A Step-by-Step Guide to Hosting Your Own Hacktober Event
Organizing engaging, informative, and enjoyable cybersecurity events like Swisscom's Hacktober event doesn't have to be daunting. With strategic groundwork and relevant, interactive challenges, you can create a cybersecurity event that is both fun and educational. Are you considering hosting a similar cybersecurity event? This blog provides a step-by-step guide to creating an impactful event, resulting in a more skilled and prepared workforce.5 Pro Tips for Organizing an Effective Team Sim
While scheduling a Team Sim exercise in the Immersive Labs platform is very straightforward, I’m sharing a list of recommendations and tips for making sure your exercise goes the extra mile: 1. Define exercise objectives Know the purpose of the exercise to keep a laser focus and stop scope creep, which can dilute the exercise experience and learning takeaways. Is this a fun exercise that will encourage engagement, or is it a capability assurance exercise? Knowing your objective is essential for effective planning. For example, a fun exercise might include more guidance and hints than a capability assurance exercise. 2. Block out calendars in advance Identify your participant list as early as possible and send placeholders out to ensure the team’s availability. The more advance notice, the better. At a minimum, provide two weeks’ notice, but ideally one month. In some large-scale cases, whole Team Sim exercise programs are planned and booked out over six months in advance. 3. Host a briefing session These sessions provide a great chance to set the expectations and objectives of the exercise, communicate important exercise information, answer any questions, and, most importantly, get the team excited about it! We recommend organizing a briefing call the week before the exercise. 4. Run a systems test The last thing you’ll want to deal with when your exercise launches is any dreaded technical issues. Make sure you run a systems test early in the planning stages, leaving plenty of time for your organization to make any required configuration changes. You can find system requirement details here. 5. Assign preparation labs Some of the catalog exercises may use security tools unfamiliar to your organization. I believe in the benefits of vendor-agnostic learning when it comes to skills development, but understand that unfamiliar tools can be frustrating. If you have access to our hands-on labs, there are preparation labs available tailored for each catalog exercise. Assign these to participants a minimum of two weeks before the exercise. If you need any help or support with planning, ask a question in our Help and Support forum. Following these steps ensures clear expectations from your participants and a smooth lead-up to your exercise, which plays a big factor in making it a success! Do you have any hints or tips for other exercise planners and facilitators? What lessons have you learned, or where have you seen success? Let us know in the comments below.Defend as One: Breaking Down Technical Barriers Across an Organisation Through Technical Team Exercising
This article details how a public healthcare account used Immersive Labs’ Cyber Team Simulation for a cross-departmental May Day programme, benchmarking national cyber capabilities. As their Cyber Workforce Advisor, I’ll outline the steps taken, from planning to execution, to achieve this strategic programme.The Softer Side: Non-technical Benefits to Technical Team Exercises
In my role, I have the privilege of working with many different organizations through their technical exercise events and programs. One of the most rewarding aspects is seeing the spark ignite in the people as they band together to achieve a common objective. In this article, I’ll be sharing some of the common benefits I see emerge across organizations of all sizes, industries, and maturity levels, no matter the exercise's purpose. Encouraging curiosity and problem-solving Cyber Range Exercises provide a virtual network environment to explore. Defensive exercises focus on detecting and monitoring malicious activity, while offensive exercises involve exploiting vulnerabilities to uncover target information. Within these simulated environments, participants must utilize a wide array of skills and decide on the best approach, as the correct course of action isn't always obvious. This technical challenge is great for reinforcing knowledge and applying skills. I've seen players puzzle over unsuccessful methods, forcing them to rethink their approach entirely, asking plenty of “what if” questions before testing them out. This experimentation process educates players while simultaneously promoting lateral thinking and encourages sharing problem-solving insights. Improved communication Trawling through logs and analyzing (or preparing) a malicious payload usually calls for quiet focus. But in the real world, we’re rarely working alone. More often than not, investigations and tests happen in small teams, under pressure, and good communication becomes just as important as technical skill. That’s why team-based exercises reflect this reality. You’ve got to explain what you’re doing clearly, so everyone’s on the same page – both in terms of the situation and the technical jargon. Creating clear written logs and documentation matters too, especially in incidents where language may need to be