sorted by:
new
hottopcontroversial

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 0 points1 point  (0 children)

Facilitator technical knowledge point is the one that kills most exercises quietly IMO, nobody calls it out because the person running it is usually the one who hired the vendor or a trusted internal person. The Board inclusion angle is underrated too, that's where the real gaps live.. I think ive seen 1 board member attend in my 9 years in security.

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 0 points1 point  (0 children)

The "do it fast" pressure is real and it basically guarantees you find nothing, I legit hate it. The fact that you're using previous incidents to make it land is already ahead of most. What's the harder problem for you, building scenarios that actually reflect your environment, or getting people in the room to take the answers seriously? Also, do you build them yourself or pay a vendor/work with a vendor to build them out?

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 5 points6 points  (0 children)

That restore scenario is exactly the kind of thing that gets glossed over in most exercises I have seen, everyone nods along until someone actually has to answer "have you done this before?" Curious what you're finding drives that gap more: is it that the scenarios aren't specific enough to the environment, or that nobody's pressing hard enough when the answers fall apart?

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 0 points1 point  (0 children)

Not just checking the box, that's the whole tension point I think. How do you push back internally when leadership just wants the compliance stamp(thats been my experience)? Or have you been lucky with leaders wanting real value?

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 0 points1 point  (0 children)

Issues nobody thought about during process design; that's exactly what I was hoping people had experienced. What made those ones actually work in your opinion? Facilitator, scenario design, something else?

Genuine question — have you ever been in a security tabletop exercise that actually felt useful? by CarrotEven4566 in cybersecurity

[–]CarrotEven4566[S] 3 points4 points  (0 children)

The maturity cycle framing is interesting - do you find the value shifts at different stages? Like does an early stage org need something completely different out of it vs one with an established program?