Feature Focus: Crisis Sim Presentation Mode Uplifts
Here at Immersive, we're constantly striving to push the boundaries of cyber education and make our simulations as realistic and impactful as possible. We believe that truly effective learning happens when you're immersed in a genuinely challenging and engaging scenario. That's why we're incredibly excited to announce a significant uplift to the UI and UX of our Crisis Sim Presentation Mode. These aren't just cosmetic tweaks; they’re impactful changes, requested by you, designed to elevate the realism and engagement of your crisis simulation exercises, making the experience more dynamic and true-to-life for you and your team. A modern makeover for a seamless experience First impressions matter, and we’ve given the Presentation Mode UI a thorough modernization. This refresh delivers a cleaner, more intuitive aesthetic that’s not just pleasing to the eye, but also enhances clarity and reduces cognitive load during high-stakes scenarios. Our goal was to create an environment that feels contemporary and professional, reflecting the gravity of the simulated situations. Crucial UX enhancements for heightened realism Beyond the visual refresh, we've implemented several key UX changes that directly address the need for increased realism and participant engagement: The optional countdown timer: Feel the pressure build! In a real crisis, time is often a critical factor. Now, with the addition of an optional countdown timer, facilitators can introduce this vital element directly into the Presentation Mode. This isn't just about a ticking clock; it's about replicating the pressure and time constraints that decision-makers face in genuine incident response. This subtle yet powerful addition can significantly heighten the sense of urgency and consequence for participants, driving more active and strategic thinking. Navigating back: review and reflect in read-only mode Ever wished you could quickly refer back to a previous piece of information during a fast-paced crisis? Now you can! We've introduced the ability to navigate back to previous injects in a read-only mode. This means participants can revisit past communications, intelligence, or decisions without impacting the live progression of the exercise. This feature fosters better situational awareness and allows for more informed decision-making, mirroring the investigative and analytical processes that occur during a real incident. Companion App integration: all your content, always on hand Perhaps one of the most impactful changes for participant engagement is the surfacing of all content and static rich media directly on the Companion App. Previously, certain elements might have been facilitator-driven. Now, everything from critical intelligence reports to simulated news articles, social media feeds, and relevant imagery is immediately accessible to participants on their personal devices. This comprehensive content delivery ensures that participants have all the necessary information at their fingertips, enabling them to actively participate, analyze, and collaborate without disruption. It transforms the Companion App into a truly indispensable tool for the exercise, fostering deeper immersion and a more authentic crisis experience. Why these changes matter Our core mission at Immersive is to make learning about cybersecurity as effective and memorable as possible. These updates to Crisis Sim Presentation Mode directly serve that mission by: Increasing realism: By incorporating elements like time pressure and readily accessible information, we're making our simulations more closely resemble the complexities and demands of real-world cyber crises. Boosting engagement: When participants have all the information they need at their fingertips and can actively interact with the scenario, their engagement levels naturally soar. This leads to more meaningful learning outcomes and a greater retention of critical skills. Enhancing learning outcomes: A more realistic and engaging environment naturally fosters better decision-making skills, improved teamwork, and a deeper understanding of crisis management principles. These enhancements will provide an even more powerful and immersive experience for both facilitators and participants. We're confident that these changes will lead to even more impactful learning and a greater readiness to tackle the cyber challenges of tomorrow. Share your thoughts We can't wait for you to experience the difference, and we’d love to hear your thoughts on the changes. Log in to your Immersive platform and explore the enhanced Crisis Sim Presentation Mode today!Begin Again: How to Plan for Your Next Crisis Sim Exercise
Welcome back to the third installment in our series for managers using Crisis Sim. If you missed the first two episodes, check them out here: Crisis Sim Complete: Now What? Between Two Sims: What to Focus on Between Exercises The threat landscape is ever evolving and shows no sign of slowing down. Focus on cyber resilience is more important than ever. Everyone must continue to upskill and improve their incident response strategy so businesses can function as usual. In this guide, we’ll help you understand how you can effectively prove and improve your organizational cyber resilience in a crisis. Not sure where to begin? Here’s your guide to planning and preparation You've analyzed the data, bridged the gaps in your processes between exercises, and started building a culture of cyber resilience. Now, it's time to gear up for your next simulation! Remember, each exercise is a fresh opportunity to refine your team's skills, highlight existing strengths and weaknesses, and problem-solve together – all while strengthening your organization's cyber resilience. Let's dive into