No More Busy Work: How Programs Automate Personalized Cyber Readiness
Welcome back to our series, “Behind the Scenes of Immersive One”! The following is a conversation with MartinHewitt, Principal Product Manager for Immersive One, and RebeccaSchimmoeller, Lead Product Marketing Manager. “We’ve all seen the spreadsheet of doom. You assign a list of training labs to fifty people, and then you spend the next month chasing them down, manually checking completion statuses, and hoping the content you’ve assigned them is actually relevant—because if it’s not, your learners are just tuning out. It’s an operational nightmare, plain and simple.” Rebecca: Wow, yeah, we hear this constantly from the market, Martin. Leaders are drowning in admin work while trying to build resilience. It feels like we’ve been handing learners a stack of maps and hoping they figure out the route. Meanwhile, busy learners assume the content isn’t worth their time, so disengage. How does the new Programs capability change that dynamic? Martin: That map analogy is actually spot on. Until now, we’ve had Assignments and Collections—which are great, but they are static. Like you said, it’s handing someone a map. Programs is a fundamental shift … a GPS navigation system for learning. Instead of just handing a learner a stack of content and hoping for the best, a Program plots the optimal route based on their initial skill level. It re-routes them if necessary using logic, and it shows the manager if they fall behind schedule. We aren’t just looking at completion anymore; we are looking at flow. Rebecca: I love the "GPS" concept. But let’s make this real for our customers. What does one of these "routes" actually look like? Can you give us a concrete example of a path a team might take? Martin: Absolutely. Let’s look at the SOC Analyst Program. It doesn’t just start with a generic to-do list. It starts with an Adaptive Assessment. Based on those results, if the system sees a user is proficient and capable, it will route them into content that speaks to their level of knowledge and experience, rather than a one-size-fits-all (or, more often none) route. We see this for Cloud Security too. Engineers who know AWS inside-out don't need to waste time on S3 Buckets 101. The Program fast-tracks them to the advanced Cloud Defense scenarios. It’s about respecting their time Rebecca: That’s a perfect segue to the learner’s experience. We talk a lot about the manager’s benefit, but honestly, if I’m an analyst, why should I care? How does this make my day or professional life better? Martin: If you’re a learner, the biggest benefit is that you stop doing "busy work." Nothing kills morale faster than being a senior engineer forced to click through beginner labs just to get a completion checkmark. With Programs, the system recognizes your skill level immediately. You get to skip the stuff you already know and focus on the challenges that actually help you grow. Plus, because it’s a cohesive journey, you always know why you are doing a task. You aren’t just completing a random lab; you are moving through a cyber-narrative—from detection to analysis to remediation. It feels less like homework and more like a mission. Rebecca: So, we’re moving from "did you do it?" to "are you ready?" That sounds like it aligns perfectly with the CISO’s need to prove outcomes. But Martin, what about the manager’s visibility? You mentioned "flow" earlier—how is that different from just tracking who finished a lab? Martin: Right now, if you want to know who is struggling, you usually have to wait until the deadline passes and see who didn't finish. By then, it’s too late. With Programs, we focus on Pace. We capture a time commitment expectation—say, two hours a week—and the system calculates a "Burndown Rate." We can tell you in real-time if a user is Ahead, On Track, or Behind. It’s about finding what I call the "Bread and Valley Joes"—the people who are struggling silently. We want to surface those users to the manager before they fail, as well as highlighting the super-keen folk who really love stretching and testing their skills, we’re showing them as Ahead, making sure they’re spotted and give them the opportunity for recognition. Rebecca: That’s huge for "Management by Exception." You don't need to micromanage the high-performers, but you can quickly help those who are stuck. Martin: Exactly. And we’ve built the intervention right into the platform. You can filter for everyone who is "Behind" or stuck on a specific step—like Cloud Fundamentals—and bulk-message them right there. No more downloading CSVs and running mail merges just to nudge your team. Rebecca: Martin, this is a massive step forward. But knowing you and the engineering team, you’re already looking at what’s next. Can you give us a sneak peek at what’s coming for Programs? Martin: Don’t mind if I do! Right now, we have these amazing "Stock Programs" ready to go. In the New Year, we’re also handing the keys to customers … we’re going to introduce a custom builder. Managers will be able to build a completely bespoke journey tailored to their specific organization, drawing from right across our whole catalog. Things like being able to create your own "onboarding flow" to mirror your exact tech stack and security policies…. That’s when things will get even more exciting. Rebecca: I can't wait to see what customers build when that’s available, Martin. Thanks for walking us through the logic behind this milestone launch. This is major for customer outcomes. Martin: It is. We’re finally moving learners from just "completing tasks" to building real muscle memory. That’s the stuff that benefits their org now, and that they can carry it with them to their next professional opportunity. Final Thought Programs represent a shift that benefits the entire security function. For the organization, it replaces static assignments with an operational engine that measures true readiness against critical threats. For the learner, it transforms training from a checklist into a career-building journey, ensuring they develop skills that last far beyond their current role. Want to see how it works? Don’t miss this demo.Boosting Cyber Readiness Together: Introducing The New AI In-Lab Assistant
