Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!From Simulation to Strategy: Empowering Crisis Readiness at SANS
In this blog, I share my perspective as a cyber resilience advisor, exploring how SANS equipped its team to design and deliver exercises based on real-world incidents. What started as a one-time event has become an ongoing project to build internal capability and use the platform for continuous team development and upskilling. A tailored event On May 26, we ran a crisis simulation event with the cybersecurity team at SANS, an organization where cybersecurity plays a critical role in protecting aviation operations and national infrastructure. The scenario, adapted from the Immersive catalog, was tailored to the aviation industry and focused on a targeted malicious code attack exploiting the Follina vulnerability (CVE-2022-30190). It brought together the SOC, incident response, and IT/OT teams to work through a high-pressure situation that tested their ability to detect, contain, and recover from a cyberattack. While the simulation itself was valuable, what stood out most was the team’s immediate interest in expanding their internal capabilities and using the Immersive platform to create their own simulations in the future. Enabling ownership Following the event, we hosted two hands-on workshops to support the team in designing their own crisis simulations. The first workshop focused on developing familiarity with the platform. SANS explored the Crisis Simulation module, navigated the scenario catalog, and learned how to use existing content as templates to build custom scenarios. After participating in this workshop, the head of cybersecurity at SANS described it as “truly interactive, well-executed, and highly engaging… The hands-on approach and practical scenarios helped enhance our technical readiness and cross-team coordination”. The second workshop walked through the full development process, from discovery and design to development and build, helping the team shape a simulation based on a real incident from their organization. Together, we explored how simulations can be used not just for readiness, but as a practical upskilling tool grounded in real operational risk. A collaborative path forward What began as a single simulation has turned into an ongoing partnership. We’re now supporting the SANS team as they take ownership of their crisis readiness, developing internal simulations aligned with their environment, challenges, and goals. This is the value of Immersive in action: not just running simulations, but empowering teams to build their own scenarios. Creating a playbook for success While working with SANS, we used the Malicious Code: Incident Responder crisis simulation from the Immersive catalog as the foundation, changing the decision points (known as injects) to fit the roles that were participating in the simulation. After additional tweaks to the terminology and narrative to better represent the aviation industry, we were able to accurately model a realistic scenario for SANS. You can follow a similar process to create your own crisis simulation framework. Simply export a scenario from our catalog as a building block and personalize it to suit your industry and needs. Keep these tips in mind: Customize the terminology used in the scenario to reflect your organization. While many of our out-of-the-box scenarios refer to financial services or government, they can easily be adjusted. Use historical incidents to shape the crisis simulation and explore best practices. By cataloging events that have happened within your company or industry, newer employees can use this knowledge to better prepare for similar challenges in the future. Encourage teams to share knowledge using the platform based on their experience, so colleagues can learn from examples. Engage your own procedures and policies to create a playbook for the future. Beyond the tabletop: Expanding the value of crisis simulation Running a crisis simulation is just the beginning. Once a team has participated in a full-scale exercise, there’s a powerful opportunity to build on that momentum using the same tools to embed resilience deeper into the organization. Here are just a few ways teams can expand the impact: Explore team-based microsimulations to reinforce best practices. Use short, focused exercises (15–30 mins) to target the specific response skills of a single team. Engage in case study reflection exercises. Take a real incident (internal or public), build it into a learning scenario, and allow teams to step through the decision-making and ask: “What would we have done?”. Beyond crisis: Using the platform for everyday development Crisis simulations are powerful — but the platform can also support ongoing team growth outside of high-pressure scenarios. Beyond crisis response, organizations can use Immersive to: Onboard new team members. Introduce new joiners to tools, roles, and escalation paths through guided, scenario-based learning. Provide career development paths. Use simulations to expose team members to higher-level decision-making, preparing them for future roles in incident leadership or governance. Do you have any alternative use cases for crisis simulations beyond crisis response itself? Share them in the comments!Artificial Intelligence: Navigating the Evolving Landscape
The changing world To understand where we're going, you first need to grasp the sheer scale of what's happening now. The May 2025 report on Artificial Intelligence Trends by Mary Meeker and Bond Capital paints a vivid picture of a sector in overdrive: Unprecedented user adoption: Generative AI tools have achieved mass adoption faster than any previous technology, including the internet and smartphones. Soaring infrastructure investment: Top tech giants (Apple, NVIDIA, Microsoft, Alphabet, Amazon, Meta) spent a combined $212 billion on capital expenditures in 2024, a huge portion of which was dedicated to AI infrastructure like data centres and custom silicon. Shifting cost dynamics: The cost to train a state-of-the-art foundation model remains astronomically high, somewhere in the hundreds of millions of dollars. However, the cost to use these models (the inference cost) is plummeting, making AI more accessible than ever before. Intense competition and rapid