Cyber42 Cybersecurity Leadership Simulation Games

!! CYBER42 IS NOW PART OF THE SANS CYBER RANGES !!

Learn more here.

---------------------------------------------------------------------------------------------------------------------------------

I’ve been teaching for SANS for over a decade and we’ve learned a lot while building out the Cybersecurity Leadership Curriculum. We have great authors and instructors who have created amazing content, labs, and exercises. These include hands-on technical labs, case scenarios, group discussions, and longer business case studies like the ones from Harvard Business School.

In 2020 we added something new to the mix. We call it Cyber42. This cybersecurity leadership simulation game has been added to a number of SANS Cybersecurity Leadership courses and is also available in various short forms via “Game Days” at various times throughout the year for anyone to play. The courses that include Cyber42 within the course content are:

• MGT512: Security Leadership Essentials for Managers
• MGT514: Security Strategy, Policy, and Leadership
• MGT516: Managing Security Vulnerabilities: Enterprise & Cloud
• MGT520: Leading Cloud Security Design & Implementation

• MGT551: Building and Leading Security Operations Centers

Original Cyber42 Game Board - MGT512 version

HOW THE GAME WORKS

Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.

As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.

Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.

In each version of the game, the score is measured by dials representing various concepts covered in that course. The dials run on a scale of 1-5, with 1 being the lowest score and 5 being the highest.

Winning the game is simple. A player/team needs to have the highest score.

Throughout the Fall of 2020, Brandon Evans worked on building a new web app based game for us to use. This now allows us to run the game for people to play independently or choose their own teams, and will relieve the cap we had to have on previous events.

In Q1-21 our engineering and technical teams have been doing additional work behind the scenes to improve capacity and user experience for our Game Days, as well.

Web App "Board" - MGT514 version (Programming by SANS Instructor, Brandon Evans)

VERSIONS OF CYBER42:

1. Security Capabilities

Maps to MGT512: Security Leadership Essentials for Managers

This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement. The score is measured by dials representing Identify, Protect, Detect, and Respond which show how much your team has implemented for each of these areas.

2. CISO For A Day

Maps to MGT514: Security Strategy Planning, Policy, and Leadership

This version of the game represents how well your fictional organization builds and leads a security program. It’s about aligning security capabilities to strategic objectives to ensure that your security program is helping to meet business goals. The score is measured by dials representing Decipher, Develop, Deliver, and Lead which show how much your team has implemented for each of these areas.

3. Vulnerability Management

Maps to MGT516: Managing Vulnerabilities: Enterprise & Cloud

This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigage and remediate the neverending stream of security vulnerabilities. The score is measured by dials representing Identify, Analyze, Communicate, and Treat which show how much your team has implemented for each of these areas.

WHAT STUDENTS ARE SAYING ABOUT CYBER42

“I am learning a lot from the Cyber42 Security Event games.” – Crystal Chatam, MGT512 Student

“I want to participate again and again. It was just awesome.” – Cyber42 CISO For A Day participant

“I liked how comprehensive the scenarios were. You have to work through several aspects in order to formulate an answer and then get ranked on a number of different facets. The addition of the time constraint to provide your answers is just a nice little bonus of stress but makes it fun. It's good to work through table-top exercises on a management level. Thanks for putting this together.” – Cyber42 Vulnerability Management participant

“Thank you for creating the game, it helps to get people understand the choices to be made.” - Cyber42 CISO For A Day participant

“You guys rock! Great and high quality content!!” - Cyber42 CISO For A Day participant

“Great initiative!! It's a big learning for me that if the impact and likelihood is not assessed properly then our remediation plan will be bound to fail.” – Cyber42 Vulnerability Management participant

CYBER42 GAME DAYS 2021

Free and Open To The Community

Mark your calendars for the 4th Tuesday of each month in 2021 at 10:30 ET for a 90 minute Cyber42 Game Day challenge! SANS Cybersecurity Leadership curriculum will be offering a free monthly Cyber42 Game Day, rotating versions throughout the year. This blog will be kept up-to-date with details and a link to register approximately 6 weeks prior to each event. Until linked to registration, version and leader subject to change based on availability.

DATE	START TIME	CYBER42 VERSION	LEADER
Jan 26	10:30 ET | 3:30 GMT	CISO For A Day	Joe Sullivan
Feb 23	10:30 ET | 3:30 GMT	Vulnerability Management	Jonathan Risto & Chris Denney
March 23	10:30 ET | 2:30 GMT	Security Capabilities	Kevin Garvey & Frank Kim
April 27	10:30 ET | 2:30 GMT	CISO For A Day	Joe Sullivan & Chris Denney
May 25	10:30 ET | 2:30 GMT	Security Capabilities	Kevin Garvey & Frank Kim
June 22	10:30 ET | 2:30 GMT	Vulnerability Management	Jonathan Risto & Chris Denney
July 27	10:30 ET | 2:30 GMT	CISO For A Day	Joe Sullivan
Aug 24	10:30 ET | 2:30 GMT	Security Capabilities	Kevin Garvey
Sept 28	10:30 ET | 2:30 GMT	Vulnerability Management	David Hazar
Oct 26	10:30 ET | 2:30 GMT	CISO For A Day	Joe Sullivan
Nov 23	10:30 ET | 3:30 GMT	Security Capabilities	Kevin Garvey
Dec 28	10:30 ET | 3:30 GMT	Vulnerability Management	David Hazar

DID YOU SAY CHALLENGE COIN?

Yes! If you are a student in a course, the members of the winning team receive a challenge coin! 

ABOUT THE AUTHOR

Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Cybersecurity Leadership and SANS Cloud Security curricula, overseeing nearly 30 SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevOps Automation. Read more about Frank here.

ABOUT THE PROGRAMMER

Brandon works for Zoom Video Communications, in which he leads their internal Application Security training. As an application developer for most of his professional career, he moved into security full-time largely because of his many formal trainings through SANS. He’s a contributor to the OWASP Serverless Top 10 Project and a co-leader for the Nashville OWASP chapter. Brandon is a SANS Certified Instructor, lead author for the SEC510: Public Cloud Security: AWS, Azure, & GCP and a contributor and instructor for SEC540: Cloud Security and DevOps Automation. Read more about Brandon here.