We’re passionate about creating an empowering, collaborative learning environment. That’s why we’re excited to introduce the AI In-Lab Assistant – an intelligent chatbot right inside your lab environment. We want you to solve challenges independently. The new AI assistant is designed to provide hints and tips on a lab, offering guidance without giving away the answer. The aim is to enhance your learning experience, ensuring you're always ready for what’s next. 🔎 Finding your on-demand learning companion Getting started is simple. Open a lab, and you’ll see a sparkle icon in the top right corner of your screen. Clicking this sparkle icon opens the chatbot interface. If the window obstructs your view, you can reposition the chatbot by dragging its top bar. If you need to hide it, click the cross in the top right of the pop-up window or the sparkle icon again. 🔬 How can the assistant help me? We specifically designed this chatbot to help with lab-related queries and tasks inside the lab environment. You can ask it to summarize the lab briefing, help you understand key concepts (such as "what is a SIEM?"), or assist with specific questions (for instance, "I need help with Task 3!"). The chatbot will give you hints and tips without giving you the exact answer. For example, if you're tackling enumeration, it might suggest commands like nmap, netstat, or cat. If you're working on privilege escalation, it may encourage you to think about commands like sudo, su, or to look for SUID binaries. Our sophisticated technology takes snapshots of practical and cloud labs, capturing the necessary context to understand activities on the virtual machine or the command line interface. ✅ Key boundaries and quick tips We want you to get the most out of the new AI In-Lab Assistant. It keeps to the following main points: It won’t give away the answer: We intentionally designed the chatbot to encourage independent completions, not to directly give you the answer. If you ask outright for the answer to a question, it’ll provide hints for you to figure it out yourself. It only applies to lab content: While you can input any query, the chatbot can only answer questions related to the lab you’re currently in. If you ask a non-lab-related question, such as "how’s the weather today in Bristol?", it’ll tell you it doesn’t have access to real-time data. Instead, it’ll encourage you to ask a question about the lab. History isn’t retained: To start a new chat, click the plus icon next to the New chat button in the top left of the chatbot window. This will clear the current history. Note that you’ll lose your conversation history when you exit a lab or start a new one. The chatbot can only retain seven questions before forgetting them. Exclusions: The AI In-Lab Assistant is available in most labs, but isn’t available in custom labs, adaptive assessments, or any demonstrate labs. 🔐 Data security and feedback you can trust We want to be upfront about our technology and security because we value authenticity. Our AI service was built using OpenAI. We prioritize your data security, so we only store your account UUID in the AI service database. We don’t store any other personally identifiable information (PII) except what you explicitly input as queries, which OpenAI will also receive. Crucially, we don’t ingest any custom content labs into our AI service, and the service doesn’t have access to any customer data. We rely on your input to keep improving! You can provide feedback on every response using the thumb-up or thumb-down icons found directly underneath the chatbot’s reply. We monitor this feedback to improve the AI In-Lab Assistant over time. 💁🏻♀️ And don’t forget… If you’d prefer to speak to real humans for hints and tips on your favorite labs, head to the Community and navigate to the Help Forum. If you aren’t satisfied with the AI In-Lab Assistant’s responses or have technical issues with the feature, reach out to Customer Support via the Help Center.October is here! Prepare for Cybersecurity Awareness Month with Immersive 🎃
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. What’s on at Immersive this Cybersecurity Awareness Month 📆 Oct 1st Whitepaper: GenAI’s Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Master’s Trick or Treat Challenges and Labs Trick or Treat on Specter Street 👻 Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything we’ve encountered before. Each week throughout October, we’ll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations 🤖 Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Master’s Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat 🎃 Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Master’s game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, we’re shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAI’s Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes 🏆 We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Let’s make this the most secure October yet!