how to plan your next Crisis Sim for maximum impact. Next steps for managers Goals and objectives Every successful Crisis Sim starts with a clear destination. Before you jump in, take a moment to align your exercise objectives with your organization's priorities. Ask yourself: What specific skills do you want to test? Are there already any areas of concern? In a crisis, what are the most important considerations? For example, if your last exercise revealed communication gaps during a ransomware attack, your next objective might be to improve interdepartmental communication protocols within a defined timeframe. Tip: Incorporate next steps, action items, and the ownership of those items in your debriefs! This way, all parties walk away understanding what must be done to address immediate needs. Ahead of a crisis, you should consider areas that have a critical impact on your organization. Factors could include: Reputational impact: Damaged public and stakeholder trust, eroded image, social media amplification, and strained business relationships. Financial impact: Stock price drops, revenue losses, increased costs incurred, including legal fees, potential fines, and recovery efforts. Operational impact: Disrupted operations, production delays, supply chain issues, service interruptions, and the potential for both physical and digital infrastructure damage. Physical safety impact: Cyber incidents can lead to safety system failures, utility disruptions, security breaches, and equipment sabotage – posing serious risks to employees and the public. Legal and regulatory impact: Cyber incidents can trigger lawsuits, regulatory or criminal investigations, and significant fines – especially for safety or ethical violations. Did you know? IBM’s 2024 Cost of a Data Breach Report found that the global average cost of a data breach has surged to USD 4.88 million. Scenario selection and target audience Choose scenarios that reflect the real-world threats your organization faces. Consider the level of difficulty, technical skill, and complexity, and select participants from diverse departments to ensure a comprehensive evaluation. Even though you may eat, sleep, and breathe cybersecurity, others may be less familiar – cater to your audience! Customize exercises from our Scenario Catalog to make them relevant and impactful for your organization. The goal is to realistically test your team’s readiness while reinforcing best practices, processes, and decision making. Consider including participants who aren’t usually involved in cyber incident response to break down silos and boost collaboration. If they’re unclear on how to report an issue, it could delay notification and hinder activation of your response plan. Effective injects and options Design injects that challenge decision making and reflect real-world scenarios. Use branching paths and feedback to boost engagement and learning. Leverage all Crisis Sim features – like Option Ranking, and Inject Confidence – to gather valuable data. This not only highlights knowledge gaps and overall risk, but also directly supports your After Action Report, helping you capture the insights, graphs, and charts managers often look for post-exercise. Tip: Use injects that require participants to consider multiple factors and make tough choices under pressure. This will help them develop critical thinking skills. Preparation and facilitation for a successful exercise Preparation is essential for a successful simulation. Set clear expectations, share resources and training materials, and ensure technical, timing, and contingency logistics are in place. Involve stakeholders and leadership early to gain support and align the exercise with organizational goals – they can provide critical input on objectives, attack vectors, and realism. A well-prepared team is a confident team. Make sure everyone knows what to expect and has the tools they need to succeed. Facilitation During the exercise, focus on managing the flow and timing, encouraging active participation, and paying attention to your team's conversations. We recommend having an internal notetaker who can focus on the conversations so that key insights and takeaways don’t get lost or overlooked. Remember, your role is to guide the learning process and ensure everyone gets the most out of the experience – the discussion and collaboration of your teams is a key benefit! Keep the atmosphere positive and supportive, even when things get challenging. Not all options in a crisis are good options, so encourage your team to take risks, make mistakes, and play out what their gut instincts tell them. Reinforce the idea that this isn’t a test, but an opportunity for individuals, teams, and the organization as a whole to take stock of what improvements can be made. It’s a learning experience for participants and facilitators, not a pass/fail exercise. There’s a reason why athletes practice! It’s better to make mistakes when the game isn’t on the line, and the same goes for incidents! It’s better to be wrong and learn from the exercise than to see these gaps in knowledge and processes play out during a real incident. Feedback and considerations Depending on your exercise objectives, follow up with stakeholders and participants to gather feedback and key takeaways. This can be done through a group hotwash, an anonymous survey, or scheduled feedback sessions after the team has had time to reflect. Tip: Encourage additional feedback after a brief cooling-off period to capture both immediate reactions and more thoughtful insights once the team has had time to reflect on the exercise. Planning your next Crisis Sim exercise is an opportunity to build on your team's strengths and address any remaining vulnerabilities. Set clear objectives, select