank Kim

Cyber42 Cybersecurity Leadership Simulation Games

The NetWars of SANS Cybersecurity Leadership Curriculum. Can you win?

November 17, 2020

!! CYBER42 IS NOW PART OF THE SANS CYBER RANGES !!

Learn more here.

---------------------------------------------------------------------------------------------------------------------------------

I’ve been teaching for SANS for over a decade and we’ve learned a lot while building out the Cybersecurity Leadership Curriculum. We have great authors and instructors who have created amazing content, labs, and exercises. These include hands-on technical labs, case scenarios, group discussions, and longer business case studies like the ones from Harvard Business School.

In 2020 we added something new to the mix. We call it Cyber42. This cybersecurity leadership simulation game has been added to a number of SANS Cybersecurity Leadership courses and is also available in various short forms via “Game Days” at various times throughout the year for anyone to play. The courses that include Cyber42 within the course content are:

  • MGT512: Security Leadership Essentials for Managers
  • MGT514: Security Strategy, Policy, and Leadership
  • MGT516: Managing Security Vulnerabilities: Enterprise & Cloud
  • MGT520: Leading Cloud Security Design & Implementation

Cyber42_GameBoard_Original.png

Original Cyber42 Game Board - MGT512 version

HOW THE GAME WORKS

Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.

As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.

Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.

In each version of the game, the score is measured by dials representing various concepts covered in that course. The dials run on a scale of 1-5, with 1 being the lowest score and 5 being the highest.

Winning the game is simple. A player/team needs to have the highest score.

Throughout the Fall of 2020, Brandon Evans worked on building a new web app based game for us to use. This will now allow us to run the game for people to play independently or choose their own teams, and will relieve the cap we had to have on previous events.

Cyber42BetterImage.png

Web App "Board" - MGT514 version (Programming by SANS Instructor, Brandon Evans)

VERSIONS OF CYBER42:

1. Security Capabilities

Maps to MGT512: Security Leadership Essentials for Managers

      This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement. The score is measured by dials representing Identify, Protect, Detect, and Respond which show how much your team has implemented for each of these areas.

      2. CISO For A Day

      Maps to MGT514: Security Strategy Planning, Policy, and Leadership

        This version of the game represents how well your fictional organization builds and leads a security program. It’s about aligning security capabilities to strategic objectives to ensure that your security program is helping to meet business goals. The score is measured by dials representing Decipher, Develop, Deliver, and Lead which show how much your team has implemented for each of these areas.

        3. Vulnerability Management

        Maps to MGT516: Managing Vulnerabilities: Enterprise & Cloud

          This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigage and remediate the neverending stream of security vulnerabilities. The score is measured by dials representing Identify, Analyze, Communicate, and Treat which show how much your team has implemented for each of these areas.

          WHAT STUDENTS ARE SAYING ABOUT CYBER42

          “I am learning a lot from the Cyber42 Security Event games.” – Crystal Chatam, MGT512 Student

          “I want to participate again and again. It was just awesome.” – Cyber42 CISO For A Day participant

          “I liked how comprehensive the scenarios were. You have to work through several aspects in order to formulate an answer and then get ranked on a number of different facets. The addition of the time constraint to provide your answers is just a nice little bonus of stress but makes it fun. It's good to work through table-top exercises on a management level. Thanks for putting this together.” – Cyber42 Vulnerability Management participant

          “Thank you for creating the game, it helps to get people understand the choices to be made.” - Cyber42 CISO For A Day participant

          “You guys rock! Great and high quality content!!” - Cyber42 CISO For A Day participant

          “Great initiative!! It's a big learning for me that if the impact and likelihood is not assessed properly then our remediation plan will be bound to fail.” – Cyber42 Vulnerability Management participant

          CYBER42 GAME DAYS 2021

          Free and Open To The Community

          Mark your calendars for the 4th Tuesday of each month in 2021 at 10:30 ET for a 90 minute Cyber42 Game Day challenge! SANS Cybersecurity Leadership curriculum will be offering a free monthly Cyber42 Game Day, rotating versions throughout the year. This blog will be kept up-to-date with details and a link to register approximately 6 weeks prior to each event. Until linked to registration, version and leader subject to change based on availability.

