One Product, Multiple Outcomes
For maximum results, CMD+CTRL is used as part of a broader training program to add fidelity to course-based learning, awareness events, and workforce planning.
You have everything you need to ensure all skill levels can play: learning labs, hints, cheat sheets, user guides, and other assets. Customers use CMD+CTRL as a practice range, to run competitive tournaments, and recruit new hires.
A popular option is to have our experts run an event for you, which we can support on-site or remotely.
Either way, be prepared for its power.
Cyber Range in Action
See how customers leverage our cyber range in unique ways to get staff excited and competent to protect the enterprise.
The CISO of Orvis, the oldest mail-order retailer in the United States, wanted to replicate the training success he had as CISO at a different Fortune 500 company. To meet their annual PCI DSS security training requirements, they historically relied on mandatory video training followed by tests to demonstrate completion. While this achieved compliance, it didn’t engage teams in a way that changed behavior.
The team wanted to take a fresh approach and decided to run a “capture the flag” (CTF) tournament using the CMD+CTRL cyber range. While they hoped for enthusiastic participation, they never expected such wildly successful results:
- Generated Excitement & Passion – teams were so engaged that they no longer dreaded annual training. Training went from being met with sighs to teams asking for multiple sessions. They were literally begging to be part of the training program.
- Created Apprenticeship program – while this was not planned, Security Champions emerged organically. Several developers continued their pursuit of security principles beyond the events, so much so that they were able to lead future events and provide on-the-job mentorship.
- Increased Collaboration – players shared techniques and solutions with each other. Junior developers learned from senior members. This was impossible with the previous individual training.
“We began with a single cyber range event. It generated so much excitement
that teams immediately asked when we are running the next one”
–Joe Mineri, CISO
After a few engineers participated in a Security Innovation open enrollment Cyber Range event, this led to an interest in a broader internal event at company headquarters. The company ran a one-day pilot event that was supported by a Security Innovation instructor. Based on high engagement and player feedback, they decided to run quarterly events where different ranges would increase in difficulty and be used for varying roles:
- Shadow Bank – banking website with a mix of easy and intermediate challenges: cross-site scripting, password cracking, authorization bypass, business logic abuse, and others
- Gold Standard: advanced banking website that builds upon the challenges in Shadow Bank and includes poorly implemented defenses making them more difficult
- Shadow Bank: repeated in 3rd event targeting a different set of software security stakeholders
- Shred Skateboards: e-commerce system with different challenges like weak cryptography, parameter tampering, and others
High-scoring players were awarded prizes and notable results such as first-time participants or most improved scores were highlighted in the company newsletter.
“Well organized, good mix of easy and hard exploits”
“If I can see how attackers penetrate my applications, I can better prepare them”