Coordination and communication¶

Clear communication prevents confusion and enables learning.

Pre-engagement briefings¶

Red team briefing: Ensure red team understands objectives, scope, ROE, communication protocols, emergency contacts.

Blue team briefing: Set expectations for what might be tested, how to communicate observations, when to escalate.

Stakeholder briefing: Leadership and relevant teams understand exercise is happening, potential impacts, expected outcomes.

During engagement¶

Real-time coordination (disclosed testing): Red and blue teams share observations through dedicated channel. “Just executed Mimikatz on HOST-042. Did it alert?”

Scheduled check-ins (blind testing): Red team confirms operations remain within scope. Blue team reports any suspected testing activity.

Emergency communication: Both teams can immediately reach facilitator if something goes wrong.

Post-engagement¶

Hot wash: Immediate debrief (30-60 minutes) right after engagement. First impressions, surprising findings, obvious gaps.

Detailed debrief: Scheduled session (half-day to full-day) reviewing timeline, discussing findings, planning improvements.

Out-brief: Report to leadership on results, implications, improvement plans.