Cyber42 Cybersecurity Leadership Simulation Games

The ultimate hands-on challenges for testing and building your cybersecurity management skills.


Industry-relevant and innovative, Cyber42 is the ultimate continuous table top simulation for developing your cybersecurity leadership skills in a fun and collaborative environment.

Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.

As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.

Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.

Winning the game is simple. A player/team needs to have the highest score.


    • Play solo or on a team
    • Designed for cybersecurity managers, directors, and aspiring leaders
    • Apply what you've learned in class and on the job in a safe and interactive environment
    • Earn recognition on our real-time scoreboard
    • Share your knowledge using interactive Slack chat with other players
    • Sharpen your skills with game-based training that is fun and engaging

    Versions Include

    1. Security Program Capabilities
    2. CISO for A Day
    3. Vulnerability Management
    4. Industrial Edition
    5. Security Culture
    6. Security Operations Centers
    7. Leading Cloud

    Versions Of Cyber42: Detailed Descriptions

    1. Security Program Capabilities

    This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement.

    • Balance the build out of your security program by improving your Identify, Protect, Detect, and Respond capabilities as defined by the NIST Cybersecurity Framework (CSF). These core functions represent key areas of investment as you seek to find ways to build your team.
    Who Should Attend:
    • Security Managers: Newly appointed information security officers or recently promoted security leaders who want to build a security foundation for leading and building teams
    • Security Professionals: Technically skilled security administrators who have recently been given leadership responsibilities or team leads with responsibility for a specific security function who want to understand what other teams are doing
    • Managers: Managers who want to understand what technical people are telling them or who need an understanding of security from a management perspective

    2. CISO For A Day

    This version of the game represents how well your fictional organization builds a security strategic plan.

    • Learn to meet business goals and lead execution by building your ability to Decipher, Develop, Deliver, and Lead as defined by the MGT514 strategic planning process.
    Who Should Attend:
    • CISOs
    • Information security officers
    • Security directors
    • Security managers
    • Aspiring security leaders
    • Security personnel who have team lead or management responsibilities
    • Anyone who wants to go beyond technical skills
    • Technical professionals who want to learn to communicate with senior leaders in business terms

      3. Vulnerability Management

      This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigate and remediate the never ending stream of security vulnerabilities.

      • Build a sustainable vulnerability management program by improving your ability to Identify, Analyze, Communicate, and Treat security vulnerabilities as defined by the MGT516 vulnerability management process.
      Who Should Attend:
      • CISOs
      • Security managers, officers, and directors
      • Aspiring information security leaders
      • Risk management professionals

      4. Industrial Edition

      This version of the game will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Players will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program, and the requirement to maintain safe and reliable control system operations.

      • Difference in IT-centric security controls within OT networks
      • Impacts of ICS-specific cyber attacks, including reliability, health and human safety, the environment, and more
      • Unique ICS cyber risk considerations
      Who should attend:
      • ICS security managers or directors
      • CISOs for industrial organizations
      • IT and OT security leaders
      • Engineers and operators of industrial organizations
      • Aspiring ICS security professionals
      • Anyone interested in ICS security beyond technical controls

      5. Security Culture 

      The impact of your cybersecurity program is no longer just about technology, rather organizational change. To have this level of influence, you must strive to change how people think about cybersecurity in what they prioritize and how they act. Not only does it help to create a far more secure workforce, but it also helps to ensure your security initiatives are more successful when you have buy-in from the entire organization. Your goal is not to change your organization’s existing culture but to embed security into the existing culture. 

      • How to define culture, really? 
      • Indicators of a strong security culture 
      • How to assess your security culture 
      • How to embed a strong security culture in your organization 
      • Resources you can now use to improve your security culture 
      Who should attend: 
      • Chief Information Security Officers 
      • Chief Risk Officers/Risk Management Leaders
      • Security Awareness/Engagement Managers
      • Information Security Officers, Managers, and Directors 
      • Aspiring Information Security Leaders
      • Privacy/Ethics Officers

      Private Ranges for your Team

      Select a private cyber range experience for your team to assess or advance their skills to meet the unique needs of your organization. SANS will help you to:

      • Define Learning Objectives
      • Develop Scorecards
      • Configure Content & Platform

        Cyber42 Game Days 2021

        Free and Open To The Community Mark your calendars for the 4th Tuesday of each month in 2021 at 10:30 ET for a free, 90-minute Cyber42 Game Day challenge! Versions will be rotated throughout the year; topic and leader subject to change until the event is live.
        DateStart TimeCyber42 VersionLeader

        Jan 26

        10:30 ET | 3:30 GMT

        CISO For A Day

        Joe Sullivan

        Feb 23

        10:30 ET | 3:30 GMT

        Vulnerability Management

        Jonathan Risto & Chris Denney

        March 23

        10:30 ET | 2:30 GMT

        Security Capabilities

        Kevin Garvey

        April 27

        10:30 ET | 2:30 GMT

        CISO For A Day

        Joe Sullivan

        May 25

        10:30 ET | 2:30 GMT

        Security Capabilities

        Kevin Garvey

        June 22

        10:30 ET | 2:30 GMT

        Vulnerability Management

        David Hazar

        July 27

        10:30 ET | 2:30 GMT

        ICS Industrial Edition

        Dean Parsons & Jason Christopher

        Aug 24

        10:30 ET | 2:30 GMT

        Security Culture

        Russell Eubanks & Kevin Garvey

        Sept 28

        10:30 ET | 2:30 GMT

        Security Operations Center

        Mark Orlando & John Hubbard

        Oct 26

        10:30 ET | 2:30 GMT

        Cloud Design & Implementation

        Jason Lam

        Nov 16

        10:30 ET | 3:30 GMT


        Kevin Garvey

        Laptop Requirements

        A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.

        I want to participate again and again. It was just awesome.
        Cyber42 CISO For A Day Participant
        I liked how comprehensive the scenarios were. You have to work through several aspects in order to formulate an answer and then get ranked on a number of different facets. It's good to work through table-top exercises on a management level.
        Cyber42 Vulnerability Management Participant
        Thank you for creating the game. It helps to get people to understand the choices to be made.
        Cyber42 CISO For A Day Participant
        Great initiative!! It's a big learning for me that if the impact and likelihood is not assessed properly then our remediation plan will be bound to fail.
        Cyber42 Vulnerability Management Participant
        I am learning a lot from the Cyber42 Security Event games.
        Crystal Chatam
        - MGT512 Student