Esc Scenario

The Heist

Today, you're the bad guys.

Someone left their rucksack on a train. Inside is a laptop, a diary, a cryptex, and everything you ned to break into their bank account, You have 30 minutes before they realise what's happened. That's your window.

Book This Scenario
Get the brochure
The Heist cyber security escape room kit - rucksack, laptop, cryptex and padlock
⎯ The Scenario

Flip the Script.

Most security training puts people in the role of the defender. The Heist does the opposite. Your team are the attackers - part of an elite hacking crew called The Breach Collective - and the rucksack sitting in front of you is an opportunity that's practically gift-wrapped. 

A woman got off the train and left her bag behind. Inside is a cryptex, a laptop, a diary with personal details, and a browser bookmarked to her social media profile. Everything an attacker needs. All because she left her bag on a seat. 

Your job is to work through it all - crack the padlock, unlock the cryptex, get into the laptop, find the banking credentials - and hit the transfer button before she realises what's happened. 

By the time your team has done it, the lesson has already landed. You don't need to be told a sentimental password is a bad idea when you've just used one to steal someone's money.

Mission Objective

"Break in. Extract the cash. Get out. No brute forcing. no random guessing. Everything you need is in the bag."

⎯ What happens

Inside the room.

01

Crack the padlock

The rucksack's main zip is padlocked. In the front pocket is a purse packed with clues. Work together to decipher them and get inside..

The Heist begins

02

Unlock the Cryptex

Inside the bag: a cryptex, a laptop, and a diary. The cryptex needs a six-letter password. The diary has everything you need.. if you know what you're looking for.

Personal Information Exploited

03

Get In the Laptop

The cryptex holds a note. The note has a clue. The clue unlocks the laptop. The password isn't random.. it's the kind of thing people use when they feel safe.

Password Hygiene Exposed

04

The Credentials

The laptop holds the username. The bank password is one browser tab away.. buried somewhere Paula probably thought was just a bit of fun.

Oversharing has consequences

05

The
Debrief

Your facilitator flips the perspective. Every step your team just took as an attacker becomes a lesson in what your own digital life looks like to someone with bad intentions.

The mirror moment

⎯ Learning outcomes

What your team takes away

The Heist works because the lessons aren't delivered - they're experienced. Your team doesn't hear that weak passwords are dangerous. They use one to steal money. That's a different kind of learning entirely.

Attacker Mindset

Spending 30 minutes thinking like a threat actor is the fastest way to understand what one actually looks for. Players leave seeing their own digital habits through an attacker's eyes - their social media profiles, their passwords, their unlocked devices - and that shift in perspective changes behaviour in a way that no policy update ever will.. 

NIST CSF GV.RM ⋅ NCSC CAF A1

Password Hygiene

Paula's passwords are her dog's name, her partner's nickname, and a street she grew up on. They feel personal and memorable to her. To your team playing the attackers, they feel embarrassingly easy. That feeling is the lesson. Players walk out thinking differently about every password they've ever created.

ISO 27001 A.8.5 ⋅ NCSC CAF B3 ⋅ NIST CSF PR.AA

Social Media Privacy

The final bank password comes from a public Facebook post - a harmless-looking "fun quiz" about pet names and childhood streets. Players find it in seconds. The moment they do, the conversation about their own public profiles becomes unavoidable. What are they posting? Who can see it? What could someone piece together?

ISO 27001 A.6.3 ⋅ NIS2 ART.21 ⋅ DORA ART.13

Asset Management & Device Security

The entire scenario begins with a lost laptop. One unattended device, one unlocked bag, and the whole thing unravels. Players understand why reporting lost devices immediately matters - not as a bureaucratic obligation but as the difference between a near miss and a catastrophe. The absence of multi-factor authentication on the banking app drives the point home without a single slide.

ISO 27001 A.8.1 ⋅ NIST CSF AM ⋅ NCSC CAF B1

The big Learning Moments

The file on the desktop

Your team will find something on the laptop that makes the whole room laugh... and then go quiet. Then start thinking about their own devices. It takes about four seconds to spot and about four days to stop thinking about...

The post that breaks it.

Near the end, your team will the find bank password in the last place Paula should have left it... and the first place any attacker would look. By the time it clicks, the debrief has already started. The facilitator just has to catch up. 

Team playing The Heist attacker mindset cyber security escape room scenario
⎯ Who it's for

built for the whole workforce.

  • General Workforce

    The Heist is built for the people attackers actually target... not IT teams, but the rest of the organisation. No technical knowledge required. The scenario is deliberately built around the kind of everyday personal security mistakes that affect everyone, regardless of role or seniority.

  • High-Risk Individuals

    Senior leaders, finance teams, and anyone with access to sensitive systems or data are prime targets for exactly the kind of attack The Heist simulates. Playing the attacker is the most effective way to understand why personal security practices matter at work as much as they do at home.

  • Teams Who've Already Done The Breach

    The Breach puts you in the role of investigator. The Heist puts you in the role of attacker. They're designed to complement each other - same security principles, completely different perspective. Running both gives teams a genuinely rounded understanding of how attacks happen.