the right scenarios and participants, design effective injects, and prepare thoroughly to facilitate a smooth exercise. By doing this, you can maximize the impact of your simulations and strengthen your organization's cyber resilience. You know your organization and teams better than anyone, so it’s ultimately up to you how you want to proceed! To ensure your next exercise is a success in proving and improving upon your cyber resilience, we encourage you to prioritize these items: Define and communicate the objectives to all participants, whether it's testing a new process, improving communication and handoffs, or enhancing crisis preparedness. Develop realistic scenarios by incorporating real-world, industry-specific events to create relevant and challenging experiences. Prepare logistics, including technical setups, briefing documents, and technology like video conferencing tools or software. Tip: For presentation exercises, remember to send out calendar holds and account for virtual or in-person meeting logistics! Share your thoughts If you’ve recently started planning your next Crisis Sim exercise, what changes did you make from the previous exercise? What recommendations do you have for others who are beginning their Crisis Sim journey? Join the discussion below!Unlock seamless learning: Immersive and Workday Connector powered by Workday’s SOAP API
What is the Immersive Workday Connector? The Immersive Workday Connector is designed to bridge the gap between our cutting-edge cybersecurity skills development platform and your organization's core HR and talent management system, Workday. This integration simplifies the delivery and tracking of critical cybersecurity training, ensuring your teams are equipped to face the evolving threat landscape. The power of SOAP API integration By leveraging Workday's Simple Object Access Protocol (SOAP) API, we've taken our integration to the next level. This technology enables a more direct and robust communication channel between Immersive and Workday, unlocking a range of powerful benefits: Direct learning assignment and enrollment: Assign targeted Immersive content directly within Workday Learning. The SOAP API enables the seamless transfer of enrollment information, making it easier than ever to assign relevant training based on roles, skills gaps, or development plans. Real-time completion tracking and reporting: Gain immediate visibility into your team's progress. As users complete Immersive exercises, completion records are transmitted back to Workday in real time via the SOAP API. This provides accurate and up-to-date insights for compliance, performance reviews, and skills gap analysis. Enhanced data integrity and accuracy: The direct API connection minimizes the potential for data discrepancies and ensures a consistent view of learning and development activities across both platforms. Scalability and reliability: The robust nature of Workday's SOAP API ensures a scalable and reliable integration that can grow with your organization's needs. Key benefits for your organization Streamlined learning workflows: Simplify the process of assigning, accessing, and tracking cybersecurity training. Improved administrative efficiency: Reduce manual tasks associated with user management and learning administration. Enhanced visibility into skills development: Gain comprehensive insights into your team's cybersecurity capabilities. Data-driven decision making: Leverage accurate learning data to inform training strategies and talent development initiatives. Seamless user experience: Provide your employees with a unified and intuitive learning environment. Getting started with the Workday SOAP API Connector If you're already a Workday and Immersive customer, connecting via the SOAP API is a powerful upgrade. Reach out to your Immersive Customer Success Manager or our dedicated integration team to learn more about the setup process and how to leverage the full potential of this enhanced integration. The future of integrated cybersecurity learning The Immersive Workday Connector, now powered by the Workday SOAP API, represents our ongoing commitment to providing seamless and effective solutions for developing critical cybersecurity skills. We believe that by integrating learning directly into your core HR system, we can empower organizations to build a more resilient and capable workforce. Future integrations We’re on a mission to create integrations with LMS systems. Is there an integration you’d like to see? Let us know what it is!Supercharge your cybersecurity skills development: Immersive integrates with Degreed
In this blog post, I explore benefits of the integration, what it means for you, and how you can leverage it to build a world-class cybersecurity team. Seamless access to Immersive content Accessing Immersive Labs' extensive catalog of labs is now easier than ever. We've integrated directly with Degreed's file transfer protocol (FTP), allowing you to browse and select from our entire library of practical cybersecurity challenges directly with the Degreed platform. This streamlined access simplifies the learning journey and encourages continuous skills development. Track progress and demonstrate impact with xAPI Demonstrating the impact of your learning initiatives is crucial. That's why we've implemented xAPI integration. As your team completes Immersive Labs exercises, detailed completion records are automatically sent to Degreed. This provides valuable insights into individual and team progress, allowing you to identify skill gaps, track improvement over time, and measure the effectiveness of your cybersecurity training programs. With xAPI, you can clearly view your team’s evolving skillset and make data-driven decisions for future training investments. What