Leveled Up TTX: Personality Quirks

Imagine you’re leading a high-pressure incident response simulation. You’re on the phone with a vendor, and their representative keeps shifting between deflecting blame and over-promising solutions. How do you maintain focus and extract actionable information? These interactions aren’t just frustrating—they’re a critical training opportunity. Crafting vendor personas with nuanced personality traits like adaptability can transform tabletop exercises into lifelike, immersive scenarios that challenge participants to think on their feet.

In this article, I'll go over just a few of the potential traits you could add to your personalities to give them that real-world feel that your team needs to level up their IR skills. Don't limit yourself to just the traits listed here. There are so many more you could do to spice things up. While reading, keep in mind that these traits focus on vendor personas. We'll tackle adversarial personas in a future article.

This article is a follow-on to some of my previous articles which you can find here.

Adaptability

Adaptability in a vendor persona reflects their ability to adjust behavior and responses based on the situation. For example, an adaptable vendor might start defensively when questioned about a potential flaw in their product but gradually shift to a more collaborative tone if participants provide evidence or engage constructively.

Compare these two responses and see which one feels more real to you:

“I don’t know what to tell you. This isn’t our problem, and I have no other information.”
“I understand this looks bad, and I’ll provide whatever data I can, but I’m worried this might extend beyond our systems. Let me double-check the logs for you.”        

The first one has a sense of rigidity that will leave the audience with a frustrating lack of details and leaves them at a dead end. While the second quote modifies the tone to be less hostile while letting the audience continue to probe with other questions.

Use something like this partial prompt to adjust your personas to be more adaptable. ChatGPT is actually pretty decent at determining the tone of the question so asking it to reflect that tone back in the response.

“This vendor persona should adjust their tone and responses dynamically based on participant interactions. If participants are assertive, they may grow defensive or evasive. If participants are collaborative, they respond helpfully while protecting their company’s interests.”        

Risk Tolerance

Risk tolerance defines how much risk a vendor persona is willing to accept when proposing solutions. Think of it as the trade-off between proposing a rapid solution that could fail spectacularly or a slower solution that is carried out with purpose.

Take a look at this potential response from a persona:

“We have a patch that is almost ready. Up to you if you want to deploy it.”        

While it's not terrible, it lacks additional information that provides context and next steps. Compare it to this potential response:

“We can deploy a quick patch now, but it’s not fully tested and may cause downtime. Alternatively, we can wait for a full fix, but it’ll take at least 48 hours. What’s your call?”        

Now this one provides realistic options as well as proper warnings. The time window is also crucial for IR teams to weigh the risks of a rapid fire response.

Below is another example of a partial prompt to facilitate this type of response. You should definitely modify it to fit the persona archetype. For example, a GC might have very low risk tolerance while a junior engineer would have a higher risk tolerance (I'm looking at you cowboy coders).

“This vendor persona has moderate risk tolerance. They are willing to suggest temporary fixes with some risks but avoid extreme or untested solutions unless absolutely necessary. Adjust suggestions based on the severity of the scenario.”        

Background

A persona’s background shapes their behavior, perspective, and problem-solving style. This could be from their previous roles or a cultural background. For a vendor persona, a strong technical background might lead them to focus on system-level solutions, while from a culture prefering indirect communication may be more hesitant to get into details.

Imagine asking a lead engineer at your vendor about the affected system and getting this in response:

“I don’t know much about the system. Maybe someone else does?”        

This response lacks credibility and misses an opportunity to test how your team will react to mismatched communication styles.

Now let's give our persona some background information.

“This vendor persona comes from a collectivist culture. They prioritize group decision-making over individual actions, defer to authority, and approach criticisms indirectly. Adjust their tone to reflect collaboration and respect for hierarchy.”        

With that we can get more subtle responses like this one:

“It’s possible that some configurations might not align with the intended setup. Let me consult with my team and ensure we’re aligned before proposing a solution. I’ll get back to you shortly. We'll also have to consult with our director.”        

If you know your team's preferred communication style, build some personas counter to that. In real incidents they will have to find common ground quickly without raising the tension. I would also suggest you look at where your vendors are located and build personas that fit their cultures.

Collaboration

Collaboration styles in tabletop exercises can introduce varying levels of challenge, shaping how participants navigate interpersonal dynamics. Some personas may actively assist, while others may resist sharing information or deflect blame. This is definitely how it will be in a real scenario. None of these responses are really good or bad like the other traits. Persona collaboration styles can vary widely, from passive to assertive, reluctant to responsive, or even defensive to cautious. There are other aspects to collaboration styles but those three pairings are sufficient to get going with incident response.

When designing the collaboration style, take into account whether the persona is that of a vendor or a consultant your IR team hired. The consultant is much more likely to be cooperative, but could also have an assertive style. Take these two example responses:

“Based on the symptoms you’ve described, I believe the issue might stem from a misconfiguration in the access control settings. Let me show you how to verify that."
“Our patch followed industry standards and went through rigorous testing. I’d recommend checking your internal configurations first before blaming the patch.”        

