Our CyberSec Game Challenge 2025 is live!

Free Delivery on orders above £75 for our US and Europe customers

Play to Learn™ Elevation of Privilege Game

At CyberSec Games, we believe games are one of the most powerful ways to explore complex topics. They work because they draw people in, encourage collaboration without pressure, and spark real conversations. Physical games are the gold standard as they not only get the message across, they help people take ownership of the challenge.

This session is your chance to see Elevation of Privilege in action, understand the thinking that makes it effective, and leave with practical ideas for bringing it into your own team. You’ll experience how the game turns threat modelling into an engaging, collaborative habit that sparks conversation and uncovers real security insights.

Who is it for?

  • Development teams who want a fun, engaging way to uncover security issues early.
  • Security teams curious about adding more structure to threat modelling.
  • Anyone evaluating whether EoP could be a fit for their workflow.

What to expect at the session

  • Overview

    • Facilitator: CyberSec Games
    • Duration: 60 or 90 minutes
    • Platform: Zoom
    • Group size: Teams of 5 to 7 players
    • Session materials: Each player receives a physical EoP deck and a copy of the system architecture diagram by post.
    • Session cost: £250 for up to 7 players including materials & postage

  • Before the session

    Card Hands for the gameplay: Random card hands are generated using the online Croupier tool and emailed to players ahead of the session. Players pick out their cards from their deck before we start.

    Scorekeeping: Either someone from CyberSec Games or a nominated team member keeps score. If it’s a client team member, we'll provide a short pre-session briefing.

  • Session details

    The session begins with a short introduction to Elevation of Privilege and the AWS architecture scenario we’ll be using.

    Then we jump into live gameplay: players take turns applying their cards to the scenario, identifying threats, discussing risks, and capturing insights.

    We finish with a group discussion on what we observed and practical ways to introduce EoP into your own teams.

Interested in booking a session for your team?

Interested in a session for your team? Get in touch. We can run it online or in person, depending on your location, and we’ll work with you on dates and details to see if it’s the right fit.

Contact form

Frequently Asked Questions

Who is this session for?

It’s ideal for security professionals, developers, architects, and anyone curious about making threat modelling more engaging and collaborative.

Do I need any prior experience with Elevation of Privilege or threat modelling?

No. We’ll walk you through the rules, STRIDE threat categories, and gameplay before starting.

What do I need for the session?

We’ll send each player a physical Elevation of Privilege deck and the hotel booking system architecture diagram in advance. You’ll also need access to Zoom and your deck ready for use.

What’s the architecture scenario we’ll be threat modelling?

We’ll use a hotel booking system based on AWS, chosen because it’s a familiar application space for many, with just the right level of complexity for an engaging threat modelling session.

How will the cards be dealt for online play?

We use the Croupier app to deal random hands ahead of time. Each player receive their hand by email and pick out the matching cards from their deck ready for the session.

Who keeps score?

Either a CyberSec Games facilitator or a nominated person from your team will act as scorekeeper. If it’s someone from your team, we’ll brief them before the session.

What happens after the game?

We’ll have a group discussion on what was discovered, challenges to adopting the game in your workplace, and practical ways to overcome them
Back to top