imitation: AI is boosting productivity and driving competition between products. Global AI "space race": Nations are treating AI supremacy as a strategic imperative, leading to significant government investment and policy-making, particularly in areas like the semiconductor supply chain, with the US, Europe, and China all building new fabrication plants. With this level of investment and adoption, can you confidently say this is a bubble about to burst? Sir Demis Hassabis, CEO of Google DeepMind, puts this huge change on the same magnitude as the industrial revolution and the launch of the internet. Data from Gartner supports this, suggesting that by the end of 2025, 39% of organizations worldwide will have moved into the experimentation phase of AI adoption. The shift is well and truly on. What does AI look like in 2025? AI is underpinned by machine learning models, which are trained, not programmed. Engineers feed them vast amounts of data, and they learn patterns, concepts, and relationships. Different types of models are used for different purposes, such as those specialising in human language interactions (large language models, LLMs) and artwork generation (diffusion models). When using AI systems, such as chatbots, you’re not interacting with the model directly but rather with additional software that uses the model as its “brain”. This allows you to implement guardrails to check user inputs and model outputs, helping to filter out harmful or inappropriate content. Modern AI systems are rarely just a wrapper around a model. They integrate with other tools and services to enhance their capabilities, such as searching the web for real-time information or accessing private company documents to provide context-specific answers. The year of agentic AI An AI agent is a system that can autonomously pursue a goal. Instead of responding to a single prompt, it can reason, plan, and execute a series of steps to accomplish a complex task. It can also decide which tools to use and in what order. An AI agent may still be a chatbot or run constantly in the background. Big tech companies are adamant that agentic AI is the next evolution, with Google, Amazon, and Microsoft all predicting the next wave of innovation over the next two years. A key catalyst for this explosion was the release of the open-source Model Context Protocol (MCP) by Anthropic in late 2024. MCP provides a standardized way for AI models to discover and use tools. As the official documentation puts it: "Think of MCP like a USB-C port for AI applications. Just as USB-C provides a standardized way to connect your devices to various peripherals... MCP provides a standardized way to connect AI models to different data sources and tools." Source: Model Context Protocol - Getting Started MCP has been a game-changer, dramatically simplifying the process of giving AI systems new capabilities and accelerating the move from AI systems that know things to AI systems that do things. It’s no coincidence that technology companies then started to release their guides for building AI agents following MCP’s release – with Microsoft, Google, Cloudflare, OpenAI, and Amazon following close behind. Technology to watch Finally, a few key technologies that will define the next phase of AI include: Model Context Protocol (MCP) Continue to watch this standard. As more tools and platforms adopt MCP, the ecosystem of "plug-and-play" capabilities for agents will explode, as will the security risks. Simon Willison puts it perfectly by describing a “lethal trifecta”. AI systems with access to private data, the ability to communicate externally, and exposure to untrusted content could easily lead to serious consequences. Source: Simon Willison Authorisation for AI systems As agents move from knowing things to doing things (e.g., booking travel, purchasing supplies, modifying code), security becomes paramount. We need robust authorisation. This will involve human-in-the-loop (HITL) approvals, likely powered by modern authentication standards like Client-Initiated Backchannel Authentication (CIBA), which can send a push notification to a manager to approve an agent's action. Thought leaders from Microsoft suggest an overhaul to OAuth, with agentic systems having their own distinct identities and security considerations. One thing’s for sure: proper authorization is complex – difficult to get right and catastrophic to get wrong. Agent-to-agent communication Current AI agents are specialized for a specific purpose, but next-generation AI functionality comes through the use of multi-agent systems, which can be deployed in a variety of architectures, such as hierarchical or swarms. How agents communicate with each other, share memory, and share capabilities is still in its relative infancy, especially when AI agents may be hosted independently and written with different frameworks. Two competing protocols are emerging: Google's Agent2Agent protocol and IBM’s Agent Communication Protocol (ACP). It's too early to call a winner, but the development of a standard here will be a major milestone. We are at the beginning of the agentic era. 2025 is the year for experimentation. It's time to move from simply using AI to actively building with it, automating the tedious, and unlocking new forms of creativity and productivity. Getting the most out of AI If one thing’s for sure, it’s that the AI landscape is moving fast. So it’s crucial that you and your organisation are at the forefront of AI developments and making the most out of the latest technologies. Keep your eyes peeled for brand new labs in this space coming very soon! Our brand new collection will demystify terminology, explore the core concepts, and let you build and secure modern AI systems in a safe, sandbox environment. Sign up for email notifications from the Immersive Community so you don’t miss out on this brand new collection.Recommendations for Writing a Program Welcome Email