this means for you: Personalized learning: Combine Immersive Labs' hands-on exercises with Degreed's personalized learning paths to create a truly tailored skills development experience for each team member. Streamlined workflow: Access and launch Immersive Labs content directly within Degreed, eliminating the need to navigate between different platforms. Data-driven insights: Leverage xAPI integration to track progress, identify skill gaps, and measure the impact of your cybersecurity training programs. Enhanced engagement: Keep your team motivated and engaged with interactive, hands-on labs delivered seamlessly through the Degreed platform. Improved skills development: Accelerate the development of critical cybersecurity skills and build a more resilient and capable workforce. How it works: The integration is designed to be as seamless as possible. Your Degreed administrator will configure the connection to Immersive Labs via FTPs. Once configured, the Immersive Labs catalog will be available within Degreed. Learners can then discover and engage with labs directly within their Degreed learning paths. Behind the scenes, xAPI ensures that all learning activity is tracked and reported back to Degreed. Getting started: If you're an existing Immersive Labs and Degreed customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling the integration as it’s available to all Immersive Labs customers. They will guide you through the setup process and answer any questions you may have. The future of cybersecurity skills development is here The Immersive Labs and Degreed integration represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see its impact on your organization's cybersecurity posture. Share your thoughts While we look to expand the platforms we integrate into, we're eager to hear your perspective! Comment below with your questions, ideas, and how you plan to use this integration as well as other integrations you'd like to see.Elevate your cybersecurity training: Immersive now integrates with Cornerstone LMS
This integration combines the hands-on, engaging learning experience of Immersive Labs with the robust learning management capabilities of Cornerstone, creating a comprehensive and efficient solution for your cybersecurity training needs. What this integration means for you: Streamlined access to Immersive Labs content: Access our extensive library of labs directly within Cornerstone LMS. This allows your learners to seamlessly launch Immersive Labs and engage with the training they need, all within their familiar Cornerstone environment. Automated tracking and reporting: Leveraging the xAPI (Tin Can API) specification, the integration automatically sends detailed completion records from Immersive Labs to Cornerstone. This allows you to track learner progress, identify skill gaps, and measure the effectiveness of your cybersecurity training programs, all within your familiar Cornerstone environment. Enhanced learning experience: Provide your teams with engaging, hands-on cybersecurity training that translates directly to real-world skills. Immersive Labs' interactive simulations and challenges keep learners motivated and invested in their development. Improved efficiency: Reduce administrative overhead by automating tasks such as user provisioning, content updates, and progress tracking. This frees up your learning and development team to focus on more strategic initiatives. Data-driven insights: Gain valuable data on learner performance and skill development, enabling you to make informed decisions about future training investments and tailor learning paths to individual needs. How it works: The integration is designed for simplicity and ease of use. Your Cornerstone administrator will configure the connection to Immersive Labs, enabling the seamless flow of data between the two platforms. Learners can then access and launch Immersive Labs content directly from their Cornerstone learning paths. xAPI ensures that all learning activity is automatically tracked and reported back to Cornerstone, providing a comprehensive view of learner progress and skill development. Getting started: If you're an existing Immersive Labs and Cornerstone customer, reach out to your Immersive Labs Customer Success Manager to learn more about enabling this integration. They’ll guide you through the setup process and answer your questions. The power of connected learning: The Immersive Labs and Cornerstone integration represents a significant advancement in cybersecurity skills development. By connecting engaging, hands-on learning experiences with robust learning management capabilities, we're empowering organizations to build a more skilled and resilient cybersecurity workforce. Share your thoughts This is just the beginning! We're committed to expanding our integrations to provide you with an entirely seamless learning experience. Share your thoughts on this integration and tell us which platforms you'd like to see us connect with next in the comments below.Enhancing Cyber Resilience through Data Insights: Immersive’s REST API
