Skip to main content

Immersive Workforce Exercising Scenario Catalog

Joanna Scherer
Updated

The Immersive Workforce Exercises scenarios offer a diverse range of interactive exercises and content designed to enhance workforce awareness, preparedness, and skills in cybersecurity and privacy matters. These scenarios cover various topics such as workforce exercising, data subject rights requests, smishing threats, and more, providing a comprehensive learning experience for users to strengthen their cybersecurity knowledge and practices.   

Standard Scenarios

These scenarios cover multiple risk areas. Written with a rich, realistic narrative, the participant makes decisions based on an evolving storyline.

Title Risk Areas Description
Social Engineering Techniques Phishing

Phishing and fraudulent communications (known as social engineering) remains one of the most successful ways for cybercriminals to gain access to organizations, with over 3.4 billion phishing emails sent everyday and 57% of organizations reporting that they deal with phishing on a weekly basis. Using methods such as emails encouraging you to click on links, download malicious attachments, or share information with people who are not who they claim to be, phishing represents one of the main ways that you may be targeted within your organization.

Prepare to protect yourself and your organization with our new Social Engineering Techniques scenario. This scenario covers some of the newest phishing techniques used by hackers to encourage you to respond, download attachments, and/or perform tasks for them.
Don't Take the Bait Phishing In this exercise, participants are challenged to identify suspicious emails and recognize the tactics used by scammers in phishing attempts. With scammers employing increasingly sophisticated methods, including AI, to create convincing fraudulent messages, it is crucial to be able to spot the signs of a phishing email. The exercise adapts to the participant's knowledge level, providing personalized advice to enhance their ability to identify and protect against phishing attacks, ultimately strengthening their cybersecurity awareness and resilience against online threats.
Deepfake: Vishing Social engineering You are the executive assistant to the CEO of a large bank, who is attending an annual conference. You are not in attendance, but are providing remote support to both the CEO and the team on the ground. You have received two voicemails from the CEO and need to take action on each one.
PayDay Blues Social engineering
Security reporting and responsiveness
Digital footprint

You work in the head office at Freshter Ltd as a lead analyst and have built a positive reputation as the "go-to" person whenever anyone needs assistance or advice.

In this scenario, the topics of phishing, social media privacy settings, and reporting of security incidents are covered.
Safe Travels Browsing securely
Physical security
Device security

You work as a solutions consultant in the financial services sector. On Monday you’ll be flying out to meet with customers in Poland.

In this scenario, the topics of security on the go, remote working, and VPNs are covered.
A King's Ransom Security reporting and responsiveness
Browsing securely

You work for Freshter Ltd, an international just-in-time produce distribution company. You work from home, so frequently communicate with your colleagues via video calls, emails, and the company’s messaging app.

In this scenario, the topics of ransomware and insecure web browsing are covered.
Working Practices Data handling
Security reporting and responsiveness

You're an account manager for InsiteDataCorp and regularly handle customer data. You work solely in the office and rarely take work home.

In the scenario, the topics of reporting incidents, phishing, and remote working are covered.
We Are The Champions Data handling

You work for PunterPlay, an online gambling company. As a fast-growing company in a very competitive market, PunterPlay relies on close integration with third-party organizations to provide extra services in areas such as marketing and sales promotions.

In this scenario, the topics of security champions, secure data handling, and security policies are covered.
First Day On The Job Digital footprint
Authentication
Device security
Security reporting and responsiveness
Social engineering

You are about to start your new job at DicedPineapples, a small media startup. Your goals for the first day are to meet everyone in the company and set up your workspace.

In this scenario, the topics of physical security, passwords, and social media privacy are covered.
A Tough Call Security reporting and responsiveness
Authentication		 You work as a customer service advisor at Katara10, a domestic energy supplier. Your colleague Amari is excited to tell you the news about his promotion, which includes receiving a work mobile phone.

In this scenario, the topics of passwords, stolen devices, and security on the go are covered.
Pick Up and Play Device security
Security reporting and responsiveness

You’re an account manager for Credita. As part of your role, you’re in daily contact with data managers at multiple banks, sharing important credit check information with them.

