Speakers
Synopsis
There has been a marked increase in business and government undertaking Cyber Incident Response Exercises – for a range of stakeholders from boards to executive management and also technical and operational teams. In this session I will share my experience in selling, executing or facilitating 100+ of these types of exercises.
As an industry subject matter expert in the intersection of education and incident response, I will describe what makes for a compelling and engaging exercise at all the layers in your organisation and also how to avoid the pitfalls where I have observed organisations struggle and achieve less than desired outcomes.
The needs and expectations for those concerned with governance, critical and complex decision-making and technical visibility are very different. However, many businesses are unable to distinguish the needs and therefore struggle to undertake exercises that stimulate the areas needed and do not stretch their participants to learn how to improve their response when under duress.
I will highlight the difference between “simulations” and “exercises” and how to understand what exactly you are trying to achieve and then how to articulate that both externally to acquire such services, and internally to align your stakeholder expectations.
Facilitating these exercises also require a substantial amount of planning, but should not be scripted so they remain dynamic. An effective facilitator should be able to “work the room”, handle objections and even hecklers and interlace education while narrating an unfolding incident. I will share some stories around facilitation (good and bad) and how to develop the skills needed to be successful in this domain.
