Announcing the Winners of the 2025 Cyber Resilience Customer Awards!
What a year for cyber resilience! As we say goodbye to another Cybersecurity Awareness Month, we are thrilled to celebrate the organizations and individuals who have demonstrated exceptional dedication to proving and improving their cybersecurity posture, defending against emerging threats, and embedding a culture of resilience across their organizations using the Immersive One platform. Collectively, our customers have tackled countless labs and simulations, setting new benchmarks for capability and speed. After crunching the numbers and reviewing the nominations, we're ready to announce just some of the winners who truly excelled in 2025 across the following categories: Emerging Threats Leader Award The Emerging Threats Leader award recognizes organizations and individuals at the forefront of threat detection and threat hunting; proactively identifying risks and strengthening defenses using insights from our Cyber Threat Intelligence labs. đ Emerging Threats Award Organization Winners include: NHS England T-Mobile Arctic Wolf đ Emerging Threats Award Individual Winners include: Steven Glogger, Swisscom Paul Blance, Specsavers Taz Wake, Jones Lang LaSalle Mark Cox, NationalGrid Stephen Wilson, BT Group Cyber Resilience Leader Award This award acknowledges organizations that maximize the full use of the Immersive One platform to fully optimize end-to-end cyber readiness. True cyber resilience goes beyond simply preventing attacks; it encompasses the ability to prove, improve, benchmark and report your cyber resilience. đ Cyber Resilience Leader Award Winners include: Swisscom NHS England Arctic Wolf Darktrace BT Group Secure Development Champions Award This award celebrates organizations and individuals who champion security throughout the software development lifecycle. It recognizes a proactive approach to building secure applications, emphasizing practices like threat modeling, secure coding standards, and rigorous testing using the Immersive One platform to prepare and demonstrate secure coding practices. đ Secure Development Champion Organization Award Winners include: Citigroup GfK Swisscom đ Secure Development Champion Individual Award Winners include: Steffen Wacker, Arctic Wolf Joao Santos, GfK Omkar Joshi, GfK Balaji Kannan, GfK Naresh Sivakumar, GfK Alexander Kolyshkin, EMCD Exercising Excellence Award The Exercising Excellence award recognizes organizations that have excelled in regularly using scenarios on the Immersive One platform to prove their cyber resilience. They have successfully run multiple crisis simulations to regularly exercise their teams and have high levels of participation and engagement. đ Exercising Execellence Award Winners include: Mastercard Citigroup Siemens Energy NHS England Immersive Trailblazer Award This award recognizes individuals who simply love Immersive and have shown exceptional dedication to the platform. They have been amongst our top point scorers since January 1st 2025, completing thousands of labs and truly immersing themselves in the platform. đ Immersive Trailblazer Award Winners include: Mico Marcos, PepsiCo QingKai Ma, Hubbel Community Leader Award Our final award, the Community Leader award, recognizes individual members of the Human Connection Community that have contributed to, and engaged with, both community content and their fellow community members. They have consistently shared tips and advice, engaged with popular threads and participated in community events and meetups, helping to bring the Human Connection community to life. đ Community Leader Award Winners include: netcatâ stevenâ CyberSharpeâ autom8onâ MegMarCyberTrustâ Nneka_ANâ Dooleyâ DGâCommunity Newsletter - October 2025
Letâs see what October had to offer⌠đ Trick or Treat on Specter St. Have you completed the final lab of Specter St. and found your lost companion, Bones? If you find him before November 28th â and are a member of the Community â youâll receive a shiny digital badge on your profile. Need a hint, check out the Labs Live recordings or head over to the Help Forum and ask an expert. đ Customer Awards Soon to be revealed, our Customer Awards celebrate some of our incredible customers, and thereâs a special award for Community users! All will be revealed soon⌠đĄď¸ The Incident Room This month we started a series of LinkedIn challenges, where we present a cybersecurity or crisis situation along with three choices of how to respond. Voting takes place either through reactions or comments. We later reveal how our cyber experts would have dealt with the situation. Patch Newsday October 2025 - As per usual, the Container 7 team have reviewed the latest Microsoft patches so that you don't have to. đ Special Shout Outs Please join me in thanking this month's most helpful members in our Help & Support Forumââ. 