In this scenario, the topics of rogue USB devices and reporting security incidents are covered.
A Big Deal Digital footprint
Security reporting and responsiveness

You work at MilkshakeSocials as the executive assistant to its high-profile CEO. There's an important meeting today with a client and you're on hand to make sure everything runs smoothly.

In this scenario, the topics of identity theft and privacy of information are covered.
Digging Deeper Social engineering
Security reporting and responsiveness

You're the finance manager at a startup company called Ouvi Automotive Insurance. You've got a busy day ahead that involves approving purchases, checking emails, and attending meetings.

In this scenario, the topics of passwords, phishing, and verifying callers and contact requests are covered.
An Expensive Call Physical security
Security reporting and responsiveness

It’s the beginning of a new week in your role at Cardamom, a startup software company. You’ve been booked to go on a last-minute work trip to meet clients across the country.

In this scenario, the topics of remote working and reporting incidents are covered.
Text Thread Social engineering
Digital footprint
Security reporting and responsiveness

You’ve had a long and busy day at work and it’s time for you to finally head home. You’re just about to close down your computer when you receive a message from an unknown number.

In this scenario, the topics of social engineering and identity verification are covered.
Business As Usual Social engineering
Digital footprint
Security reporting and responsiveness

You’ve just started working at GreenBottle Inc, a software company that provides collaborative ways of data sharing with useful dashboards. As part of your role, you’ll need to be active on social media to find new prospects for GreenBottle Inc.

In this scenario, the topics of phishing, reporting incidents, and digital footprints are covered.
A Great Solution Physical security
Device security
Data handling

Friday is finally here. You’ve spent the week working on a media project for a client, a short film, and the deadline is fast approaching. You’re hoping to finally get it finished today so that you can enjoy the weekend.

In this scenario, the topic of physical device storage versus cloud storage is covered.
Secret Santa Social engineering
Security reporting and responsiveness

You’re an executive assistant for the CEO of Connectalize Communications. One of your seasonal duties is arranging end-of-year rewards from the CEO to the rest of the employees. Are you ready to be the office’s Secret Santa?

In this scenario, the topics of phishing, risk reduction, and incident reporting are covered.
Strange Activity Security reporting and responsiveness
Data handling

You work as a customer service advisor for IM-Universe, an online gaming service that has recently made several staff redundant. You're just starting your day when you notice several reports from customers detailing strange activity on their accounts.

In this scenario, the topics of security reporting and responsiveness, and data handling are covered.
Working from Home Device security
Physical security

You have started a new role as a Financial Manager in the financial services sector. It’s an exciting opportunity enabling you to work from home.

In this scenario, the topics of device security, and physical security are covered.
A Helping Hand Security reporting and responsiveness In this scenario, you work for a SaaS scale-up and have the potential to use AI to help you in your work. This scenario focuses on things to consider when using emerging technology in the workplace.
Visiting Hours Physical security You work for MoolAI, a FinTech company based at a coworking space in London. Several other businesses operate out of the same coworking space. You must escort a visitor safely through your workspace.
Footprints in the Sand Digital footprints In this scenario, you will have to decide on using social media appropriately, identifying OSINT risks, and deciding how and when to securely share information.
Password Problems Authentication You work in the finance department of a marketing agency, Bernard and Kate. It’s a busy time of year, with lots of your big clients spending leftover budget with you. Your IT team is rolling out system upgrades. You must set new secure passwords, and keep your account safe.
Browsing Around Browsing securely In this scenario, you work as a Product Designer. Part of your role is to conduct lots of research. You must effectively and securely browse the internet while setting up your browser software to mitigate security threats.
Public Demonstration Security reporting and responsiveness In this scenario, you work for a large energy company. You must respond to unusual activities of colleagues, suspicious behavior relating to your office premises, and security incidents.
Data Decisions Data handling In this scenario, you work in a data analytics company and are faced with several decisions related to the appropriate handling and management of data within your role.
New Job, New Hardware Device security In this scenario, you work for a technology start-up and have recently been promoted. This brings with it a technology upgrade! You'll need to consider various aspects of keeping your new device secure.

