Tabletop Exercise (TTX) Workshops

CyberProtex conducts one-day Cyber Resiliency workshops or Tabletop Exercises all around the United States. The one-day workshops introduce professionals to best practices in cyber resiliency, seek to foster communication within companies, entities and industries to strengthen resiliency capabilities, and will identify continuity and crisis management planner’s potential gaps in response capabilities. Attendees will hear subject matter experts on best practices; question a panel of subject matter experts on what works or does not work for them; review a current real-world case study; and collaborate in a table top exercise with time for discussion and debriefing.  

The CyberProtex Tabletop Exercise (TTX) is discussion-based and provides an incident scenario with a series of injections that we tailor to your operational needs. The TTX Services team moderates a discussion and breaks participants into teams. Each team is then required to respond to each injection and present their findings to the entire audience of participants.

Cyber Resiliency

Infrastructure

Counter Terrorism

Tabletop Exercises (TTX) and Industrial Compliance
NIST 800-171 and CMMC

Conducting a tabletop exercise can satisfy several NIST 800-171 controls related to incident response, risk management, and continuity planning. Here's how it aligns with specific controls:
1. Incident Response (IR)
  • 3.6.1: Establish an incident response capability.
    • Explanation: A tabletop exercise helps demonstrate and test your organization’s ability to respond to security incidents effectively.
  • 3.6.2: Detect and report events.
    • Explanation: Exercises help to identify gaps in detection and event reporting procedures and ensure teams know how to report security events promptly.
  • 3.6.3: Develop and implement incident response plans.
    • Explanation: Running through scenarios validates the incident response plan, ensuring that roles, responsibilities, and communication protocols are understood.
  • 3.6.4: Test incident response capability.
    • Explanation: A tabletop exercise is a form of testing that provides insights into how the incident response plan works under simulated real-world conditions.
  • 3.6.5: Track, document, and report incidents.
    • Explanation: Exercises often include documentation and after-action reporting, which helps satisfy requirements for tracking and reporting incidents.
2. Risk Assessment (RA)
  • 3.11.1: Periodically assess the risk to organizational operations, assets, and individuals.
    • Explanation: A tabletop exercise can be part of a broader risk assessment process, identifying potential weaknesses in incident handling and response strategies.
  • 3.11.2: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities are identified.
    • Explanation: While not a direct vulnerability scan, a tabletop exercise may reveal procedural vulnerabilities or gaps in response.
3. Security Assessment (CA)
  • 3.12.1: Periodically assess the security controls in organizational systems to determine if they are effective.
    • Explanation: Exercises allow for evaluation of how well security controls are implemented in practice, especially during an incident.
4. Contingency Planning (CP)
  • 3.13.1: Establish and maintain contingency plans.
    • Explanation: Tabletop exercises simulate scenarios that could disrupt operations, ensuring that contingency plans are well-prepared and actionable.
  • 3.13.3: Test and review contingency plans.
    • Explanation: The exercise serves as a testing mechanism to validate the effectiveness of contingency plans and make necessary adjustments.
5. Awareness and Training (AT)
  • 3.2.1: Ensure that managers, system administrators, and users of organizational systems are made aware of the security risks associated with their activities.
    • Explanation: Participating in a tabletop exercise raises awareness of security threats and the importance of their roles in incident response.
  • 3.2.2: Ensure that personnel are trained to carry out their assigned information security-related duties and responsibilities.
    • Explanation: Exercises serve as a training activity, helping staff understand and practice their response roles.
Summary of Benefits
By conducting tabletop exercises, an organization can:
  • Validate and refine incident response and contingency plans.
  • Improve staff readiness and coordination.
  • Identify and address procedural gaps.
  • Enhance overall resilience to security incidents.
These exercises demonstrate compliance with NIST 800-171 requirements, particularly those focused on incident response and preparedness.

TTX Collaboration Exercises

Prepare your team to face real-world cyber threats with confidence. Our expertly crafted TTX sessions immerse participants in realistic cyber incident scenarios, empowering them to assess and refine their response strategies in a safe, controlled setting. As cyber threats evolve, your team must be ready to protect your organization effectively.

What Our One-Day TTX Covers:

Tailored Scenario Development
We collaborate with your team to create a custom scenario that addresses your organization’s unique cybersecurity challenges and goals. Scenarios range from ransomware attacks and data breaches to phishing campaigns, ensuring your team gains well-rounded preparedness.

Engaging Interactive Simulation
Our skilled facilitators guide your team through a dynamic cyber incident simulation, encouraging strategic decision-making and teamwork at every stage. Participants work together to uncover gaps, enhance response protocols, and develop practical solutions in real time.

