Tabletop Exercises in Cybersecurity and Beyond

As a #managementconsulting professional at DSV Consulting, I have a passion for creating and executing #businessplans across various industries. However, since I joined the #cybersecurity industry with ThreatGEN three years ago, I have realized that there is a crucial step that I have overlooked in my planning process: using tabletop exercises (#TTX) to test the validity and effectiveness of my plans and procedures.

In this article, I will focus on how TTX can help improve cybersecurity outcomes, as well as their benefits, limitations, and the next level of innovation. I will also discuss how TTX can be applied to other types of business plans in future articles.

What are Tabletop Exercises?

[Bing generated] Tabletop exercises in the cybersecurity area are simulations of cyber crisis situations that test the human and managerial factors, rather than technical defenses, to a potential #cyberattack. They help organizations devise #bestpractices to respond to detected threats and unfolding attacks, should they occur. They also help validate existing #incidentresponse plans and expose weaknesses that can lead to improvement.

The typical format for tabletop training involves:

  • Testing preplanned actions in response to scenarios.
  • Group discussions to review the effectiveness of strategies and tactics, led by a skilled facilitator.
  • Introduction of additional challenges to the presented scenarios to widen the scope of cybersecurity problem-solving.

Tabletop exercises can be completed in as little as 15 minutes and are a convenient tool for putting your team in the cybersecurity mindset. There are also various resources and templates available to assist stakeholders in conducting their own exercises.

TTX Benefits

[Bing generated] Cybersecurity tabletop exercises have many benefits for an organization, such as:

Tabletop exercises are a valuable tool for enhancing the organization’s cybersecurity posture and resilience.

TTX Preparation

[Bing generated] There are different steps for preparing for a #cybersecurity #TTX, depending on the scope and complexity of the exercise, but a basic framework is as follows:

  • Step 1 – Pre-Exercise Planning: The first step is to define the key objectives, strategies and goals for the exercise, as well as the target audience, roles and responsibilities, and expected outcomes. It is also important to determine the scope, duration, format, and location of the exercise, and to identify the facilitator and the evaluators.
  • Step 2 – Exercise & Scenario Design: The next step is to create a practical cyber incident scenario that could affect the organization, based on the most frequent and painful threats. The scenario should include a timeline, injects, and triggers that simulate the unfolding of the incident and challenge the participants to respond. The scenario should also align with the objectives and goals of the exercise, tailored to the audience and the organization’s context.
  • Step 3 – Final Preparations: The third step is to finalize the exercise materials, such as the scenario, the questions, the injects, the evaluation forms, and the feedback forms. It is also important to communicate with the participants and the stakeholders about the exercise, and to provide them with any pre-exercise information or instructions. Additionally, it is advisable to test the exercise and the technical equipment before the actual delivery.
  • Step 4 – Exercise Delivery: The fourth step is to conduct the exercise according to the planned agenda and format. The facilitator should guide the participants through the scenario, injects, and questions, and encourage discussion and collaboration among them. The evaluators should observe and document the participants’ actions, decisions, and performance, and provide feedback and recommendations.
  • Step 5 – Post Exercise Activities: The final step is to analyze the results and outcomes of the exercise, and to identify the strengths, weaknesses, gaps, and lessons learned. The facilitator and the evaluators should prepare a report that summarizes the findings and recommendation, and share it with the participants and the stakeholders. The report should also include an action plan for implementing the improvements and follow-up activities.

Innovation in delivering Tabletop Exercises

[Bing generated] There are various innovations taking place in delivering #cybersecurity #TTX today, such as:

  • Using active threat intelligence to build realistic and relevant scenarios that reflect the current and emerging cyber threats facing the organization.
  • Using virtual platforms to conduct tabletop exercises remotely and efficiently, especially in the context of the COVID-19 pandemic and the increased reliance on #workfromhome.
  • Using diverse and creative scenarios that go beyond the technical aspects of cyber incidents and explore the human, organizational, and societal impacts and implications.
  • Using patient scenarios to simulate the disaster healthcare context and the challenges and opportunities for nursing students and professionals.

These innovations aim to enhance the quality and value of the tabletop exercises and to prepare the participants for the dynamic and complex cyber environment.

