Adapting exercises to your context

For small teams

  • Reduce scope (fewer vectors)

  • Simplify scenarios

  • Focus on one or two key skills

  • Use tabletop over live

  • External facilitator plays multiple roles

For large organisations

  • Run parallel teams with same scenario

  • Compare responses across teams

  • Include executive participation

  • Add regulatory/legal complexity

  • Video record for training library

For specific sectors

Financial services:

  • Focus on regulatory reporting

  • Payment system impacts

  • Market manipulation scenarios

  • Fraud implications

Healthcare:

  • Patient safety impacts

  • Medical device compromises

  • HIPAA breach scenarios

  • Ransomware with life-safety stakes

Critical infrastructure:

  • OT/ICS environments

  • Physical safety implications

  • NIS2 reporting requirements

  • Multi-site coordination

Maturity progression

Beginner teams:

  • Start with tabletops

  • Single vector scenarios

  • Clear decision points

  • Generous time limits

Intermediate teams:

  • Add live injects

  • Multiple vectors

  • Realistic time pressure

  • Communication complexity

Advanced teams:

  • Full live simulations

  • Sustained multi-day scenarios

  • Red team opposition

  • Minimal facilitator guidance

Discuss tailoring exercises to your organisation