Time to Get Real!

Prepare Teams Differently for the Cybersecurity Battle

CMD+CTRL is a hands-on training platform that uses insecure software environments to hone security skills. It reflects the complexity and risk of today’s tech stacks: flawed design, defenseless code, and misconfigured deployments – and tempts players to exploit them.

Unrivaled in authenticity, CMD+CTRL takes engagement to a whole new level. It is not designed to turn teams into hackers, but to gain insight into how connected software functions and fails with respect to security. If teams can’t sniff out insecure practices,  they’re likely making the same mistakes – and putting you at risk.

Ditch the stick. Be the hero. Get teams stoked about security.  

Change Behavior

Change Behavior

Traditional training builds knowledge, but it’s only when humans try, fail, and succeed that they experience those transformative a-ha moments.

Make Training Stick

Make Training Stick

Real technologies, automated scoring, and other gratification elements keep players immersed. Fun for teams, critical for management.

Gauge Real-world Skills

Gauge Real-world Skills

No pre-determined answers. Players connect their own dots for success. Unmask rock stars – they’ll likely surprise you.

How Does it Work?


PLUNGE into the Real-World.
Pre-configured environments span simple Web sites, complex Mobile and Single-Page Applications (SPA) with rich API functionality, and cloud platforms.  While technically sophisticated, it’s cloud-based with nothing to install. Tools are useful but not required. Help assets ensure all skill levels can compete.

EXPLORE and Exploit.
Find information disclosures, probe the tech stack, and view HTML source, URLs, and headers for clues. Upon exploit, points are immediately awarded by our sophisticated auto-scoring engine. Drop tables and crash servers without disruption – each player has their own instance and can reset at any time.

BUILD an Attitude.
The dashboard shows completed and unsolved challenges, hints used, and other player insight. The always-on scoreboard turns passive participants into determined competitors bursting with confidence.

Who is it for?

CMD+CTRL helps all stakeholders in the software pipeline experience the impact of poor design, coding, and configuration:

  • Builders - Think Attack to Harden from Attack

    By recognizing how their mistakes are easily exploited, builders can incorporate security controls at each development phase. For example, knowing an attacker can execute code via a login screen reinforces that mitigations like AntiXSS library or proper input sanitization must be implemented. Mindsets will shift from “Why would anyone do that?” to “Oh, that’s a big problem!”


  • Operators - Keep the Bad Guys Out

    Once software applications are deployed, IT operations maintain the availability of key services:  configure servers, protect APIs, manage access, apply patches, and minimize information disclosure.  There are many challenges that reinforce these key security principles that provide defense in depth.


  • Defenders - Maintain a High Bar

    With ranges that progress in difficulty level, CMD+CTRL is the best way to groom Defenders: pen testers, red teamers, and vulnerability assessors. Easier ranges spot potential talent by gauging their understanding of the OWASP Top Ten. Advanced ranges feature complex environments that force experienced staff to make interlinking decisions.

"We began training with a single cyber range event. It generated so much excitement that teams immediately asked when we’re running the next one."
Joe Mineiri, CISO of Orvis