CYBER42 IS NOW PART OF SANS CYBER RANGES. LEARN MORE HERE.
Cybersecurity Leadership Table Top Simulation Game
See below for the 2022 schedule.
I’ve been teaching for SANS for over a decade and we’ve learned a lot while building out the Cybersecurity Leadership Curriculum. We have great authors and instructors who have created amazing content, labs, and exercises. These include hands-on technical labs, case scenarios, group discussions, and longer business case studies like the ones from Harvard Business School.
In 2020 we added something new to the mix that we continually have been expanding on since. We call it Cyber42. This cybersecurity leadership simulation game has been added to a number of SANS Cybersecurity Leadership courses and is also available in various short forms via “Game Days” at various times throughout the year for anyone to play. The courses that include Cyber42 within the course content are:
- MGT512: Security Leadership Essentials for Managers
- MGT514: Security Strategy, Policy, and Leadership
- MGT551: Building and Leading Security Operations Centers
- ICS418: ICS for Managers
Original Cyber42 Game Board - MGT512 version
How the Game Works
Individuals or teams play to improve the state of security for a fictional organization. Just as in real life, any program has constraints, such as time, money, and resources. Students are required to manage their resources even amongst changing tides and requirements within the organization. They must capitalize on the schedule and available resources to accomplish necessary tasks in a timely and effective manner. Players can interact with one another in order to maximize the results of their program. This type of interactive simulation puts students in real-world scenarios that spur discussion, critical thinking of situations, and melding of different points of view and personalities that they will encounter at work.
As students progress in the game, they choose different initiatives to implement. These initiatives are larger, strategic activities that drive change for the organization. By the end of the game various different initiatives are implemented.
Just like in the real world, however, unexpected events can arise that delay or even possibly derail a planned strategic initiative. In the game there are multiple events to which players will respond. The decisions that are made in response to these events will alter budgets, time, level of security functions, and ultimately the player’s final score.
In each version of the game, the score is measured by dials representing various concepts covered in that course. The dials run on a scale of 1-5, with 1 being the lowest score and 5 being the highest.
Winning the game is simple. A player/team needs to have the highest score.
In Q1-21 our engineering and technical teams have been doing additional work behind the scenes to improve capacity and user experience for our Game Days, as well. In Q4-21 a complete re-write of the code will take place to continue to enhance the user experience.
Web App "Board" - MGT514 version
Versions of Cyber42 Game Days
1. Security Capabilities
Maps to MGT512: Security Leadership Essentials for Managers
This version of the game represents how well your fictional organization builds and leads a security program. It’s about balancing the implementation of various security controls to build a well rounded program and, ultimately, create lasting security improvement. The score is measured by dials representing Identify, Protect, Detect, and Respond which show how much your team has implemented for each of these areas.
2. CISO For A Day
Maps to MGT514: Security Strategy Planning, Policy, and Leadership
This version of the game represents how well your fictional organization builds and leads a security program. It’s about aligning security capabilities to strategic objectives to ensure that your security program is helping to meet business goals. The score is measured by dials representing Decipher, Develop, Deliver, and Leadwhich show how much your team has implemented for each of these areas.
3. Vulnerability Management
Maps to
This version of the game represents how well your fictional organization builds a vulnerability management program. It’s about maturing vulnerability management capabilities to mitigate and remediate the never-ending stream of security vulnerabilities.The score is measured by dials representing Identify, Analyze, Communicate, and Treat which show how much your team has implemented for each of these areas.
4. Industrial Edition
Maps to ICS418: Industrial Control Systems for Managers
This version of the game will put you through the paces as an industrial control system (ICS) security manager as players adapt to challenges in operational technology (OT) environments. Players will focus on balancing security program improvements that impact engineers, operations, and customers all while considering the various technical and cultural implications of an OT security program. ICS managers all face the same dilemma: How to protect industrial equipment from shut downs, failure, damage, or worse!
5. Security Culture
Maps to MGT521: Leading Cybersecurity Change: Building a Security-Based Culture (coming Fall 2021)
The impact of your cybersecurity program is no longer just about technology, rather organizational change. To have this level of influence, you must strive to change how people think about cybersecurity in what they prioritize and how they act. Not only does it help to create a far more secure workforce, but it also helps to ensure your security initiatives are more successful when you have buy-in from the entire organization. Your goal is not to change your organization’s existing culture but to embed security into the existing culture.
