Cyber Security Training and Exercises

Team-Based, Realistic, Hands-On Training.

Don't just lecture, exercise!

All too often training is individual-focused and curriculum-centric. Cyber Exercises are the answer to a worldwide trend of successful cyber attacks and the corresponding monetary losses victims sustain.

Cyber Exercises provide the opportunity for participants to not only work as individuals, but as a team, on educational, real-world scenarios. Focusing on more than just passing a certification exam, cyber exercises provide the freedom to target both tactical proficiency, as well as the ever-important soft-skills necessary to provide cutting-edge security practices.

Cyber Exercises promote proper risk management and incorporate the various roles, responsibilities, and business units that are typically involved in your daily operations. Cyber Exercises are the perfect outlet to test, evaluate, refine, and assess your policies and procedures, as well as provide the skills acquisition you desire. Don't just lecture your organization on what you want, show them!

Each cyber exercise event includes a number of relevant scenarios, based on the threats you face on a daily basis. At the conclusion of an event, your organization is provided with a detailed assessment of your teams and participants. This report also highlights future training opportunities, custom-tailored for you.

Cyber Exercises are both a training event, and assessment, all in one!


Cyber Exercises provide a number of benefits in comparison to traditional training methodologies.


On a daily basis, your staff doesn't work alone- they work on teams.  Why not train your staff as a team?  Cyber Exercises do just that, providing training in a group-based setting so your staff can learn together.  Through this team-based setting, your staff quickly learn who in your organization has certain talents and who can be leveraged for certain challenges.


Typical lectures and coursework focus on theoretical topics which are important for fundamentals skills. However, in the real world, you are up against real attackers and real threats. Cyber Exercises are as realistic as it gets, using actual systems, real attacks, and real tools and tactics. Your teams can reap the benefits of training under a high-intensity, realistic situation, without any of the consequences of an actual cyber incident!


Responses to real-world attacks don't begin and end with your security team, and neither do Cyber Exercises. When you experience a real incident, you see many non-technical teams working together, from legal to public relations. In a cyber exercise, all of the relevant teams and stakeholders are incorporated into the training, making sure everyone is prepared, no matter their role.

Soft Skills

Performing in the real-world isn't exclusively about cutting-edge technical skills, it's also about communication, documentation, and cooperation. When facing real cyber threats, soft skills are just as important as technical proficiency. Cyber Exercises train these ever-important soft skills, ensuring your organization is set up to succeed.

Policies and Procedures

It is imperative that staff not only know and understand your policies and procedures, but also prepare and practice with them. Cyber Exercises provide the opportunity to put your policies and procedures to the test. They also provide an excellent opportunity to review and optimize your policies and procedures, towards ensuring you are ready should a real security event take place.


Cyber Exercises are not theoretical or abstract, they are hands-on and practical. The hands-on nature of an exercise isn't like a demo or lab in a tradition course- instead, exercises have participants working through their job roles. You use real tools on real systems to learn, test, and demonstrate real skills.


Cyber Exercises are more than just a training event, they are an assessment as well- an assessment of your staff and organization's preparation for real cyber security incidents. Cyber Exercises provide a mechanism to test your team's technical skills, soft skills, and execution of your policies and procedures all at once.


The training doesn't end when an exercise is over. Each exercise produces a comprehensive report detailing the outcome of the training, including areas for improvement. These post-exercise reports provide granular details on your organization, specific teams, and each individual. With the report in hand, you can continue to prepare your team with additional, custom-tailored exercises, and traditional training as needed.

Much More

Cyber Exercises are truly a unique, engaging, and revolutionary way to train your teams. With a Cyber Exercise, you are getting far more than training- you are getting prepared. And being prepared is one of the most valuable assets you can have in your cyber security plan. Don't wait until it's too late, get ready today!

Interested in running your own exercises, competitions, and events?  Check out WraySec's Cyber Exercise EngineCyExNg.  With CyExNg you can host your own cyber exercises, ranging from internal training events to international cyber competitions.

Cyber Security Training.

Instructor-Led training focused on getting your staff the skills they need!
Classroom time is a valuable addition to your training program- be it to learn a new skill or refresh on topics outlined from a Cyber Exercise, instructor-led training provides the individualized and skill-centric training to fill the void. Instructor-Led training is a great compliment to cyber exercises, or a valuable service by itself.  Through cutting-edge cyber security curriculum, your staff will learn the skills they need to stay one step ahead of your adversaries.  Our security courses focus on the skills needed to excel in today's fast-paced world.  Take your security training program to the next level by providing your staff with both cyber exercises and instructor-led training.  Learn new skills in the classroom and train them in your exercises!
Here are just some of the courses we offer:
Crawl-Walk-Run Defense TrainingRisk Management TrainingPolicy and Procedure Training
Infrastructure Hardening TrainingPatch Management TrainingIdentity Management Training
Wireless Security TrainingWeb Application Security TrainingEnd-Point Security Training
Firewall TrainingIDS/IPS TrainingNetwork Forensics Training
Vulnerability Assessment TrainingPenetration Testing TrainingRed Team Training
Linux Administration TrainingNMAP TrainingSnort Training
XSS TrainingSQL Injection TrainingTCPDump/Wireshark Training
Incident Response TrainingActive Defense TrainingAnd Much More...
Don't see the course you need?  Not a problem, we can build custom-tailored content to meet your needs!
Is your staff prepared for the next cyber incident?  Do they have the skills necessary to protect you from dedicated attacks?  We can help by providing valuable instructor-led training to your employees, managers, and technical personnel.

User Education and Awareness.

Your users are the first line of defense!
As organizations continue to harden their environments and implement robust security controls, the threat actors have adapted. In years past it was common for external attackers to scan your infrastructure and find an open hole. While this is still possible, the time and resources needed by attackers has substantially increased. As such the malicious actors have shifted their focus, going after the weakest link: your employees. All it takes is one rogue website, one email attachment, or one convincing phone-call, and your security defenses can come crumbling down.
We live in an interconnected world, and your employees need internet access to do their job. However, the same internet you use to do research and communicate, is the same internet your enemies hide behind waiting to attack. Compromising advertisement networks, big-name websites, and drive-by exploitation are just a few methods attackers use to target your organization. Common attacks, from the watering-hole attack to spear-phishing, are avoidable with proper vigilance. Train your users on how to spot a rogue website, and train your IT staff on how to implement proper filtering to prevent malicious content from entering your environment.
Email is a critical communication platform for everyone, from your neighbor to Fortune 500 companies. But it's also a lucrative attack platform for threat actors. Can your employees spot a phishing attempt? Do they know what to report and to whom it should be reported? How about malicious attachments? It's a common misconception that anti-virus will prevent malware from infecting your environment, but that's not always the case. Even a seemingly legitimate text document or spreadsheet can contain malicious code that will devastate your environment. Make sure your employees know the signs of a malicious attachment and what to do when they are targeted.
Social engineering is a major threat to the security of your infrastructure. It can be very difficult to spot a skilled social engineering attack, and personnel must be trained appropriately. Do your employees know how to handle a call from somebody posing as a trusted party? What if they are asking for sensitive information, such as passwords or device configurations? Can your personnel handle a cyber incident such as an external attack?
We can help by providing valuable social engineering training to your employees, managers, and even technical personnel.