          DATESTART TIME
          CYBER42 VERSION
          LEADER
          Jan 2610:30 ET | 3:30 GMT

          CISO For A Day

          Joe Sullivan
          Feb 2310:30 ET | 3:30 GMTVulnerability ManagementJonathan Risto & Chris Denney
          March 2310:30 ET | 2:30 GMTSecurity CapabilitiesKevin Garvey
          April 2710:30 ET | 2:30 GMTCISO For A DayJoe Sullivan
          May 25
          10:30 ET | 2:30 GMTSecurity Capabilities
          Kevin Garvey
          June 22
          10:30 ET | 2:30 GMTVulnerability Management
          David Hazar
          July 27
          10:30 ET | 2:30 GMTCISO For A Day
          Joe Sullivan
          Aug 24
          10:30 ET | 2:30 GMTSecurity Capabilities
          Kevin Garvey
          Sept 28
          10:30 ET | 2:30 GMTVulnerability Management
          Jonathan Risto
          Oct 26
          10:30 ET | 2:30 GMTCISO For A Day
          Joe Sullivan
          Nov 23
          10:30 ET | 3:30 GMTSecurity Capabilities
          Kevin Garvey
          Dec 28
          10:30 ET | 3:30 GMTVulnerability Management
          David Hazar

          DID YOU SAY CHALLENGE COIN?

          Yes! If you are a student in a course, the members of the winning team receive a challenge coin! 

          Cyber42ChallengeCoins.png

          ABOUT THE AUTHOR

          Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Cybersecurity Leadership and SANS Cloud Security curricula, overseeing nearly 30 SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevOps Automation. Read more about Frank here.

          ABOUT THE PROGRAMMER

          Brandon is a Senior Application Security Engineer at Asurion, where he provides security services for thousands of his coworkers in product development across several global sites responsible for hundreds of web applications. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. He’s a contributor to the OWASP Serverless Top 10 Project and a co-leader for the Nashville OWASP chapter. Brandon is lead author for the new SEC510: Multicloud Security Assessment and Defense and a contributor and instructor for SEC540: Cloud Security and DevOps Automation. Read more about Brandon here.

          Share:
          TwitterLinkedInFacebook
          Copy url Url was copied to clipboard
          Subscribe to SANS Newsletters
          Join the SANS Community to receive the latest curated cybersecurity news, vulnerabilities, and mitigations, training opportunities, plus our webcast schedule.
          United States
          Canada
          United Kingdom
          Spain
          Belgium
          Denmark
          Norway
          Netherlands
          Australia
          India
          Japan
          Singapore
          Afghanistan
          Aland Islands
          Albania
          Algeria
          American Samoa
          Andorra
          Angola
          Anguilla
          Antarctica
          Antigua and Barbuda
          Argentina
          Armenia
          Aruba
          Austria
          Azerbaijan
          Bahamas
          Bahrain
          Bangladesh
          Barbados
          Belarus
          Belize
          Benin
          Bermuda
          Bhutan
          Bolivia
          Bonaire, Sint Eustatius, and Saba
          Bosnia And Herzegovina
          Botswana
          Bouvet Island
          Brazil
          British Indian Ocean Territory
          Brunei Darussalam
          Bulgaria
          Burkina Faso
          Burundi
          Cambodia
          Cameroon
          Cape Verde
          Cayman Islands
          Central African Republic
          Chad
          Chile
          China
          Christmas Island
          Cocos (Keeling) Islands
          Colombia
          Comoros
          Cook Islands
          Costa Rica
          Croatia (Local Name: Hrvatska)
          Curacao
          Cyprus
          Czech Republic