Enter The Maze Challenge: Immersive’s Most Advanced Collection Yet
Today marks the release of the Maze Challenge, Immersive’s most advanced and cunningly designed offensive cybersecurity collection yet. This new series of labs is more than just a test of skills. It's a puzzle, a game, and a creative brain-bender, crafted by two of Immersive’s most brilliant minds: StefanApostol and SabrinaKayaci. Stefan, known to many as the "evil genius" behind the Human Connection Challenge, and Sabrina, who recently inspired our London community meetup attendees with her predictions on AI within the AppSec space, have teamed up to create something truly unique. We sat down with them to get their insights on what makes the Maze Challenge so special, so challenging, and so much fun. What was the main inspiration behind the maze theme, and how did you translate that narrative into a collection of technical labs? The core idea for the Maze Challenge, as Stefan explained, came from a shared love of games. "Both Sabrina and I are geeks. We like games, and we wanted to create a challenge with an overarching goal that was more than about earning a completion token." While our labs have always awarded tokens for completion, Stefan and Sabrina wanted to create a narrative that would engage users on a deeper level. "A maze is the perfect example of that," Stefan said. "We wanted to include a game element in these challenges." This isn't just a series of technical scenarios. It's a cohesive puzzle where each lab is a step toward a larger objective. The maze narrative encourages participants to think creatively, connecting different skills and techniques in a way that feels more like a game than a traditional capture the flag (CTF). I’ve heard that this is the most advanced lab collection yet. So, what makes these labs more challenging than the thousands of others in Immersive's catalogue? This collection is Immersive's most advanced to date, introducing a range of techniques not yet widely covered in the platform. The labs are a combination of real-world examples drawn from the creators' past experiences and internal testing, all woven together with a good deal of imagination. While the challenge covers a broad spectrum of offensive skills, including web, Linux, Windows, and Active Directory, Stefan was quick to name binary exploitation as an obvious concept that will have participants scratching their heads. The team collaborated with BenMcCarthy on this particular lab, and Ben being Ben, he poured all his creativity into it, making even Stefan nervous to attempt this mean challenge! Sabrina added that the real difficulty lies in the type of thinking required. "Some of them will really require outside-the-box thinking," she said. "They're unusual in a way that requires not just the technical skill, but some creativity and more critical thinking." This is a key theme throughout the collection. Participants can't rely on a simple, formulaic approach. Instead, they must be flexible and resourceful. Sabrina noted that some challenges will require "multiple sets of skills," forcing users to chain together their expertise in different areas to find a solution. Without giving away any spoilers, can you describe a moment in one of the labs that you're particularly proud of designing? Sabrina beamed as she recalled the Inner Maze lab. "I really enjoyed creating Inner Maze," she said, before adding a cryptic twist. "When you break out of that maze is when you're really trapped." She was particularly proud of her ability to create and then beat her own challenge, finding the exploit even more difficult than the design itself. Can you give users any hints or tips? The Maze Challenge is designed to be tough, and you should certainly expect it to be just that. However, the creators want everyone to have a fair shot, so they’ve some advice for those who might feel intimidated. Use the platform to your advantage. Stefan noted that around 98% of concepts within this challenge can be learned in the rest of our lab catalogue. “If you get stuck on a specific skill, take a break from the maze, find the relevant labs on the platform, and then come back with your newfound knowledge.” We encourage you to learn along the way, and persistence is always rewarded! Failure can be a sign of progress. Sabrina shared a key insight: "Sometimes it's important to take note of what it is you're doing that's failing... If you're failing at the same spot in a particular approach, that could actually mean that you're doing something right." Go figure that one out! Don't go it alone. Sabrina advises anyone starting their journey to ask others for advice and help. Our community help forum is a great resource for sharing knowledge and getting tips from fellow participants. We want you to have fun, and part of that fun is collaborating with your industry peers along the way. In the end, what do you hope participants will take away from this experience, beyond the technical skills? Stefan and Sabrina both hope it's a "desire for more challenges”! They also dropped a teaser for a community Halloween challenge… That’s all you’re getting for now! 👀 Want a head start? Join Stefan and Sabrina for a Labs Live webinar on August 19th. They’ll be solving the Improbable Maze lab live on the call, in collaboration with you. Attendees are encouraged to play along, offer their suggestions, methods, and frustrations. It’s the perfect opportunity to see the creators’ thought process and gain some momentum for your own journey through the maze. See you there!Unlock the World of AI: Introducing Our New AI Foundations Collection!
