Description

…Would you like to play a game?

What we are offering: a free-form wargame for up to 90 players.

The game will replicate a typical cyber security incident experienced by a medium sized company. It will be complex enough to involve all the players, but simple enough that experience in the technical side of cyber security will not be a requirement.

Players from a Blue background can come and play as the Red team to experience and explore the attacker mindset, or see how it feels to be a technical practitioner in the middle of such an incident.

Players from a Red background can come and experience how it feels to be on the other side. See how complex it can be to negotiate an incident, to deal with multiple stakeholders simultaneously, and secure systems while they’re still in use.

For all players, experience in a “safe to fail” environment what it is like to be in the middle of an incident, how to gather information, how to prioritise your actions, how to deal with and get the best outcome of a bad situation. Maybe experience it from a different role to the one you currently hold and gain a new perspective, for example CISOs could play as media or public relations.

Depending on player signups, teams will consist of players with a variety of experience, some participants will be there to try out their skills, others will be there to learn new ones or to see how a different aspect of their industry thinks.

The following roles are planned, player casting will take place much closer to the event:

C-Suite: there will be a variety of positions, each with their own specific aims, what decisions will you make when the buck stops with you? And when the media is waiting for an interview?

System Administrators: you can’t just turn everything off, how will you keep the organisation running while being suspicious of every node?

Network Administrators: This is probably just another phishing scare, you’ll keep everyone reliably connected while they figure it all out. You’ve done so since the pandemic started and you installed those shiny new VPN concentrators. Your team did decommission the old ones when that happened, didn’t they?

Security Operations: has your organisation been compromised on your watch? This isn’t a simple incident, you need to maintain security while investigating the suspected breach, where do you allocate sparse resources?

Media organisations: how does it feel to be outside looking in? And if the breached company won’t talk, should you give publicity to the criminals instead? Your editor is waiting…

Public Relations: “control the narrative” they say, but how do you manage that when the media twist what you say, and the C-Suite won’t be interviewed?

Customer Support: the “sharp end” of a reported breach, what do you tell all of your customers who’ve feel exposed

Red Team: you’ve gained access to the target, but you think you’ve been discovered; how can you exploit your access while not being removed from the target?

The detail