Tabletop Exercises placeholder cover

Cybersecurity Tabletop Exercises

From Planning to Execution
by Robert Lelewski and John Hollenberger
September 2024, 200 pp.
Use coupon code PREORDER to get 25% off!

Download Chapter 1: Why Perform Tabletop Exercises?

Look Inside!

Tabletop Exercises pages 6-7Tabletop Exercises pages 54-55Tabletop Exercises pages 162-163

One of the most effective ways an organization can prepare for cybersecurity incidents and test out their response processes are “tabletop exercises,” commonly used to discuss various actions in a hypothetical emergency. Veteran security consultants Robert Lelewski and John Hollenberger have run hundreds of such exercises, and they’ve now boiled down their vast experience planning these mission-critical events into the Tabletop Exercises handbook. Designed to take you from start to finish, the book’s chapters are arranged linearly — from management’s initial request to after-action review activities — empowering you to understand each and every necessary step for ensuring your tabletop is a true success.

You’ll see how to design a scenario that properly evaluates your team’s existing controls, pinpoints your weaknesses, and encourages collaboration. You’ll also examine the logistics of planning the event itself, develop effective facilitation skills, and explore ways of making process changes based on the tabletop’s outcomes. Along the way, you’ll learn:

  • Who to invite to your tabletop event, and why
  • Preparatory steps, like getting an executive sponsor and forming a development team
  • How to properly create a realistic tabletop exercise scenario
  • Facilitation strategies, such as audience interaction and managing the discussion

This essential soup-to-nuts resource also includes example scenarios geared at varying audiences at different levels — including infosec analysts, tech team members, non-technical employees, and executives — that you can easily adapt for your own organization depending on the goals of your tabletop.


Author Bio 

Robert Lelewski has more than 20 years of experience in IT, cybersecurity, incident response, and risk management. He started out as a computer forensic consultant before joining IBM's global incident response team. Later, he pivoted to helping organizations prepare for a cybersecurity event as the Director of Proactive Incident Response with Dell Secureworks. Currently, he is the VP of Cyber Security Strategy at Zurich Insurance’s Global Ventures. Over his career, he has conducted hundreds of tabletop exercises, and has been a consultant to organizations ranking from small regional banks to Fortune 50 companies across the globe. In addition, Robert holds multiple degrees and numerous industry certifications, including CISSP-ISSMP, CISA, CISM, CRISC, CIPM, CDPSE, and GCIH.

John Hollenberger is a seasoned cybersecurity consultant with over 16 years of experience in web and host-based vulnerability assessments, incident response, digital forensics, PCI compliance, and Data Loss Prevention. As a Senior Security Consultant of Proactive Services, he develops tabletop exercises, reviews and creates incident response plans, and conducts security assessments for a wide range of organizations. John holds degrees and certifications including a BA, CISSP, CISA, CISM, CRISC, GCIH, GWAPT, and Security+.


Table of contents 

Part I: The Tabletop Exercise Process
Chapter 1: Why Perform Tabletop Exercises?
Chapter 2: Planning the Tabletop Exercise
Chapter 3: The Development Process: Where the Rubber Meets the Road
Chapter 4: Facilitating a Successful Exercise
Chapter 5: Acting On What You’ve Learned: Evaluation and Next Steps
Part II: Example Scenarios
Chapter 6: Engaging a Technical Audience
Chapter 7: Engaging an Executive Audience
Chapter 8: Engaging the Business
Appendix: Reporting Templates


The chapters in red are included in this Early Access PDF.


“This book is a great resource for anyone looking to start or enhance their cyber simulation exercise capability. The practical insights, examples and step-by-step instructions can be immediately applied, helping readers to effectively test and evaluate a team’s ability to respond to a cyber incident. Good Stuff!"
—Anthony Giandomenico, Global VP, FortiGuard Security Consulting

"A must-read for anyone involved in cybersecurity incident response. It expertly covers all aspects of conducting tabletop exercises, from scenario development to delivery to evaluation, providing practical advice and examples. Get ready to design and execute impactful tabletop exercises with the help of this book!"
—Jeffrey J. Carpenter, FIRST Incident Response Hall of Fame inductee

"Rob and John clearly guide readers on how to design and get the most value out of a tabletop exercise rather than it just being another compliance requirement. They will not steer you wrong!"
—Troy M. Bettencourt, Global Partner & Head of IBM X-Force

"Lelewski and Hollenberger offer a masterclass in cybersecurity preparedness, covering every facet of incident response planning with meticulous detail and practical insights. Their focus on engaging an executive audience is particularly noteworthy, shedding light on the critical role that C-level executives and cross-functional leaders play in managing cybersecurity incidents. Tabletop Exercises sets a new standard in the field and is essential reading for any organizations aiming to enhance their cybersecurity readiness.”
—Brian Nesgoda, CIO/CISO, Black Swan Technologies

"Whether you are brand new to the concept of tabletops or a seasoned professional, this book empowers both individuals and teams to learn and improve on the planning, development and facilitation of these critical cyber exercises. Tabletop Exercises leads readers right from the design stage through to delivery, feedback gathering and even gaining organisational buy-in, with a variety of fabulous example scenarios and injects that many teams could simply pick up and run with! This should be on the bookshelf of any cyber professional who takes their tabletops seriously."
—Rebecca Taylor, Threat Intelligence Knowledge Manager @ Secureworks