Overview
Industry-relevant and innovative, Cyber42 is the ultimate continuous table top simulation for developing your cybersecurity leadership skills in a fun and collaborative environment.
Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.
As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.
Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.
Winning the game is simple. A player/team needs to have the highest score.
Features
- Play solo or on a team
- Designed for cybersecurity managers, directors, and aspiring leaders
- Apply what you've learned in class and on the job in a safe and interactive environment
- Earn recognition on our real-time scoreboard
- Share your knowledge using interactive Slack chat with other players
- Sharpen your skills with game-based training that is fun and engaging
Versions Include
- Security Program Capabilities
- CISO for A Day
- Vulnerability Management
- Industrial Edition
- Security Culture
- Security Operations Centers
- Leading Cloud
Versions Of Cyber42: Detailed Descriptions
1. Security Program Capabilities
Maps to MGT512: Security Leadership Essentials for Managers
This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement.
Topics:
- Balance the build out of your security program by improving your Identify, Protect, Detect, and Respond capabilities as defined by the NIST Cybersecurity Framework (CSF). These core functions represent key areas of investment as you seek to find ways to build your team.
Who Should Attend:
- Security Managers: Newly appointed information security officers or recently promoted security leaders who want to build a security foundation for leading and building teams
- Security Professionals: Technically skilled security administrators who have recently been given leadership responsibilities or team leads with responsibility for a specific security function who want to understand what other teams are doing
- Managers: Managers who want to understand what technical people are telling them or who need an understanding of security from a management perspective
2. CISO For A Day
Maps to MGT514: Security Strategic Planning, Policy, and Leadership
This version of the game represents how well your fictional organization builds a security strategic plan.
Topics:
- Learn to meet business goals and lead execution by building your ability to Decipher, Develop, Deliver, and Lead as defined by the MGT514 strategic planning process.
Who Should Attend:
- CISOs
- Information security officers
- Security directors
- Security managers
- Aspiring security leaders
- Security personnel who have team lead or management responsibilities
- Anyone who wants to go beyond technical skills
- Technical professionals who want to learn to communicate with senior leaders in business terms
3. Vulnerability Management
Maps to MGT516: Managing Security Vulnerabilities: Enterprise and Cloud
This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigate and remediate the never ending stream of security vulnerabilities.Topics:
- Build a sustainable vulnerability management program by improving your ability to Identify, Analyze, Communicate, and Treat security vulnerabilities as defined by the MGT516 vulnerability management process.
Who Should Attend:
- CISOs
- Security managers, officers, and directors
- Aspiring information security leaders
- Risk management professionals
4. Industrial Edition
Maps to ICS418 (coming soon): ICS Security Essentials for Managers
This version of the game will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Players will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program, and the requirement to maintain safe and reliable control system operations.
Topics:
- Difference in IT-centric security controls within OT networks
- Impacts of ICS-specific cyber attacks, including reliability, health and human safety, the environment, and more
- Unique ICS cyber risk considerations
Who should attend:
- ICS security managers or directors
- CISOs for industrial organizations
- IT and OT security leaders
- Engineers and operators of industrial organizations
- Aspiring ICS security professionals
- Anyone interested in ICS security beyond technical controls
5. Security Culture
Maps to MGT521: Leading Cybersecurity Change: Building a Security-Based Culture
The impact of your cybersecurity program is no longer just about technology, rather organizational change. To have this level of influence, you must strive to change how people think about cybersecurity in what they prioritize and how they act. Not only does it help to create a far more secure workforce, but it also helps to ensure your security initiatives are more successful when you have buy-in from the entire organization. Your goal is not to change your organization’s existing culture but to embed security into the existing culture.
Topics:
- How to define culture, really?
- Indicators of a strong security culture
- How to assess your security culture
- How to embed a strong security culture in your organization
- Resources you can now use to improve your security culture
Who should attend:
- Chief Information Security Officers
- Chief Risk Officers/Risk Management Leaders
- Security Awareness/Engagement Managers
- Information Security Officers, Managers, and Directors
- Aspiring Information Security Leaders
- Privacy/Ethics Officers
6. Security Operations Centers
Maps to MGT551: Building and Leading Security Operations Centers
The goal of this version is to make key decisions that will affect the people, process, and technology aspects of your security team, all while balancing available resources (budget and time) and optimizing results. This simulation will focus on the decisions required to build out and operate a security operations center. Each round will present students with a decision that must be made that will affect the budget and time allotted in both expected and unexpected ways, testing your ability to balance needs while maintaining a happy, functional SOC team. Your goal will be to build out the best SOC in terms of prevention, detection, response, and team morale, while not running out of time or money.
Topics:
This simulation will focus on the decisions required to build out and operate a security operations center. Each round will present students with a decisions that must be made that will affect the budget and time allotted in both expected and unexpected ways, and test your ability to balance needs while maintaining a happy, functional SOC team. Your goal will be to build out the best SOC in terms of prevention, detection, response, and team morale, while not running out of time or money.
Who should attend:
- SOC Analysts
- Incident Responders
- SOC Architects and Engineers
- SOC Managers/Directors
- Anyone interested trying out making tough security operations decisions
Private Ranges for your Team
Select a private cyber range experience for your team to assess or advance their skills to meet the unique needs of your organization. SANS will help you to:
- Define Learning Objectives
- Develop Scorecards
- Configure Content & Platform
Cyber42 Game Days 2021
| Date | Start Time | Cyber42 Version | Leader |
|---|---|---|---|
Jan 26 | 10:30 ET | 3:30 GMT | Joe Sullivan | |
Feb 23 | 10:30 ET | 3:30 GMT | Jonathan Risto & Chris Denney | |
March 23 | 10:30 ET | 2:30 GMT | Kevin Garvey | |
April 27 | 10:30 ET | 2:30 GMT | Joe Sullivan | |
May 25 | 10:30 ET | 2:30 GMT | Kevin Garvey | |
| June 22 | 10:30 ET | 2:30 GMT | David Hazar | |
July 27 | 10:30 ET | 2:30 GMT | Dean Parsons & Jason Christopher | |
Aug 24 | 10:30 ET | 2:30 GMT | Russell Eubanks & Kevin Garvey | |
Oct 26 | 10:30 ET | 2:30 GMT |
Mark Orlando & John Hubbard | |
Nov 16 | 10:30 ET | 3:30 GMT |
TBD | Kevin Garvey |
Laptop Requirements
A laptop or mobile device with the latest web browser is required to play the Cyber42 leadership simulation game.