Seamless access to your Immersive data Our REST API offers easy access to your Immersive data. Once authenticated, you can access your organization’s data by making REST API requests to any of the available endpoints. These endpoints can be reviewed in our REST API documentation. What this means for you Data at speed – Your Immersive data is just a request away. With each API request, you can quickly gather and manipulate your data as needed. Flexible design – Utilizing our REST API offers significant control over the process of transmitting data from Immersive to a target system of choice. System integration – Each API response will be received as JSON formatted data, allowing straightforward integration with BI systems, databases, or any other target system. How it works API requests to our various available endpoints allow you to seamlessly pull Immersive data and relay it to your system of choice. Gathering data via the REST API offers unparalleled flexibility and control over when and how your data is transmitted. Who can do this To generate an API key and secret token, you must have an administrator account in Immersive. If you’re interested in working with the REST API, but don’t have the proper permissions to initiate the process, please reach out to an Immersive administrator within your organization. Getting started From an Immersive administrator account, navigate to the Platform Settings sections within the Manage tab at the top of your screen. Once in the platform settings, navigate to API within the sidebar. You should then see the option to Generate API key. Select this option and add an appropriate label that describes the intended use. After clicking Generate, you should see an Access key and Secret token that can be copied and utilized for the initial authentication. Once you’ve generated your Access key and Secret token, please follow our REST API documentation and API Guide for authentication, requests, and pagination guidance. The documentation also includes each of the available API endpoints. If you have any questions or issues as you implement your API connection, please contact our support team, and we will help ensure a smooth integration. The future of cybersecurity skills development is here The Immersive REST API represents a significant step forward in cybersecurity skills development. By combining the power of hands-on learning with personalized pathways and data-driven insights, we're empowering organizations to build the cybersecurity teams of the future. We're excited about the possibilities this integration unlocks and can't wait to see the impact it has on your organization's cybersecurity posture. Share your thoughts While we continue to develop this powerful integration, we would love to hear from you! If you have specific use cases for the Immersive REST API, please let us know in the comments and our team can look into the feasibility of each possible enhancement. We're on a mission to enable more integrations, so tell us, which other integrations would you like to see this year?Making the Most of the Custom Lab Builder: Writing With Accessibility in Mind
What if someone tried to access your content who was visually impaired? Or who had cognitive difficulties? Or who was hard of hearing? Would they be able to understand the information you’ve provided and improve their cyber resilience? Our in-house copyediting team has created a series of articles to help you craft high-quality labs, aligned to the rigorous processes we follow. We embrace what we call the Four Cs to ensure all labs are: Consistent Conscious Conversational Concise These articles delve into each of these principles, showing how to implement them in your labs to create content that resonates with readers, enhances learning, and boosts cyber resilience. This post highlights how being conscious of your formatting can enhance accessibility for assistive technology users and how consistent formatting improves navigation for everyone. Rich text formatting Rich text formatting tools like subheadings, bullet points, lists, and tables in the Custom Lab Builder help organise information for easier scanning, better retention, and improved comprehension. Using these will ensure your content is consistent, accessible, and reader-friendly for everyone! Rich text formatting elements carry specific meaning, which assistive technologies rely on to convey information to specific users. Headings Visually, headings represent hierarchy through different font styling and allow users to quickly scan content. Programmatically, they allow users who can’t see or perceive the visual styling to access the same structural ability to scan. Heading elements should reflect the structure of the content. So your title should go in ‘Heading 1’ formatting, your next subheading will go in ‘Heading 2’ formatting, and so on. To ensure your content reads correctly to screen reader users, don’t use HTML heading styling to represent emphasis, and don’t use bold to make text appear like a heading. Lists (bullets/numbering) Always use bullets or numbered lists using the provided formatting to convey a list. A screen reader will announce that the following information is a list. Links How a link is formed significantly impacts usability. Consider the following sentence: “To find out more about this topic, complete our Intro to Code Injection lab here.” Links are interactive elements, which means you can navigate to them using the tab key. A user who relies on screen magnification to consume content may choose to tab through content to see what's available. The example above would be communicated as just “here”, which provides no context. They’d need to manually scroll back to understand the link’s purpose. Always use descriptive link text that clearly indicates its destination. Avoid ambiguous phrases like “here”. If that’s not possible, ensure the surrounding text provides clear context. “To find out more about this topic, complete our Intro to Code Injection lab.” Bold Only use bold for emphasis! Avoid italics, capital letters, or underlining (reserved for hyperlinks) to prevent confusion. Consistency in formatting reduces cognitive load, making your text more accessible. Bold stands out, provides better contrast, and helps readers quickly identify key information. Avoid italics With 15–20% of the population having dyslexia, italics are worth avoiding because research shows it’s harder for this user group to