 

Operational Threat (Standard) scenario

Note: You will need an Immersive OT/ICS license package for this scenario

TitleRisk AreasDescription
Orchid Gas: Gas Distribution IncidentUnauthorized Access In this scenario, the topics of industrial control system (ICS) security, incident response during active shifts, and thwarting criminal groups are covered as an external threat targets your engineering workstations during normal operations.

Multi-role scenarios

The participant makes decisions across multiple job roles, as the storyline evolves. These scenarios can cover multiple risk areas.

Title Risk Areas Description
Internal Affairs Security reporting and responsiveness
Physical security

Dynamik Manufacturing is a robotics and manufacturing company. It produces and operates control systems and production line machines for multiple international companies. Some products and services are used to manufacture motor vehicles, aviation, train, and military equipment.

In this scenario, you'll play multiple roles within the company as the situation unfolds, each with different responsibilities.

In this scenario, the topics of security reporting and responsiveness, and physical security are covered.
Strange Activity Multi-Role Security reporting and responsiveness This scenario accompanies the "Strange Activity" scenario and enables you to explore an unfolding incident from the perspective of several different job roles within the organization.

 

Baselining scenario

An assessment-focused scenario. We recommend assigning this scenario at the beginning of your exercising journey to provide baseline data, identify priority areas for interventions, and monitor your human cyber risk profile over time.

TitleRisk AreasDescription
Security Hygiene CompassAuthentication
Device security
Physical security
Security reporting and responsiveness
Data handling
Digital footprint
Social engineering
Browsing securely

This scenario is a series of 16 "mini-scenarios" that cover all topic areas. It has been designed to focus on data quality and enable you to understand your current human cyber risk profile in a single exercise.

We recommend that this scenario is used at the beginning of your Immersive Labs journey to provide baseline data, identify priority areas for interventions, and monitor your human cyber risk profile over time.

 

Template scenario

A standard scenario that follows a narrative storyline but requires customization. Replace the business names, logos, documents, and more, to personalize the scenario to your organization.

TitleRisk AreasDescription
A Successful Event TemplateData handling
Security reporting and responsiveness

You’ve recently been joined in your team by a new colleague who’s just coming to the end of their first week and have been busy helping them understand your organization’s systems and processes.

This is a template scenario focused on data privacy and data handling. It has been designed to enable you to easily customize the content and is accompanied by a user guide and editable rich media.

 

Policy & Regulation scenarios

Simple scenarios to deliver a new or updated policy/regulation to your workforce and collect acknowledgement and agreement.

Title Risk Areas Description
ISO27001 and You Data handling
Device security
Security reporting and responsiveness

You are the human resources coordinator at Connectalize Communications Ltd. Currently based in the US, the company is planning to expand into a new global market and is setting up a satellite office overseas to support this.

In this scenario, you’ll navigate a number of situations where you need to demonstrate ISO 27001 compliance in the setup of these new offices and staff recruitment.
Digital Operational Resiliency in The Workforce Security Reporting & Responsiveness

You work for Deutsch UferImersiv. The bank’s headquarters are in Germany, but it also has subsidiaries across Europe, the United States, and the Asia Pacific region. You’re working from the bank’s headquarters as a junior data analyst.

This scenario is designed to educate your workforce on elements of security reporting that may be relevant to the Digital Operational Resilience Act (DORA). It's a standalone scenario or can be used in combination with its partner scenario in the crisis sim catalogue, using a linked narrative to target multiple groups.

 

Phishing Assessment scenarios

Participants face multiple decisions around phishing, smishing, vishing, etc.

Title Risk Areas Description
Who Am I? Phishing
Social Engineering

Scammers can use sophisticated tactics to trick people into clicking on links and handing over money or information. They may also use AI to help make their messages appear genuine.

