CISO Game is a free, browser-based turn-based strategy simulator. You take the role of a Chief Information Security Officer at a fictional 500-person company and run the security program for 5 in-game years (20 quarters). You hire analysts, buy security tooling, defend a budget, brief the board, and respond to events — phishing campaigns, ransomware, regulator audits, vendor breaches.

Yes — completely free. There's no install, no payment, no advertising. You can play without an account or sign up to save runs across devices.

How long does a playthrough take?

Roughly 30 to 45 minutes for a full 5-year (20-quarter) campaign. Quick decisions during the inbox + event flow take 1–3 minutes per quarter.

Who is CISO Game for?

Aspiring CISOs, security students preparing for CISSP / CCISO / CISM, cybersecurity professionals exploring strategy trade-offs, and gamification fans who want a thoughtful turn-based sim about real security decisions.

What kinds of decisions do you make in CISO Game?

Buy from a 95+ catalog of products (EDR, SIEM, IAM, awareness, AppSec, AI security, GRC, services). Hire and assign owners to deployments. Respond to ransomware events, regulator-clock disclosures (GDPR Art. 33, SEC 8-K, NYDFS, OCR HHS, DORA, CIRCIA), board strategy reviews, M&A diligence requests, vendor lock-in pressure, and AI red-team findings.

How do you win CISO Game?

At the end of Year 5: Composite Posture must reach at least 60, Board Confidence at least 30, and cumulative overspend must stay under $500,000. You can lose earlier — board confidence below 20 for 3 consecutive quarters means the board fires you, and cumulative overspend above $1M means you're out.

Can I play CISO Game on mobile?

Yes. The game is designed mobile-first and works on iPhone Safari and Android Chrome. You can also install it as a Progressive Web App for full-screen play.

Are there real cybersecurity vendor names in the game?

No. The product catalog uses category descriptors (Mid-Tier EDR, Enterprise SIEM, Continuous Control Monitoring, TPRM Platform, etc.) so the game stays vendor-neutral. The mechanics are based on how each category of tool actually works in practice.

CISO Game — Free Strategy Simulator for Aspiring CISOs

Run information security at a fictional 500-person company for 5 in-game years. Hire analysts, deploy tooling, brief the board, survive breaches — all in your browser, free, in about 40 minutes.

CISO Game is a turn-based strategy simulator built for security professionals, students preparing for CISSP / CCISO / CISM, and anyone curious about the trade-offs in cybersecurity leadership. You play 20 quarters across 5 years, balancing posture, board confidence, customer trust, business friction, team morale, and budget — three of those metrics can end your tenure if you let them slip.

What you do as CISO

Choose from 95+ security products across EDR, SIEM, IAM, AppSec, awareness, GRC, AI security, and services.
Hire and assign Senior Analysts, Detection Engineers, IR Specialists, GRC Specialists, and a Deputy CISO.
Respond to 50+ event scenarios: ransomware foothold, credential stuffing, S3 leak, BEC against the CFO, vendor breach, regulator inquiries (GDPR Art. 33, SEC 8-K, NYDFS Part 500, OCR HHS, DORA, CIRCIA, NIS2, ESG/CSRD), AI red-team findings, M&A diligence shocks.
Brief the board at every annual audit. Lose them and the run ends.

How you win

At Year 5 (Quarter 20), you need Composite Posture ≥ 60, Board Confidence ≥ 30, and cumulative overspend ≤ $500,000. You can also lose early — three consecutive quarters of board confidence under 20 means you're fired, and overspend past $1 million ends the run immediately.

Who CISO Game is for

Aspiring CISOs and CISO-track security leaders. Students studying for CISSP, CCISO, or CISM certification. Cybersecurity professionals who want a thoughtful sim about strategy trade-offs. Gamification fans interested in a turn-based simulation rooted in real risk-and-control mechanics.

Why it's vendor-neutral

The catalog uses category descriptors — Mid-Tier EDR, Enterprise SIEM, Continuous Control Monitoring, TPRM Platform, Customer Trust Center, AI Prompt-DLP — instead of vendor names. The mechanics reflect how each category of tool actually works, so what you learn translates to real procurement decisions.

Security Education — built-in certification roadmap

Inside the game you'll find the full Cybersecurity Certification Roadmap — 70+ professional certifications across 14 career tracks (Foundational, Offensive, Defensive, Cloud, AI Security, Management, Forensics, Compliance, DevSecOps, Quantum, Architecture, more). Each certification entry shows cost, study time, salary range, demand level, validity, target audience, and career paths. A built-in 7-question quiz scores your fit across the catalog and surfaces your top-5 cert matches with reasons. Use it to plan your real CISSP / CISM / OSCP / CCSP / CCISO path while you play.

No install, no signup needed

Plays in any modern browser, mobile or desktop. You can start a run immediately as a guest and sign up later to save it across devices. No install, no setup.

Loading the interactive game…