That's why we’re thrilled to announce the launch of our new AI Foundations collection, a comprehensive set of labs designed to empower you to navigate the fast-paced world of AI confidently. This seven-part lab collection is your guided tour through the core components of modern AI implementation. We've crafted this collection for everyone, breaking down complex concepts into digestible, easy-to-understand labs. Whether you're a seasoned tech professional or just starting your AI journey, this collection will provide you with a practical, hands-on understanding of how AI systems are built and how they work together to deliver powerful capabilities. NOTE: These labs are only available for customers who haven’t opted out of AI-related content. Why a new AI collection? Our customers have asked for more in-depth AI content – a demand that mirrors the explosive growth of the AI market. This new collection is our commitment to staying at the forefront of the industry and proactively addressing the needs of our community. What you'll learn The AI Foundations collection is a journey through the essential concepts of artificial intelligence. Each lab builds on the last, culminating in a holistic understanding of modern AI systems, with a special focus on agentic AI. Here's a glimpse into what you'll discover: Episode 1: Artificial Intelligence (Theory): Dive into the fundamentals of AI, exploring what it is, how it works, and the distinctions between generative AI and AGI. It also discusses AI’s limitations and demystifies the "illusion of thinking". Episode 2: Core Components (Theory): Get acquainted with the building blocks of AI, including LLMs, embedding and diffusion models, RAG, MCP, and the exciting world of agentic AI. It also touches on crucial security considerations as AI transitions from "knowing" to "doing". Episode 3: Large Language Models (Theory): Explore the power of foundational models, the importance of fine-tuning, the role of system prompts, and security considerations such as exploitable vulnerabilities and data privacy. Episode 4: Retrieval Augmented Generation (RAG) (Practical): Take a deep dive into RAG, vector databases, embedding, and chunking. In this hands-on lab, you'll create a knowledge base, chunk a file, and query a fictional company's proprietary data through an integrated AI chatbot. Episode 5: Model Context Protocol (MCP) (Practical): Understand the MCP protocol and its architecture within the broader AI landscape. You'll get hands-on experience using MCP Inspector to interact with an MCP server, and instruct an AI chatbot to organize files on your desktop, gaining insight into exactly how tools are chosen and invoked. Episode 6: Agentic AI (Practical): Immerse yourself in the world of AI agents. You'll get access to real AI agents within a safe sandbox environment. The curious can poke and edit the code and explore integrated Langfuse for a deeper look into the observability of the AI system. Episode 7: Demonstrate Your Knowledge (Theory): Put your newfound knowledge to the test and solidify your understanding of the concepts covered throughout the collection. Secure and private by design We've built our practical AI labs with your security and privacy as the top priority. When you launch a lab, you're entering a completely isolated, sandboxed environment. These sandboxes are self-contained and have no connection to any customer data or personal information. Think of it as your own private, temporary workspace that’s thoroughly purged after each use. To interact with the AI models, each lab session creates temporary user credentials. Not only are these credentials temporary, but they’re also locked to the lab environment itself. This means that even if the credentials were to be exposed, they would be useless outside of the specific lab they were created for, providing a robust layer of security. Access to the internet is also strictly controlled, which only allows connections to the minimum endpoints required for the lab to function. We utilize privacy-centric AI models designed to protect your data. The models we use don’t store or log your prompts and completions. Furthermore, your interactions are never used to train any models, ensuring that your data remains your own. We’ve also opted out of any content being used for service improvements across all the AI services we use. In some of our more advanced labs, we've implemented an additional layer of security with guardrails that preprocess user inputs and model outputs to filter for harmful or inappropriate content. These guardrails are mandatory and can’t be bypassed by users within the lab environment. These multiple layers of security work together to provide a safe and secure environment for you to learn and experiment with AI. Who is this collection for? Everyone! We've designed these labs to be a guided walkthrough, making even the more technical details accessible to anyone working with or interested in AI. Whether you're a developer, a business leader, a student, or simply a curious mind, our AI Foundations course will equip you with the knowledge and skills to thrive in the age of artificial intelligence. Join us on this exciting journey and unlock the power of AI. Get ready to build, innovate, and lead in the new era of intelligence.New Labs: BlackHat 2025 and DefCon 33
Throughout early August 2025, representatives from Immersive's cyber team attended the BlackHat 2025 and DefCon 33 conferences and got great exposure to the latest technologies, topics, and techniques presented by the sharpest minds in our industry. As a result of attending these talks, workshops, and villages, Immersive has created brand new labs going through the various talks that took place, allowing you to get hands-on with the latest technologies and exploits. We present a number of brand new labs covering some of the most interesting and insightful topics from the events, from operational technology (OT) to achieving privilege escalation through firewall software. AI was a hot topic, as you would imagine, especially around Prompt Injection attacks. We already have plenty of content on Prompt Injection, not to mention the new AI Foundations content, so for this series, we created an Appsec Style lab around preventing Prompt Injection attacks. Why should our customers care? BlackHat and DefCon are two conferences that attract the greatest minds in cyber to get together and share their knowledge through workshops, official talks, and villages. Given the high diversity of events and talks that took place, there is something for everyone! Many of the topic areas shared are things that attackers could easily exploit themselves, so taking advantage of the information in these labs equips our customers with the knowledge of the latest vulnerabilities, threats, and exploitation techniques currently being talked about in the industry - improving your resilience and preparation against the latest threats. Who are the labs for? Offensive Security Engineers and Penetration Testers SOC Analysts and Incident Responders Malware Reverse Engineers Operational Technology Engineers Cyber Security Engineers Here is a list of the labs in this release: Binary Facades: Extracting Embedded Scripts CVE-2024-5921 Redux - Bypassing mitigations to PrivEsc with Palo Alto Global Protect Chrome Alone: Transforming a Browser into a C2 Platform No VPN Needed?: Cryptographic Attacks Against the OPC UA Protocol Python: AI Prompt Injection If you'd like to do any of these labs, here is a link to the BlackHat/DefCon collection: https://immersivelabs.online/series/defcon-black-hat/More Immersive Cyber Drills: How Rich Media Can Bring a Scenario to Life
