The FlagShip 1 event is a unique cybersecurity exercise only accessible online . It is a real world simulation which demonstrates new concepts. The event is available to CyberSec4Europe project partners.

The two day event takes place on 12.-13. January 2021 . The FlagShip 1 cybersecurity exercise is conducted by JYVSECTEC at JAMK University of Applied Sciences. 

About the Flagship exercise

The participants invited to the event are assigned roles in a fictional organisation. The participants, through these assigned roles, are expected to perform the activities they are requested to carry out, which in turn should protect the assets of the fictional organisation from malicious actors in the exercise.  

The attendees already have the knowledge that organisation's networks have been breached. Please take a moment to introduce yourself to the pilot Online Open Course, which opens how things evolved to this point and what is the exercise environment like.

The pilot course contains an assignment, which is beneficial to do, especially for the techinically oriented attendees, and for those interested in basic digital forensics investigation. The course contains support materials that assists completing the assignment.

Setting the scene for Flagship 1


Expectations and information for participants 

FlagShip 1 is a two-day online-only learning opportunity! You will cope fine with a positive attitude and curiosity. In the exercise, you will be assigned a work role in a fictional organisation and you should be employed by one of the CyberSec4Europe partners .

Participants should have an Internet connection meeting the requirements as stated below and you should also:

  • Bring a headset with a microphone 
  • Have pre-installed VirtualBox service 6.1.x or newer 

You can find more detailed technical requirements here.

Available exercise work roles:  

  • Team lead 
  • PR and communications specialist 
  • Network specialist 
  • System administrator 
  • Cybersecurity specialist 
  • Cyber incident analyst 

Benefits of training

Development of know-how 

You will get a grip on resolving a cybersecurity incident, being a member of a team. No heroes here, but teams. 

Increasing performance 

By attending, you will gain understanding that supports your organisation function in incident situations and exceptional circumstances. You will also learn the importance of sharing your experience with your colleagues.

Real-life experience 

Cyber attacks, even the most simple ones, are complex. You will gain experience in responding to and defending against complex and comprehensive cyber attacks in a cyber arena.

What is cybersecurity?


Our behaviour in the digital world affects the world around us. Cybersecurity is a combination of human behaviour and technical controls to maintain the intended operational state of devices, networks and data. In other words, cybersecurity aims to prevent unauthorised access and tampering of devices, networks and data. It is also seen to include technical controls to detect such attempts and provide relevant technological and data to support forensic analysis of detected incidents.

What is a cyber range?

Cyber ranges are networked environments for hosting cybersecurity exercises or cybersecurity competitions, or both. They are also used for cybersecurity research, development, testing, certification of hardware and people skills and competence, competence assessment and recruitment. They can be complex learning environments and they meet the level of realism, features and functionalities that customers set.

About the Exercise Conductor 

JAMK University Applied Sciences will conduct the FlagShip 1 cybersecurity exercise. To be specific, it is the work of the staff of JYVSECTEC, the cybersecurity research, development and training centre, located in the Institute of Information technology of our University. The campus is located in the city of Jyväskylä, Finland. 





What are the system requirements?

Check out the recommendations.

Read more

How to determine the network capabilities?

For testing the network capabilities, you should perform the two tests described below. One is to test the current network speed and the other is to test the network latency. We recommend that you run these tests in the very same environment, which you are planning to use to join in the cyber exercise.

Read more

Is it safe to use my organisation’s network to connect?

With this question the conductor assumes that the person is planning to attend from her organisation’s premises and with this question she asks if participating to the FlagShip 1 create or increase some risk for the organisation’s networks or the services therein. To our best knowledge, we see no raised or new risks. For more in-depth rationale behind this, please see the next answer.

Read more

How do I connect to the technical environment?

Connectivity is provided through a prepared VirtualBox virtual machine. A download link and instructions for commissioning and decommissioning will be provided before the exercise. The connectivity implements the requirement specification documented in project deliverable D7.1.

Read more

My colleagues are interested in participating in FlagShip 1. Can they join?

Please share the invitation email and registration link with your colleagues. We have reserved one seat for each partner organisation. If there are seats available, they can be filled with additional participants from partner organisations.

Read more

Can PhDs or curriculum students apply?

Partner’s employees are prioritised. Nevertheless, yes, PhDs and curriculum students can apply.

Read more

Is this yet another competition?

FlagShip 1 is a learning opportunity, not a competition. A threat actor is not going put your scores on scoreboard, but they may need to take some time to revisit their plans, if they have been detected or their plans are perhaps made useless. Please see the next answer.

Read more

I am not (anymore) technically oriented, why should I bother?

If a picture is worth more than a thousand words, then a video that runs for 5:34 must be worth a decent library. A cyber security incident concerns the whole organisation. Unfortunately it does not respect anyone’s background. An incident concerns the organisation’s employees, management team and its board, customers (or consumers), suppliers, partners, vendors, stakeholders, the great public...

Read more

I am technically oriented, is it still possible to try a PR manager role?

You can apply for any role you wish. Please note, that the conductor assigns the exercise role for you.

Read more

This is a learning opportunity, so why do you not expose details of the exercise?

Umm… did we forgot to mention that actually this is a complex and realistic learning opportunity? Oh, bummers… actually we did! Our humble apologies! Rarely does a threat actor send an email stating the specific date and time, the techniques, tactics, and procedures they are going to use to achieve their goals, and name the goals or motivation. That is exactly the case here. By the way, you have relative advantage here. You already know the specific dates when something is going to happen, or should we say when the lake Jyväsjärvi freezes.

Read more

© JAMK. Implemented in the CyberSec4Europe Project.

EU flag

CyberSec4Europe is funded by the European Union under the H2020 Programme Grant Agreement No. 830929.