ThreatGEN® Red vs. Blue

ThreatGEN logo

As I said earlier in this article, I work directly with ThreatGEN and ThreatGEN founder & President Clint Bodungen and believe that the ThreatGEN® Red vs. Blue product embodies the greatest innovation in #cybersecurity #TTX available. Here is an excerpt from the website:

ThreatGEN® Red vs. Blue is the next evolution in cybersecurity education, training, and IR tabletop exercises. It is a game-based cybersecurity simulation platform that combines the power of an actual computer gaming engine and adaptive adversary simulation A.I., to provide the most practical and effective way for ANYONE to learn cybersecurity, from beginners to experts, and even leadership. It doesn’t require any prior technical knowledge or command line skills… not even to play as the red team! Used for cybersecurity education, awareness, training, and IR tabletop exercises, ThreatGEN® Red vs. Blue is immersive, interactive, and hands-on, and it’s supported by an education portal with online courses, labs, scenarios, and an online community.

ThreatGEN’s multitude of benefits the TTX platform include:

  • An active #artificialintelligence (A.I.) tuned to each scenario to deliver a different simulated response EVERY time – the #redteam is a challenge!
  • #TTX facilitators save over 100 hours of preparation time, equating to over $18,000 over only 5 uses.
  • Capturing simulation session #metrics over time allows management to determine a team’s cyber posture today, and how it matures over time (a time dimension).
  • Analysis of session historical metrics can be automated and integrated into #dashboards available throughout an organization.

Building on these REAL benefits of ThreatGEN today, one can imagine these possible benefits:

  • Automated ingestion of client network environments, analysis of #threatvectors, and delivery of customized scenarios to each client.
  • #artificialintelligence review of session metrics and generation of remediation plans to remediate deficiencies in an organization’s cyber posture.
  • Reporting of session metrics against #industryframeworks like NIST Cybersecurity Framework or ISO/IEC 27001, providing actionable remediation plans generated by #artificialintelligence bots like, Bard by Google or Bing from Microsoft.

TTX in other industries

Tabletop exercises can be useful in contexts other than #cybersecurity, such as an effective way to test #businessplans in various scenarios and situations. They could:

  • Identify roles and responsibilities of the team members and stakeholders involved in the plans.
  • Assess the readiness and preparedness of the organization to handle the potential impacts and risks.
  • Enhance the communication and coordination among the team members and stakeholders.
  • Discover the gaps, weaknesses, and opportunities for improvement and revision of the plans.

In conclusion, the #managementconsulting community has been caught flat footed when it comes to simulating and using a feedback loop to make business plans more effective. I will be writing more articles focused on that specific #usecase for #TTX, in the vain of capturing the #innovation that ThreatGEN has already delivered to the #cybersecurity community!

Please note that certain portions of this article were originally generated by Microsoft Bing Conversational Experiences, also referred to as the “Enhanced Bing”, and as such are used under its Terms of Use.

Each block was edited for readability and where possible, references were retained to other original content provided by Bing. The questions used were as follows for each section:

  • Define tabletop exercises in the cybersecurity area.
  • What are the benefits of a tabletop exercise in the cybersecurity area?
  • What are the steps for preparing for a tabletop exercise in the cybersecurity area?
  • What innovation is taking place in delivering tabletop exercises today?

The questions left unanswered, “Are, Bard and Bing the coming of SkyNet?” What are your thoughts on this?

About the author, Robert C. Rhodes

Robert Rhodes, Director of Sales

Robert C. Rhodes, ThreatGEN Director of Sales, is an experienced sales and business development professional with a background in finance, operations, and strategic planning. His proven track record of success in driving sales, leading teams, and managing customer relationships is visible as a former CEO of publicly traded companies with a history of successful fundraising, M&A, and revenue growth. He is skilled in managing financial and operational challenges in high-tech and #cybersecurity industries.

  • Industries – Edtech, Oil & Gas, Heavy Industry, and Technology
  • Specializes in public company M&A and disclosure
  • LinkedIn profile
  • Listed on Business Talent Group as available for projects through DSV Consulting

Here is a link to the original article as published on LinkedIn on February 15, 2023 and the article on DSV Consulting website.