6. Security Operations Centers
Maps to MGT551: Building and Leading Security Operations Centers
The goal of this version is to make key decisions that will affect the people, process, and technology aspects of your security team, all while balancing available resources (budget and time) and optimizing results. This simulation will focus on the decisions required to build out and operate a security operations center. Each round will present students with a decision that must be made that will affect the budget and time allotted in both expected and unexpected ways, testing your ability to balance needs while maintaining a happy, functional SOC team. Your goal will be to build out the best SOC in terms of prevention, detection, response, and team morale, while not running out of time or money.
7. Ransomware
Maps to MGT512: Security Leadership Essentials for Managers
Maps to MGT514: Security Strategic Planning, Policy, and Leadership
This version of the game represents how a fictional organization responds to a ransomware event against the organization. Responses to ransomware events requires not only managing the event but also the expectations of key stakeholders and external parties.
What Students are Saying about Cyber42
“I am learning a lot from the Cyber42 Security Event games.” – Crystal Chatam, MGT512 Student
“I want to participate again and again. It was just awesome.” – Cyber42 CISO For A Day participant
“I liked how comprehensive the scenarios were. You have to work through several aspects in order to formulate an answer and then get ranked on a number of different facets. The addition of the time constraint to provide your answers is just a nice little bonus of stress but makes it fun. It's good to work through table-top exercises on a management level. Thanks for putting this together.” – Cyber42 Vulnerability Management participant
“Thank you for creating the game, it helps to get people understand the choices to be made.” - Cyber42 CISO For A Day participant
"Cyber42 has allowed for collaboration with classmates, which I found very valuable." - Jeremy B., MGT516 student
“You guys rock! Great and high quality content!!” - Cyber42 CISO For A Day participant
“Great initiative!! It's a big learning for me that if the impact and likelihood is not assessed properly then our remediation plan will be bound to fail.” – Cyber42 Vulnerability Management participant
Cyber42 Game Days 2022
In 2022 free Cyber42 Game Days will be held in conjunction with corresponding SANS events with registration open first to event participants. Many of these events are free, as well, such as SANS Virtual Summits. Registration links will be provided to those registered for the corresponding events or here for those not linked to an event.Additional dates may be added throughout the year.
All dates, times, topics, and instructors are tentative until linked to a live event.
DATE | REGISTRATIONINFO | CYBER42 VERSION | INSTRUCTORS |
Thursday March 3 2:00 pm ET | Industrial Edition | Dean Parsons &Jason D. Christopher | |
Wed March 23 6:30 pm CT | For Attendees of SANS SOC Training 2022Registration details will be provided to event paid registrants only one week prior. | Security Operations Centers | John Hubbard & Mark Orlando |
Tues May 3 1:15 pm Pacific Time | For Attendees of the FREECloudSecNext Summit | Vulnerability Management | Jonathan Risto &David Hazar |
Thurs June 2 1:00 pm EDT | For In-Person Attendees of theICS Summit | Industrial Edition | Dean Parsons &Jason D. Christopher |
Tues June 21 10:00 am ET | 4:00 CET | For Attendees of the FREE Ransomware Summit NOTE: The game is running the week after the actual Summit | Ransomware | Kevin Garvey &Joe Sullivan |
Tues Aug 16 at 1:00 pm ET | 1700 UTC | COMING SOON - Open for Public Registration | Industrial Edition | Dean Parsons and Jason D. Christopher |
September | For In-Person Attendees of theCybersecurity Leadership Summit | CISO For a Day | Joe Sullivan &Kevin Garvey |
October | For In-Person Attendees of the Blue Team Summit | Security Operations Centers | Mark Orlando &John Hubbard |
Did YouSay Challenge Coin?
Yes! If you are a student in a course, the members of the winning team receive a challenge coin!
(Coins are not distributed for Game Day winners as it's only a small sample of the entire game.)
Thank you for making Cyber42 Games Days a huge success in 2021. Be on the lookout for more free Game Days in 2022!
ABOUT THE AUTHOR
Frank is the Founder of ThinkSec, a security consulting and CISO advisory firm, as well as a SANS Fellow and lead for both the SANS Cybersecurity Leadership and SANS Cloud Security curricula, overseeing nearly 30 SANS courses in the two fastest growing curricula. Previously, as CISO at the SANS Institute, Frank led the information risk function for the most trusted source of computer security training and certification in the world. Frank is also the author and instructor of MGT512: Security Leadership Essentials for Managers, MGT514: Security Strategic Planning, Policy, and Leadership, and co-author of SEC540: Cloud Security and DevSecOps Automation. Read more about Frank here.
ADDITIONAL CONTRIBUTORS
- Brandon Evans
- Joe Sullivan
- Kevin Garvey
- Jonathan Risto
- David Hazar
- Chris Denney
- Jason Lam
- John Hubbard
- Mark Orlando
- Russell Eubanks