When running a cyber drill, it’s useful to have a consistent and cohesive sense of the story throughout. The use of branding and rich media (videos and audio related to the theme) can engage participants through a sense of world-building and storytelling. Imagine your company drill looking like your company — logo, color scheme, font and all. The Brand It’s a good idea to start with all the assets needed to create the custom content. In my case, I created a logo and color scheme for a fictional news company, CHANNEL 6 News. The intention was to create a consistent look and feel for the news updates we would use. Using a simple color palette and classic news branding style, I could then create a virtual website for news updates using presentation software. This allows for ease of editing and can be presented full-screen to look like a webpage. A key requirement of the project was to create content that could be edited by anyone — no special software needed. This is just a slide in a presentation! The slide format could be used to represent a company website, a news outlet, or anything to aid the storytelling. Each slide in the presentation is a copy of the previous, but the news story is changed (title, image, and copy). Rich Media Video is engaging; it grabs our attention and helps with immersion. Video that has relevant branding and specifics has the chance to immerse participants even further. Continuing with the Channel 6 News theme, I used an AI video generator to create a news presenter intro and outro, all within a single prompt to maintain a consistent look. I also created a graphical intro in professional video editing software, aligning the branding and adding stock backing music. Using a more stripped-back video editing app, such as Google Vids, templates can be created with the intro and outro already in place. In between, video clips and voiceover (also generated) provide the main content of the news update. These templates allow for quick editing by anyone without the need for expert software. Download the MP4, and we’re ready to slot it into a cyber drill! Here's an example of the intro/outro and small amount of content between. Company Videos Immersive has a fictional company it uses for Crisis Sims called Orchid Corp. We have brand assets (logos, graphics, etc.) that we use to create print and digital media. I created employee welcome videos using stock media and generated voiceover audio, which ended up being fairly convincing. Now, imagine your company assets in whatever type of video you want. Perhaps a news broadcast, maybe an internal or external press release on the crisis situation. The more entertaining and interesting the content, the more immersion and engagement. Prove and Improve Running drills with custom videos will capture your audience’s attention and imagination. There's a great opportunity to review how the media can be adjusted for further storytelling depth. It could be effective to have the story evolve at a future drill, building on the actions taken previously. Having templates for the content, such as a news update clip, means that significant time is saved in preparation and a consistent feel is kept across drills.Recommendations for Writing a Program Welcome Email
Key Objectives of the Email Generate Excitement: Make employees want to participate. Clearly State Benefits: What's in it for them? Provide Clear Next Steps: How do they get started? Assure Support: Who to ask for help? Reinforce Company Vision: Link individual growth to organizational success. Recommended Email Structure & Content 1. Compelling Subject Line Purpose: Grab attention, convey value immediately. Examples: "Unlock Your Potential: Introducing [Program Name]!" "Elevate Your Skills: Your Gateway to Growth is Here!" "Future-Proof Your Career: Announcing Our New Upskilling Initiative!" "Exciting News: Your Path to [Skill Area] Mastery Starts Now!" "Invest in Yourself: [Company Name]'s New Upskilling Program" 2. Warm & Enthusiastic Opening Purpose: Welcome, set a positive tone. Content: "Dear [Employee Name]," or "Hello Team," "We're thrilled to announce..." or "Get ready to elevate your career..." "At [Company Name], we believe in fostering continuous growth and development for every member of our team." 3. Program Overview (The "What") Purpose: Briefly explain what the program is. Content: Introduce the program name (e.g., "The [Program Name] Upskilling Initiative"). Briefly describe its scope (e.g., "a comprehensive program designed to enhance critical skills," "a tailored learning experience focusing on [key skill areas]"). Mention the format (e.g., "via interactive online modules," "expert-led workshops," "hands-on labs"). 4. Benefits to the Employee (The "Why Them") Purpose: This is the most crucial section – articulate the direct value to the individual. Content: "Why should you participate? This program is designed to help you:" Advance your career: "Unlock new opportunities for career growth within [Company Name]." Stay competitive: "Master the latest industry skills and technologies." Boost your confidence: "Deepen your expertise and take on new challenges." Enhance your impact: "Contribute even more effectively to your team's and [Company Name]'s success." Personal Growth: "Invest in your personal and professional development." (Optional but impactful): "Aligned with our commitment to [Company Value, e.g., Innovation, Excellence]." 5. How to Get Started (Clear Call to Action - CTA) Purpose: Make enrollment easy and intuitive. Content: "Getting started is simple! Here's how to begin your learning journey:" Provide a clear, clickable link: "Click here to explore the [Program Name] Hub." Brief instructions: "Log in with your [Company Credentials]," "Browse the course catalog," "Enroll in your first module." Mention any deadlines or enrollment periods if applicable. 