Curveballs%20and%20Tabletop%20Exercises%20Keeping%20Executives%20Engaged%20and%20Focused.png?profile=RESIZE_710x

 

They offers valuable takeaways for conducting successful cybersecurity crisis drills, emphasizing participant engagement and actionable outcomes.

 

 

 

Here is the verbatim discussion: 
what do I mean by that like they would come in day one and say  and you tap on the shoulder you're gone get up get out of here you know go stand in the corner of the room you're an observer you can't say anything it's like wait a minute that's the that's the CFO you just tapped on the shoulder you can't yeah but he's in Germany so he's not he's not able to be here right now so and what about that guy well yeah that's the C that's my chief security officer he's yeah he's on vacation at this Disney World so so we're going to let him so we're going to put him down in the basement and you can call him on the phone but he can't be in the room here he can't look at any of the stuff you know going on so you know that happens a lot um so you know try and you know that's one way you can throw throw them a curve or you could something they're not expecting um because inevitably whatever you plan whatever you're thinking whenever you think you're ready you're never ready right because it's never exactly like I remember during the blackout of 03 people said you know afterwards we got I got interviewed by all these TV stations were you ready were you ready and I'm like well we didn't have that exact scenario of like this blackout you know but we did have a lot of the plans we had just run a tabletop exercise we had just gone through Y2K a few years earlier and we had about 80% of it we were ready for but 20% of it was different 80% we were ready and that was pretty good so um but you know change it up so you know throw curve curve balls as we say in the US um that's another thing I think you need to really um as you mention another real tip is you know a lot of times people get through the exercise and they want to just kind of like say um okay I'm done see you next year see you next January right taking action items like you said and then having people report back it may mean it may not mean you have to have the entire team you know reassemble for part two and that's great if you can but it may be that you just have what we call um you know action items that people have to like report back on by by email or maybe the team comes back and says we want everyone to do the you know you know you assign who's responsible for those action items you have to have a name next to the action items you know these other people can participate Bob you can get together with you know Sarah and Mary and Bill but Bob is the person we're going to hold accountable and we're going to we're going to look for you to come back and update our plan to include this scenario that kind of a thing so you know making sure you do have actionable items I think is really important I think one more thing I would mention is ask people for feedback at the end you I talked about the hot wash in my example a little bit a few minutes ago whether you call it a hot wash whether you call it feedback know maybe you do it in a in a survey you know we do this with customer service all the time and other types of things like that what did you think was reasonable what could we have done better next time what um you know and you get some some pretty sophisticated answers from some Executives um you know around you know it gets them thinking it gets them thinking outside the box it changes things up from their normal environment um I've even seen people say and this is another little side tip don't do don't do you know go to um you know go to an offsite go somewhere else you know get people out of their normal environment so you know during an exercise sometimes the people are doing it all this is hard with covid because people working from home right so you know doing virtual exercises is really hard but they would get people in the same room and they would often do that as an offsite or get them to the emergency coordination Center you know if you if it's a tabletop you may or may not be able to go to the actual place where you would be if it was a real emergency you may but you may not but you know getting people out of their normal environment so they're not like going back and checking their email all the time or you know we had people who disrupted they would pop in and pop out pop in pop out and they were not really engaged they weren't like freed up you know some people would say you know turn your cell phone off and and you say we in a real emergency wouldn't we be texting each other whatever but you know if it's a tabletop exercise May the discussion the comments are very important and you want people to be focused just like if you go to someone a friend or or spouse for dinner you don't want them on the phone the whole time while you're having dinner with them right we all know that that's that's not very o it's not very U polite right it's not very U good etiquette so you want people engaged you want people participating and you want them there you don't want them kind of coming in coming out the whole time yeah Dan that's a great great point that you mentioned so I remember one of those like learning from failure cases kind of stuff so so I I mean that this is not something which I I mean not part of my usual stuff that we do I mean in my normal day-to-day stuff we are into uh red timming kind of stuff but in a few cases where I had been part of The Advisory Board Etc had done some of these exercise so I I recall one of the cases where some of the folks got into the room late around half an hour late so they missed the complete context and the setting and then during this session we did this carve ball where they wanted to uh kind of revive everything from the backup and we said that the backup is encrypted yep the cloud backup is encrypted and that kind of created a lot of frustration and these guys had a lot of challenges and issues to kind of cope up with this scenario and that created a lot of confusion in the room so I think what you mentioned is something very important that uh people should be completely dedicated they shouldn't be moving in and out and they should should have the context they should join the meeting on time and stuff like that else an exercise like this um can't go in the uh can be a very futile one and and if a few people are not engaged and involved that can actually kind of take away the seriousness of this exercise right so any any other thing you want to add Dan in terms of any of these success factors dos and don'ts before we move to the next one I just want to say one final thing that's you know you want to be growing the goal is to improve you know and and you're never going to be perfect this is a journey um it's not like you know some people come in and have observers I know Homeland Security they'll have people just sitting there taking notes and they'll grade you you can you can do that I know they have reasons you know did you do this did you accomplish what were your goals the team that's putting together the exercise certainly should have goals and outcomes that they're looking for and you know you can do that you know I know Homeland Security does that a lot they great people what worked what didn't work.

Highlights:

Throwing curveballs: Simulate unexpected events to test how the team adapts.

Actionable items: Establish clear post-drill steps to improve cybersecurity posture.

Feedback and improvement: Gather participant feedback to refine future exercises.

Minimize distractions: Encourage focused participation by limiting multitasking and interruptions.

Dedicated participants: Ensure participants arrive on time and stay engaged throughout the exercise.

Continuous improvement: View crisis drills as an ongoing process for improving cybersecurity preparedness.

Emphasizes that successful crisis drills require planning, participant focus, and a commitment to continuous improvement. By incorporating these elements, organizations can ensure their teams are better prepared to handle real-world cybersecurity incidents.

 

Speakers:

Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.


https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai
is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

 

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

 

 

 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform