Episode 61
Overcoming the Stale Nature of Tabletop Exercises
While tabletop exercises (TTX) are considered a proven tool for finding gaps in an organization’s security posture, they can be painstakingly challenging to plan and implement effectively. In a time where information security teams are understaffed and overworked, are TTX still worth the time and resources? Or are there other ways of ensuring incident response readiness? Navroop Mitter, the CEO of ArmorText, a mobile security and privacy startup, sheds light on the various aspects of tabletop exercises and their effectiveness as a preparedness tool.
Time Stamps
00:02 -- Introduction
00:49 -- Setting the Stage and Compelling Stats
02:48 -- Guest's Professional Highlights
05:12 -- Overview of Tabletop Exercises
07:15 -- Comparing Tabletop Exercises to Simulation
11:12 -- Benefits of Running a Tabletop Exercise
12:36 -- Table Top Exercise Resources
15:18 -- Legal Representation in Tabletop Exercises
17:07 -- Doing Tabletop Exercises Right
23:20 -- Mistakes To Be Avoided
29:14 -- Building Resilient Communication Capabilities
34:28 -- Final Thoughts
Memorable Navroop Mitter Quotes/Statements
"A tabletop is a tool for organizations seeking to enhance their cyber resilience and readiness. It helps you develop muscle memory and identify gaps in your existing plans or other opportunities for enhancement."
"Unfortunately, too often, tabletops are seen as something the cyber folks do alone in their dungeons. But they're just as essential for C-suite senior leadership and the board."
"When we're helping organizations think through tabletops, or the simulations they're going to run, whether it's a very quick, lightweight discussion around the table, or a much more nuanced, immersive simulation, we're asking them to assemble stakeholders like senior leadership board members, IT and security teams, public relations, communications teams, legal counsel, human resources and finance together. This is not about the technologist. It's not just about security. This is about operational resilience. And that means the entire organization."
"When you test your IR plan, even without having a formal team in place, just testing the IR plan alone was nearly as effective; you still had 48 days saved just by having rehearsed and tested your plan, just by having run the playbook before, and understanding what it was to be in that scenario, or something similar to it."
"I think the need of the hour is increased executive and senior leadership involvement."
"Done right, tabletops are actually there to help you prepare for managing regulatory litigation and reputational concerns that often follow these events."
Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast
Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks.
Connect with Dr. Chatterjee on these platforms:
LinkedIn: https://www.linkedin.com/in/dchatte/
Website: https://dchatte.com/
Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338
https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712
Latest Publications:
Preventing Security Breaches Must Start at the Top
Latest Webinars:
How can brands rethink data security to maintain customer trust?
Cybersecurity Readiness in the Age of Generative AI and LLM
Insights for 2023, Cybersecurity Readiness with Dr. Dave Chatterjee