This exercise focuses on common tactics that are used to trick people. It tests your ability to respond effectively, adapting your journey according to your current knowledge level.
Gone Phishing 1 Phishing
Social Engineering		 This is the first in a series of scenarios focused entirely on identifying phishing and social engineering. The scenario includes phishing emails, smshing, and vishing.
Gone Phishing 2 Social engineering This is the second in a series of scenarios focused entirely on identifying phishing and social engineering. The scenario includes targeted phishing emails (spear phishing).
Gone Phishing 3 Social engineering This is the third in a series of scenarios focused entirely on identifying phishing and social engineering. The scenario includes whaling and CEO impersonation.
Gone Phishing 4 Social engineering This is the fourth in a series of scenarios focused entirely on identifying phishing and social engineering. The scenario includes targeted and generic phishing following a national holiday.

 

Spotcheck scenarios

These micro-scenarios provide targeted and responsive content to enhance workforce awareness and preparedness in cybersecurity and privacy matters.

Title Risk Areas Description
Security Spotcheck Template Social engineering This micro-scenario allows you to create short, targeted content that is responsive to current threats to your workforce. This example focuses on smishing.
Privacy Spotcheck: Data Subject Rights Requests Template Data handling This micro-scenario allows you to create short content that is responsive to current threats to your workforce. This example focuses on data subject rights requests.

 

Enablement scenarios

These scenarios use an exercise format to guide managers and learners through the benefits and importance of workforce exercising, as well as how to effectively utilize the content to achieve desired outcomes. These scenarios aim to enhance understanding and engagement with workforce exercising practices for both managers and learners within the organization.

Title Risk Areas Description
Managers: Using Workforce Exercising NA This scenario uses an exercise format to take managers through the benefits of workforce exercising, how it works, and how to use the content to achieve the outcomes that they want.
Learners: Using Workforce Exercising NA This scenario uses an exercise format to take learners through what workforce exercising is, why it's important, and what they can expect to see when using workforce content.

 

AI Essentials

On the Immersive Labs cybersecurity training platform, the AI Essentials category builds practical knowledge and skills for understanding, using, and securing artificial intelligence—especially modern generative AI and large language models. It blends core AI concepts with hands-on defense techniques, governance considerations, and threat-focused scenarios so learners can safely adopt AI and respond to emerging risks.

Learners explore the OWASP Top 10 for LLMs and GenAI, a 10‑lab collection that develops the ability to identify, exploit, and mitigate risks such as prompt injection, sensitive information disclosure, supply chain weaknesses, data and model poisoning, improper output handling, excessive agency, system prompt leakage, vector and embedding weaknesses, misinformation, and unbounded consumption. AI Fundamentals lays a strong base across AI concepts, data ethics and responsible use, emerging threats, TensorFlow, image classification, generative AI models, prompt injection attacks, and incident response, culminating in a skills demonstration. AI Foundations dives deeper into modern architectures and patterns—Large Language Models (LLMs), Retrieval Augmented Generation (RAG), Model Context Protocol (MCP), and Agentic AI—alongside a knowledge check. Fundamental AI Algorithms teaches practical machine learning with security-flavored use cases using K-Means, Decision Trees, and SVMs for tasks like beacon, script, and behavior detection. AI for Business equips decision‑makers with an understanding of what AI is, its benefits and risks, and how to use AI at work responsibly.

This category is designed for security practitioners, incident responders, detection engineers, developers building with LLMs, and business and risk leaders. By completing it, learners will be equipped to evaluate and securely deploy AI capabilities, recognize and mitigate LLM‑specific risks, implement guardrails and governance, and respond confidently to AI‑driven threats.

Collections

Collection NameLab Count
OWASP Top 10 for LLMs and GenAI10
AI Fundamentals9
AI Foundations7
Fundamental AI Algorithms7
AI for Business6
AWS Bedrock Guardrails3
Azure Foundry Guardrails3
NVIDIA NeMo Guardrails4
AI Agents Idendity3

OWASP Top 10 for LLMs and GenAI

LabDifficultyFormat
OWASP Top 10 for LLMs and GenAI: Prompt Injection2theory
OWASP Top 10 for LLMs and GenAI: Sensitive Information Disclosure2theory
OWASP Top 10 for LLMs and GenAI: Supply Chain2theory
OWASP Top 10 for LLMs and GenAI: Data and Model Poisoning2theory
OWASP Top 10 for LLMs and GenAI: Improper Output Handling2theory
OWASP Top 10 for LLMs and GenAI: Excessive Agency2theory
OWASP Top 10 for LLMs and GenAI: System Prompt Leakage2theory
OWASP Top 10 for LLMs and GenAI: Vector and Embedding Weaknesses2theory
OWASP Top 10 for LLMs and GenAI: Misinformation2theory
OWASP Top 10 for LLMs and GenAI: Unbounded Consumption2theory