          Democratic Republic of the Congo
          Djibouti
          Dominica
          Dominican Republic
          East Timor
          East Timor
          Ecuador
          Egypt
          El Salvador
          Equatorial Guinea
          Eritrea
          Estonia
          Ethiopia
          Falkland Islands (Malvinas)
          Faroe Islands
          Fiji
          Finland
          France
          French Guiana
          French Polynesia
          French Southern Territories
          Gabon
          Gambia
          Georgia
          Germany
          Ghana
          Gibraltar
          Greece
          Greenland
          Grenada
          Guadeloupe
          Guam
          Guatemala
          Guernsey
          Guinea
          Guinea-Bissau
          Guyana
          Haiti
          Heard And McDonald Islands
          Honduras
          Hong Kong
          Hungary
          Iceland
          Indonesia
          Iraq
          Ireland
          Isle of Man
          Israel
          Italy
          Jamaica
          Jersey
          Jordan
          Kazakhstan
          Kenya
          Kingdom of Saudi Arabia
          Kiribati
          Korea, Republic Of
          Kosovo
          Kuwait
          Kyrgyzstan
          Lao People's Democratic Republic
          Latvia
          Lebanon
          Lesotho
          Liberia
          Liechtenstein
          Lithuania
          Luxembourg
          Macau
          Macedonia
          Madagascar
          Malawi
          Malaysia
          Maldives
          Mali
          Malta
          Marshall Islands
          Martinique
          Mauritania
          Mauritius
          Mayotte
          Mexico
          Micronesia, Federated States Of
          Moldova, Republic Of
          Monaco
          Mongolia
          Montenegro
          Montserrat
          Morocco
          Mozambique
          Myanmar
          Namibia
          Nauru
          Nepal
          Netherlands Antilles
          New Caledonia
          New Zealand
          Nicaragua
          Niger
          Nigeria
          Niue
          Norfolk Island
          Northern Mariana Islands
          Oman
          Pakistan
          Palau
          Palestine
          Panama
          Papua New Guinea
          Paraguay
          Peru
          Philippines
          Pitcairn
          Poland
          Portugal
          Puerto Rico
          Qatar
          Reunion
          Romania
          Russian Federation
          Rwanda
          Saint Bartholemy
          Saint Kitts And Nevis
          Saint Lucia
          Saint Martin
          Saint Vincent And The Grenadines
          Samoa
          San Marino
          Sao Tome And Principe
          Senegal
          Serbia
          Seychelles
          Sierra Leone
          Sint Maarten
          Slovakia (Slovak Republic)
          Slovenia
          Solomon Islands
          South Africa
          South Georgia and the South Sandwich Islands
          South Sudan
          Sri Lanka
          St. Helena
          St. Pierre And Miquelon
          Suriname
          Svalbard And Jan Mayen Islands
          Swaziland
          Sweden
          Switzerland
          Taiwan
          Tajikistan
          Tanzania
          Thailand
          Togo
          Tokelau
          Tonga
          Trinidad And Tobago
          Tunisia
          Turkey
          Turkmenistan
          Turks And Caicos Islands
          Tuvalu
          Uganda
          Ukraine
          United Arab Emirates
          United States Minor Outlying Islands
          Uruguay
          Uzbekistan
          Vanuatu
          Vatican City
          Venezuela
          Vietnam
          Virgin Islands (British)
          Virgin Islands (U.S.)
          Wallis And Futuna Islands
          Western Sahara
          Yemen
          Yugoslavia
          Zambia
          Zimbabwe

