The security industry produces more history than it retains. Every major conference includes talks framing current threats through historical context. Threat reports open with timelines. Vendor keynotes invoke Stuxnet. There is a shared vocabulary of milestones that serious practitioners are expected to know.
What has been missing is a way to test that knowledge competitively, under pressure, in a format that rewards deep familiarity with the industry’s full arc rather than just recognition of the biggest headlines.
Zero Day Timeline fills that gap. Developed by Reclaim Security, it is an interactive timeline game that challenges players to place cybersecurity milestone cards in correct chronological order. The game spans from the 1970s to 2025, covering breaches, hacker culture moments, conference milestones, framework launches, vendor events, and industry category definitions. It is a playable intellectual history of the security profession, and it is harder than you expect.
The Interface Sets Expectations Immediately
The visual design is the first signal that this game was built for practitioners. A neon pink and cyan perspective grid dominates the background, running toward a synthwave horizon against a deep black canvas. Card text renders in terminal-style monospace. Event IDs label each card as though they are entries in an incident tracking system. The header displays score, streak multiplier, and cards placed. A “Cash Out” button offers players the option to bank their progress rather than risk losing it on an uncertain placement.
The SOC Toolkit sits at the bottom of the screen with visible usage counters for each aid. A button in the lower left corner of the home screen allows players to submit events they believe belong in the deck, pointing to an intention to grow the card set over time.
Cards are more than name-and-year references. Expanding any card reveals a narrative explanation of its significance, and many include lore flavor text entries that give the events personality beyond the historical record. The card for Nir Zuk founding Palo Alto Networks carries the detail that his license plate legend read “CHKP KLR,” a nod to his time at Check Point. Cards are grouped by category tags such as “Titans and Tycoons” for vendor and founder events, adding a browsable taxonomy to the broader timeline.
The home screen features a Top Operators leaderboard ranking the highest-scoring players by handle and cards placed. The top score currently sits at 99,500 across 32 cards.
The Mechanics Are Simple. The Humbling Is Not.
Two modes are available from the home screen. Single player is the core experience and can be played anonymously. Two Player Duel requires both participants to register before competing, which connects the result to a named identity and gives the head-to-head format genuine stakes.
Players receive a cybersecurity event card and drag it into the correct position on a growing timeline. A correct placement earns points. Correct placements in sequence build a streak multiplier. Players have three strikes before the session ends. A wrong placement costs one strike, but a correct answer resets the count, meaning a player who recovers quickly can effectively extend their run.
When a session ends, players are prompted to enter a username and submit their score for the leaderboard. They can also share their result directly to LinkedIn, X, Facebook, or Reddit, extending the competition beyond the people already in the game.
The SOC Toolkit introduces three strategic aids. Nmap Scan indicates which decade the event falls in. Threat Intel reveals the exact year. Sandbox is the most tactically interesting of the three: activate it before a placement and an incorrect answer will not cost a strike or break the streak. It converts risk into safety, at the cost of the tool itself.
Each tool changes the calculus of the session. A player who spends Threat Intel early might find themselves without it when facing a genuinely ambiguous card later. That resource tension is what separates a disciplined run from one that burns out mid-session.
The Card Set Is Where the Game Gets Interesting
The depth of the deck separates Zero Day Timeline from a breach quiz. Yes, WannaCry is a card. SolarWinds is a card. Log4Shell is a card. But so is the L0pht Heavy Industries Senate testimony in 1998, when members of the collective warned Congress that internet infrastructure was structurally vulnerable. So is Barnaby Jack’s 2010 ATM jackpotting demonstration at Black Hat. So is Nir Zuk founding Palo Alto Networks, carrying enough industry lore to earn its own flavor text.
Gartner coining the SIEM category in 2005 is a card. The 2005 Symantec acquisition of Veritas is a card. Maty Siman founding Checkmarx in 2006 is a card. The emergence of CNAPP as a Gartner category in 2021 is a card. On the cultural side: DEF CON 1 in 1993, Dan Geer’s 2014 Black Hat keynote, the @SwiftOnSecurity account in 2014, and AppSec Village arriving at DEF CON 27 in 2019. The 2025 card, Preemptive Security Emerges, closes the arc with the industry’s current directional shift toward anticipatory defense.
The early cards, the Brain Virus in 1986 and the Morris Worm in 1988, anchor the timeline in an era when malware was novel rather than endemic. The game asks players to hold those early events in mind alongside the 2020s entries and reason about the distance between them.
At the Gartner SRM Summit
Reclaim Security will be at the Gartner Security and Risk Management Summit, June 1 through 3, 2026, at National Harbor, Maryland. Attendees visiting Booth #652 can win a limited-edition physical card deck.
Details may be found on the Reclaim Security website.
The Deeper Point
There is a version of cybersecurity education that presents facts in a structured format and hopes retention follows. Zero Day Timeline operates on a different principle. By asking players to sequence events rather than simply identify them, it forces a more demanding cognitive task: understanding the relative position of one milestone to another, and reasoning about the shape of a history rather than the content of individual moments.
Most practitioners know WannaCry. Fewer have a precise intuition for where it sits relative to the Cyber Kill Chain, which Lockheed Martin published six years earlier. That kind of sequential reasoning is a more sophisticated form of knowledge than event recognition alone. The strike-reset mechanic rewards players who recover under pressure. The leaderboard rewards players who sustain accuracy over a long run. The social sharing options mean the results travel. Zero Day Timeline makes all of that reasoning the game. Go find out where your memory has gaps.
