Cybersecurity Leadership Table Top Simulation Game
I’ve been teaching for SANS for over a decade and we’ve learned a lot while building out the
Cybersecurity Leadership Curriculum. We have great authors and instructors who have created amazing content, labs, and exercises. These include hands-on technical labs, case scenarios, group discussions, and longer business case studies like the ones from Harvard Business School.
In 2020 we added something new to the mix that we continually have been expanding on since. We call it Cyber42. This cybersecurity leadership simulation game has been added to a number of SANS Cybersecurity Leadership courses. The courses that include Cyber42 within the course content are:
- MGT512: Security Leadership Essentials for Managers
- MGT514: Security Strategy, Policy, and Leadership
- MGT516: Building and Leading Vulnerability Management Programs
- MGT520: Leading Cloud Security Design & Implementation
- MGT521: Leading Cybersecurity Change: Building a Security-Based Culture
- MGT551: Building and Leading Security Operations Centers
- ICS418: ICS for Managers
Original Cyber42 Game Board - MGT512 version
How the Game Works
Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.
As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.
Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.
In each version of the game, the score is measured by dials representing various concepts covered in that course. The dials run on a scale of 1-5, with 1 being the lowest score and 5 being the highest. Winning the game is simple. A player/team needs to have the highest score.

Screenshot of Digital Game Board
Versions of Cyber42
Throughout the year, often in conjunction with SANS Summits or other special events, we offer free "game day" versions of Cyber42 as a fun way to learn and interact with peers. Depending on the event, we may offer one of the following versions. Registrations are required and information is provided via the Summit or special event.
Cyber42 is a leadership simulation game that puts you in the driver’s seat of making tough executive calls on behalf a fictitious organization that needs your expertise. Each outcome will be followed by thoughtfully crafted group discussion. The winning team will be decided by who makes the strongest security cultural impact to the fictitious organization.
Transformational Cybersecurity Leader
This version of the game supports concepts from the following three cyber security leadership training courses that comprise the Transformational Cybersecurity Leadership Triad:
- MGT512: Security Leadership Essentials for Managers
- MGT514: Security Strategy, Policy, and Leadership
- MGT521: Leading Cybersecurity Change: Building a Security-Based Culture
Learning Objectives:
- Identify various decision making next steps against popular security scenarios.
- Make tough decisions balancing available information and competing priorities to facilitate successful outcomes for a fictitious organization.
- Build leadership muscle by ingesting opposing viewpoints through frictionless peer conversion
- Create valuable connections with peers in an enjoyable and conversational focused setting
Operational Cybersecurity Executive
This version of the game supports concepts from the following three cyber security leadership training courses that comprise the Operational Cybersecurity Executive Triad:
- 516: Building and Leading Vulnerability Management Programs
- 551: Building and Leading Security Operations Centers
- SEC566: Implementing and Auditing Security Frameworks and Controls
Learning Objectives:
You will work through different scenarios, each focusing on different elements needed as an Operational Cybersecurity Executive: Vulnerability Management, Security Operations and Defensive Controls. Walk away after the even having advanced the following:
- Gain insight into the cybersecurity landscape from the operational executive perspective
- Strategically balancing competing priorities for successful outcomes
- Rapid data synthesis and analysis for informed decision-making
- Risk-free decision-making in a simulated environment for optimal business outcomes
- Building valuable connections with peers in a dynamic and enjoyable setting
Industrial Edition
This version of the game will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Players will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program. ICS managers all face the same dilemma: How to protect industrial equipment from shut downs, failure, damage, or worse!
What Students are Saying about Cyber42
Cyber42 has really forced some good conversations with the team. - Steven D., US Government
The Cyber42 game was perhaps one of the best learning tools that I've encountered in any professional class such as this one. The conversation and thought that went into each answer was an awesome experience. - Julien Brown, Consumers Energy
Cyber42 was an enjoyable way to exercise determining risk as well as understanding that throwing more money is not always the answer to your problems. - Jordon R., US Military
The CYBER 42 workshops are amazing - what a team building and knowledge sharing concept! - Deb Roy, NTT Data
Did You Say Challenge Coin?
Yes! If you are a student in a course, the members of the winning team receive a challenge coin!
(Coins are not distributed for Game Day winners as it's only a small sample of the entire game.)
ABOUT THE AUTHOR
Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Cybersecurity Leadership and SANS Cloud Security curricula, overseeing nearly 30 SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevSecOps Automation. Read more about Frank here.
ADDITIONAL CONTRIBUTORS