1. barneyâ 2. edgarloredoâ 3. LewisMuttonâ 4. DGâ 5. Dragonstar16â If you'd like to see your name here one day, head on over to the forum and answer a question. đŽ Looking Forward Weâve got some exciting plans for a redesign of the Community, focussed around what users look for when they visit, and the ability to showcase the latest and greatest content â canât wait to share it with you all! As always, we want to hear from you. Please give us your feedback on your community experience and let us know what else you'd like to see. SamNo More Busy Work: How Programs Automate Personalized Cyber Readiness
Welcome back to our series, âBehind the Scenes of Immersive Oneâ! The following is a conversation with MartinHewittâ, Principal Product Manager for Immersive One, and RebeccaSchimmoellerâ, Lead Product Marketing Manager. âWeâve all seen the spreadsheet of doom. You assign a list of training labs to fifty people, and then you spend the next month chasing them down, manually checking completion statuses, and hoping the content youâve assigned them is actually relevantâbecause if itâs not, your learners are just tuning out. Itâs an operational nightmare, plain and simple.â Rebecca: Wow, yeah, we hear this constantly from the market, Martin. Leaders are drowning in admin work while trying to build resilience. It feels like weâve been handing learners a stack of maps and hoping they figure out the route. Meanwhile, busy learners assume the content isnât worth their time, so disengage. How does the new Programs capability change that dynamic? Martin: That map analogy is actually spot on. Until now, weâve had Assignments and Collectionsâwhich are great, but they are static. Like you said, itâs handing someone a map. Programs is a fundamental shift ⌠a GPS navigation system for learning. Instead of just handing a learner a stack of content and hoping for the best, a Program plots the optimal route based on their initial skill level. It re-routes them if necessary using logic, and it shows the manager if they fall behind schedule. We arenât just looking at completion anymore; we are looking at flow. Rebecca: I love the "GPS" concept. But letâs make this real for our customers. What does one of these "routes" actually look like? Can you give us a concrete example of a path a team might take? Martin: Absolutely. Letâs look at the SOC Analyst Program. It doesnât just start with a generic to-do list. It starts with an Adaptive Assessment. Based on those results, if the system sees a user is proficient and capable, it will route them into content that speaks to their level of knowledge and experience, rather than a one-size-fits-all (or, more often none) route. We see this for Cloud Security too. Engineers who know AWS inside-out don't need to waste time on S3 Buckets 101. The Program fast-tracks them to the advanced Cloud Defense scenarios. Itâs about respecting their time Rebecca: Thatâs a perfect segue to the learnerâs experience. We talk a lot about the managerâs benefit, but honestly, if Iâm an analyst, why should I care? How does this make my day or professional life better? Martin: If youâre a learner, the biggest benefit is that you stop doing "busy work." Nothing kills morale faster than being a senior engineer forced to click through beginner labs just to get a completion checkmark. With Programs, the system recognizes your skill level immediately. You get to skip the stuff you already know and focus on the challenges that actually help you grow. Plus, because itâs a cohesive journey, you always know why you are doing a task. You arenât just completing a random lab; you are moving through a cyber-narrativeâfrom detection to analysis to remediation. It feels less like homework and more like a mission. Rebecca: So, weâre moving from "did you do it?" to "are you ready?" That sounds like it aligns perfectly with the CISOâs need to prove outcomes. But Martin, what about the managerâs visibility? You mentioned "flow" earlierâhow is that different from just tracking who finished a lab? Martin: Right now, if you want to know who is struggling, you usually have to wait until the deadline passes and see who didn't finish. By then, itâs too late. With Programs, we focus on Pace. We capture a time commitment expectationâsay, two hours a weekâand the system calculates a "Burndown Rate." We can tell you in real-time if a user is Ahead, On Track, or Behind. Itâs about finding what I call the "Bread and Valley Joes"âthe people who are struggling