Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world's most popular RPG rules. The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTX’s. The students split up into separate "corporations" with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.
Participating in and creating tabletop exercises, playbooks, and after-action reports that map to security frameworks Experience with decision analysis under pressure as a team Ability to create after action reports and present results
- C-level executives wanting to learn more about tabletops and specific technologies
- Defensive Security team members (Data Forensics, Incident Response, Analysts)
- Security Auditors
- Internal Awareness Teams / Trainers
- Infosec personnel interested in defending against social engineering
- IT support staff
- Anyone interested in learning more about tabletop exercises
Intermediate knowledge of Windows and Linux systems.
- Note taking material.
- System capable of participating in the video session.
- Stable Internet connection with sufficient speeds for video conference.
- Software capable of reading standard documents (MS Office, Google Drive, LibreOffice, etc.)
- Optional: Unicorn
See Environment setup here: https://github.com/CyberConTraining/DDTTX
- 60+ tabletop scenario examples
- Incident Response Playbook examples and templates
- After Action examples and templates
- Digital copy of the Defensive Security Handbook written by the famous Amanda Berlin
- Character (Organization) Sheets
- Slide Deck
Amanda Berlin - (@infosystir) Amanda Berlin is a Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author for a Blue Team best practices book called Defensive Security Handbook: Best Practices for Securing Infrastructure with Lee Brotherston through O'Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible.
Jeremy Mio - (@cyborg00101) - Focused expertise within the evolution of security convergence, the merger of physical and information security, and cyber-warfare. Information Security Officer within local government and Principal within CodeRed LLC. Previously worked within Fortune 500 in enterprise information security as well as physical security through training/contracting. Conducts various research and testing of small UAVs [Drones] for their use in defense applications in cyber warfare and intelligence, relying on Open Source technology and OSINT.