Signed in as:
filler@godaddy.com
Signed in as:
filler@godaddy.com

In 2022, the Cyber Defense Center launched Force Labs, an innovation and incubation initiative focused on transforming research into practical cybersecurity solutions. Through Force Labs, we have designed, developed, and launched a growing portfolio of products, services, and platforms that advance our mission while addressing real-world security challenges faced by organizations across critical infrastructure, government, education, and industry.
What began as a research-driven organization has evolved into an applied sciences and technology development organization, creating solutions that bridge the gap between cybersecurity theory and operational defense. The products highlighted below represent technologies that have been released, are actively being piloted, or are currently under development.
The Cyber Defense Center is also pioneering a new model for cybersecurity procurement through the nation's first non-profit cybersecurity reseller program. This initiative is designed to make enterprise-grade cybersecurity technologies more accessible and affordable while reinvesting proceeds into cybersecurity research, workforce development, education, and community defense initiatives.
Through strategic partnerships with leading technology providers, the program enables organizations to access trusted security solutions while directly supporting the advancement of cybersecurity for the public good.

ThreatSpire is an intelligence-driven cyber defense platform developed, in part, through the Cyber Defense Center's Force Labs incubator program. Built by practitioners, researchers, and defenders, ThreatSpire was designed to solve one of the most persistent challenges in cybersecurity: transforming disconnected threat data into actionable intelligence that organizations can use to make better decisions, faster.
Unlike traditional threat intelligence platforms that focus solely on collecting indicators or monitoring adversaries, ThreatSpire provides a complete intelligence lifecycle capability. Organizations can define intelligence requirements, contextualize intelligence to their unique environment, investigate indicators and threat actors, collect intelligence through active sensors and honeypots, manage investigations, support operational decision-making, and communicate outcomes through executive reporting.
ThreatSpire combines intelligence operations, threat analysis, case management, active collection, and decision support into a single platform that enables organizations to move from detection to understanding and from understanding to action.
As part of the Cyber Defense Center's vision for collective defense, ThreatSpire is also designed to support secure information sharing between organizations, critical infrastructure sectors, Information Sharing and Analysis Centers (ISACs), government agencies, and trusted partners. By enabling organizations to contribute, consume, and operationalize threat intelligence, ThreatSpire helps transform individual observations into community defense.
The platform reflects the Cyber Defense Center's belief that effective cyber defense is built through collaboration, transparency, and the collective application of intelligence. ThreatSpire is not simply a threat intelligence platform. It is a force multiplier for defenders and a foundation for coordinated cyber resilience
.png/:/cr=t:0%25,l:0%25,w:100%25,h:100%25/rs=w:600,cg:true)
ThreatSpire is not just CTI collection. ThreatSpire begins with questions.
Examples:
The platform continuously evaluates evidence against those questions.
This is extremely different from traditional TIPs (Threat Intelligence Platforms) already on the market.

The Organization Context screen is a major differentiator.
ThreatSpire understands:
This allows the platform to score intelligence relevance.
Most CTI products answer:
"Is this bad?"
ThreatSpire answers:
"Does this matter to YOU?"

ThreatSpire Platform Capabilities:
The actor model is the heart of the ThreatSpire platform.

ThreatSpire Platform Capabilities:
This capability creates a CTI investigation workbench which is much more that simple IOC lookups in other competitive platforms.

ThreatSpire Platform Capabilities:
This is intelligence generation rather than intelligence consumption.

Desicion Intelligence is the most unique capability offered by Threatspire.
TheatSpire Platform provides:
This allows ThreatSpire to operationalize intelligence into analyst decisions.

ThreatSpire Platform Capabilities:

ThreatSpire Platform Capabilities:

Develop the people, processes, technologies, and governance needed to establish a strong and sustainable defense posture.

Assess, test, validate, and exercise capabilities to identify weaknesses before adversaries do.

Apply proven methods, experienced practitioners, and defense-grade solutions to protect critical services, critical infrastructure, communities, and missions from cyber threats.

