One of the elements missing from virtual environments in the emerging cyber domain is an element of active opposition. For example, in a training simulation the instructor assigns the student a task or objective, and the student then practices within the environment (the “cyber range�) until they feel comfortable with the task or are able to demonstrate the requisite level of mastery. The environment may have static defenses, such as access control or firewalls, or a fixed set of intrusion methods to defend against, but it typically lacks any active opposition that might adapt defensive or offensive actions (e.g., monitor logs, blocked connections, exploit switching or information gathering). This is akin to training fighter pilots against adversaries who know how to use their weapons, but do not have any tactical or strategic goals beyond that. This is unfortunate for two reasons: 1) it trains cyber operators to behave as though opponents do not have a tangible existence or do not have higher-level goals, and 2) it ignores an opportunity to tailor the student’s learning experience through adjustable adversary behavior. Cognitive agents have the potential to transform the cyber operations training experience. The application of cognitive agents to the roles of cyber offense and defense would provide a more complete cyber ecology for training purposes and thus a more realistic training experience for the student. There are two key challenges to creating such cyber agents: 1) modeling the complex, and continually evolving, processes of cyber operations within a cognitive architecture, and 2) defining the tools and data standards to enable cognitive agents to interoperate with networks in a portable way. This paper discusses novel models of cyber offensive and defensive behavior based on observation and elaboration of human expertise, as well as an approach to the creation of software adapters that translate from task-level actions to network-level events to support agent-network interoperability.