Key Objectives of the Email Generate Excitement: Make employees want to participate. Clearly State Benefits: What's in it for them? Provide Clear Next Steps: How do they get started? Assure Support: Who to ask for help? Reinforce Company Vision: Link individual growth to organizational success. Recommended Email Structure & Content 1. Compelling Subject Line Purpose: Grab attention, convey value immediately. Examples: "Unlock Your Potential: Introducing [Program Name]!" "Elevate Your Skills: Your Gateway to Growth is Here!" "Future-Proof Your Career: Announcing Our New Upskilling Initiative!" "Exciting News: Your Path to [Skill Area] Mastery Starts Now!" "Invest in Yourself: [Company Name]'s New Upskilling Program" 2. Warm & Enthusiastic Opening Purpose: Welcome, set a positive tone. Content: "Dear [Employee Name]," or "Hello Team," "We're thrilled to announce..." or "Get ready to elevate your career..." "At [Company Name], we believe in fostering continuous growth and development for every member of our team." 3. Program Overview (The "What") Purpose: Briefly explain what the program is. Content: Introduce the program name (e.g., "The [Program Name] Upskilling Initiative"). Briefly describe its scope (e.g., "a comprehensive program designed to enhance critical skills," "a tailored learning experience focusing on [key skill areas]"). Mention the format (e.g., "via interactive online modules," "expert-led workshops," "hands-on labs"). 4. Benefits to the Employee (The "Why Them") Purpose: This is the most crucial section – articulate the direct value to the individual. Content: "Why should you participate? This program is designed to help you:" Advance your career: "Unlock new opportunities for career growth within [Company Name]." Stay competitive: "Master the latest industry skills and technologies." Boost your confidence: "Deepen your expertise and take on new challenges." Enhance your impact: "Contribute even more effectively to your team's and [Company Name]'s success." Personal Growth: "Invest in your personal and professional development." (Optional but impactful): "Aligned with our commitment to [Company Value, e.g., Innovation, Excellence]." 5. How to Get Started (Clear Call to Action - CTA) Purpose: Make enrollment easy and intuitive. Content: "Getting started is simple! Here's how to begin your learning journey:" Provide a clear, clickable link: "Click here to explore the [Program Name] Hub." Brief instructions: "Log in with your [Company Credentials]," "Browse the course catalog," "Enroll in your first module." Mention any deadlines or enrollment periods if applicable. 6. Support & Resources: Purpose: Assure employees they won't be alone. Content: "We're committed to supporting you every step of the way." "For any questions, technical support, or guidance on choosing your learning path, please contact [L&D Team Email/Name, or specific Slack channel]." “Speak with your manager and map this to your own Professional Development Plan (PDP) for regular support and feedback” “We're so excited to celebrate your successes with you, and we're here to offer a helping hand as you grow!” Mention FAQs or a dedicated resource page if available. 7. Closing Purpose: Reinforce enthusiasm and look forward to their participation. Content: "We are incredibly excited about the potential this program holds for your individual growth and our collective success." Reinforce / remind positive impact to organisation “This program will make [Company Name] continue to be class leading / stay ahead of the competition / be the best place to work” "We look forward to seeing you thrive!" "Sincerely," / "Best regards," / "Warmly," [Your Name/Learning & Development Team/Leadership Team] General Recommendations for Effectiveness Personalization: Always use the recipient's name. Conciseness: Get to the point. Employees are busy. Visuals (Optional but Recommended): Consider including a compelling image or a short introductory video if available. Follow-Up Strategy: Plan reminder emails for those who haven't enrolled, and share success stories later. Manager Communication: Ensure managers are informed before the general team, so they can support and encourage participation. By following these recommendations, your upskilling program launch email can effectively motivate employees and kickstart a successful learning initiative.No Sleep on State-Backed Threats: Train for Cyber Conflict Before It Starts
In 2025, the cybersecurity landscape isn’t just evolving – it’s accelerating. State-backed cyberattacks, geopolitical tensions, and a fragmented regulatory environment have placed cyber resilience squarely at the top of boardroom agendas. But while the threats are growing, clear directives and unified mandates are not. Cybersecurity leaders are left asking: If federal policy won’t dictate readiness, how can we validate that we’re prepared? The policy gap: Why the One Big Beautiful Bill won’t save us Despite its sweeping scope, the recently passed One Big Beautiful Bill Act (H.R.1, P.L. 119-21) is notably silent on cybersecurity policy. It includes: Investments of $150M to the Department of Defense for business system modernization, including AI-aided financial auditing $200M for AI-enabled audit systems $20M to DARPA cybersecurity research efforts $250M for Cyber Command’s AI “lines of effort” $685M toward military cryptographic modernization, including quantum benchmarking While these appropriations equip government agencies to modernize and strengthen cyber and crypto capabilities, they stop short of mandating new cross-industry controls, standards, or compliance obligations for private sector entities. Organizations can’t depend on Washington to drive cyber resilience strategy, given how dynamic the landscape is today. Instead, leaders must build proactive, measurable programs rooted in industry frameworks like NIST CSF, ISO 27001, and MITRE ATT&CK. At the same time, they need to monitor shifting government priorities (vis-à-vis risks), evolving state-level regulations, and sector-specific requirements like the Digital Operational Resilience Act for financial services. In short, cyber resilience remains an internal obligation, not an external mandate. The stakes are rising: Salt Typhoon breach proves it’s about people In June 2025, a DHS memo confirmed that Salt Typhoon, a Chinese state-linked hacking group, gained extensive, months-long access to a U.S. Army National Guard network. This breach wasn’t just a military problem – it highlighted systemic risks across civilian infrastructure, state governments, and critical services. The attackers stole administrative credentials, internal diagrams, network configurations, and PII of service