During the spring of 2001, the United States Military Academy, the United States Air Force Academy, and the Naval Postgraduate School participated in first ever Cyber Defense Exercise. Each school set up identical small networks running a typical suite of services. They then configured the network to be as secure as possible in advance of attacks by a NSA-led Red Team. After almost a week of attacks a winner was declared. This was the best educational experience any of the authors ever participated in and most students felt the same way. Although this exercise required a great deal of resources, the information assurance educational outcome was great. By following the principles of the exercise design we suggest here a less ambitious exercise could become a standard feature of information assurance programs.