silently. We want to surface those users to the manager before they fail, as well as highlighting the super-keen folk who really love stretching and testing their skills, weâre showing them as Ahead, making sure theyâre spotted and give them the opportunity for recognition. Rebecca: Thatâs huge for "Management by Exception." You don't need to micromanage the high-performers, but you can quickly help those who are stuck. Martin: Exactly. And weâve built the intervention right into the platform. You can filter for everyone who is "Behind" or stuck on a specific stepâlike Cloud Fundamentalsâand bulk-message them right there. No more downloading CSVs and running mail merges just to nudge your team. Rebecca: Martin, this is a massive step forward. But knowing you and the engineering team, youâre already looking at whatâs next. Can you give us a sneak peek at whatâs coming for Programs? Martin: Donât mind if I do! Right now, we have these amazing "Stock Programs" ready to go. In the New Year, weâre also handing the keys to customers ⌠weâre going to introduce a custom builder. Managers will be able to build a completely bespoke journey tailored to their specific organization, drawing from right across our whole catalog. Things like being able to create your own "onboarding flow" to mirror your exact tech stack and security policiesâŚ. Thatâs when things will get even more exciting. Rebecca: I can't wait to see what customers build when thatâs available, Martin. Thanks for walking us through the logic behind this milestone launch. This is major for customer outcomes. Martin: It is. Weâre finally moving learners from just "completing tasks" to building real muscle memory. Thatâs the stuff that benefits their org now, and that they can carry it with them to their next professional opportunity. Final Thought Programs represent a shift that benefits the entire security function. For the organization, it replaces static assignments with an operational engine that measures true readiness against critical threats. For the learner, it transforms training from a checklist into a career-building journey, ensuring they develop skills that last far beyond their current role. Want to see how it works? Donât miss this demo.Bad News for Black Hats: Why Our New Dynamic Threat Range Is Bound to Ruin Their Day
Welcome back to our series, âBehind the Scenes of Immersive Oneâ! The following is a conversation with DaveSpencerâ, Immersive Product Manager for Technical Exercising, and RebeccaSchimmoellerâ Lead Product Marketing Manager. âGetting your SOC team off their desks for a multi-day drill is tough. Then, having them practice on a generic SIEM when your entire team lives and breathes in Splunk? I mean, practice is supposed to make perfect ⌠That set-up is ⌠flawed.â Rebecca: No kidding, Dave. It sounds like you heard from a lot of SOC Managers that their teams were running straight into what we call the ârelevance gap.â Can you break down what that actually means for hands-on analysts? Dave: Think of that 'gap' as the frustrating space between theory and reality. Itâs when you force an analyst to practice on a generic, made-up tool, but their actual job is 100% in Splunk. Itâs running an exercise on a simple, flat network when your real corporate network is a complex, segmented beast. Rebecca: So, the skills they're learning just don't transfer to the real world. Dave: Exactly. Itâs why a team can get a 100% pass rate on a training module and still be completely unprepared when a real incident hits. Itâs not just wasted time; itâs a false sense of security. Rebecca: So, how does our new Dynamic Threat Range capability solve that? How do we close that gap for good? Dave: By blowing it up entirely. We built this from the ground up to be hyper-realistic. Dynamic Threat Range is the only capability on the market that lets teams run live-fire exercises in a high-fidelity replica of an enterprise environment, using licensed security tools. At launch this November, weâre talking native support for Splunk and Elastic. This isn't just replaying logs; it's an authentic, full-chain adversary attack, built by our elite C7 threat team, running on the exact tools teams use every single day. Rebecca: Okay, so thatâs a game-changer for the hands-on user and, no doubt, from managers too. Theyâre struggling to prove where their team is at in order to help them improve. How do we help them with this? You know, move beyond a pretty unhelpful "pass/fail"? Dave: Right. That's actually a core pillar weâve built against. With Dynamic Threat Range, customers move beyond arbitrary scores. Our design is all about objective proof of readiness. We're giving managers the hard data they need to prove their teamâs capability and justify their security spend. Rebecca: Oh ⌠tell me more! Dave: At launch, weâre measuring key metrics like Time to Detect, Time to Escalate, and Investigation Accuracy. Itâs the only way to get verifiable, evidence-based data on performance. âIn a real attack, the platform doesnât tell you if youâre right or wrong. So why should your exercise?