Top News in Cyber Defence

Cyber Resiliency: Building Strength Through Tabletop Exercises

Part II: How to Develop & Deliver Successful TTX

By Kevin Sandschafer, COO & VP Cyber Risk and Assurance


In the first blog in this series, we looked at the ways Tabletop Exercises (TTX) can help your business be prepared for and remain resilient against cyberattacks. We also talked about incident response (IR) plans that define roles and responsibilities, set thresholds, and establish communication protocols. IR plans and TTX go hand-in-hand because your exercise is meant to test and improve your organization’s incident response. Today I’d like to take a deeper look at how a TTX is developed, designed, and delivered with your business’s objectives and operational needs in mind.

5 Building Blocks of Tabletop Exercises

Assign An Executive Champion

It’s important to find an ally in leadership. When a CISO, CIO or other executive or director in your organization sees the value of preparing all stakeholders, it’s much easier to obtain the buy-in from the stakeholders – the people who will be taking part in your TTX – and establish the groundwork for success from the outset. Your Executive Champion is someone who is actively involved with initiating the exercise and can explain the reasoning for the program will be an asset when asking your team to take part.

Define Your Objectives

What are the goals of your TTX? Clear and direct goals are good, ones that can be measured or tracked are even better. Your goal can be to develop a program that will strengthen your organization’s resilience to cyberattacks. Bring your Executive Champion in to assist in developing and establishing the objectives for the TTX program so it aligns with your company’s overall objectives.

Acquire Funding & Assign Resources

You will need to budget not only funds, but time and human resources, too. Engaging an experienced third-party like White Tuque can greatly increase the effectiveness and impact of your exercise(s). We can help with engaging stakeholders, planning logistics, and designing relevant attack scenarios to efficiently deliver training and awareness.

Document the Process

There is a lifecycle to a successful TTX.  I recommend documenting each phase of your TTX – from planning, to execution, through debrief and post-exercise actions. White Tuque’s experts will help you build documentation and processes that develop repeatable exercises, with refined and consistent results.

Develop A Roadmap

Based on your organization’s risk appetite, think through your maturity level with respect to operational resiliency. What is the frequency with which you plan to leverage TTX – annually? Quarterly drills that can be more focused? If it makes sense for your organization, you can strategize to conduct exercises on specific topics. With a roadmap in place, you have a plan to help your team understand both the impetus of the TTX and how they align with the organization’s future goals.

Ready, Set, Exercise!

You’ve recognized that remaining resilient in the face of cyber threats is important, and possible. You’ve reviewed your organization’s IR plan and potentially determined some strengths and opportunities for improvement. You’ve found an Executive Champion who has supported you in getting the buy-in from leadership and other stakeholders in the company, and they agree that conducting TTX is a strong piece to add to your cybersecurity and resiliency program. Congratulations – you’re ready to conduct your TTX!

There are five steps in the execution process. They are:

  • Identify
  • Design
  • Conduct
  • Evaluate
  • Enhance


Let’s take a closer look at what the first two steps are all about.


Before an activity can be designed, each organization must consider specific topics and what they mean in the context of that particular business. For TTX to be successful, they must be as realistic and relevant as possible. White Tuque will help you determine the business’s appetite for risk, identify industry threats, highlight vulnerabilities, and recommend stakeholders who should take part. Making these determinations ahead of time ensures that your TTX is an efficient and effective tool.


TTX can be repeatable, but they are also highly customizable. You can design your exercise(s) to address particular areas that matter most to your operations. In the design phase, White Tuque’s experts will learn about your business by conducting a brief impact analysis. We ensure there are rules of engagement and risk controls in place prior to conducting the TTX, so your people can participate without disruption to your operations. Our attack scenarios align to your core service offerings and are informed by your highest risks.

Taking these preparatory steps enables you to conduct your TTX. In the third and final piece on this topic, I will discuss what it means to execute your TTX, from conducting the exercise, through debriefing and evaluation, to enhancing the activity for next time.

In Part Three, we’ll get into the nuts and bolts of conducting, evaluating, and enhancing your TTX. Getting on the right path to developing and delivering successful Tabletop Exercises is easy! White Tuque’s experts are here to help you plan and execute your activity. Just give us a shout! Reach out to [email protected] today.

Connect with us on LinkedIn!

Would you like more information on this topic?

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

White Tuque Newsletter | February 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News Verizon insider data breach hits over 63,000 employees Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.

Work With Us.