adapted for different audiences. The most effective teams I've observed in these exercises prioritize organization. They set up a central place to track everything – whether that’s a Teams channel, a spreadsheet, or a crisis response tool – and they’re smart about assigning roles and carving out time to keep everyone synced up. Better distraction management A deliberate challenge I sometimes incorporate into technical exercises is surprise leadership requests for incident updates. This tests the team's ability to rapidly consolidate information under pressure, dealing with the uncertainties of an active investigation. Teams with strong organization, detailed incident logs, and a dedicated spokesperson or team leader consistently manage these interruptions best. Practicing in a simulated setting helps teams stay productive and accurate, even when real-world distractions come into play. It builds the ability to block out noise, manage stakeholders, stay focused on individual tasks while keeping sight of team goals, and smoothly switch contexts when needed. Stronger team dynamics Unlike individual training, these exercises require participants to actively communicate, share knowledge, and rely on each other's strengths to achieve a common goal. Team members learn to understand each other's working styles, identify individual expertise, and build trust in their colleagues' abilities. The shared experience of overcoming technical challenges, even simulated ones, creates a sense of camaraderie and shared accomplishment. While every team comprises diverse personalities and communication styles, it's crucial that each individual feels comfortable and empowered to share their insights and findings. These contributions can significantly alter the outcome; for instance, a critical discovery during a technical investigation might directly influence the business's crisis response strategy. Increased efficiency The more a team works together responding to the exercise challenges, the more they develop shared understandings of processes and expectations, learn to delegate effectively, and identify bottlenecks in their collaborative efforts. Eliminating issues arising from a lack of confidence or familiarity with the team or processes is especially critical for incident response teams, leading to quicker response times and improved agility when situations change rapidly. After each exercise, I like to conduct a team debrief, which is crucial for reflecting on lessons learned. Prompting players to consider their individual strengths and challenges, alongside open discussion about team dynamics and processes, helps identify opportunities for improvement. Technical exercises are undoubtedly key to boosting individual technical proficiency. However, their even greater value lies in cultivating these skills alongside the crucial professional attributes demanded by our field. Considering the significant pressure and expectations placed on these teams to deliver trustworthy outcomes, ensuring their preparedness within a high-trust setting is essential. These are merely some of the advantages I've witnessed through these exercises. Share your thoughts What benefits have you experienced through technical exercising? Share your thoughts in the comments!Pieces of the Puzzle – The Power of Interconnected Cyber Drills
A crisis doesn’t respect boundaries – it unfolds in real time, demanding responses from every level, from technical teams to executives. That’s exactly what we set out to simulate with our recent cyber drill, “Pieces of the Puzzle”, a high-intensity exercise that pushed over 300 team members into the deep end of crisis response. What set this drill apart was its interconnectivity – no single person had the full picture, and every decision mattered. A crisis unfolds in pieces The exercise was built around two fictional companies: FusionArc – A cloud-based IT infrastructure provider suffering a cyberattack Orchid Logistics – A global supply chain company, FusionArc’s largest customer, facing operational chaos due to the breach. Day one simulated a cyberattack on FusionArc Solutions, with participants acting as the incident response team investigating and responding to a breach of critical systems and sensitive data. This day showcased Immersive’s cyber range capabilities and the importance of continuous upskilling. It allowed participants to practice incident response protocols and sharpen their ability to detect, analyze, and respond to cyber threats. Live technical demos showcase real-time analysis and response, bringing the simulation to life and highlighting the skills needed to combat cyberattacks. Day two shifted the perspective to Orchid Logistics, whose global operations across four major regions were thrown into turmoil due to the cascading impact of the attack. Each region had its own challenges, from disrupted healthcare supply chains in Europe to financial uncertainty in North America. Different teams’ operations, legal, communications, finance, and crisis management were forced to make critical decisions with incomplete and often conflicting information. This wasn’t just about testing individual teams. It was about stress-testing the connections between them because, in a crisis, decisions have consequences. Every action (or inaction) ripples outward, shaping how an incident unfolds and determining the effectiveness of the response. The design: