Digital transformation is the trend. Other than the COVID-19 pandemic, people gradually began to work from places other than the office, increasing the risk of cyberthreats for both the employee and the company. Furthermore, the number and maturity of attacks on companies, public institutions, and private individuals are at an all-time high. As a result, cybersecurity has become a critical topic for any organization. It is important to educate the workforce on how a cyberattack takes place and how to protect companies. As the protection measures are primarily provided by the company itself, the company should provide training to its employees. This training must achieve three goals: the skills on what to do when suspicious activity is observed, the awareness that everybody can be a target of cybercrime, and a change in culture to actively minimize the attack surface by staying vigilant. First, with a literature review, a research gap was identified as the lack of knowledge regarding serious games for non-cybersecurity professionals using attack simulation. Then a baseline of skills as a derivation of threats was elaborated. These threats were then used to create a cybersecurity serious game using attack simulations that was played by an audience in six field tests, – followed by a questionnaire.