In 2027, the Cyber Defense Center plans to launch one of the nation's first nonprofit cybersecurity reseller programs.
Cybersecurity has become increasingly complex. Organizations are often forced to navigate hundreds of vendors, overlapping capabilities, and conflicting recommendations.
The Cyber Defense Center intends to provide:
Revenue generated through reseller operations will help fund:
Our objective is simple: help organizations acquire the right capabilities to improve security outcomes while reinvesting proceeds into workforce development, cyber defense research, community education, and public-interest cybersecurity initiatives.
Most cybersecurity purchasing is conducted through traditional commercial channels where incentives are often aligned to product sales, vendor quotas, and revenue growth. As a charitable organization, the Cyber Defense Center operates under a different mission.
The Cyber Defense Center believes cybersecurity should be measured by improved resilience, not product volume.
Our reseller program is being designed to help organizations make informed decisions, reduce unnecessary spending, and gain access to technologies that align with their operational objectives.
Every purchase helps strengthen not only the customer organization, but also the broader cyber defense community.
Security Outcomes First. Mission Before Margin.

ThreatSpire (threatspire.com) transforms raw threat data into actionable intelligence. Powered by AI, it aggregates IOCs across top CTI sources, normalizes scores into a single precision threat metric, and automatically generates YARA rules at scale. Analysts receive contextual, confidence-rated intelligence in seconds, cutting research time, improving triage accuracy, and enabling SOC teams to respond to emerging threats with unprecedented speed.
PhakeOut (phakeout.com) is an AI-powered security awareness platform that creates hyper-realistic deepfake phishing simulations from curated organizational content. By generating personalized, scenario-accurate phake injects, PhakeOut exposes users to the next generation of social engineering threats and trains them against the tactics adversaries actually use. The result is a dramatically more effective, behavior-driven awareness program that prepares organizations for modern AI-enabled attacks.
Entry-Level OT Cybersecurity Certification
The Cyber Defense Associate Certification™ (CDAC) is the entry point into the OTSEC learning path and the industry’s first foundational certification dedicated to cybersecurity for power stations, substations, transmission, and distribution environments. CDAC equips learners with essential knowledge of operational technology, industrial architectures, threat landscapes, vulnerability testing, consequence-informed engineering, and basic OT defense strategies.
Designed for IT professionals transitioning into OT, cybersecurity students, OT personnel seeking cyber expertise, or newcomers entering the field, CDAC builds the critical baseline skills required to begin a career in energy-sector cybersecurity.
Professional-Level OT Security Certification
The Cyber Defense Professional Certification™ (CDPC) is an advanced, practitioner-level credential for professionals responsible for securing industrial control systems and OT environments. Building on the CDAC foundation, CDPC develops the skills needed to analyze sophisticated threats, design secure architectures, implement advanced controls, manage risk, harden systems, and monitor networks in real time.
This certification prepares industry professionals to protect critical energy infrastructure against modern adversaries, including ransomware actors, APT groups, and cyber-physical threat campaigns. Through hands-on simulations, live lab exposure, and applied case studies, including real-world incidents, the CDPC validates readiness for high-stakes cyber defense roles within the electrical sector.
Expert-Level OT Cyber Defense Certification
The Cyber Defense Expert Certification™ (CDEC) is the capstone of the OTSEC training program and the highest-level credential for professionals securing operational technology in the Bulk Electric System. Intended for seasoned engineers, system architects, and cybersecurity leaders, CDEC validates mastery across advanced ICS/OT defensive operations, threat hunting, consequence-based architecture, red/blue OT exercises, and large-scale incident management.
Delivered through immersive live labs, multi-day attack simulations, and advanced engineering challenges, the CDEC prepares experts to lead cyber defense strategy for complex, interconnected energy systems. This certification represents the pinnacle of OT security readiness and demonstrates elite capability to defend critical infrastructure against the world’s most sophisticated threat actors.
GridSim (gridsim.org) is the Cyber Defense Center’s flagship operational technology simulation platform, designed to support the OTSEC™ certification program and provide a realistic laboratory environment for training the next generation of energy-sector cyber defenders.
This research initiative creates a fully functional, small-scale electric grid that integrates real industrial control systems, renewable energy generation, programmable logic controllers, smart grid components, and defensive cyber technologies. GridSim enables students and professionals to interact directly with live OT equipment, execute defensive operations, perform vulnerability testing, and experience the complex behaviors of modern grid infrastructure.
Developed as the practical foundation for the Cyber Defense Associate (CDAC)™, Professional (CDPC)™, and Expert (CDEC)™ certifications, GridSim provides hands-on exposure to:
By combining renewable energy systems, ICS equipment, and cyber defense tools into a cohesive, interactive grid model, GridSim advances workforce readiness and strengthens the sector’s ability to defend critical infrastructure from modern cyber threats.