read italic text. Italics can sometimes bunch up into the next non-italic word, which can be difficult to comprehend or distracting to read. Media If you’re adding media to your labs, such as videos and images, it’s especially important to consider those who use assistive technologies. These users need to have the same chance of understanding the content as everyone else. They shouldn’t miss out on crucial learning. What is alternative text? Alt text describes the appearance and function of an image. It’s the written copy that appears if the image fails to load, but also helps screen reading tools describe images to visually impaired people. Imagine you’re reading aloud over the phone to someone who needs to understand the content. Think about the purpose of the image. Does it inform users about something specific, or is it just decoration? This should help you decide what (if any) information or function the images have, and what to write as your alternative text. Videos Any videos you add to your lab should have a transcript or subtitles for those who can’t hear it. Being consistent Consistency is a major thinking point for accessibility. We recommend adhering to a style guide so all of your labs look and feel consistent. We recommend thinking about the structure of your labs and keeping them consistent for easy navigation. In our labs, users expect an introduction, main content, and a concluding “In This Lab” section outlining the task. This helps users recognize certain elements of the product. It reduces distraction and allows easier navigation on the page. For example, some users prefer diving into practical tasks and referring back to the content if they need it. By using the same structure across your lab collections, your users will know exactly where to find the instructions as soon as they start. TL;DR It’s crucial to focus on accessibility when writing your custom labs. Utilise the built-in rich text formatting options in the Custom Lab Builder (and stay consistent with how you use them!) to ensure your labs are easy to navigate for every single user. By being conscious and consistent with your formatting, every user will engage with your content better, remember the topic, and be able to put it into practice more easily, improving their cybersecurity knowledge and driving their cyber resilience. No matter how they consume content. Keep your eyes peeled for the next blog post in this series, which will look at inclusive language. Share your thoughts! There’s so much information out there on creating accessible content. This blog post just focused on the language, structure, and current formatting options available in the Custom Lab Builder. Have you tried to make your labs or upskilling more accessible, and how did this go down with your users? Do you have any other suggestions for the community on how to write content with accessibility in mind? Share them in the comments below!From Feng Shui to Surveys: How User Feedback Shapes Immersive Labs
We’ve all been asked to give product feedback in one way or another – a pop-up message after completing a purchase, an email asking how your visit went, or a poll appearing on your social media feed. They all have one thing in common: a real person behind them, looking for valuable insights. I’m one of those people! My role as Senior UX Researcher involves speaking to Immersive users and gathering their feedback to help the company make tangible improvements. UX, or user experience, is at the heart of what I do. And it’s been around for longer than you might think. What is UX? It’s believed that the origins of UX began in 4000 BC with the ancient Chinese philosophy of Feng Shui, the spatial arrangement of objects in relation to the flow of energy. In essence, designing the most user-friendly spaces possible. A short skip to 500 BC, and you can see UX at play with the Ancient Greeks' use of ergonomic principles (also known as human factors), defined as “an applied science concerned with designing and arranging things people use so that the people and things interact most efficiently and safely.” In short, people have been concerned about creating great user experiences for thousands of years. How does Immersive get feedback? Bringing you back to the present day, let me walk you through a recent research study undertaken with Immersive Labs users and what their experiences and feedback led to. In May this year, we sent out a survey to our users asking them about their needs for customised content. The feedback was given directly to the team working on the feature, helping to inform their design choices and confirm or question any assumptions they had about user needs. In July, we invited users, including Training Manager and community member mworkman to take part in a pilot study for the Custom Lab Builder, giving them exclusive access to the first iteration of the feature. They could use the builder in their own time, creating real examples of custom labs using their own content and resources. This gave them a realistic experience and highlighted issues along the way. What does Immersive do with that feedback? In August, those users joined a call with us to provide their feedback and suggestions. From these calls, we gained insights and statistics that were presented to the entire Product Team, voicing our customers’ needs. We then used this to shape the direction of the lab builder feature before its release. Customers told us that they wanted to create labs based on their own internal policies and procedures, which would require more flexible question-and-answer formats for tasks. They also wanted more formatting options and the ability to add media to labs. In response to this feedback, we increased the number of task format types from three to