6. Support & Resources: Purpose: Assure employees they won't be alone. Content: "We're committed to supporting you every step of the way." "For any questions, technical support, or guidance on choosing your learning path, please contact [L&D Team Email/Name, or specific Slack channel]." “Speak with your manager and map this to your own Professional Development Plan (PDP) for regular support and feedback” “We're so excited to celebrate your successes with you, and we're here to offer a helping hand as you grow!” Mention FAQs or a dedicated resource page if available. 7. Closing Purpose: Reinforce enthusiasm and look forward to their participation. Content: "We are incredibly excited about the potential this program holds for your individual growth and our collective success." Reinforce / remind positive impact to organisation “This program will make [Company Name] continue to be class leading / stay ahead of the competition / be the best place to work” "We look forward to seeing you thrive!" "Sincerely," / "Best regards," / "Warmly," [Your Name/Learning & Development Team/Leadership Team] General Recommendations for Effectiveness Personalization: Always use the recipient's name. Conciseness: Get to the point. Employees are busy. Visuals (Optional but Recommended): Consider including a compelling image or a short introductory video if available. Follow-Up Strategy: Plan reminder emails for those who haven't enrolled, and share success stories later. Manager Communication: Ensure managers are informed before the general team, so they can support and encourage participation. By following these recommendations, your upskilling program launch email can effectively motivate employees and kickstart a successful learning initiative.No Sleep on State-Backed Threats: Train for Cyber Conflict Before It Starts
In 2025, the cybersecurity landscape isn’t just evolving – it’s accelerating. State-backed cyberattacks, geopolitical tensions, and a fragmented regulatory environment have placed cyber resilience squarely at the top of boardroom agendas. But while the threats are growing, clear directives and unified mandates are not. Cybersecurity leaders are left asking: If federal policy won’t dictate readiness, how can we validate that we’re prepared? The policy gap: Why the One Big Beautiful Bill won’t save us Despite its sweeping scope, the recently passed One Big Beautiful Bill Act (H.R.1, P.L. 119-21) is notably silent on cybersecurity policy. It includes: Investments of $150M to the Department of Defense for business system modernization, including AI-aided financial auditing $200M for AI-enabled audit systems $20M to DARPA cybersecurity research efforts $250M for Cyber Command’s AI “lines of effort” $685M toward military cryptographic modernization, including quantum benchmarking While these appropriations equip government agencies to modernize and strengthen cyber and crypto capabilities, they stop short of mandating new cross-industry controls, standards, or compliance obligations for private sector entities. Organizations can’t depend on Washington to drive cyber resilience strategy, given how dynamic the landscape is today. Instead, leaders must build proactive, measurable programs rooted in industry frameworks like NIST CSF, ISO 27001, and MITRE ATT&CK. At the same time, they need to monitor shifting government priorities (vis-à-vis risks), evolving state-level regulations, and sector-specific requirements like the Digital Operational Resilience Act for financial services. In short, cyber resilience remains an internal obligation, not an external mandate. The stakes are rising: Salt Typhoon breach proves it’s about people In June 2025, a DHS memo confirmed that Salt Typhoon, a Chinese state-linked hacking group, gained extensive, months-long access to a U.S. Army National Guard network. This breach wasn’t just a military problem – it highlighted systemic risks across civilian infrastructure, state governments, and critical services. The attackers stole administrative credentials, internal diagrams, network configurations, and PII of service members, creating opportunities for lateral movement and follow-on attacks against civilian sectors. As Ellis, a cybersecurity advisor quoted in the memo, pointed out: "An intrusion on a National Guard isn't a 'military only' operation. States regularly engage their Guard to assist with cyber defense of civilian infrastructure." This breach underscores the harsh reality that cyber adversaries aren’t bound by the Law of Armed Conflict – and they’re fully prepared to target civilian infrastructure as part of their strategy. Cyberwar is official: NATO’s Article 5 sets a new precedent NATO now explicitly recognizes cyberattacks as potential triggers for Article 5 collective defense measures. This isn’t about responding to routine ransomware or phishing scams – it’s about preparing for strategic-level attacks that can disrupt economies, paralyze infrastructure, or compromise national defense. To meet this challenge, NATO is expanding joint cyber exercises like Locked Shields and Cyber Coalition, simulating real-world adversaries and integrating civilian infrastructure into their scenarios. Our key lesson? Modern conflict starts in cyberspace – and organizations need to train for it before the first packet hits. Train like the threat is already inside 1. State-sponsored threat actor playbooks Train your team to recognize and respond to APT tactics in the wild. From credential harvesting to stealthy exfiltration, hands-on simulations build muscle memory against real adversary behaviors – not textbook theory. Get hands-on with Threat Actors: Salt Typhoon and explore a recent SNAPPYBEE Campaign Analysis to see how the group uses backdoors to conduct espionage operations. Our complete Threat Actors collection covers a wide range of threat groups and their TTPs, providing practical simulations that build muscle memory against real adversary behaviors. We’ve talked about APT29 before 🙅♀️🐻 and they remain an active threat. Refresh with APT29: Threat Hunting with Splunk and dig into practical nation-state threat intelligence and IOC analysis. 