members, creating opportunities for lateral movement and follow-on attacks against civilian sectors. As Ellis, a cybersecurity advisor quoted in the memo, pointed out: "An intrusion on a National Guard isn't a 'military only' operation. States regularly engage their Guard to assist with cyber defense of civilian infrastructure." This breach underscores the harsh reality that cyber adversaries aren’t bound by the Law of Armed Conflict – and they’re fully prepared to target civilian infrastructure as part of their strategy. Cyberwar is official: NATO’s Article 5 sets a new precedent NATO now explicitly recognizes cyberattacks as potential triggers for Article 5 collective defense measures. This isn’t about responding to routine ransomware or phishing scams – it’s about preparing for strategic-level attacks that can disrupt economies, paralyze infrastructure, or compromise national defense. To meet this challenge, NATO is expanding joint cyber exercises like Locked Shields and Cyber Coalition, simulating real-world adversaries and integrating civilian infrastructure into their scenarios. Our key lesson? Modern conflict starts in cyberspace – and organizations need to train for it before the first packet hits. Train like the threat is already inside 1. State-sponsored threat actor playbooks Train your team to recognize and respond to APT tactics in the wild. From credential harvesting to stealthy exfiltration, hands-on simulations build muscle memory against real adversary behaviors – not textbook theory. Get hands-on with Threat Actors: Salt Typhoon and explore a recent SNAPPYBEE Campaign Analysis to see how the group uses backdoors to conduct espionage operations. Our complete Threat Actors collection covers a wide range of threat groups and their TTPs, providing practical simulations that build muscle memory against real adversary behaviors. We’ve talked about APT29 before 🙅♀️🐻 and they remain an active threat. Refresh with APT29: Threat Hunting with Splunk and dig into practical nation-state threat intelligence and IOC analysis. 2. Salt Typhoon TTP training Defend against the tactics actually used in the Salt Typhoon breach: Lateral movement: Our MITRE ATT&CK collection covers lateral movement tactics, providing comprehensive training on how attackers move within a network and how to defend against such actions. Credential compromise: The Credential Access collection offers practical experience in understanding and mitigating credential access vulnerabilities, which is crucial for defending against credential compromise. Network reconnaissance: Our Reconnaissance collection focuses on various techniques and tools used for gathering information, which can help in understanding and defending against network reconnaissance. Data exfiltration: Another hit for the Incident Response collection! These labs are specifically designed to teach incident responders how to detect data exfiltration. Put your team in the hot seat and test their response before the next real-world incident hits. 3. AI-readiness for cyber defenders AI is transforming both red and blue team tactics. Prepare with practical training to drive understanding of AI model risks (e.g. prompt injection, data leakage) and build skills defending AI-enabled environments before attackers exploit them. The AI Fundamentals collection offers a broader understanding of AI's role in cybersecurity, covering topics like data ethics, TensorFlow for machine learning, and emerging threats. The AI Challenges collection focuses on identifying vulnerabilities in AI systems, such as AI plugin injection and prompt injection attacks, providing hands-on experience in mitigating AI security risks. Together, these collections provide comprehensive training on both understanding and defending AI-enabled environments against potential threats. 4. Incident response: No-doze drills Run full-cycle incident response simulations, from detection to containment to recovery. Focus on the messy middle: ambiguous alerts, cross-team coordination, and real-time decision-making under pressure. Train with our Introduction to Incident Response and Incident Response collections. These collections cover the entire incident response process, including detection, containment, and recovery, with an emphasis on cross-team coordination and real-time decision-making. Then, test your skills with our new Cyber Range Exercise inspired by Salt Typhoon with simulated malware, or our Crisis Simulations focused on nation-state attacks. 5. Critical infrastructure and IT/OT defense modules Your OT environment isn’t off-limits to adversaries. Practice defending blended IT/OT networks, identify cascading risks, and rehearse failover processes when the grid comes under cyber-fire. Explore the following collections that are part of our new Operational Technology offering: OT: Fundamentals OT: Threats and Vulnerabilities OT: Devices and Protocols These labs are valuable for practicing defense strategies in blended IT/OT networks and understanding cascading risks in critical infrastructure. You can also experience actual incidents like the Norwegian Dam Compromise: Campaign Analysis! Conclusion: Build cyber resilience before the next state-backed attack The One Big Beautiful Bill won’t mandate cyber resilience. NATO knows cyberwar is already here. And Salt Typhoon’s breach shows that the human element is still the biggest vulnerability facing businesses, entities, and nation states alike. That’s why continuous skills development, validated readiness, and real-world scenario training aren’t optional. Adhere to tested frameworks and operational rigor for your people, processes, and technology. Share your thoughts If you’re not sleeping on state-backed threats, set the alarm and kickstart your team’s readiness. Have you prioritized specific procedures or skills in response to the latest nation-state activity from groups like Salt Typhoon? Share your tips (or your favorite preparedness quote) in the comments below! Train like it’s game day – because for state-backed threats, it already is. Stay sharp and threat-ready by following the Human Connection blog for more updates like this.Elevating Cyber Resilience: How GenAI is Revolutionizing Crisis Simulations
