Modes

Modes_New_UI

One Product, Multiple Outcomes

For maximum results, CMD+CTRL is used as part of a broader training program to add fidelity to course-based learning, awareness events, and workforce planning.

You have everything you need to ensure all skill levels can play: learning labs, hints, cheat sheets, user guides, and other assets. Customers use CMD+CTRL as a practice range, to run competitive tournaments, and recruit new hires.
A popular option is to have our experts run an event for you, which we can support on-site or remotely.

Either way, be prepared for its power.

  • Practice Range to Compliment Course-Based Training

    Hands-on practice is the best way to build the “a-ha moments” needed to defend.   Similar to flight simulators for pilots, CMD+CTRL provides an authentic environment to hone skills before and after other training. For example:

    • Take courses prior to the Cyber Range to attain knowledge that can be put the test and converted to skill with hands-on practice. This also allows players to better compete and reach their potential
    • Use the Cyber Range to baseline team competency via real-time assessment capabilities. Detailed individual and group reports pinpoint skill gaps and map to specific courses

     

  • Run Individual or Team Competitions

    Scheduling time-boxed events is easy. This mode is great for encouraging live discussion, collaboration, and having fun.

    Run your own event or have our team run it for you. Fully supported and turn-key, events (on-site and remote) come complete with live support, break-out sessions, detailed reporting, and interaction with experts.

     

  • Skills Assessment Tool

    Hiring unskilled staff costs a lot of time and money. With CMD+CTRL, you can measure cybersecurity competency, identify security champions, and keep off the bench time to a minimum.

    Assess contractors, prospective employees, and existing team in real-time with reporting that can be shared. This is the fastest and most accurate way to ensure talent meets your security bar.

     

Play it now or request a demo!

 

Cyber Range in Action

See how customers leverage our cyber range in unique ways to get staff excited and competent to protect the enterprise.

The CISO of Orvis, the oldest mail-order retailer in the United States, wanted to replicate the training success he had as CISO at a different Fortune 500 company. To meet their annual PCI DSS security training requirements, they historically relied on mandatory video training followed by tests to demonstrate completion. While this achieved compliance, it didn’t engage teams in a way that changed behavior.

The team wanted to take a fresh approach and decided to run a “capture the flag” (CTF) tournament using the CMD+CTRL cyber range. While they hoped for enthusiastic participation, they never expected such wildly successful results:

  • Generated Excitement & Passion – teams were so engaged that they no longer dreaded annual training. Training went from being met with sighs to teams asking for multiple sessions. They were literally begging to be part of the training program.
  • Created Apprenticeship program – while this was not planned, Security Champions emerged organically. Several developers continued their pursuit of security principles beyond the events, so much so that they were able to lead future events and provide on-the-job mentorship.
  • Increased Collaboration – players shared techniques and solutions with each other. Junior developers learned from senior members. This was impossible with the previous individual training.

“We began with a single cyber range event. It generated so much excitement
that teams immediately asked when we are running the next one”

Joe Mineri, CISO

After a few engineers participated in a Security Innovation open enrollment Cyber Range event, this led to an interest in a broader internal event at company headquarters. The company ran a one-day pilot event that was supported by a Security Innovation instructor. Based on high engagement and player feedback, they decided to run quarterly events where different ranges would increase in difficulty and be used for varying roles:

  • Shadow Bank – banking website with a mix of easy and intermediate challenges: cross-site scripting, password cracking, authorization bypass, business logic abuse, and others
  • Gold Standard: advanced banking website that builds upon the challenges in Shadow Bank and includes poorly implemented defenses making them more difficult
  • Shadow Bank: repeated in 3rd event targeting a different set of software security stakeholders
  • Shred Skateboards: e-commerce system with different challenges like weak cryptography, parameter tampering, and others

High-scoring players were awarded prizes and notable results such as first-time participants or most improved scores were highlighted in the company newsletter.

“Well organized, good mix of easy and hard exploits”

“If I can see how attackers penetrate my applications, I can better prepare them”

.

"Similar to flight simulators, CMC+CTRL is the perfect complement to traditional training because it immerses the learner in a realistic environment and prepares them for the cybersecurity battle they will face. "
- Dr. Larry Ponemon, Founder of The Ponemon Institute.