Practical Tabletop Exercises

Last year, during the lockdown period, I published here a short series of articles on how I build and deliver threat models for my clients. (Didn't see it, try here: https://www.dhirubhai.net/pulse/threat-modeling-article-index-ken-van-wyk)

That series was pretty well received, in my view, so I decided now that most of us are coming out of our various degrees of lockdowns, I'd publish a similar series here on building and executing tabletop exercises.

I should underscore here the type of tabletops (commonly called TTXs) I'm talking about are operationally focused drills designed to measure some aspect of incident response planning and/or operations. They can be broad in scope or deeply technical. They can be designed to test executive decision making or they can put your technical staff to task (e.g., forensic data collection and analysis).

I've built and delivered hundreds of TTXs with my clients in various industry sectors including energy, healthcare, education, financial services, product manufacturing, and so forth. They've also spanned audiences from executive suite level down to incident response analyst level and pretty much everything in between. I have a lot of "war stories" to share and I hope you'll consider following along on this little journey.

But, I'm getting ahead of myself... I'll shoot for getting the articles out on a more-or-less weekly basis here. I'll start by posting a broad (and subject to change) outline, and I'll again post a full index to the complete series when I'm done.

If your company does or is considering doing TTXs, I welcome your input, either with or without attribution, as you prefer. If there's a specific TTX-related issue you'd like to see addressed or if you have unanswered questions, drop me an email and I'll do my best to address them.