Cyber threats have become a pervasive force within the business world, elevating the need for regular cyber resilience exercises into an organization-wide imperative. Genuine resilience is about more than prevention. It’s the agility to identify, respond to, and recover seamlessly from disruptions, ensuring uninterrupted business operations. This approach, which acknowledges the inevitability of a cyber event, is the hallmark of truly resilient organizations. Crisis simulations and cyber exercises are core to cultivating this resilience. Traditional cyber exercises, often static and presentation-driven, tend to serve as theoretical validations. While valuable for reviewing playbooks and pinpointing theoretical vulnerabilities, they frequently fall short of genuinely testing incident response and crisis handling capabilities, particularly in the dynamic, high-pressure environment of a real-world attack. The sheer velocity of modern cyber threats, frequently powered by sophisticated AI, demands a new level of precision and relevance in simulations. This is where Generative AI (GenAI) comes in. It can transform how we design and execute tabletop-style cyber crisis simulations, making them profoundly relevant and impactful. The challenge of an unpredictable threat landscape While traditional crisis simulations are beneficial, they have certain limitations. The first is that it’s difficult and time-consuming to create realistic scenarios that reflect the latest threat actor tactics, techniques, and procedures (TTPs), and are meticulously tailored to an organization's unique infrastructure and risk profile. Analysts will also dedicate extensive hours to research, developing intricate narratives and manually injecting variables to ensure a robust challenge. However, this can sometimes result in a predictable exercise that doesn't fully prepare teams for the inherent chaos and unpredictability of a real-world incident. The human element in cyber resilience is also key. As Oliver Newbury, a member of Immersive's board of directors, recently emphasized: "Security is about people, process, and technology. I would have expected as much focus on upskilling people as on implementing new tools. It's the people using those tools who ultimately prevent breaches." Static simulations often fail to truly engage and challenge human teams, limiting their ability to build crucial muscle memory for swift decision-making under pressure. Elevating your crisis simulations with GenAI So, how does GenAI fit into the picture? This powerful technology can create novel content based on patterns learned from vast datasets. In doing so, it offers an unprecedented opportunity to inject realism and adaptability into crisis simulations. Just imagine the possibilities: Hyper-realistic scenario generation: GenAI can analyze current threat intelligence, recent attack patterns, and insights into your organization's specific weak spots to generate realistic and precisely tailored crisis scenarios. This ensures each exercise directly reflects the most pertinent and dangerous threats, making the experience far more impactful for your teams. Optimized playbook stress testing: GenAI doesn't just ease the exercise creation process – it can analyze your existing playbooks and processes. It can then generate crisis scenarios specifically designed to stress-test your response plans, ensuring they’re robust and effective under pressure. This helps validate that your playbooks and processes are truly ready for action. Realistic communications and media drills: In addition to the technical aspects, GenAI can simulate realistic internal and external communications during a crisis. It can generate mock press releases, social media posts, and even stakeholder questions, exercising your communications team's ability to manage public perception and share accurate information under pressure. This is critical for protecting your brand reputation during a breach. Instant feedback and analysis: After an exercise, GenAI can quickly crunch the data generated during the simulation, giving you detailed insights into team performance, response times, decision accuracy, and where you can improve. This speeds up the feedback loop, helping you tweak and strengthen your resilience strategies much faster. Tailored learning journeys: After an exercise, GenAI can analyze how an individual or team performed, then recommend follow-up scenarios or activities to address weaknesses or enhance key skills. This allows for truly personalized and continuously improving readiness programs. Think about the recent explosion of sophisticated, AI-driven attacks, from deepfake scams to highly targeted ransomware. Organizations have to be ready for these advanced threats, and old methods alone might not cut it. GenAI lets us simulate these next-gen attacks with a level of detail we couldn't even dream of before. This ensures teams aren’t just prepared for what's already happened – they’re ready for what's coming. Empowering your people It’s important to remember that GenAI is here to improve human expertise, not replace it. Just as information recall differs from true knowledge, GenAI is augmenting the critical "knowledge work" in cybersecurity, rather than replacing it. Our real value isn’t just in what we know, but how we apply, interpret, and synthesize that knowledge to drive meaningful outcomes. Our job is to use tools like GenAI to empower our organizations and teams and provide them with realistic and effective exercise environments. GenAI offloads the rote, time-consuming tasks of content creation and data sifting, freeing us up to focus on high-value actions such as analyzing results, mentoring teams, and fine-tuning strategic responses. This pushes us towards the "wisdom work" that truly defines expertise in cyber resilience. Building a culture of constant improvement The ultimate goal of bringing GenAI into crisis simulations is to build a culture of constant improvement, where cyber readiness isn’t just a checklist item, but a deep-seated organizational habit. By immersing our teams in hyper-relevant, dynamic, and challenging scenarios, we build the confidence, skills, and muscle memory they need to ride out the inevitable cyber storms with resilience and agility. How are you using GenAI to improve your cyber resilience? Share your thoughts and experiences in the comments below!The secret to hosting an engaging Crisis Sim