  • Away Days & Large Events

    Fast-paced, immediately gripping, and runs in 30 minutes. The attacker framing makes it one of the most talked-about scenarios we run - people don't expect to enjoy playing the villain quite as much as they do. Back-to-back rotations make it easy to run across large groups in a single day.

Good to know

The Heist includes a laptop as part of the kit, which needs to be charged and connected to Wi-Fi before the session. We handle all of this in facilitated delivery. If you're running a kit hire session, we'll make sure you have everything you need to set it up yourself.

RECOMMENDED FOR

FINANCIAL SERVICES ⋅ HEALTHCARE ⋅ PROFESSIONAL SERVICES ⋅ RETAIL ⋅ LEGAL ⋅ EDUCATION ⋅ ALL SECTORS

⎯ the details

The numbers that matter

30min

duration

Plus 15-20 minute facilitated debrief. Back-to-back rotations available for larger groups.

5

players per team

Minimum 3. Optimal at 5. Multiple kits can run simultaneously for bigger events.

1table

space required

A desk-sized space is all you need. Wi-Fi is required for the laptop element.

20min

setup time

We handle everything. You arrive to a room that's ready to go.

50+

people in a day

With back-to-back rotations across multiple kits. We'll help you plan the logistics.

3

delivery options

Facilitated, Kit Hire, or Long-Term Rental. Details below.

⎯ how to run it

choose your delivery format

most popular

facilitated sessions

We turn up, set up, and run everything - including charging the laptop. Our hosts bring the energy, manage the pressure, and deliver a structured debrief that connects the heist to your team's real behaviours.

Professional facilitator included
Full tech setup handled
Structured debrief session
Best for away days, conferences, leadership sesions
Flexible

Kit hire

We ship you the complete kit. Your internal champions run the session - we'll brief you on the setup so it's ready to go before your team walks in the room.

Complete kit including laptop
Host guide for smooth internal delivery
Multiple runs over days or weeks
Best for multi-site or shift-based teams
sustained culture

long-term rental

Keep the kit year-round and run it as often as you like. Swap scenarios throughout the year to cover different security topics and keep the experience fresh.

Enterprise quality kit, yours to keep
Scenario swaps throughout the year
Training for internal hosts
Best for onboarding programmes and ongoing culture work
PPT_quotemarks

Beyond having enjoyed the game, this was the most impactful messaging we've been able to deliver to support our guidance regarding passwords and use of MFA. The discussions these events have sparked within the Peabody workforce have demonstrated a level of impact and understanding we haven't previously achieved.

    BISO, Peabody

Team playing The Heist cyber escape room scenario
⎯ Questions

Things people usually ask

Question

Does playing the attacker feel uncomfortable?

Good uncomfortable, not bad uncomfortable. The scenario is clearly fictional (you're not hacking a real person) but the techniques are real and the recognition of your own habits is very real. That slight discomfort is exactly what makes the lesson stick. Teams consistently rate it as one of the most memorable training experiences they've had.

Question

Do we need any technical knowledge to play?

None at all. The attack vectors in The Heist are human, not technical - weak passwords, oversharing on social media, unsecured devices. The scenario is deliberately accessible so that the people most likely to make these mistakes in real life can experience the consequences in a safe environment.

Question

Does the kit require Wi-Fi?

Yes - the laptop element requires a Wi-Fi connection to access Paula's social media profile. We recommend using a guest network. In facilitated sessions we handle all the setup. For kit hire, we'll brief you in advance on what you need to have in place.

Question

Can we run it for more than 5 people at once?

Yes. Multiple kits can run simultaneously, and back-to-back rotations mean you can put 50+ people through in a single day. We'll help you work out the logistics based on your group size and the space available.

Question

How does this count towards compliance frameworks?

The Heist supports requirements under ISO 27001 (Clauses A.6.3, A.8.1, A.8.5), NIST CSF 2.0 (PR.AT, PR.AA, AM), NIS2 (Articles 20–21), and DORA (Article 13). We can provide documentation to support your audit trail.

Question

How does this compare to The Breach?

The Breach puts you in the role of investigator trying to stop a ransomware attack. The Heist puts you in the role of attacker exploiting personal security failures. They cover complementary ground - social engineering and organisational security vs personal security and attacker mindset - and work very well run together.

⎯ Other Scenarios

Explore the Full Range

30 mins ⋅ 5 players

The breach

A ransomware attack. Five suspects. Five compromise paths. Crack the case, call the hackers live, and earn the decryption key before the clock runs out.

45 mins ⋅ 4 players

The Break In

An OT incident shuts down CCTV, locks the equipment room, and knocks a PLC offline. Your team becomes the on-site SOC - physical clues, WhatsApp SOC guidance, and a clock that's counting down.

45 mins ⋅ 5 players

Elementary

Victorian espionage. Modern lessons. Step into Sherlock's office to uncover who stole the factory blueprints - ciphers, contraptions and a suspiciously clever origami puzzle that brings encryption to life.

Ready when you are

Let's Book The Heist

Tell us your team size, your location, and your rough timeline. We'll come back to you with everything you need to make it happen.

Get in Touch