five, and we’ll continue to add to this. We also added the ability to include multiple task formats in the same lab. Users also now have the option to upload images and include rich text within their custom labs, enhancing the layout and customisation experience. The Custom Lab Builder was released in October 2024 with an update pushed in December, and we’re still working on improving it! Throughout this first quarter of 2025, we’ve released more new features, including drag and drop, free text questions, and instructional tasks in the Lab Builder. How can you get involved? Once again, we’ll be calling on our users to give feedback on their experiences with these features, continuing to involve you in our design process to ensure that our products and experiences reflect what users are looking for. Throughout 2025, Immersive Labs will be providing opportunities for our users to come along to feedback sessions, have their opinions heard through surveys, and many more exciting chances to talk to the people behind the product. Follow our Community Forum for hot-off-the-press opportunities! For more guidance on Lab Builder, visit our Help Center.From Concept to Content: A Deep Dive into Building and Critically Analyzing Labs
Putting it all together The main bulk of the development work is building the labs. This usually comprises two parts that require different skill sets; one is putting together the written portion of the lab (such as the briefing, tasks, and outcomes), and the other is implementing any technical needs for the practical side of the lab. While some labs may focus more on one component than the other, this general overview of lab development will demonstrate each step of the process. Developing written content Regardless of the lab, the written content forms the backbone of the educational material. Even with prior knowledge and planning, additional research is essential to ensure clear explanations. Once research is complete, an outline is drafted to focus on the flow, ensuring the information is presented logically and coherently. This step helps enhance the final product. The final step is turning the outline into the final written content. Everyone approaches this differently, but personally, I like to note all the points I want to cover in a bullet list before expanding on each one. This method ensures all necessary information is covered, remains concise and clear, and aligns with learning outcomes and objectives. Technical implementation For practical labs, technical setup is key. Practical tasks should reinforce the theoretical concepts covered in the written portion, helping users understand the practical application of what they’ve learned. Before implementing anything, the author decides what to include in the practical section. For a CTI lab on a vulnerability, the vulnerable software must be included, which involves finding and configuring it. For general topics, a custom script or program may be needed, especially for niche subjects. The key is ensuring the technical exercise is highly relevant to the subject matter. Balancing the difficulty of practical exercises is crucial. Too easy, and users won’t engage. Too hard, and they’ll get frustrated. Tasks should challenge users to think critically and apply their knowledge without discouraging them. This requires iterative testing and feedback to fine-tune the complexity. The goal is to bridge the gap between theoretical knowledge and real-world application, making learning effective and enjoyable. Quality assurance and finishing touches The development process is complete, but there’s still work to do before releasing the content. We take pride in polishing our content, so the final steps are crucial. Checking against expectations Before the official QA process, we review the original plan to spot any discrepancies, such as unmet learning objectives or missing topics. While deviations don’t always require changes, they must be justified. Assuring quality A thorough QA process is vital for catching grammatical errors, technical bugs, and general improvements before release. Each lab undergoes three rounds of QA, each performed by a different person – two rounds of technical QA, and one for presentation. Some of the steps taken during technical QA include: Verifying written content accuracy, flow, and completeness. Ensuring all learning objectives are covered. Identifying any critical bugs or vulnerabilities that would allow users to bypass the intended solution. Providing small tweaks or changes to tasks for clarity. Assigning relevant mappings (NICE K-numbers, MITRE tags, CWEs). After technical QA, the lab is reviewed by our quality team to ensure it meets our presentation standards. Once all labs in a collection pass rigorous QA, they are released for users. The final step occurs post-release on the platform. Gathering and implementing user feedback Users are at the heart of everything we do, and we strive to ensure our content provides real value. While our cyber experts share valuable knowledge, user feedback prevents echo chambers and highlights areas for improvement. After new releases, we conduct an evaluation stage to analyze what went well and where we can improve. User feedback We gather quantitative and qualitative feedback to help us identify root issues and solutions. Quantitative feedback involves analyzing metrics like completion rates and time taken. We also examine specific changes, such as frequently missed questions or labs where users drop out. These are important things to note, but we avoid drawing conclusions solely from this data. This is where qualitative feedback comes in. Qualitative feedback includes user opinions and experiences gathered from feedback text boxes, customer support queries, and