Overview

Industry-relevant and innovative, Cyber42 is the ultimate continuous table top simulation for developing your cybersecurity leadership skills in a fun and collaborative environment.

Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.

As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.

Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.

Winning the game is simple. A player/team needs to have the highest score.

Features

• Play solo or on a team
• Designed for cybersecurity managers, directors, and aspiring leaders
• Apply what you've learned in class and on the job in a safe and interactive environment
• Earn recognition on our real-time scoreboard
• Share your knowledge using interactive Slack chat with other players
• Sharpen your skills with game-based training that is fun and engaging

Versions Include

1. Security Program Capabilities
2. CISO for A Day
3. Vulnerability Management
4. Industrial Edition
5. Security Culture
6. Security Operations Centers
7. Leading Cloud

Versions Of Cyber42: Detailed Descriptions

1. Security Program Capabilities

Maps to MGT512: Security Leadership Essentials for Managers

This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement.

Topics:

• Balance the build out of your security program by improving your Identify, Protect, Detect, and Respond capabilities as defined by the NIST Cybersecurity Framework (CSF). These core functions represent key areas of investment as you seek to find ways to build your team.
  

Who Should Attend:

• Security Managers: Newly appointed information security officers or recently promoted security leaders who want to build a security foundation for leading and building teams
• Security Professionals: Technically skilled security administrators who have recently been given leadership responsibilities or team leads with responsibility for a specific security function who want to understand what other teams are doing
• Managers: Managers who want to understand what technical people are telling them or who need an understanding of security from a management perspective

2. CISO For A Day

Maps to MGT514: Security Strategic Planning, Policy, and Leadership

This version of the game represents how well your fictional organization builds a security strategic plan.

Topics:

• Learn to meet business goals and lead execution by building your ability to Decipher, Develop, Deliver, and Lead as defined by the MGT514 strategic planning process.
  

Who Should Attend:

• CISOs
• Information security officers
• Security directors
• Security managers
• Aspiring security leaders
• Security personnel who have team lead or management responsibilities
• Anyone who wants to go beyond technical skills
• Technical professionals who want to learn to communicate with senior leaders in business terms

3. Vulnerability Management

Maps to MGT516: Managing Security Vulnerabilities: Enterprise and Cloud

This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigate and remediate the never ending stream of security vulnerabilities.

Topics:

• Build a sustainable vulnerability management program by improving your ability to Identify, Analyze, Communicate, and Treat security vulnerabilities as defined by the MGT516 vulnerability management process.

Who Should Attend:

• CISOs
• Security managers, officers, and directors
• Aspiring information security leaders
• Risk management professionals

4. Industrial Edition

Maps to ICS418 (coming soon): ICS Security Essentials for Managers

This version of the game will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Players will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program, and the requirement to maintain safe and reliable control system operations.

Topics:

• Difference in IT-centric security controls within OT networks
• Impacts of ICS-specific cyber attacks, including reliability, health and human safety, the environment, and more
• Unique ICS cyber risk considerations

Who should attend:

• ICS security managers or directors
• CISOs for industrial organizations
• IT and OT security leaders
• Engineers and operators of industrial organizations
• Aspiring ICS security professionals
• Anyone interested in ICS security beyond technical controls

5. Security Culture 

Maps to MGT521: Leading Cybersecurity Change: Building a Security-Based Culture

The impact of your cybersecurity program is no longer just about technology, rather organizational change. To have this level of influence, you must strive to change how people think about cybersecurity in what they prioritize and how they act. Not only does it help to create a far more secure workforce, but it also helps to ensure your security initiatives are more successful when you have buy-in from the entire organization. Your goal is not to change your organization’s existing culture but to embed security into the existing culture. 

Topics:

• How to define culture, really? 
• Indicators of a strong security culture 
• How to assess your security culture 
• How to embed a strong security culture in your organization 
• Resources you can now use to improve your security culture 

Who should attend: 

• Chief Information Security Officers 
• Chief Risk Officers/Risk Management Leaders
• Security Awareness/Engagement Managers
• Information Security Officers, Managers, and Directors 
• Aspiring Information Security Leaders
• Privacy/Ethics Officers

6. Security Operations Centers

Maps to MGT551: Building and Leading Security Operations Centers

The goal of this version is to make key decisions that will affect the people, process, and technology aspects of your security team, all while balancing available resources (budget and time) and optimizing results. This simulation will focus on the decisions required to build out and operate a security operations center. Each round will present students with a decision that must be made that will affect the budget and time allotted in both expected and unexpected ways, testing your ability to balance needs while maintaining a happy, functional SOC team. Your goal will be to build out the best SOC in terms of prevention, detection, response, and team morale, while not running out of time or money.

Topics: 

This simulation will focus on the decisions required to build out and operate a security operations center. Each round will present students with a decisions that must be made that will affect the budget and time allotted in both expected and unexpected ways, and test your ability to balance needs while maintaining a happy, functional SOC team. Your goal will be to build out the best SOC in terms of prevention, detection, response, and team morale, while not running out of time or money.

Who should attend:

• SOC Analysts
• Incident Responders
• SOC Architects and Engineers
• SOC Managers/Directors
• Anyone interested trying out making tough security operations decisions

7. Ransomware

Maps to MGT512: Security Leadership Essentials for Managers

Maps to MGT514: Security Strategic Planning, Policy, and Leadership

This version of the game represents how a fictional organization responds to a ransomware event against the organization. Responses to ransomware events requires not only managing the event but also the expectations of key stakeholders and external parties.

Who Should Attend:

• Chief Information Security Officers
• Information security officers
• Security directors
• Security managers
• Aspiring security leaders
• Security personnel who have team lead or management responsibilities
• Anyone who wants to go beyond technical skills
• Technical professionals who want to learn to communicate with senior leaders in business terms.

Laptop Requirements

A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.