A new report on cybersecurity training from CMD+CTRL Security, a leader in software security training, underscores the importance of providing development and security teams with realistic hands-on training and how blended learning scenarios can help organizations improve ROI by identifying skills gaps. The findings announced today reveal that combining online courses with hands-on cyber ranges featuring realistic simulated environments not only accelerates developer skill growth but provides executives with clear insights into organizational readiness, talent development, and ROI.
CMD+CTRL Security report analyzes seven years of cyber range data.
Repeat participants improve scores by 126% and complete 98% more challenges.
Developers comprise 70% of cyber range users, highlighting secure coding needs.
Early-career professionals (0-3 years experience) show fastest learning velocity.
Top challenges align with OWASP Top 10 vulnerabilities like XSS and injection.
Blended learning with courses, labs, and ranges drives measurable security impact.
“Cyber ranges provide a strategic advantage, delivering actionable data to track ROI, identify skills gaps, and reduce risk,” said Jose Lazu, associate director of Product Management at CMD+CTRL Security. “This report demonstrates that immersive, role-based, and data-driven training helps strengthen organizational resilience and justify future investment.”
To compile the report, CMD+CTRL Security analyzed almost seven years of data (January 2019-June 2025), including participation in more than 1,100 of its cyber range events consisting of real-world scenarios. These events include more than 600,000 challenges completed by tens of thousands of learners in organizations from mid-size businesses to Fortune 500 companies.
Key findings in the report include:
Practice Makes Perfect: Repeat cyber range players improved their scores by 126% and completed 98% more challenges over time.
Developer Dominance: Developers, not security professionals, make up the majority (70%) of cyber range participants, emphasizing the need for secure coding content.
Early Career Professionals Excel: While engagement in cyber ranges is high across all levels, 52% of participants had six years of experience or less, and learners with 0-3 years of experience demonstrated the fastest learning velocity.
OWASP Relevance: The most solved challenge categories align with the OWASP Top 10, including broken access control, XSS, injection, and sensitive data exposure, highlighting the desire for practical and applicable skills development.
Commonly Missed Challenges: While OWASP challenges are the most solved categories, the most missed challenge types also include specific OWASP vulnerabilities ranging from sensitive data exposure in basic challenges to reverse engineering and remote code execution in the most difficult challenges, demonstrating the need for ongoing training for learners of all levels.
CMD+CTRL offers a suite of 11 cyber ranges with real applications, servers, traffic, technologies, and vulnerabilities, designed to reinforce secure practices and accelerate skill development. The ranges are complemented by 250 online courses and 150+ hands-on learning labs to create a comprehensive learning experience.
“Effective security training delivers more than technical skills—it builds confidence, preparedness, and a sense of community, especially for early-career developers,” added Lazu. “Blended learning that integrates courses, assessments, cyber range challenges, and mentorship drives measurable impact and equips organizations to innovate at scale.”
CMD+CTRL was named a 2025 winner of the Cybersecurity Excellence Awards, the Fortress Cybersecurity Awards, and Cyber Defense Magazine’s 2025 Global Infosec Awards. In its 2024 Cyber Range Solutions Matrix, analyst firm Datos Insights categorized CMD+CTRL Security cyber ranges as “Best in Class” noting, “There is no other choice regarding upskilling application and API developers, and organizations will find CMD+CTRL an exceptional tool to upskill application developers.”
CMD+CTRL hosts regular community cyber range events in cooperation with regional OWASP chapters. To learn about upcoming events, follow CMD+CTRL Security on LinkedIn at: www.linkedin.com/company/cmdnctrlsecurity/
This report emphasizes how data-driven, immersive training can transform cybersecurity readiness, enabling organizations to close skills gaps and enhance resilience in an evolving threat landscape.
CMD+CTRL Security is a pioneer in software security training. For two decades, organizations of all sizes, from mid-sized to Global 100 companies, have relied on our training solutions to transform their software security. Our role-based modules, skill labs, and hands-on cyber ranges are designed to build skills that stick. Visit cmdnctrlsecurity.com to learn how we can help you launch a best-in-class training program.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.