The programme shouldn't stop at the office door.
Most security programmes work brilliantly for whoever happens to be in the building. Everyone else gets a watered-down version, or nothing at all. It doesn't have to work that way.
Talk to us
A programme that only works at HQ isn't a programme.
Organisations spend years building inclusive cultures and then run security programmes that only work if you happen to be in the right building on the right day. The physical escape room runs at head office. Edinburgh and Manchester and the remote team in Bristol get an email about it.
It's not intentional. It's structural. Physical experiences require a physical presence. Most programmes are built around what's easy to deliver rather than what everyone needs to receive.
Distributed risk needs a distributed programme. Not a distributed apology.
The good news is that every product in The Cyber Escape Room Co. ecosystem is either fully digital and solo-capable, ships to wherever people are, or is specifically designed to pull distributed teams into a shared narrative even when they're not in the same room. The constraint is a design problem. And it's one that's already been solved.
Built to reach people wherever they are.
No physical infrastructure required. No travel. No "you had to be there." These products work solo, work at scale, and work from any location with an internet connection.
Solo-play, story-driven cyber scenarios delivered through a browser. No downloads. No setup. No facilitation required. Players work through a narrative at their own pace, on their own device, from anywhere in the world. SHIFT is the primary scale layer for distributed organisations: same experience, same learning, same quality, regardless of location.
AR-powered cyber scenarios on people's own devices. No kits. No rooms. No installs. ALT works both solo and as a group experience, making it one of the most flexible products in the ecosystem. Individuals can engage independently or teams can run through scenarios together in the same physical space without any additional equipment. Consistent experiences across regions, time zones, and roles.
AI-powered voice simulations that run entirely remotely. The call goes to wherever the participant is. No physical presence required at any stage, from training through practice line to live simulation. CTRL+Vish is completely location-agnostic by design, which makes it the easiest product in the ecosystem to deploy consistently across a distributed workforce.
ESC is a physical product that ships. If your satellite offices have a team and a table, they can run a session. The kit contains everything needed. Kits can be distributed across multiple locations simultaneously, and with train-the-trainer, your internal champions at each site can run sessions without any external support. HQ doesn't need to be involved every time.
The kit goes where your people are.
ESC isn't tied to a venue. It's a self-contained physical kit that ships to any location. Satellite offices, regional hubs, international teams. Wherever there's a group of people and a space to run a session, the kit can be there.
Multiple kits, multiple locations
Organisations running programmes across multiple sites can hire multiple kits simultaneously. Edinburgh runs on the same day as London. Bristol runs a week later. Each location gets the same experience, the same scenarios, and the same quality of facilitation once the train-the-trainer programme is in place.
Train-the-trainer makes it self-sustaining
Once internal champions at each location are trained, the programme runs without external support. The kit resets. Scenarios rotate quarterly. No one has to travel. No one has to wait for central coordination. Each location owns its own programme.
The Breach: one scenario, every format.
The Breach is the clearest proof of how the ecosystem works for distributed teams. It's the same scenario: the same narrative, the same learning outcomes, the same investigation, delivered across four different formats. HQ gets the flagship. Everyone else gets the same story.
The full immersive experience. A live SOC room built on site, with real dashboards, a ticking clock, and an active breach unfolding around the team. The flagship version, for HQ, major events, and October awareness month.
A ransomware attack. Five suspects. One way in. Teams analyse emails, logs, phone records, and digital footprints to uncover how the breach happened. Self-contained, ships to any location, runs without external facilitation once champions are trained.
The solo, browser-based version of the same scenario. A narrative-driven whodunnit where players investigate the ransomware attack independently, in their own time, from any device. No kit. No room. No travel. Same story, same learning.
An augmented reality version of The Breach in development. Solo or group play on people's own devices, with no kit or room required. Extends the scenario to any location with the same immersive quality as the physical experience.
The pre-engagement layer works across all of them. Before any version of The Breach runs, distributed teams can be pulled into the narrative through digital pre-engagement campaigns: OSINT challenges, broadcast messages, and role-based tasks that connect remote colleagues to the story before it officially begins. By the time the SPACE_ installation kicks off at HQ, teams in other locations are already part of it.
Remote teams in the story before it starts.
The most powerful thing you can do for a distributed programme is start it before the live event. Pre-engagement campaigns pull people from across the organisation into a shared narrative weeks before the main experience. By the time it kicks off, remote colleagues aren't watching from the outside. They've already played their part.
These campaigns work digitally and can be designed to be inclusive by default. People in Manchester and Edinburgh and Glasgow contribute to the same goal as people at HQ, through challenges they can complete wherever they are.
The best proof of concept is a programme we ran across multiple locations simultaneously. Teams at each site were given different pieces of the same mission. No single location had everything they needed. Progress only happened when intelligence was combined across sites. The final event brought it together, and everyone was already invested, regardless of where they were based.
OSINT challenges: digital puzzles that can be completed from any device, any location, feeding into a shared narrative that builds towards the live event.
Broadcast messages: in-character communications that drop hints, create intrigue, and spread through the organisation the way good things always do: through conversation, not communication plans.
Distributed team missions: satellite locations given different fragments of the same puzzle, requiring cross-location coordination to progress. No single team has the full picture. Success is collective.
AI-powered interactions: phone calls, video calls, and digital communications from in-character personas that test and engage participants before the live experience begins.
"The Cyber Escape Room experience was a game-changer for our security awareness training. Our teams were fully engaged, with participants describing the sessions as 'actually fun', something you rarely hear about cyber security training."
Cyber Human Risk Manager, SP Energy Networks
One programme. Every location.
Tell us about your team structure and we'll map out how the programme reaches everyone, not just whoever's in the building that day.