â Rebecca: Running full-chain attacks on a replica of a customer's environment sounds incredibly complex. I can just hear the IT and Ops teams groaning about setup, VPNs, and operational overhead. Dave: (Laughs) Yeah, we heard that, too. And thatâs why we made it 100% browser-based. No VPNs. No operational headaches. You get into the exercise and start learning in seconds. We also designed the exercises to be practical. Getting a SOC team offline for a multi-day drill is really hard. So, these default to 4 hoursâintense, focused, and easy for a manager to schedule. You can extend it to 24 hours if you want to practice handovers between shifts, but the goal is zero friction. Rebecca: I love that. So, as an analyst, what can I actually do in these 4-hour exercises at launch? Dave: Weâre launching with two critical exercise types. First is Digital Forensics and Incident Response (DFIR), where you join after the attack has happened and you have to use your Splunk or Elastic instance to piece together what went wrong. The second is Threat Hunting, which I love. You're in the environment as the attack itself is kicking off, and you have a detailed threat intelligence pack to work from, allowing you to proactively detect the threat before it causes real damage. Itâs the difference between being a digital archaeologist and being the hunter on the ground. Rebecca: So cool! This is already huge, Dave. Knowing you, though, the team is just getting started. Whatâs the long-term vision? Dave: We're moving fast. Weâre already working on Microsoft Sentinel support for Q1 2026. After that, weâre building out exercises for the entire security lifecycleâContainment, Recovery, Red Team, and Purple Team drills. The vision is to let you exercise every part of your security function and then benchmark your performance against your industry peers. Thatâs the real holy grail: knowing exactly where you stand. Rebecca: Dave, this is incredible. The passion you and the team have for solving this real-world problem is clear. Thanks so much for geeking out with me today. Dave: Any time. We're just excited to get it in people's hands. Final Thought The days of generic, classroom-style training are over. Dynamic Threat Range finally bridges the gap between practice and reality, allowing your teams to build muscle memory on the actual technology they are paid to protect. It moves your entire security function from âwe think weâre readyâ to âwe know weâre readyââwith the data to prove it. Want to see how it works? Donât miss this demo.New CTI Lab: Lazarus Cyberespionage Campaign: Analysis
In early November 2025, North Korean state-sponsored actor Lazarus was reported to have launched various attacks as part of a long-standing cyberespionage campaign linked to Operation DreamJob. Targets of the attacks include European organizations manufacturing unmanned aerial vehicles (UAV), aircraft component manufacturers, and British industrial automation organization. Lazarus's and by extension North Korea's operational objectives with these attacks is assessed with high confidence to be cyber espionage. What is this about? The attacks launched by Lazarus used a custom remote access trojan called ScoringMathTea RAT, which uses its own cipher system to obfuscate its code to conceal its functionality from analysts. The lab involves reverse engineering the malware and identify indicators of compromise by breaking the cipher and using that to identify what the malware is doing. Why is this critical for you and your team? North Korean cybercriminals and state sponsored actors are highly skilled, persistent, and aggressive in the pursuit of the North Korean regimes objectives, and one of those objectives is stealing information from targets that can affect national security. Understanding how North Korean cyber operators conduct attacks and understanding their tooling is essential for analysts to be better equipped to tackle these threats. Who is the content for? Malware Analysts and Reverse Engineers SOC Analysts Incident Responders Threat Hunters Tactical and Operational Cyber Threat Intelligence Analysts Here is a link to the lab: Lazarus Cyberespionage Campaign: AnalysisImmersive Certifications: From incident responders to SOC analysts, weâve got you covered!