AI Fundamentals

LabDifficultyFormat
AI: Introduction to AI2theory
AI: Data Ethics and Responsible Use2theory
AI: Emerging Threats2theory
AI: TensorFlow for Machine Learning3practical
AI: Image Classification3practical
AI: Generative AI Models2practical
AI: Prompt Injection Attacks5practical
AI: Artificial Intelligence for Incident Responders2practical
AI: Demonstrate Your Skills4practical

AI Foundations

LabDifficultyFormat
AI Foundations: Artificial Intelligence1theory
AI Foundations: Core Components1theory
AI Foundations: Large Language Models (LLMs)1theory
AI Foundations: Retrieval Augmented Generation (RAG)2practical
AI Foundations: Model Context Protocol (MCP)2practical
AI Foundations: Agentic AI2practical
AI Foundations: Demonstrate Your Knowledge1theory

Fundamental AI Algorithms

LabDifficultyFormat
Fundamental AI Algorithms: Introduction3theory
Fundamental AI Algorithms: K-Means Introduction5practical
Fundamental AI Algorithms: K-Means Beacon Detection6practical
Fundamental AI Algorithms: Decision Trees Introduction5practical
Fundamental AI Algorithms: Decision Trees Script Detection6practical
Fundamental AI Algorithms: SVMs Introduction5practical
Fundamental AI Algorithms: SVMs Behavior Detection6practical

AI for Business

LabDifficultyFormat
AI for Business: Defining Artificial Intelligence1theory
AI for Business: Algorithms and Datasets1theory
AI for Business: The AI Ecosystem1theory
AI for Business: Risks and Responsible Integration1theory
AI for Business: Regulatory and Ethical Landscapes1theory
AI for Business: Real-World Applications1theory

 AWS Bedrock Guardrails

CollectionDifficultyFormat
AWS Bedrock Guardrails: Jailbreak Protection5practical
AWS Bedrock Guardrails: Prompt Injection Protection5practical
AWS Bedrock Guardrails: PII Masking5practical

Azure Foundry Guardrails

CollectionDifficultyFormat
Azure Foundry Guardrails: Jailbreak Protection5practical
Azure Foundry  Guardrails: Prompt Injection Protection5practical
Azure Foundry Guardrails: PII Masking5practical

NVIDIA NeMo Guardrails

CollectionDifficultyFormat
NVIDIA NeMo Guardrails: LLM-as-a-judge4practical
NVIDIA NeMo Guardrails: Jailbreak Protection4practical
NVIDIA NeMo Guardrails: Prompt Injection Protection5practical
NVIDIA Guardrails: PII Masking5practical

Agent Identity 

CollectionDifficultyFormat
Agent Identity: Token Scoping5practical
Agent Identity: Multi-Agent Authentication5practical
Agent Identity: Demonstrate Your Knowledge4theory

 

 

Building with AI

The Building with AI category on the Immersive Labs cybersecurity training platform guides practitioners through designing, implementing, and securing AI-enabled applications and agent workflows from first prompt to production. Through hands-on labs, you’ll build proficiency in manual prompting and spec-driven development, safe tool invocation via the Model Context Protocol (MCP) and extensions, multi-agent patterns, plugin and slash-command interfaces, sandboxing, hooks, and skills. You will also learn to implement policy engines and guardrails that deliver governance, auditability, and risk controls for real-world use.

