From Milestones to Momentum: What We’re Thankful for in 2025

Celebrating a year of growth, and the teams and partners driving enterprise security forward.

2025 has been a transformative year for CMD+CTRL Security – our first full year as an independent software security training company. With a strong focus on scaling enterprise-level programs, we’ve strengthened teams, reduced risk, and advanced secure-by-design practices worldwide.

As Thanksgiving approaches, we’re taking a moment to reflect on what we’re grateful for — and the milestones that made our growth possible.

February 2025: Securing Software by Design

We started the year by signing the CISA Secure-by-Design Pledge, committing to embed security principles throughout the software development lifecycle.

The primary way we support security principles is through our hands-on, role-based training that helps development and security teams:

• Implement secure coding practices aligned with industry standards
• Enhance MFA and password policies
• Improve vulnerability management and patching workflows
• Promote transparency in identifying and sharing vulnerabilities

This commitment laid the foundation for a year of measurable impact, and we’re grateful to our customers and partners for embracing a proactive, security-first mindset.

March 2025: Re-imagining the User Experience

Too many security training platforms focus on reactionary, remedial learning, which feels like digital detention.

We know that an engaging learning environment is key to driving knowledge retention, so we completely overhauled our Base Camp training platform to offer a new immersive adventure-themed platform including: 

• Gamified progress tracking
• Adaptive, role-specific content
• Intuitive navigation and improved accessibility
• Easier administration
• Fully customizable learning journeys
• Flexible onboarding workflows

We are continually adding features to motivate learners and offer seamless program management. We’ve worked closely with security champions, L&D managers and CISOs to make sure that Base Camp meets the needs of developers and program managers alike. Follow our blog to stay in the know on quarterly releases and content updates.

April-May: Industry Recognition and Customer Validation

In Q2, CMD+CTRL Security received five major industry awards, including:

• Best Cybersecurity Education Provider - Cybersecurity Excellence Awards
• Cybersecurity Training - Cybersecurity Excellence Awards
• Market Innovator - Global Infosec Awards
• Hot Company in Secure Coding: Developer Upskilling - Global Infosec Awards
• Leading Cybersecurity Training Company - Fortress Cybersecurity Awards

These accolades highlight our innovation and leadership in software security training, but recognition from industry organizations is only part of the story. Customer feedback demonstrates the real-world impact of our platform. In 2025 our training solutions earned a 4.6/5 rating on the G2 peer-review platform, from verified reviews, with enterprise teams consistently noting measurable improvements in secure coding skills, accelerated onboarding, and learner engagement.

June: Cyber Range Events Build Skills and Community

We were thrilled to resurrect our popular Summer of Cyber Ranges series this year with an expanded live cyber program, featuring hands-on, practical experiences and new immersive environments for fun, cross-functional collaboration. In addition to creative seasonal events, we partnered with OWASP chapters across the pond to expand our community through events like The Great British Hack-off.

From beginners to advanced level participants, we welcomed a diverse mix of returning players, OWASP members, corporate teams, and independent hackers. The blend of experience levels fostered a cooperative environment where seasoned pros and novices could connect and share ideas as they competed in a risk-free setting and communicated openly through our community slack channel.

This reinforced our belief that with the right format, learning can be fun. Gamified ranges, short-form labs, and choose-your-path adventures made security feel empowering, not punitive.

The Summer of Cyber Ranges program was so successful that we’ve extended it through the end of the year with our new HackTrack series - make sure to secure your spot!

July: New AI Security Training for Modern Enterprise Risk

With AI adoption heating up, we focused on equipping teams with new and updated software security content for the AI age.

While we’ve always offered training on topics related to AI use, including data sanitation, secure output handling, access control, supply chains and more, this year we introduced new AI-focused courses and skill labs mapped to the OWASP Top 10 for LLMs and Gen AI Apps including:

• Securing AI/ML Infrastructure: Hands-on strategies for securing AI models, training data, and inference pipelines while addressing governance, compliance, and ethical concerns.
• Generative AI Privacy & Cybersecurity Risk: Offers a deep dive into the unique attack vectors and vulnerabilities introduced by LLMs and offers practical skills to proactively secure AI systems, safeguard privacy, and ensure responsible AI adoption.
• Threat Analysis with AI: Provides guidance on specific use cases for AI in application development, risk analysis and threat detection.
• Plus, all new AI-focused labs for Node.js and Python with more to come.

The message from our customers was clear, they need to proactively mitigate operational risk, and adopt AI securely while minimizing exposure to critical vulnerabilities. We’re here to help.

August: Hacker Summer Camp

CMD+CTRL returned to Vegas for Black Hat and DEF CON 33 to host another popular contest featuring our latest cyber range – Forescient – an intentionally vulnerable Azure cloud environment that challenges users to find development, configuration and integration issues across multiple servers, services, accounts, and a web interface.

Players were guided through a mission-based storyline by an intelligent chatbot, facing challenges that reflect real-world attacks mapped to the MITRE ATT&CK® Framework, including cloud misconfigurations, data exposure, and more.

Lots of fun was had by all and the high-scorer took home a FREE WILi v54 embedded development tool. We’re looking forward to DEF CON 34 where we’ll have more contests and special prizes to mark 10 years of CMD+CTRL cyber ranges at DEF CON.

September: Sharing Insights From 1,000+ Cyber Ranges

In September, CMD+CTRL released a research report analyzing over 1,100 cyber range events. Key findings include:

• 126% improvement in participant performance over multiple events
• Early-career professionals demonstrated the fastest learning velocity
• The most-solved challenge categories aligned with the OWASP Top 10
• Gaps persist in skills like addressing sensitive data exposure, reverse engineering and remote code execution

These results demonstrate that hands-on, role-based training not only accelerates developer skills but also informs enterprise security strategies, helping organizations prioritize effective, measurable security training programs.

For detailed findings and training recommendations, access the full report here: Application Security at Scale: Insights from 1,000+ Cyber Range Events

October: A Busy Cybersecurity Awareness Month

In October, CMD+CTRL hosted 12+ cyber range events with over 1,000 participants from organizations around the world in support of Cybersecurity Awareness Month programs. These interactive, hands-on exercises helped teams practice real-world attack and defense scenarios, strengthening secure coding, vulnerability response, and collaborative skills.

We also offered our Cybersecurity Awareness Kit and materials for free to arm the community with ready-to-use resources that engage employees, reinforce best practices, and help amplify security culture across the organization.

While Cybersecurity Awareness Month is great for shining a light on security initiatives, it isn’t just for October. Organizations that integrate training into quarterly goals and onboarding programs saw faster ramp times and better knowledge retention. Jumpstart initiatives in October, but keep them going throughout the year.

November: A Season of Gratitude and Real Momentum

While we value industry recognition and strong engagement at our events, our deepest appreciation goes to the customers who are in the trenches every day, championing and reinforcing security principles across their developer communities.

Looking back on our first year as an independent company, we are thankful for:

• Every learner who engaged with Base Camp learning Journeys
• Every security champion implementing best practices
• Every team integrating training into enterprise programs
• Every OWASP chapter hosting a community event
• Every customer enabling enterprise-wide adoption of secure coding practice

As Thanksgiving weekend approaches, we’re reflecting on what we’ve achieved — and sharing our gratitude for the customers, partners and learners who joined us along the way to make 2025 a landmark year.

Looking Ahead

Check out our latest cyber range events, explore free training resources, or contact us to bring hands-on security learning to your team.

• Explore Upcoming Events
• Join the Slack community
• Follow Us on LinkedIn