Our career paths are crafted by Immersive experts and designed to give you hands-on, in-depth technical learning across a range of areas. When you complete a career path, weâve always been proud to see people share their achievements and showcase their badges online. But you called for something more â and we heard you. Now, when you complete one of our 39 Immersive Certified career paths, youâll be able to download a certificate to demonstrate your achievement and showcase your skills. Our Immersive Certifications cover a range of areas, whatever your interests and expertise â from SOC analysts to incident responders, penetration testers to threat hunters, and Java developers to malware analysts. And a number of the Immersive Certified career paths range from beginner to advanced levels, so you can keep building your skills. If youâve already completed one of the Immersive Certified career paths, youâll be able to download a certificate today. Simply head into the Achievements area of the platform (Upskill > Achievements) and select the relevant career path. If you havenât completed a career path yet, check out the options in the Upskill > Career Paths area of the platform. You can find further information on Immersive Certifications and all of our Immersive Certified career paths in the FAQs page on the Helpdesk. Immersive Certifications are a new feature. Weâre keen to hear your feedback on how they can help develop your skills, share your achievements with others, and demonstrate your learning. Leave a comment below to let us know your thoughts!New CTI Labs: CVE-2017-1000353 Offensive and Defensive (October 2025 CISA KEV Additions)
In October 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added five new vulnerabilities to its known exploited vulnerabilities catalogue, one of which was a critical 2017 vulnerability affecting Jenkins versions 2.56 and earlier and 2.46 LTS and earlier. This vulnerability allowed attackers to gain remote code execution on vulnerable instances. Why is this critical for you and your team? Jenkins is a widely used application. Shodan reports confirm that there are 000s of instances exposed to the internet, with the vulnerable versions. With this vulnerability being a critical remote code execution vulnerability, the impact is significant. Understanding how to investigate logs for this attack and understanding how to successfully achieve exploitation is important for any team. Even though it's a 2017 vulnerability, it's a very recent addition to CISA KEV, which illustrates just how significant it is, and that even today, attackers are using this vulnerability to gain footholds and compromise vulnerable victims. Who is the lab for? SOC Analysts Incident Responders Penetration Testers Red Teamers Threat Hunters Here are the links to the labs: Offensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-offensive Defensive: https://immersivelabs.online/v2/labs/cve-2017-1000353-jenkins-command-injection-defensiveOctober is here! Prepare for Cybersecurity Awareness Month with Immersive đ
In a world where technology and threats are constantly evolving, building a resilient team is more important than ever. At Immersive, we're proud to be your partner in this journey, and we've put together a fantastic lineup of events, challenges, and resources throughout October to help you and your teams stay ahead of the curve. Whatâs on at Immersive this Cybersecurity Awareness Month đ Oct 1st Whitepaper: GenAIâs Impact on Cybersecurity Skills and Training Oct 6th Trick or Treat on Specter Street Challenge Begins: Labs 1-3 Oct 9th Labs Live: Ripper's Riddle Community Webinar Oct 13th Trick or Treat on Specter Street Challenge: Labs 4 - 6 Oct 15th Webinar: How to Build a People-Centric Defense for AI-Driven Attacks Oct 16th Labs Live: Cursed Canvas Community Webinar Oct 20th Trick or Treat on Specter Street Challenge: Labs 7 - 9 Oct 22nd Cyber Resilience Customer Awards Winners Revealed Oct 23rd Labs Live: Macro Polo Community Webinar Oct 27th Trick or Treat on Specter Street Challenge: Labs 10-12 Oct 30th Labs Live: Phantom Pages Webinar Oct 31st Trick or Treat on Specter Street Challenge Finale: Labs 13 Oct 31st Virtual Crisis Sim: The Puppet Masterâs Trick or Treat Challenges and Labs Trick or Treat on Specter Street đť Welcome to Trick or Treat on Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything weâve encountered before. Each week throughout October, weâll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street. Can you crack the case? Find out more. AI Foundations đ¤ Ready to navigate the rapidly evolving world of Artificial Intelligence with confidence? Give our new AI Foundations lab collection a go! Designed to equip your teams with critical AI knowledge and practical implementation skills; this initial collection features seven foundational labs that progressively guide your teams from high-level overviews to secure, hands-on AI implementation. Find out more. Events and Webinars Webinar How to Build a People-Centric Defense for AI-Driven Attacks Wednesday October 15th A must-attend event for understanding how threat actors are leveraging AI and other emerging technologies to carry out attacks. Register