In the Building with AI: Claude Code collection, learners progress from foundational prompting to advanced topics including Tools and MCP, Slash Commands, Claude Skills, Subagents, Hooks, Plugins, and Guardrails, culminating in a Demonstrate Your Knowledge capstone. Building with AI: Gemini CLI adds agent skills, sandboxes, hooks, a policy engine, and guardrails to help you design resilient, governed agent workflows, while Building with AI: Codex CLI focuses on practical prompting, spec-driven development, Tools and MCP, Slash Commands, and Guardrails for streamlined, secure delivery. This category is ideal for software engineers, security engineers, DevSecOps practitioners, and platform teams who need to ship AI features responsibly; by the end, you’ll be equipped to prototype and integrate AI, apply guardrails and policies, govern tool use, and operate AI systems that are robust, auditable, and aligned with security and compliance requirements.

Collections

Collection NameLab Count
Building with AI: Claude Code11
Building with AI: Gemini CLI10
Building with AI: Codex CLI7
AI Agent Governance3
Model Evaluation3

Building with AI: Claude Code

LabDifficultyFormat
Building with AI: Claude Code – Introduction3practical
Building with AI: Claude Code – Manual Prompting3practical
Building with AI: Claude Code – Spec-Driven Development4practical
Building with AI: Claude Code – Tools and MCP4practical
Building with AI: Claude Code – Slash Commands4practical
Building with AI: Claude Code – Claude Skills4practical
Building with AI: Claude Code – Subagents4practical
Building with AI: Claude Code – Hooks4practical
Building with AI: Claude Code – Plugins4practical
Building with AI: Claude Code – Guardrails3practical
Building with AI: Claude Code – Demonstrate Your Knowledge4theory

Building with AI: Gemini CLI

LabDifficultyFormat
Building with AI: Gemini CLI – Introduction3practical
Building with AI: Gemini CLI – Manual Prompting3practical
Building with AI: Gemini CLI – Spec-Driven Development (Conductor)3practical
Building with AI: Gemini CLI – Agent Skills4practical
Building with AI: Gemini CLI – Sandboxes4practical
Building with AI: Gemini CLI – Hooks4practical
Building with AI: Gemini CLI – Policy Engine4practical
Building with AI: Gemini CLI – Guardrails3practical
Building with AI: Gemini CLI – Tools, MCP, and Extensions4practical
Building with AI: Gemini CLI – Demonstrate Your Knowledge4theory

Building with AI: Codex CLI

LabDifficultyFormat
Building with AI: Codex CLI – Introduction3practical
Building with AI: Codex CLI – Manual Prompting4practical
Building with AI: Codex CLI – Spec-Driven Development4practical
Building with AI: Codex CLI – Tools and MCP3theory
Building with AI: Codex CLI – Slash Commands4practical
Building with AI: Codex CLI – Guardrails3practical
Building with AI: Codex CLI – Demonstrate Your Knowledge4theory

 

 

Secure AI Adoption

Regulated industries and large organizations are trying to find ways to implement AI without it scaring leadership and these collections can help bridge the knowledge gaps required to effectively answer these questions.
Secure AI Adoption will empower your teams to:

  • Enforce "Secure by Design" principles: Wrap unpredictable models in a verified security layer.
  • Accelerate Innovation: Move to production faster by neutralizing poor implementation of AI inside an organization.
These labs cover ROI and Use Case Analysis, AI Framework lifecycle implementation - NIST AI RMF and ISO 42001, Data Lineage and Data Loss Protection in the AI world, Observability principles and Observability of deployed agents in an environment.
These collections are ideal for Engineers, Devolpers, Software Architects, Security Enginners, CISOs and Risk Officers. 

Collections

Collection NameLab Count
AI Governance3
AI Data Protection3
Agentic Observability 3

AI Governance

LabDifficultyFormat
AI Governance: AI Lifecycles and Determining ROI2theory
AI Governance: AI Frameworks - NIST AI RMF and ISO/IEC 420012theory
AI Governance: Demonstrate Your Knowledge3theory

AI Data Protection

LabDifficultyFormat
AI Data Protection: Data Lineage2theory
AI Data Protection: Data Loss Prevention (DLP)2theory
AI Data Protection: Demonstrate Your Knowledge3theory

Agentic Observability

LabDifficultyFormat
Agentic Observability: AI Observability Principles3practical
Agentic Observability: Observability Analysis5practical
Agentic Observability: Demonstrate Your Knowledge3theory

 

Related to

Related articles

Comments

0 comments

Article is closed for comments.