Find the gaps in your playbook before adversaries do.
A good tabletop reveals what your IR plan actually says vs. what your team actually does. We run executive and technical tabletops scenario-customized to your industry, stack, and recent threat landscape.
- Duration
- 2–4 hours
- Format
- Executive or technical
- Customization
- Industry + stack
- Output
- Gap report + actions
What's included
Scenario design
Scenarios written for your specific industry, stack, and threat surface — not generic 'ransomware exercise' templates.
Executive-level tabletops
Decision-focused. CEO, CFO, GC, COO walk through the calls they'd actually have to make.
Technical tabletops
Detection, response, and containment workflows. Engineering, IT, and security in the room together.
Injects & evolution
Scenarios evolve in real-time as the team makes decisions. Adversary doesn't sit still.
Observation & coaching
Senior facilitator coaches in real time. Honest feedback on gaps, not feel-good wrap-ups.
Gap report + action items
Written report with specific gaps identified, owners assigned, and timeline to close.
From design to readout
- 01Week 1
Scenario design
Industry, stack, recent threats — scenario tailored. Stakeholder list confirmed.
- 02Week 2
Tabletop session
2–4 hour facilitated session with the right people in the room (or on the call).
- 03Week 3
Readout + actions
Written gap report with prioritized action items. 90-minute executive readout if desired.
What you walk away with
- Honest read on playbook gaps and team readiness
- Specific action items with named owners
- Documentation auditors and regulators look for
- Cyber-insurance underwriting credit
- Cross-functional muscle memory for the real day
- Defensible 'we've tested this' narrative