Interactive Demo — high Severity

Insider Threat: Data Exfiltration

A senior engineer who recently gave their two-week notice has been detected downloading large volumes of proprietary data. USB device activity, cloud storage uploads, and after-hours access patterns suggest systematic data theft. You must balance investigation with employee rights.

Threat Actor
Departing senior employee
Initial Vector
Authorized access abuse
Injects
3 decision points
Duration
10-15 minutes

How it works: You'll be presented with 3 realistic incident injects. For each one, describe how you would respond as the incident commander. Our facilitator engine scores your decisions against NIST SP 800-61r3 and CSF 2.0 coaching frameworks — surfacing specific actions you took, coaching questions for gaps, and best-practice reminders. Deterministic and auditable, not a black-box chatbot.