Before I start, it’s important to take a moment to acknowledge that I’m privileged to work with some fantastic experts. Immersive’s Crisis Sim lead, JonPaulGabriele, is our very own Daedalus, for any Greek mythology fans. That might make me Ariadne, helping people to navigate the labyrinth. I don’t know who the minotaur is – Greek analogies may not be my forte! JonPaulGabriele builds some fiendishly difficult scenarios that start out with a seemingly everyday occurrence, which quickly spirals out of control. It could involve coordinating a global response to an unprecedented disaster, dealing with a nation-state threat actor who’s holding your data to ransom, or even tracking down the missing Santa Claus. Whatever the situation, the principle behind every Crisis Sim is the same: to help people develop decision-making muscle memory and the ability to act with confidence when rapid decisions are required. I’m sure you’re already familiar with the importance of regular exercises, but it’s not you that we need to convince – it’s your chosen audience. We need to be able to capture their attention and get them to put their phones down. If they’re not present in the room and genuinely engaged with the exercise and its outputs and findings, you’re doomed to fail. So, how do we go about achieving this? Use storytelling I’m a big believer in the power of both storytelling and humour to pique people’s interest. Storytelling is an incredibly powerful technique to connect, persuade, and inspire people to act by tapping into shared experiences and emotions. In the words of Simon Sinek: “Stories allow us to visualize, empathize, and connect in ways that statistics never could.” I use stories when I’m setting the scene or outlining the details of the exercise we’re about to go through. Hopefully I’ll get an initial laugh, or an eye roll – those are just as good, quite frankly! Challenge echo chambers Making sure all voices and opinions are treated equally is critical to support learning and drive genuine change. Echo chambers don’t make for robust environments to test processes and decision-making abilities. It’s important to involve everyone as much as possible and avoid immediately ruling anything out – explore the ideas that people bring to the table in an open way. Creating a safe environment Being able to fail in a safe environment is essential to help people feel like they can speak up. I like to reference this somehow in my introduction to the exercise, just to let people know the kind of environment they’re entering, but you have to actually follow through. It can be small things, like observing who the big voices in the room are and making sure they don’t dominate. These voices are your friends when you need someone to speak up, but don’t let them take over. For quieter people, I try to notice when it looks like they have something to share and make some space in the room for them. It could be as simple as saying to someone: “It looked like you wanted to say something earlier. Would you like to share it with us now?”. A slightly more challenging approach might be something like: “Does anyone disagree with the previous statement?”. Or, you could soften this to: “Does anyone have a different view?”. You’ll need to gauge your audience and determine which approach is right for the room. Of course, this is harder to do online, but cut yourself some slack, too. You also need to be able to fail in a safe environment! Giving people space to speak up should make them feel more comfortable doing so – it’s a win-win. Set expectations The next thing I like to do in my introduction is some housekeeping. I’m an ex-project manager, and old habits die hard. Set expectations and provide clarity on what’s about to happen by outlining any specific rules, items, or actions that you want people to be aware of. If you’re doing something unusual or unexpected during the exercise, like with our recent Flip Reversal session, you’ll want to avoid any confusion, as this can lead to frustration and reduced engagement. Be kind to yourself Finally, remember that even people who regularly go on stage in front of large audiences are slaves to their body’s own systems and reactions. I always get nervous before doing anything like this, but since I know it’s going to happen, I can prepare for it. I write a script that I can practice out loud multiple times beforehand. It means I can read from it on the day and not rely on memory to make sure I’ve said all the things I want to cover. I know that it’s okay to feel nervous or anxious. It’s okay for my breathing to increase slightly or my hands to shake, or any of the other common reactions to being nervous. I don’t try and fight it – I know that as long as I’m prepared and can follow the steps I’ve mentioned above, the session will be a success. Bonus ideas Know who your experts in the room are. If it’s not you, don’t try and fill that role – it’ll be terrible for your credibility and confidence! Leverage the new AI Scenario Builder to uplift your exercise’s content. Get a colleague or friend to join you and present as a double act. You can bounce off each other and share the presenting load. Share your thoughts What are your tips for keeping people present and engaged during sessions like this? How do you overcome the nerves of presenting? Drop a comment below and let us know.Behind the Scenes of Immersive One: How Lab Builder is a Game-Changer for Cyber Readiness