Comprehensive Analysis and Actionable
Insights After the exercise, we deliver a detailed After Action Report (AAR) with an in-depth assessment of your team’s performance, highlighting strengths and pinpointing areas for improvement. We provide clear, actionable recommendations to strengthen your organization’s cybersecurity resilience and readiness for future threats.

Smart Grid

Cyber Attacks

Threat Hunting

CyberProtex partners with DHS CISA

At left is Klint Walker of the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.
​At right is Ben McGee, CyberProtex CEO

PAST TTX - Cyber Resiliency Workshop - Medical Industry



CyberProtex is presented a one-day Cyber Resiliency workshop in Huntsville, AL at Hudson Alpha in the Jackson Center. Cyber Resilience is the ability of the enterprise to adapt to cyber-attacks and emergency events that impact the confidentiality, integrity and availability (CIA) of business operations.  ​

The one-day workshop will introduce professionals to best practices in cyber resiliency, seek to foster communication within companies, entities and industries to strengthen resiliency capabilities, and will identify continuity and crisis management planner’s potential gaps in response capabilities. Attendees will hear subject matter experts on best practices; question a panel of subject matter experts on what works or does not work for them; review a current real-world case study; and collaborate in a table top exercise with time for discussion and debriefing.  

Malicious actors, from state-sponsored players to criminal enterprises, will exploit vulnerabilities as well as crisis situations to attack critical infrastructure and crucial businesses. Ransomware is on the rise. Building a culture of relationships between stakeholders, IT professionals, continuity managers, and others within an organization, public or private, and across an industry will improve operational resilience.  

Technical and non-technical professionals would benefit from attending this workshop from the fields of Financial, Transportation, Higher Education, Pharmaceutical Industry, DoD, and Government.

PAST TTX - Tabletop Exercise with ​Tennessee Homeland Security District 2

CyberProtex hosted a two-day Cyber Resiliency Workshop in Huntsville, AL, in collaboration with Tennessee Homeland Security District 2. The session focused on enhancing the ability of organizations to adapt and respond effectively to cyber-attacks and emergency events that could threaten the confidentiality, integrity, and availability (CIA) of their operations.
During the workshop, participants gained insights into best practices in cyber resiliency and engaged in discussions aimed at improving communication and collaboration within and across industries. The goal was to strengthen participants' ability to handle crises and identify any gaps in their existing response strategies.
Key features of the day included:
  • Expert Presentations: Industry experts shared practical approaches to building and maintaining cyber resilience.
  • Panel Discussion: Attendees had the opportunity to question a panel of subject matter experts, exploring what strategies have proven effective or ineffective in real-world scenarios.
  • Case Study Review: Participants examined a current, real-world incident to better understand the evolving threat landscape.
  • Interactive Tabletop Exercise: A collaborative exercise, followed by an in-depth discussion and debriefing session, allowed participants to test their response plans and refine their strategies.
The threat landscape continues to evolve, with state-sponsored attackers and criminal organizations increasingly targeting critical infrastructure and essential businesses. As ransomware incidents grow, the importance of fostering relationships between stakeholders—across both public and private sectors—has never been more critical. By building these connections, organizations can enhance their operational resilience and better defend against emerging threats.

PAST TTX - Cyber Resiliency Workshops with Critical Infrastructure

PAST TXX - Cyber Resiliency Workshops with FEMA Region II

FEMA Region II and the Department of Homeland Security (DHS) contracted with CyberProtex, a cyber engineering and training company with 20 years’ experience, to plan, organize and present a series of five one-day Cyber Resiliency workshops in New York and New Jersey.

Each workshop included a briefing from Rich Richards of CISA on free resources available to businesses. There was a panel with an FBI Special Agent and Other Government Agencies providing resources and answering questions on cyber resiliency at each event. One or more speakers were present at each workshop including from New Jersey National Guard, private sector business, or a Non-Profit group. Lastly, CyberProtex gave a talk on Cyber Resiliency focusing on Ransomware and Phishing threats and ran a Table Top Exercise simulating a cyber incident and asking for group participation in coming up with plans, actions, and vulnerabilities at each stage.

New York University
New York, NY

Erie County Fire Training Academy
Buffalo, NY

University at Albany, SUNY
Albany, NY

Monmouth University
Long Branch, NJ

New Jersey Institute of Technology
Innovation Institute
Newark, NJ

Cyber Resilience

Cyber Resilience is the ability of the enterprise to adapt to cyber-attacks and emergency events that impact the confidentiality, integrity and availability (CIA) of business operations 
CyberProtex would love to partner with your company or organization to put on workshops and table top exercises addressing today's cyber security concerns. Email [email protected] for more information.
Helpful links:
CyberProtex, LLC - 2012-2025

[email protected]

256-401-7072