Tabletop Exercises placeholder cover

Tabletop Exercises

by Robert Lelewski and John Hollenberger
September 2024, 200 pp.
Use coupon code PREORDER to get 25% off!

Download Chapter 1: Why Perform Tabletop Exercises?

Look Inside!

Tabletop Exercises pages 6-7Tabletop Exercises pages 54-55Tabletop Exercises pages 162-163

One of the most effective ways an organization can prepare for cybersecurity incidents and test out their response processes are “tabletop exercises,” commonly used to discuss various actions in a hypothetical emergency. Veteran security consultants Robert Lelewski and John Hollenberger have run hundreds of such exercises, and they’ve now boiled down their vast experience planning these mission-critical events into the Tabletop Exercises handbook. Designed to take you from start to finish, the book’s chapters are arranged linearly — from management’s initial request to after-action review activities — empowering you to understand each and every necessary step for ensuring your tabletop is a true success.

You’ll see how to design a scenario that properly evaluates your team’s existing controls, pinpoints your weaknesses, and encourages collaboration. You’ll also examine the logistics of planning the event itself, develop effective facilitation skills, and explore ways of making process changes based on the tabletop’s outcomes. Along the way, you’ll learn:

  • Who to invite to your tabletop event, and why
  • Preparatory steps, like getting an executive sponsor and forming a development team
  • How to properly create a realistic tabletop exercise scenario
  • Facilitation strategies, such as audience interaction and managing the discussion

This essential soup-to-nuts resource also includes example scenarios geared at varying audiences at different levels — including infosec analysts, tech team members, non-technical employees, and executives — that you can easily adapt for your own organization depending on the goals of your tabletop.


Author Bio 

Robert Lelewski has more than 20 years of experience in IT, cybersecurity, incident response, and risk management. He started out as a computer forensic consultant before joining IBM's global incident response team. Later, he pivoted to helping organizations prepare for a cybersecurity event as the Director of Proactive Incident Response with Dell Secureworks. Currently, he is the VP of Cyber Security Strategy at Zurich Insurance’s Global Ventures. Over his career, he has conducted hundreds of tabletop exercises, and has been a consultant to organizations ranking from small regional banks to Fortune 50 companies across the globe. In addition, Robert holds multiple degrees and numerous industry certifications, including CISSP-ISSMP, CISA, CISM, CRISC, CIPM, CDPSE, and GCIH.

John Hollenberger is a seasoned cybersecurity consultant with over 16 years of experience in web and host-based vulnerability assessments, incident response, digital forensics, PCI compliance, and Data Loss Prevention. As a Senior Security Consultant of Proactive Services, he develops tabletop exercises, reviews and creates incident response plans, and conducts security assessments for a wide range of organizations. John holds degrees and certifications including a BA, CISSP, CISA, CISM, CRISC, GCIH, GWAPT, and Security+.


Table of contents 

Part I: The Tabletop Exercise Process
Chapter 1: Why Perform Tabletop Exercises?
Chapter 2: Planning the Tabletop Exercise
Chapter 3: The Development Process: Where the Rubber Meets the Road
Chapter 4: Facilitating a Successful Exercise
Chapter 5: Acting On What You’ve Learned: Evaluation and Next Steps
Part II: Example Scenarios
Chapter 6: Engaging a Technical Audience
Chapter 7: Engaging an Executive Audience
Chapter 8: Engaging the Business
Appendix: Reporting Templates


The chapters in red are included in this Early Access PDF.