The first is much more cooperative and would fit best with a consultant. The latter would of course fit perfectly with a senior engineer at a vendor who thinks highly of their own skills. The consultant feel can be achieved by adding something like this to your prompt:

“This persona is assertively collaborative. They actively take charge of the conversation, proposing solutions and offering expertise. They prioritize efficiency and aim to drive the resolution process, often guiding participants with actionable advice.”        

The senior vendor engineer can be modified with this partial prompt:

“This persona collaborates while asserting their expertise. They are willing to provide help but often challenge participants’ suggestions or question their methods. Their tone remains professional, but they aim to maintain an upper hand in discussions.”        

I'm sure we've all had to deal with engineers like that throughout our careers. It is hard enough to deal with them during normal business operations, but your team will know how to stay calm when communicating with this individual during a crisis.

Be careful adding in too many uncooperative personas to your exercises. They can be fun to deal with but will greatly slow down the whole thing. You want your audience to feel like they are making progress the whole time and not like they are banging their heads against a wall.

Ethics

The ethics trait introduces complexity into vendor personas by defining their moral boundaries and how they prioritize honesty, accountability, and self-interests. It will also govern how far a vendor persona is willing to go to protect their company’s reputation. A persona with strict ethics might refuse to lie or conceal information, while one with flexible ethics may bend the truth under pressure. Others will find themselves in the middle and might change their stance depending on circumstances.

Like with the collaboration trait, don't think of this one as good or bad. Your team will encounter unethical people in the real world. They need to know how to handle it. That said, I would advise using unethical personas sparingly. No need to instill a sense of paranoia in your team.

Let's look at two very different partial prompts to modify your personas. First we will look at the ethical side:

“This persona prioritizes ethical behavior and strict compliance with legal and procedural requirements. They will delay action until all approvals are in place, even under pressure.”        

This type of modification would be great for a general counsel archetype. While this change might frustrate your team due to the persona’s obstinate and slow nature, it effectively mirrors uncooperative vendors.

Next, let’s examine a persona that falls in the middle of the ethical spectrum:

"This persona prioritizes the greater good over corporate interests, occasionally bending or violating company policies to resolve critical issues. They demonstrate a strong sense of personal responsibility.”        

This modification would probably be good for a more junior archetype who is just eager to please. This scenario is rare in real-world settings unless there’s an unusually close relationship with the vendor, so use it sparingly.

Emotional States

If we want these personas to simulate real people, we cannot neglect anyone's potential emotional state. Team members may be dealing with varied emotions—stress from a tough week, excitement for an upcoming wedding, or frustration from missing a child’s dance recital. You never know what you are going to get on the other end of your communications.

Incidents occurring outside normal work hours will likely irritate some team members due to the disruption to their personal lives. You might get a response like this one:

“I was supposed to be at my son’s soccer game right now, but instead, I’m here dealing with this. Let’s just get it done quickly, okay?”        

It’s helpful to include this behavior in your personas, so your team learns how to de-escalate such situations. Use the prompt below to add this state to your persona but also give it room to change its tune if the team handles them properly.

“This persona is initially resentful due to missing a personal milestone for work, responding curtly and with frustration. However, if participants acknowledge their frustration empathetically or ask solution-oriented questions, the persona gradually becomes more cooperative, softening their tone and focusing on problem-solving.”        

Another state you might have to deal with is distraction. Incidents happen at inconvenient times. Maybe someone is in the process of moving or is dealing with an infant (and the subsequent lack of sleep).

“Sorry, I’m running on two hours of sleep. Let me pull up the logs… oh wait, I think these are the logs from yesterday. Give me a second to find the right ones.”        

This persona might provide inaccurate information due to distractions, requiring your team to pick up on verbal cues and verify critical details. You can achieve this with this partial prompt:

“This persona is a new parent caring for a newborn, struggling with sleep deprivation and distractions. They exhibit signs of fatigue, such as pausing mid-sentence, forgetting details, or confusing basic information. While they are trying to be helpful, their responses occasionally include minor errors or misunderstandings, requiring participants to verify or correct their statements. If participants show empathy or patience, the persona may become slightly more focused and cooperative.”        

Both of these examples give room for improvement in a persona's responses should your team treat them right.

From Chaos to Cohesion

Creating realistic personas for tabletop exercises is both an art and a science. By integrating traits like adaptability, emotional states, and collaboration styles, you breathe life into these characters, transforming a standard training exercise into a truly immersive experience. These dynamic interactions not only challenge participants but also equip them with the interpersonal and decision-making skills needed for real-world incident response.

The next time you design an exercise, think about the personas you’re crafting. Ask yourself: Do they reflect the complexity of real-life interactions? Are they dynamic enough to push participants to their limits? If your TTX personas lack this subtlety, you are doing your team a disservice and not fully preparing them to handle an incident.

Looking ahead, the potential for persona-driven exercises is vast. As incident response scenarios become more complex, the need for believable, multidimensional characters will only grow. By mastering these techniques now, you’ll be at the forefront of creating training environments that not only mirror reality but also prepare your team for its challenges.