direct conversations. These responses are stored and read by the team and provide context beyond raw numbers. Channels such as customer support queries and follow-ups with customers also help us improve our content. Post-release reviews We conduct post-release reviews at set intervals after content release to analyze quantitative and qualitative data. This review helps us assess the entire process and identify areas for improvement. These reviews allow us to update content with new features, like adding auto-completable tasks for CyberPro. The reviews ensure our content remains current and enhances user experience. Wrapping up Hopefully, this blog post has provided insight into all the care we put into building and tailoring our content for users. This process has come a long way since we started making labs in 2017! Don't forget — with our new Lab Builder feature, you can now have a go at creating your own custom labs. If there's a topic that interests you and you want to share that knowledge with your team, making your own lab is a great way to do it! If there’s any part of the process you’d like to know more about, ask in the comments. Are there any collections that made you think, “Wow, I wonder how this was made”? Let us know!From Concept to Content: Laying the Foundations of a Lab Collection
Technical planning At this stage, we address niche technical details not covered in initial planning but crucial for polished content. Below is an example of the question-and-answer process used for the “Web Scraping with Python” collection. Should the practical sections of the content be created using Docker, for optimal speed and modularity, or does the subject matter require the use of a full EC2 instance? As there are no unusual requirements for the technical portion of the collection (such as needing kernel-level access, network modifications, or third-party software that doesn’t run in containers), the labs can run on Docker. This is a benefit not only for the overall user experience, but also allows for image inheritance during development, which will be demonstrated a bit later on. Are there any tools, custom scripts, or system modifications that should be present across the whole piece of content? The collection is based around writing Python scripts, so ensuring that Python is installed on the containers as well as any required web scraping libraries is a must. In addition, some considerations for user experience can be made, such as installing an IDE like Visual Studio Code on the containers. How can task verification be implemented to make sure it’s both robust and non-intrusive? In the case of this collection, implementing auto-completable tasks may be difficult due to the variety of ways users can create solutions, as well as the lack of obvious traces left by web scraping. Instead, it may be more appropriate to insert task solutions into a mock website that needs to be scraped, which the user can retrieve by completing the task and providing the solution in an answer box. Understanding the technical requirements for a piece of content helps to bridge the gap between planning and development, making it a crucial step. With some of the key questions answered, it’s time to move on to implementation. Creating base images It’s finally time to put fingertips to keyboards and start programming! The first part of implementation creates what all labs in a collection will be built on – a base image. This is a skeleton that provides all the necessary tools and configuration needed for the whole collection, using a concept called image inheritance. If you're new to containerization software like Docker, don't worry – image inheritance is straightforward. Docker containers use images as blueprints to create consistent, mini-computers (containers). This is useful for labs because it allows you to quickly create a pre-configured container without the overhead of setting up a virtual machine, saving time and system resources. This is where image inheritance comes in. Docker images can inherit traits from parent images, similar to how you inherit eye color from your parents. Instead of one central image for all purposes, you create a parent image with shared requirements and then customize descendant images for specific needs. Let’s use the “Python for web scraping” collection as an example again. Think about what kind of things would need to be present in each lab: An installation of Python so the user can run scripts. A code editor to write the scripts in. A mock website for the user to test their scripts on. The first two of these requirements are essentially the same in every lab; there’s no real need to change the installation of Python or the code editor, and in fact, it would be better to have them all be identical, which would result in a smoother user experience. The third, however, does need to be changed — the specific task requirements are going to be different from lab to lab, and the website files will need to change to accommodate this. Taking into account the requirements, an inheritance structure like this can be used: Base image – Python installation and code editor present Lab 1 – Custom website files Lab 2 – Custom website files Lab 3 – Custom website files … Structuring images this way saves time, disk space, and development work by reusing shared configurations. Next time… In part three of this mini-series, you'll learn about the final stages of content development: creating labs, quality assurance, and release. To be notified when part three is released, follow The Human Connection Blog using the bell icon. Meanwhile, feel free to ask questions about the content creation process or specific collections in the replies. Have you used the Lab Builder feature to make any custom labs yet?
