The Hodlberg Campaign
Twelve acts. One company. You decide if it survives.
Everyone who wants to learn through narrative instead of drill.
Year one. Fictional fintech called Hodlberg AG. Two engineers. One product. And a threat surface that grows by 10× with every funding round. You are the one defender. The twelve-act campaign tracks the company from Seed to IPO. You decide what survives.
Drills teach reflexes. Stories build intuition. The Hodlberg campaign is a twelve-act arc where every decision you make reshapes the security posture of a company growing from 3 people to 10 000 — and the choices compound. It's the only Academy track that makes security budgets feel like storytelling, not spreadsheets.
Get on the waitlist
We ship in cohorts. Early-access members get first picks on missions, credentials, and Sentinel mentor sessions.
Weekly Security Report
Critical CVEs, fix guides, and hardening tips — free, every week.
- ✦First 100 players credited in the closing sequence
- ✦Direct influence on the NPCs (name one supporting character after beta input)
- ✦Access to the private Hodlberg Discord for lore discussion
- ✦First playthrough of Year Two when it ships
Concrete outcomes. No lecture notes.
- 01Twelve playable acts from Seed Round to IPO
- 02Multi-path branching: K8s migration, multi-tenant launch, AI product — different acts, different adversaries
- 03A cast of NPCs with dialog: the paranoid CTO, the skeptical CFO, the junior DevOps who only knows bash
- 04Budget negotiation mechanics — you argue for security spend and live with the outcome
- 05Real consequence systems — bad decisions produce breach scenarios you then have to recover from
- 06Personal lore: at the end, you get a printable company timeline for your portfolio — the decisions you made, the breaches you prevented, the ones that slipped through
- ▸Anyone who wants to learn through narrative, not drill
- ▸Founders thinking about security across company stages
- ▸Engineers who want the 'bigger picture' view of a growing company
- ▸Teams wanting a shared security vocabulary across roles
The campaign touches every major regime as the company grows: GDPR at Series A, NIS2 at Series B, SOC 2 for enterprise expansion, EU AI Act for the AI product, DORA for the fintech licence. Not a substitute for compliance training — but produces intuition for when each one matters.
I ran this over a weekend. By Monday I understood why our SOC 2 program kept stalling — because I'd just lived through the equivalent in fictional form. Saved us two months.
Guardian — Hodlberg Veteran
Complete all 12 acts. Multiple-path completion (explore at least 2 branches) earns the 'Veteran' mark vs the default 'Graduate'.
- ✓Guardian-tier W3C Verifiable Credential
- ✓Personalised campaign timeline — printable, shareable
- ✓Access to bonus acts released 3× per year (Hodlberg: Year Two, Three, Four)
- ✓Credit in the game as a first-wave founder — listed in the closing sequence
Questions we already got.
How long does the full campaign take?+
Twelve acts, ~45–60 min each if you engage fully with the dialog and branching. ~10–12 hours total across a few evenings.
Is there a 'wrong' path?+
Yes — but you can replay any act. Some paths lead to breaches that become learning moments rather than game-overs.
Is this single-player?+
Launch is single-player. A team-mode variant (where different players take different roles at Hodlberg — CTO, Ops lead, Security engineer) is on the roadmap for 2026 Q3.