# What is a KC7 Event?

A KC7 event is when you bring people together to learn cybersecurity through an interactive investigation game. You create the space. KC7 provides the learning experience.

## What KC7 is

KC7 is a story-based cybersecurity game. Players act as investigators solving a cyber mystery. They work through a realistic (but fictional) incident by analyzing simulated computer and network activity, spotting what looks suspicious, and answering questions to move the story forward.

It's built for beginners. Players can jump in with no prior experience and still pick up real skills: thinking logically, building a timeline of events, and explaining what happened in plain language.

## What hosting actually means

You gather a group, whether students, employees, or community members, and give them a shared learning experience. You provide the time, the space (physical or virtual), and the encouragement. KC7 provides the game, the training, the tools, and the content.

Your event might be a 90-minute classroom activity, a 3-hour team-building session, or a full-day workshop. In a computer lab or over Zoom. The format adapts to your group.

During the event, participants work through the investigation while you facilitate. You answer questions, keep energy up, and celebrate discoveries. You don't need cybersecurity expertise. The game does that work.

## Who hosts KC7 events

**Educators** use KC7 to introduce students to cybersecurity careers and computational thinking without having to teach the technical material themselves.

**HR and corporate trainers** use it for security awareness that doubles as team building. Employees learn to think like attackers and defenders, which sticks better than slide decks.

**Community organizers and student leaders** use it to bring people together around technology in an accessible way. No expensive equipment, no specialized instructors. Just computers and internet.

**People building a cybersecurity program** use KC7 as a low-friction starting point. One successful event, then expand from there.

## What participants do

Every participant follows the same path:

1. Open the participant link in their browser
2. Read the scenario briefing
3. Investigate using real security analysis tools
4. Analyze log data to figure out what happened
5. Submit findings to the scoreboard
6. Pick up cybersecurity concepts through the work itself

No software install. No accounts ahead of time. No prerequisites.

## The tools they're using

The same ones professional security analysts use:

* **Azure Data Explorer (ADX)** for storing and querying security logs
* **Kusto Query Language (KQL)** for filtering and analyzing the data
* **KC7 Scoreboard** for tracking progress and submitting answers
* Built-in tutorials woven into the scenario

Participants don't feel like they're in a technical training. They're solving a mystery. The skills come along with it.

## Why you don't need to be an expert

Three reasons.

**The game teaches them.** KC7 scenarios assume zero cybersecurity knowledge. Early questions teach the basics. Later challenges build on those. You're helping people stay motivated, not explaining concepts.

**The story keeps them engaged.** "A Scandal in Valdoria" is a cyber incident in a fictional kingdom with political intrigue and digital mysteries. Participants want to find out what happens next.

**Hints are built in.** When someone gets stuck, the platform offers progressive hints. You don't need to debug their KQL query.

## Formats that fit your schedule

| Length           | What fits                                                                         |
| ---------------- | --------------------------------------------------------------------------------- |
| 45 minutes       | Taster session. 3 to 6 questions. Builds curiosity.                               |
| 90 minutes       | Standard classroom period or lunch-and-learn. Most won't finish, that's expected. |
| 2 to 3 hours     | Sweet spot for first-time hosts. Real progress, full investigation arc.           |
| Half or full day | Hackathons, training intensives, summer camps. Multiple modules possible.         |

You can run KC7 competitively (live scoreboard, prizes), collaboratively (teams), or learning-focused (scoreboard hidden). All three work.

## What participants gain

Beyond the cybersecurity content, participants build transferable skills: analyzing complex information, recognizing patterns, drawing conclusions from evidence, explaining technical findings in plain language.

The technical skills are real:

* **Log analysis** for reading security event data
* **Query writing** in KQL
* **Pattern recognition** for spotting anomalies
* **Threat hunting** by following evidence trails
* **Critical thinking** under uncertainty

Same foundations professional analysts use day to day.

## Your first event: A Scandal in Valdoria

Every host's first event runs our flagship scenario. A mysterious security incident in the Kingdom of Valdoria, layered with political intrigue and digital evidence.

Most participants won't finish the whole scenario in one session, and that's fine. Five questions of progress is a successful experience. Fifteen is more. Both worked.

The questions ramp up:

* Early ones teach basic log analysis and querying
* Middle ones apply those skills to deeper investigations
* Later ones ask participants to synthesize evidence and draw conclusions

Everyone learns something, regardless of where they finish.

## What you need

**For you:**

* A free KC7 account (created when you request your event)
* 1 to 2 days for approval
* A venue, physical or virtual

**For your participants:**

* A computer with a modern browser (Chrome, Firefox, Edge, or Safari)
* Internet
* Willingness to try something new

If they can browse the web, they can play.

## Start small

Many hosts approach their first KC7 event as a trial. One event, see how it goes.

If it works and you want more, your account already supports it:

* Add games with different scenarios
* Set up classrooms for different groups
* Track progress across events
* Build sequential learning programs
* Unlock advanced modules for returning participants

Some hosts run one event and stop. That's a complete use of KC7.

## Ready to host?

<table data-view="cards"><thead><tr><th></th><th></th></tr></thead><tbody><tr><td><strong>Quick Start</strong></td><td><a href="/pages/Nqy40PvdTEQISumx9CYV">Get started in 5 minutes →</a></td></tr><tr><td><strong>Request Event</strong></td><td><a href="/pages/eJw2rox7Ci2KOWlenwLY">How the request process works →</a></td></tr><tr><td><strong>Planning Guide</strong></td><td><a href="/pages/BEfCPNIZZyPgo4r5OpkS">Plan your first event →</a></td></tr><tr><td><strong>FAQ</strong></td><td><a href="/pages/u97Y2OQBeEFFxBP8JFq2">Common questions →</a></td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.kc7cyber.com/hosting-an-event/getting-started/what-is-kc7.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.