“The best customer feedback we got was, we don’t need you to do everything for us.” Rebecca: Wait, seriously? Matt: Never more so. We built Lab Builder, a powerful Immersive One platform feature, for a reason: Organizations need a way to create, maintain, and publish their own labs—fast. Historically, our cyber team built every lab in Lab Forge. That worked for us, but it locked out partners and customers who wanted to address their unique needs—tools, environments, policies, and threats. They asked, “Can we do more by ourselves?” Lab Builder answers that. Rebecca: Absolutely. Since its debut last fall, Lab Builder has evolved so much. What are the biggest benefits for users today? Matt: There are two big ones. The first is the ability to curate content relevant to your organization, its threats, and its technologies—quickly. Second, realism. Teams can safely train with real-world code, internal apps, or even live malware—all in a secure, disposable environment. It’s as close to production as it gets, giving them an authentic experience with the exact tools and systems they use every day. The result? Faster upskilling, stronger readiness, and measurable gains in resilience. | “With Lab Builder, your organization can turn any piece of code or policy into hands-on training—instantly.” Rebecca: That almost sounds too easy—until you see the demo in action for yourself! Matt: Yes! The team is super proud of how streamlined it is. The core workflow is just five steps. Create a new lab. Then configure it, adding basics like the lab title, intro, learning outcomes, and gamification aspects like points users will get for completing the lab. From there, the focus is on building the briefing and tasks—drag-and-drop questions, code-review challenges, “find the flaw”, there’s lots to choose from. Then you’re ready to publish. Just assign your SME as Lab Creator, and they’re live on the same Immersive One platform they use every day. Rebecca: To me, the genius of that kind of design is in its accessibility. You’ve also invested heavily in the learner experience. Matt: Definitely. Engagement is a top priority, so we’re always building for the learners who need to know cyber—not only to support their organization’s cyber resilience strategy, but to grow professionally. We aim to remove every barrier to learning we can. Rebecca: I know you’re not one to boast, but how has the team modernized the UI? Matt: We’ve done a lot of work here, starting with completely rebuilding the theory labs interface, giving it a clean, responsive design that works seamlessly across desktop, tablet, or phone. We’ve been building toward that for our practical labs experience too. There are now intuitive panels, seamless task navigation, and instant feedback to guide learners every step of the way. We also turned Lab Builder into a true WYSIWYG (“what you see is what you get”) editor so Lab Creators see exactly what their teams will experience. We also baked in full WCAG compliance, with keyboard navigation and screen-reader support on every screen. Ultimately, we hope to bring every Immersive-built and custom lab into a single, unified front end in Immersive One—so no matter where you are, one clear interface delivers the same training experience. Rebecca: It’s this kind of due diligence that really makes a difference! Let’s talk about VMs. How do they fit in? Matt: Theory can only take you so far, so we released practical labs in the spring. Organizations spin up their own virtual machines in AWS (Amazon Web Services), share the AMI with our account, and import it straight into Lab Builder. Why does that matter? Because learners train in their exact production environments—internal tools, real vulnerable code, compliance setups. We support typical instance sizes—enough CPUs and RAM for most use cases. While we may roll out more environments in the future, AWS supports 99% of our existing customer base. That means the process feels native for Immersive One users; they can truly learn by doing. | “Build your VM. Import it. Assign it. All without leaving Immersive One.” Rebecca: Initially, only Org Admins could build custom labs. How did you expand access so that more team members could create labs, without being given full admin rights? Matt: We introduced the Lab Creator role this summer. Now you pick who builds labs—no full admin rights required. Rebecca: So smart. Now, in-house experts can build content without getting the keys to the kingdom. Matt: 100%. The team is laser-focused on leveling up Immersive One with every Lab Builder release because it’s so instrumental to the customer experience. In June, we added video support right in the briefing panels because some individuals learn best through short, engaging clips. We also rolled out a Machine Library stocked with pre-configured VMs—basically templates, from Kali Linux to reverse-engineering rigs—so you can drop assets in and start training immediately with zero VM building. You just need t And internal publishing functionality lets Lab Creators bundle custom labs into collections and share them across Organizations—think a self-service marketplace for specialized, high-value content. Rebecca: Honestly, Matt, what you’ve done with Lab Builder functionality is incredible. And I know you’re not done yet. Matt: Yeah, right—not at all. The team is already heads-down on an AI agent, but I won’t spoil it! Rebecca: Love that! Well, thanks again for meeting with me today, Matt. Maybe next time we can discuss ways customers or partners are already using Lab Builder to meet their unique needs—you know, deep-dive into specific use cases. Matt: Oh, absolutely—happy to share what customers are using Lab Builder for. Maybe we even host a webinar for that one? Would be fun to entertain some Q&A. Rebecca: Nice, let’s plan on it! Final Thought Lab Builder not only powers a customer-first UI and UX, it can help you transform every new threat, policy change, or internal tool into an interactive lab—on your timeline, with your exact requirements. Want to explore the possibilities? Contact your Account Manager for a personalized introduction to this powerful feature. In the meantime, preview how easy it is to customize learning by watching this quick demo: Meet Lab BuilderYour Guide to Effective AI Prompting
