The world of cybersecurity is not just about code and firewalls, but above all about people, decisions made under pressure, and the ability to think strategically. On 3 December, the Poznań University of Economics and Business (UEP) hosted an international round of ‘The CISO Game’, a strategic simulation that tests professionals and academics in their ability to manage real-life cyber crises.
What is ‘The CISO Game’?
The format is a serious game in which participants take on the role of a security management team. The aim is to deal with cyber incidents in real time, whilst balancing limited budgets and corporate communication. The scenario was the same for everyone, but included four decision points with 32 possible outcomes.
The Role of Cyber Mentors
Crucial to the success of the exercise was the presence of the Cyber Mentors, industry experts who led the discussion groups. Their role was not to provide answers, but to encourage critical thinking, prompting participants to ask themselves: ‘What would I do if this actually happened to my company?’.
The mentors observed with great interest how, despite the information about the scenario being incomplete (just as happens in real life), the teams managed to work together successfully to complete the mission.
Participants’ reflections
From an academic perspective, the event was praised as an excellent example of ‘cooperation with the professional world’. One of the most widely shared observations concerned the importance of moving beyond theory:
‘University shouldn’t just be about books; it should be a place where real-world issues can be discussed in a safe environment. Seeing people from such diverse backgrounds sitting around the same table enriched the debate: everyone focused on different details, leading to a much deeper understanding of the bigger picture.’
For those with a more technical background, who are used to adhering to strict standards, the game presented a relational challenge.
‘Professionally, I tend to follow procedures to the letter, but this game has taught me the importance of listening to others. Bringing together the different skills within the group led to a much better result than I could have achieved on my own.’
Crisis management has laid bare the decision-making processes. Many teams have tried to use democratic methods to decide on the next step, but the process has not always been straightforward.
‘We engaged in lively debate to get our views across, but the real value lay in being able to change our minds. Thanks to feedback from others and our cyber mentors, many of us questioned our initial assumptions in order to reach the right decision regarding security.’
The organisers’ reflections
‘The value of the simulation lies not in “practising techniques”, but in making the decision-making process during an incident explicit: what information is missing, what assumptions are we making, and how to prioritise between containment, business continuity, compliance, communication and budget. The fact that this was the first edition in Poland is also interesting from an organisational perspective: it brings stakeholders with different languages to the same table and makes the trade-offs measurable. The four decision points, with 32 possible outcomes, force the team to think in terms of scenarios and negotiate in a structured way, with mentors facilitating critical thinking without providing ready-made solutions. It is a training exercise that enhances governance maturity and incident response capabilities.”
“The CISO Game is the quickest way to turn cybersecurity from theory into real-world decisions, complete with pressure, budget constraints, information overload and business impacts – just like in everyday working life. Bringing it to Poland for the first time was a motivating challenge and a strong signal: the topic is well established, and the participants’ contribution was as significant as their feedback at the end of the conference. It confirmed that the community’s energy is very real. If you want an event that promotes networking and interactive learning whilst also delivering memorable experiences, practical lessons and concrete insights, hosting it within your organisation is a choice that pays off immediately: in just a few hours, you will see people from different professional backgrounds grow, equipping themselves with new cyber skills, managerial soft skills and operational best practices.”
– Andrea Fumagalli
Conclusions
The success of the event confirmed that cybersecurity is, above all, a matter of keeping an open mind. Knowing how to manage uncertainty and coordinate the human factor remains the biggest challenge for CISOs.
Would you like to host an interactive and educational event at your company?
By participating as a sponsor or partner, or by hosting a cyber event, you can:
- Train staff in a simulated yet realistic environment
- To foster networking among security professionals, decision-makers and the academic community
- Promoting a culture of cybersecurity through an innovative and engaging format.
To find out about upcoming dates or to put your organisation forward as a partner, please contact us and stay up to date with the latest developments.
