Inside the World’s Largest Cyber Defense Exercise: Lessons from Locked Shields 2025 with Joseph Carson, Advisory CISO for Segura®

How do you prepare for the kind of cyberattack that could shut down a country?

This isn’t a theoretical scenario. NATO’s Locked Shields is the world’s most advanced live-fire cyber defense exercise. In 2025, nearly 4,000 cybersecurity experts from 41 nations came together to defend against more than 9,000 simulated attacks. These weren’t simple technical challenges. Participants were tasked with defending critical infrastructure - energy grids, financial systems, military communications - while simultaneously managing legal decisions, strategic communications, and crisis leadership.

Among this year’s participants was Joseph Carson, Segura®’s new Advisory CISO and Chief Evangelist, backed by Evandro Gonçalves, our Principal Solutions Architect & Presales Technical Lead, and Yago Lissone, our Security Analyst. Joseph's experience on the front lines of Locked Shields 2025 offers critical insights into the future of cybersecurity defense and what organizations must do today to strengthen their resilience.

Before we share his first-hand account, here’s why Locked Shields remains one of the most important exercises for global cyber defense and why leaders like Joseph play a vital role in shaping modern security strategies.

‍

About NATO’s Locked Shields: Where Cyber Defense Meets Reality

Organized annually by NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE), Locked Shields is the largest and most sophisticated real-time cyber defense exercise in the world.

Each year, participants face a series of highly realistic cyberattacks designed to simulate the technical, operational, and strategic complexity of a full-scale cyber crisis. In 2025, the scenario focused on defending the fictional nation of Berylia, whose government, critical infrastructure, and military networks came under sustained attack.

Over two days, Blue Teams worked around the clock to prevent catastrophic failures in essential services while navigating political pressure, disinformation campaigns, and legal response challenges. The objective: test not only their technical defenses but their ability to lead through crisis under extreme pressure.

As Mart Noorma, Director of the CCDCOE, noted:

“In a world where cyber threats cross every border, Locked Shields proves that resilience in cyberspace is built together.”

‍

Meet Joseph Carson: A Global Leader in Cybersecurity Resilience

Joseph Carson is an award-winning cybersecurity professional with over 30 years of experience in enterprise security and critical infrastructure protection. As Segura®’s Chief Security Evangelist and Advisory CISO, he focuses on identity security and helping organizations build resilient cybersecurity strategies capable of withstanding today’s most advanced threats.

Joseph holds CISSP and OSCP certifications and actively advises governments, critical infrastructure sectors, and global enterprises on strengthening security postures against evolving cyber risks.

He is the author of the widely recognized Cybersecurity for Dummies, read by more than 50,000 professionals worldwide, and regularly contributes expert insights to leading publications including The Wall Street Journal, Dark Reading, and CSO Magazine.

With a passion for advancing cybersecurity as a people-first mission, Joseph helps organizations integrate technology, processes, and leadership strategies to drive long-term resilience. Now, at Segura®, he brings this field-tested expertise directly to organizations working to secure privileged access, protect identities, and stay ahead of the next critical threat.

‍

‍

Inside the Action: An Interview with Joseph Carson

We spoke with Joseph shortly after his return from Locked Shields 2025 to discuss his experience and the critical lessons every organization can apply from this global exercise.

Q: Could you describe your role and responsibilities during Locked Shields 2025?

Joseph Carson:
“In Locked Shields 2025, I served as a Blue Team Defender with a specific focus as a subject matter expert on credential protection. My responsibilities included securing authentication systems, monitoring for potential credential abuse, and responding rapidly to any threats targeting user accounts. I was also on standby to provide urgent support to teammates across different domains, ensuring we could respond to critical incidents without delay.”

‍

Q: What were some of the key challenges your team faced during the exercise?

Joseph Carson:
“One of the biggest challenges was maintaining situational awareness across multiple systems while under continuous and sophisticated attack from the Red Team. Coordinating responses in real time, especially during credential-based attacks or privilege escalation attempts, tested both our technical skills and our ability to communicate under pressure. The pace was relentless, and ensuring that team members had the right support exactly when needed was critical.”

‍

Q: How does participating in Locked Shields influence your approach to real-world cybersecurity strategies?

Joseph Carson:
“Locked Shields reinforces the importance of preparation, collaboration, and agility in real-world cybersecurity. It highlights the need to build resilient systems that don’t just prevent attacks, but can recover and adapt quickly under pressure. The exercise has influenced my emphasis on incident readiness, credential hygiene, and fostering cross-team communication channels in professional environments.”

‍

Q: In your opinion, how does Locked Shields contribute to international collaboration in cybersecurity?

Joseph Carson:
“Locked Shields is one of the most effective platforms for fostering international cybersecurity cooperation. It brings together experts from around the world to tackle realistic, high-pressure scenarios, forcing participants to rely on shared knowledge, trust, and rapid information exchange. It breaks down silos and encourages a collaborative mindset that's essential for defending against modern, transnational cyber threats.”

‍

Q: What were your main takeaways or lessons learned from participating in Locked Shields 2025?

Joseph Carson:
“My key takeaways from this year’s exercise include the power of coordinated teamwork, the need for clearly defined roles in incident response, and the critical importance of staying calm and focused during high-stress events. Holding back the Red Team was a testament to our preparation and collaboration. Each round of Locked Shields deepens my appreciation for collective defense and the importance of continuous learning in the field.”

‍

‍

Why This Matters for Today’s Cybersecurity Leaders

Locked Shields may be a simulation, but the risks it highlights are real. Privileged access remains the most common target for attackers in the modern threat landscape. The speed at which your organization can detect, respond to, and recover from incidents will determine whether a breach becomes a headline or a footnote.

One immediate action to prioritize? Tighten control over privileged credentials.

Review privileged accounts, eliminate unused credentials, and enforce strong authentication and rotation policies. As Locked Shields 2025 shows, even the most advanced defenses can falter if credential management is overlooked.

At Segura®, we are proud to have Joseph Carson helping shape our vision for a more secure future. His field-tested expertise directly informs how we help organizations strengthen privileged access controls, improve credential hygiene, and reduce the time it takes to detect and respond to advanced threats.

With the right controls in place, your team can move beyond constant firefighting and focus on bigger strategic initiatives, knowing your most critical accounts are protected.

Our mission is to help organizations take these critical first steps while building toward long-term resilience. Because in the next crisis, every second will count.

Ready to take control of your credentials before attackers do? → Talk to Our Team Today