Breach Reports (breachreports.org) is a Cyber Defense Center innovation initiative designed to create a comprehensive, next-generation catalog of historical and emerging breach data. By aggregating information from diverse public, private, and sector-specific sources, the platform applies new analytical criteria to uncover patterns, impacts, and systemic vulnerabilities affecting communities, critical infrastructure, and national security.
In addition to research and analytics, Breach Reports functions as a secure whistleblower intake platform, enabling individuals to confidentially submit breach information, emerging threat indicators, or early-warning concerns that may otherwise go unreported. This dual mission strengthens collective situational awareness and supports timely intervention across sectors.
Breach Reports empowers defenders, policymakers, journalists, and researchers with clearer visibility into the evolution of cyber threats, while providing a trusted channel for reporting incidents that help protect the public and the nation.
Attack5 (attack5.com) is a Cyber Defense Center research and incubation initiative focused on developing a next-generation platform for real-time external threat surface analysis and intervention readiness. Unlike traditional tools that only measure exposure after an incident, Attack5 evaluates an organization’s ability to detect, prevent, and actively disrupt attacks as they unfold.
The platform aggregates OSINT, threat-surface data, and public intelligence feeds, integrating sources such as IPVoid, Shodan, CertView, and other discovery engines, into a unified, contextualized threat profile. Automated listening engines continuously monitor for emerging indicators, map external exposure, and generate an Attack5 Threat Score that feeds into the broader Cyber Defense Center member rating system.
Attack5 also provides enriched intelligence that supports other CDC projects, including PhakeOut, by supplying real-world threat signals and external behavioral indicators. The ultimate goal of this research is to create a scalable, precision intervention platform that empowers organizations to understand their threat surface, anticipate threat actions, and elevate their readiness to interrupt attacks, not just respond to them.
Exploit5 is an automated penetration testing and red-team orchestration platform being incubated within the Cyber Defense Center as part of the broader Attack5 initiative. Designed to push beyond traditional vulnerability scanning, Exploit5 uses GPU-accelerated attack execution, one-button automation, and pre-built exploit chains to test defenses across nearly every layer of an organization's technology architecture.
By leveraging custom threat models, wartime-grade exploit sequences, and scenario-driven attack paths, Exploit5 provides a realistic, high-intensity assessment of an organization’s resilience under active adversarial pressure. It is built to evaluate not just exposure, but how well defenses respond, adapt, and contain sophisticated attack progression in real time.
Exploit5 extends the Cyber Defense Center’s capability model, already used to measure defensive maturity, by validating the actual effectiveness of deployed technologies, processes, and response teams. This new generation of automated red teaming gives organizations continuous, on-demand insight into their true defensive posture and their readiness for advanced cyber warfare scenarios.
INCTEP Automation is a Cyber Defense Center capability designed to modernize and streamline the full lifecycle of CISA cyber tabletop exercises (CTEPs) for members across critical infrastructure, government, and industry. Built to enhance readiness, coordination, and exercise value, this platform provides end-to-end management tools that drastically reduce administrative overhead while increasing analytical depth and repeatability.
The system includes a custom inject catalog, full CTEP package management, automated scheduling, dynamic feedback form generation, and integrated analytics to measure participation, performance, and organizational readiness. CTEP Automation also produces standardized After Action Reports / Improvement Plans (AAR/IPs) and maintains a structured CTEP Risk Register that links exercise outcomes to real operational risks and mitigation priorities.
By unifying planning, execution, documentation, and performance analysis, CTEP Automation enables organizations to conduct more frequent, higher-quality exercises, transforming CTEP engagement from a manual
Code Origin is a Force Labs research initiative being developed in partnership with DreamForge. Code Origin is focused on distinguishing AI-generated code from human-written code across open-source and public code repositories. As generative AI accelerates software development, the ability to verify authorship, trace code provenance, and identify synthetic contributions has become critical for supply chain security, intellectual property protection, and vulnerability management.
This project explores advanced detection methods such as machine-learning analysis, pattern differentiation, metadata correlation, and behavior-based signatures, to classify code origins accurately at scale. Force Labs also advises and supports community innovators developing commercial applications of this technology, including tools inspired by early grey-market prototypes such as GPTHero.me.
Code Origin advances the broader mission of strengthening software assurance and helping organizations understand where their code comes from, how it is produced, and what risks AI-generated contributions may introduce.
We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.