          Recommended Training

          • TBT570: Team-Based Training - Blue Team and Red Team Dynamic Workshop

          Tags:
          • Security Management, Legal, and Audit

          Related Content

          Blog
          Security Management, Legal, and Audit
          January 12, 2021
          The PowerShell Tools I Use for Audit and Compliance Measurement
          This is Part 1 of a 3-part Series on Using PowerShell for Continuous Audit & Compliance Automation in Enterprise & Cloud
          370x370_Clay-Risenhoover.jpg
          Clay Risenhoover
          read more
          Blog
          MGT_Triads_400x227.png
          Security Management, Legal, and Audit
          December 16, 2020
          SANS Cybersecurity Leadership Curriculum Triads
          Go Beyond Good Enough. Become A Transformational Cybersecurity Leader or an Operational Cybersecurity Executive.
          370x370_Frank-Kim.jpg
          Frank Kim
          read more
          Blog
          Lion_ICON.png
          Security Management, Legal, and Audit
          December 16, 2020
          SANS Cybersecurity Leadership Curriculum
          Developing World Class Cybersecurity Leaders
          370x370_Frank-Kim.jpg
          Frank Kim
          read more
          • Register to Learn
          • Courses
          • Certifications
          • Degree Programs
          • Cyber Ranges
          • Job Tools
          • Security Policy Project
          • Posters
          • The Critical Security Controls
          • Focus Areas
          • Blue Team Operations
          • Cloud Security
          • Cybersecurity Leadership
          • Digital Forensics
          • Industrial Control Systems
          • Offensive Operations
          Subscribe to SANS Newsletters
          Join the SANS Community to receive the latest curated cybersecurity news, vulnerabilities, and mitigations, training opportunities, plus our webcast schedule.
          United States
          Canada
          United Kingdom
          Spain
          Belgium
          Denmark
          Norway
          Netherlands
          Australia
          India
          Japan
          Singapore
          Afghanistan
          Aland Islands
          Albania
          Algeria
          American Samoa
          Andorra
          Angola
          Anguilla
          Antarctica
          Antigua and Barbuda
          Argentina
          Armenia
          Aruba
          Austria
          Azerbaijan
          Bahamas
          Bahrain
          Bangladesh
          Barbados
          Belarus
          Belize
          Benin
          Bermuda
          Bhutan
          Bolivia
          Bonaire, Sint Eustatius, and Saba
          Bosnia And Herzegovina
          Botswana
          Bouvet Island
          Brazil
          British Indian Ocean Territory
          Brunei Darussalam
          Bulgaria
          Burkina Faso
          Burundi
          Cambodia
          Cameroon
          Cape Verde
          Cayman Islands
          Central African Republic
          Chad
          Chile
          China
          Christmas Island
          Cocos (Keeling) Islands
          Colombia
          Comoros
          Cook Islands
          Costa Rica
          Croatia (Local Name: Hrvatska)
          Curacao
          Cyprus
          Czech Republic
          Democratic Republic of the Congo
          Djibouti
          Dominica
          Dominican Republic
          East Timor
          East Timor
          Ecuador
          Egypt
          El Salvador
          Equatorial Guinea
          Eritrea
          Estonia
          Ethiopia
          Falkland Islands (Malvinas)
          Faroe Islands
          Fiji
          Finland
          France
          French Guiana
          French Polynesia
          French Southern Territories
          Gabon
          Gambia
          Georgia
          Germany
          Ghana
          Gibraltar
          Greece
          Greenland
          Grenada
          Guadeloupe
          Guam
          Guatemala
          Guernsey
          Guinea
          Guinea-Bissau
          Guyana
          Haiti
          Heard And McDonald Islands
          Honduras
          Hong Kong
          Hungary
          Iceland
          Indonesia
          Iraq
          Ireland
          Isle of Man
          Israel
          Italy
          Jamaica
          Jersey
          Jordan
          Kazakhstan
          Kenya
          Kingdom of Saudi Arabia
          Kiribati
          Korea, Republic Of
          Kosovo
          Kuwait
          Kyrgyzstan
          Lao People's Democratic Republic
          Latvia
          Lebanon
          Lesotho
          Liberia
          Liechtenstein
          Lithuania
          Luxembourg
          Macau
          Macedonia
          Madagascar
          Malawi
          Malaysia
          Maldives
          Mali
          Malta
          Marshall Islands
          Martinique
          Mauritania
          Mauritius
          Mayotte
          Mexico
          Micronesia, Federated States Of
          Moldova, Republic Of
          Monaco
          Mongolia
          Montenegro
          Montserrat
          Morocco
          Mozambique
          Myanmar
          Namibia
          Nauru
          Nepal
          Netherlands Antilles
          New Caledonia
          New Zealand
          Nicaragua
          Niger
          Nigeria
          Niue
          Norfolk Island
          Northern Mariana Islands
          Oman
          Pakistan
          Palau
          Palestine
          Panama
          Papua New Guinea
          Paraguay
          Peru
          Philippines
          Pitcairn
          Poland
          Portugal
          Puerto Rico
          Qatar
          Reunion
          Romania
          Russian Federation
          Rwanda
          Saint Bartholemy
          Saint Kitts And Nevis
          Saint Lucia
          Saint Martin
          Saint Vincent And The Grenadines
          Samoa
          San Marino
          Sao Tome And Principe
          Senegal
          Serbia
          Seychelles
          Sierra Leone
          Sint Maarten
          Slovakia (Slovak Republic)
          Slovenia
          Solomon Islands
          South Africa
          South Georgia and the South Sandwich Islands
          South Sudan
          Sri Lanka
          St. Helena
          St. Pierre And Miquelon
          Suriname
          Svalbard And Jan Mayen Islands
          Swaziland
          Sweden
          Switzerland
          Taiwan
          Tajikistan
          Tanzania
          Thailand
          Togo
          Tokelau
          Tonga
          Trinidad And Tobago
          Tunisia
          Turkey
          Turkmenistan
          Turks And Caicos Islands
          Tuvalu
          Uganda
          Ukraine
          United Arab Emirates
          United States Minor Outlying Islands
          Uruguay
          Uzbekistan
          Vanuatu
          Vatican City
          Venezuela
          Vietnam
          Virgin Islands (British)
          Virgin Islands (U.S.)
          Wallis And Futuna Islands
          Western Sahara
          Yemen
          Yugoslavia
          Zambia
          Zimbabwe
          • © 2021 SANS™ Institute
          • Privacy Policy
          • Contact
          • Twitter
          • Facebook
          • Youtube
          • LinkedIn