2. Salt Typhoon TTP training Defend against the tactics actually used in the Salt Typhoon breach: Lateral movement: Our MITRE ATT&CK collection covers lateral movement tactics, providing comprehensive training on how attackers move within a network and how to defend against such actions. Credential compromise: The Credential Access collection offers practical experience in understanding and mitigating credential access vulnerabilities, which is crucial for defending against credential compromise. Network reconnaissance: Our Reconnaissance collection focuses on various techniques and tools used for gathering information, which can help in understanding and defending against network reconnaissance. Data exfiltration: Another hit for the Incident Response collection! These labs are specifically designed to teach incident responders how to detect data exfiltration. Put your team in the hot seat and test their response before the next real-world incident hits. 3. AI-readiness for cyber defenders AI is transforming both red and blue team tactics. Prepare with practical training to drive understanding of AI model risks (e.g. prompt injection, data leakage) and build skills defending AI-enabled environments before attackers exploit them. The AI Fundamentals collection offers a broader understanding of AI's role in cybersecurity, covering topics like data ethics, TensorFlow for machine learning, and emerging threats. The AI Challenges collection focuses on identifying vulnerabilities in AI systems, such as AI plugin injection and prompt injection attacks, providing hands-on experience in mitigating AI security risks. Together, these collections provide comprehensive training on both understanding and defending AI-enabled environments against potential threats. 4. Incident response: No-doze drills Run full-cycle incident response simulations, from detection to containment to recovery. Focus on the messy middle: ambiguous alerts, cross-team coordination, and real-time decision-making under pressure. Train with our Introduction to Incident Response and Incident Response collections. These collections cover the entire incident response process, including detection, containment, and recovery, with an emphasis on cross-team coordination and real-time decision-making. Then, test your skills with our new Cyber Range Exercise inspired by Salt Typhoon with simulated malware, or our Crisis Simulations focused on nation-state attacks. 5. Critical infrastructure and IT/OT defense modules Your OT environment isn’t off-limits to adversaries. Practice defending blended IT/OT networks, identify cascading risks, and rehearse failover processes when the grid comes under cyber-fire. Explore the following collections that are part of our new Operational Technology offering: OT: Fundamentals OT: Threats and Vulnerabilities OT: Devices and Protocols These labs are valuable for practicing defense strategies in blended IT/OT networks and understanding cascading risks in critical infrastructure. You can also experience actual incidents like the Norwegian Dam Compromise: Campaign Analysis! Conclusion: Build cyber resilience before the next state-backed attack The One Big Beautiful Bill won’t mandate cyber resilience. NATO knows cyberwar is already here. And Salt Typhoon’s breach shows that the human element is still the biggest vulnerability facing businesses, entities, and nation states alike. That’s why continuous skills development, validated readiness, and real-world scenario training aren’t optional. Adhere to tested frameworks and operational rigor for your people, processes, and technology. Share your thoughts If you’re not sleeping on state-backed threats, set the alarm and kickstart your team’s readiness. Have you prioritized specific procedures or skills in response to the latest nation-state activity from groups like Salt Typhoon? Share your tips (or your favorite preparedness quote) in the comments below! Train like it’s game day – because for state-backed threats, it already is. Stay sharp and threat-ready by following the Human Connection blog for more updates like this.Building Your First Practical Lab (Part 2)
This is the second blog in a 2 part series that will walk you through the entire process of building your first custom practical lab. You’ll learn how to do everything from launching and configuring an EC2 instance in your AWS account to imaging it and seamlessly integrating it into our platform. In part 1 we showed you how to create and import your own machine. You can read part 1 here. In this blog, we’ll walk through building a simple Linux privilege escalation scenario as a working example. Our goal is to give you the foundational steps so you can confidently design scenarios tailored to your own creativity, environment, and organizational needs. The lab objective Ensure you are connected to the machine via the Ubuntu user for the steps below and not our lab user (lab-user). The objective of this lab is to read a token file. To do so, the user will need to escalate privileges via a misconfiguration. We will create a flag.txt file inside /root/ that contains a string that the user must read in the lab. sudo nano /root/flag.txt Add some content inside the file. This will act as a flag that can be used later to complete the lab. w3ll_don3_h4ck3r Save the file The lab challenge Now let’s set up the challenge! The goal is for lab-user to find a way to read the /root/flag.txt which is owned by root and not accessible to the lab-user by default. They will do this by exploiting a world-writable script that is executed as the root user in cron job. Create a directory to hold the script that lab-user can exploit. For this example, it's going to be a simple script that outputs the current time to a file (not very creative). sudo mkdir /opt/date_printer This script will be executed by root, but lab-user will have write permissions to it. The initial content will be benign, but the purpose of this lab is for the lab-user to identify the misconfiguration that allows them to modify it to read the /root/flag.txt file to retrieve the flag. Create a file for the script: nano /opt/date_printer/printer.sh Add the following content: #!