Free Cyber Security Games

1
Game Selection Configure your game
2
Game Overview An overview of the game
3
Cyber Security Game Shall we play a game?
4
Game Results Curious how well you did?

Deploy a Cyber Threat Intelligence (CTI) Platform as early as possible.
Monitor upcoming attacks in the Threat Intelligence tab, to determine which action to choose next.
Deploy controls across a broad set of categories before specializing too deeply in a single category.

Game Selection

These turn-based cyber security games introduce players to the different tools, tactics, and techniques used by both cyber defenders and attackers. Over the course of each game, players will be challenged to think from both perspectives when making their next move. Select a game and assume your role:

The Security Architect (Defend An Organization) The Social Engineer (Attack An Organization - Coming Soon) The Cyber Champion (Defend Yourself - Coming Soon)

Important Note: Once a cyber security game has begun, you’ll be provided with a unique 12-character game code which can be used to save progress and return to your game at any time.

Game Overview

The Security Architect is a turn-based cyber security game that spans 24 months. To win, you must defend your organization against a continuous stream of cyber attacks that are increasingly difficult to defend against.

Each month, you have the opportunity to enhance your organization's cyber defenses. You must balance short-term defenses with long-term resilience to prevent breaches and strengthen your organization’s security posture.

Cyber Security Game

Budget:
100 Credits

Productivity:
Above Average

Security Posture:
Terrible

Month:
1 of 24

Action Selection
Deployed Controls
Incident Log
Threat Intelligence

Game Results & Leaderboard

Personal Game Results

Attempt	Status	Score

Global Leaderboard (COMING SOON)

RANK	Score	Alias
1	480	TBD
2	475	TBD
3	460	TBD
3	460	TBD
3	460	TBD

How To Play

Game Background

You’ve just been hired as the Security Architect for a fast-growing law firm, globally recognized as the go-to for some of the world’s biggest and most sensitive legal cases.

Their meteoric rise has catapulted them into the spotlight—but while the headlines got bigger, their security posture stayed the same. Behind the scenes, their defenses are outdated, fragmented, and dangerously unprepared for the level of threat they now face. Now, they’re a prime target for nation-state actors and elite cybercrime syndicates. Attacks are relentless. Resources are limited. And you’ve got just 24 months to turn things around. One wrong move could mean front-page headlines, massive financial losses, and careers destroyed.

Objectives

Your primary objective is to survive all 24 months without your organization being compromised by a cyber attack. If a cyber attack is successful, you immediately lose the game. At the end of the 24 months, you win the game.

Additionally, there are several secondary objectives that are used to calculate a unique score at the end of your game. These secondary objectives are derived from the real-world need to create a security program that not only secures an organization but does so in a cost-effective and minimally invasive way. Accordingly, unspent credits, employee productivity, and security posture are used to calculate the ending game score.

Game Metrics

Security Budget: Represented as an allotment of credits. Credits are used when attempting to implement or deploy certain actions. The starting value is 100/100.
Productivity: Represented as a 0-100 score and is used to determine how invasive a security program is in terms of reducing or increasing the productivity of employees in an organization. The starting value is 75/100.
Security Posture: Represented as a 0-100 score and is used to determine how effective a security program is in terms of mitigating cyber security threats across an organization. The starting value is 0/100.
Month: Represented as a 1-24 value and is used to represent what month the game is currently on. The starting value is 1/24.

Turn Order

The Security Architect is a turn-based game where months represent turns. Each month, a series of events take place, which are processed in the following order:

Action Submission Phase: The action submission phase is at the start of the month. During this phase, players can plan and choose their next action. Once an action is submitted, the turn begins.
Action Processing Phase: If an action is due to be completed, it is processed immediately after the month starts.
Attack Processing Phase: ttack is due to take place, it occurs immediately after the action processing phase.
Game Change Phase: If there is a change in game state, such as a game win, game loss, or annual budget refresh, it occurs after the attack processing phase.

Example: Let's say you are on Month 3. You submit an action that will take 2 months to complete (e.g., Deploying SSO), and an attack is due to take place in Month 4. In this scenario, events will be processed in the following order:

Month 3: Starts
- Action Submission Phase: You submit the action to deploy SSO.
- Action Processing Phase: SSO deployment action was processed but not completed (Month 1/2).
- Attack Processing Phase: No attack processed.
- Game Change Phase: No change in game state.
Month 3: Ends
Month 4: Starts
- Action Submission Phase: Skipped as SSO deployment is still in progress.
- Action Processing Phase: SSO deployment action processed and completed (Month 2/2).
- Attack Processing Phase: Attack processed and successfully evaded.
- Game Change Phase: No change in game state.
Month 4: Ends

Budget Refresh

At the start of month 13, your annual security budget is refreshed. Make sure to spend as much of your security budget as possible before this refresh; if you don't use it, you lose it!

By default, your budget will refresh back to 100 credits. However, two criteria can influence whether you are given more or less than this baseline:

Employee Productivity: The starting employee productivity is 75/100. Any increases or decreases have a 1 to 1 effect on the security budget. For example, if productivity decreases by 5, then the budget is decreased by 5 credits.
ISO 27001 Certification: If an ISO 27001 certification is obtained prior to the start of month 13, the leadership team will provide you with a bonus of 70 credits.

Game Interface

Throughout the game, you’ll navigate between four main tabs to manage your defenses and respond to threats:

Action Selection: Choose from 30 different security measures to implement. Actions are searchable and categorized into their respective control grouping (e.g., Identity Security, Human Security, etc.). Hover over each action to view a tooltip showing its financial cost, impact on security posture and productivity, and time to deploy.
Deployed Controls: Displays all actions you’ve implemented so far, allowing you to keep track of your current defenses and any prerequisites you've already fulfilled.
Incident Log: Shows a history of past attacks, including which months the attacks took place, whether the attack succeeded, and what the attack attempted to exploit.
Threat Intelligence: Reveals upcoming attacks and suggests which actions you should implement to mitigate them. Use this to plan ahead and prevent breaches before they happen.

More Information

Are you after a full list of security actions or cyber attacks, or have some questions? Check out our knowledge base article.