Now. Virtual Crisis Sim The Puppet Masterâs Trick or Treat Friday October 31st Join us on Halloween as the notorious Puppet Master returns for a fiendish game of Trick or Treat đ Play along with our Immersive crisis response experts as we tackle a LIVE coordinated attack from the Puppet Master on a Critical National Infrastructure organization. Dare you play the Puppet Masterâs game and survive, or will they finally get their revenge?! Register Now. AI and Emerging Threats Throughout the month, weâre shining a spotlight on the rise of AI in cyber. From our all-new AI Foundational lab series to cutting edge research from the experts at the cutting edge of GenAI in cybersecurity in our latest whitepaper: GenAIâs Impact on Cybersecurity Skills and Training. Explore our latest AI-focused resources and upskill your teams to confidently face the future of cyber resilience. Check out our latest reports, articles, webinars and more on GenAI, here. Celebrating Cyber Resilience Heroes đ We're also celebrating the individuals and organizations at the forefront of cyber resilience with our Cyber Resilience Customer Awards. Keep your eyes peeled on our social channels! We'll be unveiling our latest winners on October 22nd, recognizing those who demonstrate an outstanding commitment to proving and improving their cyber readiness. It's going to be a jam-packed month focused on practical application and deep engagement. Letâs make this the most secure October yet!Community Newsletter - September 2025
BenMcCarthyâ But before we get into that, letâs take a look at all the great things we achieved together throughout September⌠đ The Maze Challenge How did you manage with our most difficult lab challenge ever? Thousands of you attempted the challenge, but only 4 people escaped the Broken Maze! Congratulations if you were one of them. Need a hint, check out the Q&A Webinar or head over to the Help Forum and ask an expert. đ° Community Updates Here are some of my favourite community articles from the last month: StevenBoydâ shared his thoughts on CVE-2025-32463, a critical vulnerability in the sudo Linux utility. KitHudsonâ shared his analysis of CVE-2025-53770, a critical, unauthenticated remote code execution vulnerability in on-premise Microsoft SharePoint servers. đĄď¸ Container 7 Updates Container 7 is the home for our team of cyber security experts to post about their research, insights, and the latest threats and vulnerabilities that you need to know about. Scattered LAPSUS$ Hunters: The Cybercrime Group Redefining Threats - @ben and KevMarriottâ shared their thoughts on three of the most notorious groups this year, Scattered Spider, LAPSUS$, and ShinyHunters, joining forces. Patch Newsday September 2025 - As per usual, the Container 7 team have reviewed the latest Microsoft patches so that you don't have to. đ Special Shout Outs Please join me in thanking this month's most helpful members in our Help & Support Forumââ. 1. autom8onâ 2. jcberlanâ 3. KingMashabaâ 4. LewisMuttonâ 5. edgarloredoâ If you'd like to see your name here one day, head on over to the forum and answer a question. đŽ Looking Forward We are very excited to welcome you to Specter Street, a Halloween-themed cybersecurity challenge where you'll use both offensive and defensive skills to solve a mystery unlike anything weâve encountered before. Each week throughout October, weâll drop new hands-on labs that slowly begin to uncover the secrets of Specter Street and the furry friend causing havoc. Look out for tomorrowâs blog post which will have all the details about this, and the rest of our Cybersecurity Awareness Month programming. As always, we want to hear from you! Please give us your feedback on your community experience and let us know what else you'd like to see. See you in the community soon! KieranNew Labs - Malterminal: Malware Analysis
With artificial intelligence (AI) and large language models (LLMs) fast becoming a more popular and talked-about set of technologies in every industry in society, it's no surprise that LLM-enabled malware now exists that can dynamically generate code, query data, and offload malicious functionality to LLMs, lowering the barrier of entry for threat actors deploying malware. This lab introduces one of the first known malware samples to ever facilitate the use of LLMs to perform malicious functionality. Why should our customers care? Most, if not all, companies are looking into using AI to varying degrees, whether to make their workforce more efficient and productive or to build full models that facilitate technical processes. With this in mind, and with the advent of basic malware that can use API keys to query LLMs and AI services, we will likely see this particular malware set evolve over time. By doing this lab, you'll begin to see how these pieces of malware are just the stub and querier for AI and how they can be used maliciously. This will showcase what this threat is like in its current state. We shall be monitoring how this threat evolves, so stay tuned for more labs. Who is the defensive lab for? SOC Analysts Incident Responders Threat Hunting Here is a link to the lab: https://immersivelabs.online/v2/labs/malterminal-analysis