controlled chaos with a purpose Running a cyber drill at this scale required intricate planning. Each element was carefully orchestrated to simulate the real-life confusion of a crisis where information is fragmented, priorities clash, and leaders must make tough choices under pressure. Key elements included: Dynamic information flow – Teams received updates in real-time, with technical teams feeding insights to crisis managers, who in turn had to make strategic decisions for the business. Regional decision-making – Each region had its own crisis management team (CMT), responsible for navigating localized challenges while staying aligned with global headquarters. Cross-functional dependencies – Operations, legal, finance, and public relations all faced their own unique crises relating to the cyberattack, as well as other unrelated business continuity disruptions. Their ability to coordinate responses mirrored the true complexity of a global business disruption. Escalating pressure – Timed injects (new crisis updates), roaming media roleplayers, and breaking news images forced participants to adapt rapidly, just as they would in a real cyber event. By layering these complexities, the exercise tested technical incident response and the entire organization’s ability to work as a single unit under duress. We looked at disaster recovery, crisis management, and business continuity all in the same cyber drill. The power of perspective (or lack of it) A key takeaway from the drill was how overwhelming it felt. No one had the full picture – teams made decisions with only their slice of the crisis, just like in the real world. We saw participants grappling with conflicting information, wondering why other teams weren’t responding as expected. Some felt completely isolated until they realized that the missing information was sitting with another team in another region, experiencing a completely different part of the crisis. This is why interconnected drills are vital. They teach organizations to connect the dots and reinforce a crucial lesson: in high-stakes environments, every decision shapes the crisis’s trajectory. Prove and improve: the true value of cyber drills Cyber drills aren’t just theoretical exercises. They test response plans, communication, and decision-making under pressure while revealing areas for improvement. This drill pushed participants to work under stress and exposed gaps not just in technical response, but in collaboration, escalation, and decision-making. These exercises matter because they don’t just reveal weaknesses – they build resilience before a real crisis strikes. What this means for your organization Cyber threats affect entire businesses – customers, partners, supply chains, and finances. The biggest risk isn’t the attack itself but poor coordination in the response. That’s why cross-team exercises are vital: technical teams must know how and when to escalate, crisis managers must grasp the stakes, and executives must make quick decisions with limited information. Cyber drills don’t always have to be this large, but they must be realistic. Even smaller exercises focused on decision-making across teams can expose gaps in communication and preparedness before a real crisis does. Final thoughts: crisis readiness is built, not assumed In the debrief of Pieces of the Puzzle, one theme emerged repeatedly: we are only as strong as our connections. The most prepared organizations aren’t just those with the best tools or plans – they’re the ones who practice together and strengthen the human elements. Cyber drills push teams to break silos, act under pressure, and manage uncertainty. If you’re not running them regularly, the question isn’t if you’ll struggle in a crisis – it’s when. No matter your industry, scale, or risk landscape, the key takeaway is this: crisis preparedness isn’t just about reacting – it’s about ensuring every piece of the puzzle fits before the crisis hits. Are your teams ready to prove and improve? Share your thoughts Has this inspired you to plan a drill? Do you have any questions about planning or execution and need some pointers? Have you run a drill or been to a drill event, and if so, how did it feel? I’d love to hear from you and help you reach your goals.Making the Most of the Custom Lab Builder: Tone of Voice
Now you can build your own labs in the Custom Lab Builder, we thought we’d provide some guidance on writing with a strong tone of voice to ensure your labs are as engaging as possible. This blog is the third in a series on making the most of the Lab Builder, looking at what we call the Four Cs. Ensuring your writing is… Conversational Concise Conscious Consistent The previous two posts looked at accessibility and inclusivity. This post focuses on tone of voice and how to write authentically to ensure your audience engages with the lab and remembers the message you’re trying to teach them. Writing well For most of your life, you’ve probably been told to write properly. Avoid contractions at all costs. Use complex sentences with plenty of fancy connecting words like “furthermore” and “moreover”. And never start a sentence with “and”. This formal style works really well for some industries. Academia is traditionally an incredibly formal area when it comes to the written word, as is the broadsheet newspaper realm. This is often to reflect the work’s sincerity, to avoid weakening a writer’s reputation, and