Why Prompting Matters for Crisis Simulations Think of AI as a highly intelligent, but literal, assistant. The quality of its output directly reflects the clarity and specificity of your instructions. For crisis simulations, this means: Relevance: Tailored scenarios that mirror your organization's unique risks, industry, and operational environment. Realism: Scenarios that feel authentic, with credible triggers, evolving complications, and realistic stakeholder reactions. Depth: Multi-layered scenarios that challenge your team's decision-making, communication, and collaboration skills. Actionability: Scenarios that provide clear learning objectives and reveal actionable insights for improving your crisis response plan. Core Principles of Effective Prompting Be Specific, Not Vague Bad Prompt "Generate a crisis." (Too generic, will give you a basic, unhelpful scenario.) Good Prompt "Generate a cybersecurity crisis scenario for a mid-sized e-commerce fashion retailer. The trigger is a ransomware attack that encrypts customer databases and disrupts order fulfillment." Why it works It defines the what (cybersecurity crisis, ransomware), the who (e-commerce fashion retailer, mid-sized), and the impact (encrypted databases, disrupted orders). Define your organisation and context using our drop down fields, and then add additional context. Industry (e.g., healthcare, finance, manufacturing, tech, retail) Threat (e.g., data breach, natural disaster, product recall, public relations nightmare, supply chain disruption, insider threat, workplace violence, financial fraud) Attack vector (e.g., phishing attack, severe weather event, manufacturing defect, viral social media post, disgruntled employee action, sudden market downturn) The more information the AI has about your specific context, the more tailored the scenario will be so consider adding further information such as: Company Size: (e.g., small startup, multinational corporation) Key Products/Services: (e.g., cloud-based software, physical goods, financial advisory) Target Audience: (e.g., B2B clients, general consumers, specific demographics) Geographic Scope: (e.g., local, national, global operations) Relevant Regulations/Compliance: (e.g., GDPR, HIPAA, industry-specific standards) Current Trends/Challenges: (e.g., supply chain issues, inflation, new technologies) Example: "Our company, 'Global Pharma Solutions,' is a multinational pharmaceutical company with a focus on novel drug development. We operate globally and are heavily regulated by the FDA and EMA. Generate a scenario reflecting a crisis involving a mislabeled drug batch, discovered shortly after market release in Europe and the US." Outline Key Stakeholders and Their Potential Reactions Realistic scenarios involve diverse stakeholders with varying interests and reactions. Internal: Employees, leadership, legal, HR, IT, communications, specific department teams. External: Customers, media, regulators, investors, suppliers, partners, general public, affected individuals. Desired Reaction: How should these stakeholders react? (e.g., panic, confusion, outrage, demanding answers, seeking legal action, offering support). Example: "Include reactions from panicked customers flooding social media, calls from concerned regulators, and an internal IT team struggling to diagnose the issue. Also, factor in a potential negative news story breaking on a major industry publication." Inject Complications and Escalation Crises rarely remain static. Build in elements that make the scenario evolve and become more challenging. Secondary Events: (e.g., power outage during a cyberattack, additional product defects discovered, key personnel unavailable) Information Gaps/Misinformation: (e.g., conflicting reports, rumors spreading on social media, difficulty in verifying facts) Ethical Dilemmas: (e.g., balancing transparency with legal implications, prioritizing different stakeholder needs) Time Constraints: (e.g., a critical decision needed within 30 minutes, public statement required by end of day) Example: "After the initial system outage, introduce a new complication: a cyber-espionage group claims responsibility on a dark web forum, threatening to release sensitive customer data if demands are not met, despite the initial incident being unrelated to a breach." Define the Learning Objectives (Optional, but Recommended) While the AI won't "know" your objectives, including them in your prompt can subtly guide its generation towards a scenario that helps you test specific aspects of your plan. Example: "The scenario should test our team's ability to communicate effectively under pressure," or "Focus on evaluating our supply chain resilience and alternative vendor protocols." By following these guidelines, you'll be well on your way to leveraging our AI crisis simulation feature to its fullest, preparing your team for any challenge the real world might throw at them. Happy simulating!People, Not Just Firewalls: Why OT Cybersecurity Starts with Training
The wake-up call no one wanted Just after midnight on September 22, 2024, a suspected ransomware attack forced operators at the Arkansas City, Kansas, water-treatment plant to switch to manual controls, anxiously safeguarding drinking water for the town’s residents. Downtime hurts more than you think According to the ITIC 2024 Hourly Cost of Downtime Survey, over 90% of mid-size and large organisations now put the price of a single hour of outage above $300,000, with 41% saying the bill tops $1 million. For OT industries, such as energy, costs can go up to $2.48 million per hour. When a cyber incident can drain six figures before a morning coffee break, prevention clearly beats recovery. Why training, not just tech, keeps the plant running Early threat spotting – Staff who know what an abnormal human-machine interface (HMI) screen looks like can isolate a rogue process long before malware reaches the production line. Fewer human-error openings – Phishing remains OT’s favourite attacker on-ramp; rehearsed teams click fewer bad links. Regulatory head-start – Standards such as IEC 62443 demand demonstrable cyber competence; fines for non-compliance often dwarf the cost of training. Three quick wins Quick win What it looks like The win Role-based micro-modules Deliver bite-sized, job-specific training. e.g. Modbus for SOC analysts, cyber awareness for OT Engineers. Builds practical, role-relevant cyber instincts. Table-top drills Simulate a cyber incident alert and map “who calls whom, who shuts what”. Prepares teams for real-world response. Visible leadership Get managers in the room with frontline staff during training. Makes security a shared responsibility. Bottom line Tools catch packets; people catch trouble. Invest in your workforce’s OT-security skills today, and the next midnight alarm could become just another drill instead of headline news. Learn more at my Labs Live OT Special Sign up for my Labs Live OT Special on July 15 as I tackle a brand new OT lab collaboratively, with you on a webinar. Register your attendance here! Share your thoughts Thoughts or questions? Drop them in the comments. Let’s keep the conversation (and the plant) running.