/bin/bash echo "Running date_printer: $(date '+%Y-%m-%d %H:%M:%S')" >> /var/log/date.log Save the file. Next, set the misconfigured permissions that allow lab-user to write to the script, enabling privilege escalation. sudo chmod +x /opt/date_printer/printer.sh sudo chown root:root /opt/date_printer/printer.sh sudo chmod 666 /opt/date_printer/printer.sh Additionally, we want to configure the folder to ensure root owns it, but other users on the machine have access to it. sudo chown root:root /opt/date_printer sudo chmod 777 /opt/date_printer Now, let’s add a cron job to run the script we just created. For this scenario, we are going to edit the /etc/crontab file. Cron jobs in this file are generally used for system-wide cron tasks and are readable by anyone. This is good as it adds some breadcrumbs to our lab! If the user reads this file (a common check when looking for privilege escalation on Linux), they will see a script gets run every minute, and it will point them to investigate that script file. Edit the file nano /etc/crontab Add the following line at the end of the file. This line tells cron to execute /opt/date_printer/printer.sh every minute, as the root user * * * * * root /opt/date_printer/printer.sh Save the file. At this point, we have a configured image with a low-privilege lab-user account, which we will use to connect to the lab machine. We also have a cronjob vulnerability that our users attempting the lab have to exploit as the lab-user! For this lab, all the user has to do is find the script that is run by the cronjob and edit it to print the token in the file we added at /root/flag.txt. They could do this by easily updating the /opt/date_printer/printer.sh script to replace the contents with #!/bin/bash cat /root/flag.txt >> /var/log/date.log This one-liner will cat the contents of the /root/flag.txt file to the /var/log/date.log file, which the user can then read to get the token (there are other things we could do here as well, but for the purposes of this lab, let's keep it simple). Imaging and sharing the lab AMI Go back to the EC2 dashboard and find the running instance you just configured. Right-click on the EC2 machine, select Image and templates, and then Create image. Image name: Provide a descriptive name, e.g., “MyFirstCyberLab-AMI” or “Linux-PrivEsc-Lab-AMI”. Image description: Add a brief description, e.g., “Custom lab with lab-user password SSH and cron job privesc scenario.” Leave other settings at their default values. Click Create image. This will now create an AMI from the configured EC2 lab machine. Adding your custom AMI to your lab Navigate to Lab Builder and go to your custom lab via Manage > Create Lab. If you haven’t created one yet, go ahead and do so by selecting Create a new custom lab. On the Lab details page, we can give our lab a name and configure various other settings. For the purposes of this example, we’ll call it Linux CTF Challenge, and we’ll fill out the rest of the information to ensure our users know what the lab is all about. Lab description: This is a Linux CTF machine designed to test your ability in privilege escalation! Estimated Time Required: 30 Minutes Difficulty: 3 Learning outcomes: Understand how to exploit a common Linux misconfiguration What’s involved: Investigate the machine and find the misconfiguration that allows for privilege escalation. Next, we want to fill in the briefing panel. The briefing panel is the learning material that lets our lab users understand a bit about the topic and anything else they need to know to answer the questions. Since this is a CTF, we’ll give them limited information: Linux CTF This is a CTF lab scenario designed to test your ability to exploit a common misconfiguration in Linux that could result in privilege escalation. Your task in this lab is to read a flag located at /root/flag.txt. Good luck! Next, we want to add a Task. Tasks are what the user has to solve to complete the lab. For this example lab, we want to add a question to verify that they’ve read the flag in the /root/flag.txt file. Select Add task, which will bring up a library of task types. From the library, select Question. This will add a question to the lab task list, which we can then edit by selecting Edit. Update the question settings to the following: Question text: What is the flag found in the /root/flag.txt file? Answer: w3ll_don3_h4ck3r The next stage is to import our custom image. Select Systems and then click Add under the Virtual machine—EC2 type. This will add a new machine to your lab. Once the machine has been added, we want to configure it. Selecting Edit at the top right will open the machine's configuration editor. In the blue information box, we provide which region and, most importantly, which AWS account to share your image with so that our platform can use it in a lab. Within your own AWS account where you created your AMI for the lab image, click on the AMI, and at the bottom of the screen, you will see Permissions. Select Edit AMI permissions and Add account ID. This will open a box where you enter the Account ID that is displayed in Lab Builder. Click Share AMI. Now, copy the AMI ID of the machine you just shared and add it to the Lab Builder machine AMI ID section: Set the following configuration for the other sections in this editor: System Name: Your chosen name for the system you’re configuring. For this example, let's call it “Linux Machine”. Instance Type: t3.medium Connection Type: SSH Username: lab-user (or the username you set) Password: lab-user (or the password you set) Once you’ve configured your system, you can easily use it in Lab Builder by selecting Preview System on the system view. Assuming you’ve built everything correctly, you’ll get a shiny preview of your newly configured machine! This is a good time to run through your lab scenario to ensure it's working correctly. And that’s it—congratulations on building your first practical lab! At this point, you can spruce up your lab by adding additional questions or details to the briefing panel and publish your lab to your organization for them to enjoy. This powerful new feature puts the control directly in your hands, allowing you to create incredibly specific and challenging learning environments. These range from simple privilege escalation scenarios like this one to complex, multi-machine attack simulations. We can’t wait to see the innovative labs you'll create. In the meantime, if you need more ideas or support, use our Help Centre docs for Lab Builder.
