What is a Tabletop Exercise?
A tabletop exercise involves participants discussing and navigating through hypothetical scenarios that simulate real-world cybersecurity incidents. These exercises help organizations evaluate their incident response plans, identify gaps in their strategies, and improve coordination among different teams. By focusing on theoretical scenarios, organizations can refine their processes without the risks associated with live exercises.
Who Needs Tabletop Exercises?
Possible Formats for Tabletop Exercises
Tabletop exercises can be conducted in various formats, depending on the organization’s needs, resources, and goals. Here are some common formats:
- Facilitated Workshops: A structured format where a facilitator guides the discussion through different stages of the scenario. This format is ideal for ensuring that all relevant aspects of the incident are covered and for managing group dynamics effectively.
- Virtual Simulations: Conducted online, these simulations use digital platforms to present scenarios and facilitate discussions. Virtual exercises are particularly useful for geographically dispersed teams or when remote participation is necessary.
- In-Person Roundtable Discussions: Traditional format where participants gather in a physical meeting space to discuss the scenario. This format allows for face-to-face interaction and can be more engaging for participants.
- Scenario-Based Simulations: Involves presenting detailed scenarios with varying levels of complexity. Participants work through the scenarios step-by-step, making decisions and discussing their responses in real-time.
Key Features:
- Expert cybersecurity strategy and planning
- Risk assessment and management
- Compliance with industry standards
- Incident response and management
- Continuous security monitoring and improvement
- Staff training and awareness programs
| Tabletop Exercise | Security Awareness Training | |
| Objective | Test and improve the organization’s response to specific scenarios. | Educate employees on general security best practices and how to recognize and avoid potential threats. |
| Format | Interactive, scenario-based discussions involving multiple stakeholders. | Lectures, workshops, or online courses. |
| Scope | Focused on evaluating and enhancing response to specific incidents. | Covers a broad range of topics related to general cybersecurity awareness. |
| Outcome | Refined incident response plans and improved coordination among teams. | Increased individual awareness and reduced risk of human error. |
| Participants | Cybersecurity team, IT staff, management, legal and compliance officers, communication teams, and other relevant stakeholders. | All employees, including management and support staff. |
| Risk Level | Conducted in a controlled, low-risk environment. | Generally involves theoretical knowledge with minimal risk. |
| Documentation | Detailed documentation of decisions, actions, and lessons learned. | Often involves quizzes and records of participation. |
| Frequency | Typically performed periodically or when significant changes occur. | Conducted regularly, often annually or as part of onboarding. |
| Focus | Specific scenarios and responses. | General security awareness and prevention. |
Red Team ENGAGEMENT
The white paper document explores the methodology, testing process, planning, preparation, and expected deliverables.
Experience and accreditations
Cybersecurity:
- Offensive Security Certified Professional (OSCP)
- Offensive Security macOS Researcher (OSMR)
- Offensive Security Certified Expert3 (OSCE3):
- Offensive Security Experienced Penetration Tester (OSEP)
- Offensive Security Web Expert (OSWE)
- Offensive Security Exploit Developer (OSED)
- Certified Red Team Operator (CRTO)
- Certified Red Team Expert (CRTE)
- eMAPT. Mobile Application Penetration Tester
- API Security Certified Professional
- Burp Suite Certified Practitioner
- Certified Red Team Lead (CRTL)
- Certified Google Cloud Red Team Specialist
- Certified AWS Cloud Red Team Specialist
- Certified Hybrid Multi-Cloud Red Team Specialist
- Offensive Security Wireless Professional (OSWP)
Training Labs:
- Hack the Box Red Team Operator: Level 1/Level 2/Level 3
- Hack the Box Pro Lab BlackSky: Hailstorm
- Zero-Point Security: Red Team Lead RTO II (CRTL)
- Cyberwarfare Labs: Certified Red Team Specialist (CRTS)
- Cyberwarfare Labs: Certified Stealth Cyber Operator (CSCO)
- Cyberwarfare Labs: Certified AWS Cloud Red Team Specialist (CARTS)
- Cyberwarfare Labs: Certified Google Red Team Specialist (CGRTS)
- Cyberwarfare Labs: Certified Hybrid Multi-Cloud Red Team Specialist (CHMRTS)
Compliance and information security:
- Certified Information Systems Auditor (CISA)
- Cisco Certified Network Associate (CCNA)
- ISO 27001 Lead Implementor
- AWS Cloud Practitioner
- Certified Cloud Security Professional (CCSP)
Test consultancy:
- ISTQB Advanced Level Test Manager (CTAL-TM)
- ISTQB Advanced Level Technical Test Analyst (CTAL-TTA)
