Identify and Reduce Risk with Three Simple and Effective Cybersecurity Tabletop Exercises

Thursday, October 30, 2025

9:20 AM - 10:20 AM CT

Location: Volunteer D

CPE Credits 1

Speaker(s)

Robert Lelewski, CISSP, CISSP-ISSMP, CISA, CISM, CRISC, CFPSE, EnCE, CCE, CIPM, and GCIH

Senior Vice President
Marsh, United States

Unfortunately, many cybersecurity tabletop exercises begin with a familiar scenario: an executive approaches an infosec manager and states, “We need to conduct a cybersecurity exercise by the end of the year. Make it happen—quickly.” Such requests can create a sense of urgency and anxiety, especially since these events require careful planning and may be unfamiliar to some participants.

So, what do you do when time is tight and you can’t afford to invest significant effort into planning? How can you conduct an exercise that is both straightforward and effective, ensuring that participants feel their time is well spent?

This presentation will introduce three simple cybersecurity exercise ideas that require minimal planning, are applicable to most organizations, and provide valuable insights by identifying potential weaknesses or validating the effectiveness of processes.

Learning Objectives:

Immediately leverage three tried-and-true tabletop exercise scenarios that will be discussed in this presentation. Participants will gain an understanding of the nuances of these scenarios, which have near-universal applicability regardless of their organization, and will be able to implement them with minimal alterations.
Feel confident with a demystified tabletop delivery process. The tips and techniques discussed will enable participants to not only deliver a tabletop exercise but also understand common pitfalls to avoid in the process.
Understand and implement basic planning steps that, when executed, enhance the overall efficacy of the tabletop exercise. These planning steps will facilitate more effective after-action reviews, which are a cornerstone of the tabletop exercise process and often overlooked.