to present ideas consistently and objectively. But Immersive Labs believes writing can be sincere and objective without being so... dull! Be conversational Copywriting is increasingly conversational, appearing everywhere from LinkedIn posts to the back of your milk carton. This style engages readers by feeling personal and authentic, aligning with Richard Mayer’s Personalization Principle, that people learn more deeply when words are conversational rather than formal. A human-to-human copywriting style makes sense for Immersive Labs, as we’re all about focusing on the humans behind the screens. When using the Lab Builder, we recommend writing your labs in an engaging, approachable style to create a modern, user-friendly learning environment. But conversational doesn’t mean sloppy. It’s about presenting ideas clearly and confidently, helping users feel at ease while they learn. Use everyday, concrete language Using fancy, complex words doesn’t make content better – it can actually distract readers and undermine clarity. Instead, prioritize clear, straightforward language to ensure your message is easy to understand, especially by users with cognitive disabilities. Avoid overly poetic phrases, figures of speech, idioms, or ambiguous language, which can confuse or overwhelm readers, including those with autism spectrum conditions. Strive for clarity to help users grasp your message the first time, keeping their needs front and centre. Address the reader Authenticity is all about gaining your reader’s trust. We recommend speaking directly to them in your custom labs by using “you” throughout your copy. This handy trick also avoids any ambiguity when it comes to practical tasks. Take the following example. “In this lab, the machine must be analyzed and IoCs must be extracted.” Instead of being vague and passive, we recommend talking directly to the reader and telling them exactly what they need to do. “In this lab, you need to analyze the machine and extract IoCs.” Or better yet, you can be even more direct by cutting that down even further: “In this lab, analyze the machine and extract IoCs.” Our labs and scenarios frequently talk directly to the reader. Users are more likely to stay engaged when they’re spoken to, not at. Use contractions Contractions instantly make your writing more conversational by mimicking natural speech. Combining words like "it is" to "it’s" or "you are" to "you’re" adds a touch of informality that feels approachable and inclusive. While once discouraged in formal writing, contractions are ideal for a modern learning environment, making text easier to read, understand, and remember. Be concise Writing in plain language is good for all users, but can make a massive difference for neurodivergent users, those who struggle to focus, those who hyperfocus, or maybe those who find reading difficult. We follow recommendations from the Advonet Group, the British Dyslexia Association, and Clark and Mayer’s Coherence Principle to ensure accessibility for a diverse audience – and you should too! Writing simply and clearly doesn’t mean trivializing content or sacrificing accuracy; it just makes your message easier to understand. After all, no one's ever complained that something's too easy to read! The difficulty comes when balancing this with technical content. How can you make advanced, complex cybersecurity topics clear and concise? Keep it short and sweet Sentences longer than 20 words become difficult to understand and can detract from the point being made. It’s easy for people’s minds to wander, so get to your point in as few words as possible. The same goes for paragraphs. Try and avoid long, dense walls of text. Nobody wants to read that, and it’s no good when thinking about accessibility. Keep your paragraphs to four or five lines, maximum. Get to the point Avoid adding unnecessary side notes to your labs, as they can distract from the main message and make learning harder. Unnecessary content distracts the learner’s attention from the main message, making them less likely to remember the core topic. It disrupts the connections between key messages and diverts the learner’s focus, making it harder to piece together the bigger picture. This is all down to cognitive load theory, which says that in general, humans can handle around four pieces of new information at any one time. To help users focus, stick to the lab's core topic and avoid overloading them with unrelated details. TL;DR When writing your labs with the Custom Lab Builder, ensure all your text is conversational to engage your users with the topic. And also make all your copy as concise as possible. Getting your message across in as few words as possible will reduce cognitive overload, boredom, and frustration. By focusing on being conversational, as well as being consistent and conscious (as we covered in the previous blog posts in this series), your readers will engage with your content better, remember the topic, and be able to put it into practice more easily – improving their cybersecurity knowledge and driving their cyber resilience. Share your thoughts! What do you think about these tone of voice tips when writing your custom labs? Have you tried to write your labs in a conversational yet concise way, and how did this go down with your users? Do you have any other suggestions for the community on how to write conversationally? We’d love to hear from you!
