So you’ve decided to run an executive tabletop exercise (TTX) and pulled off the Herculean feat of getting it scheduled. Will this be a career-limiting move or career highlight? Let’s go for the latter. Done right, a good TTX will drive tremendous value for the company and garner you accolades.
I have yet to do one that didn’t result in significant benefits. These benefits may include identifying gaps in processes; driving a deeper understanding; clearing up misconceptions around ownership or capabilities; or (at a minimum) reinforcing and validating capabilities, roles, and responsibilities.
It does, however, take planning and preparation to run an effective and impactful exercise. The critical elements below lay the foundation. But before we get into that: What happens if you don’t plan and execute well? The damage can range from frustrating your executives with jargon and terminology they don’t understand to using a scenario that doesn’t resonate with them or the business — making participants feel like it was a waste of time. Neither of these situations will advance your career or improve your company’s incident response, preparedness, and/or capabilities. Not only is a good TTX a great opportunity for the aforementioned reasons, it’s also an opportunity to build relationships, showcase your team, demonstrate business and leadership skills, and gain support.
The Critical Elements For A Successful Executive TTX
Altitude. This is one of the most critical elements. This is not a technical exercise — it’s not about bits and bytes, forensics, data dumps, memory captures, or tools. The executive TTX is designed to ensure that leadership team members and key partners know their roles and responsibilities and the types of decisions they will face in a real crisis. Leave out the technical jargon. Once you lose the audience, it’s an uphill battle to get them back (if you ever do).
Context. Make sure the scenario is relevant, applicable, and feasible given your company’s industry and technical maturity. The more plausible the scenario, the more it will resonate with participants. Likewise, ensure that the systems impacted are also relevant. Pulling the levers of personal experience and real-world examples can also help drive key points home.
Participants. As difficult as it sounds, you really need the entire executive team to participate. Anytime I’ve run a TTX while missing a key member of the leadership team, it showed. You risk important questions being tabled or assumptions being made. In addition to the leadership team, consider including the following participants:
Outside council
Your PR firm and or communications lead
Your cyber insurance provider
Your incident response provider
Board representative
Law enforcement (e.g., the FBI)
Also, be cognizant of not having too many people in the room.
Environment. The location/room matters. You want an environment that is conducive to open dialogue, has good acoustics, and, of course, fosters the ability to walk through a presentation. I personally like a U-shaped seating format with a screen at the front.
Delivery and moderation. The person running the exercise needs to be a good speaker and listener. They must be comfortable around executive leadership, know how to guide the scenario and discussion points, and recognize if they are losing the audience. Case in point, during a TTX not too long ago that I was advising (not running), I had to jump in a few times when the lead presenter/moderator was losing the audience but was wholly unaware. When running an exercise, I will frequently stop and check for understanding. You may be surprised how often someone raises their hand to get more clarification. I also always emphasize/reinforce that this is the time and place to ask questions and make mistakes — that’s why we do this.
Recap. At the conclusion of the exercise, recap any specific action items and ask the participants what they thought went well and what didn’t, as well as what opportunities were identified. Finally, let them know you will be issuing an after-action report.
After-action report. Within a week or two, send a report of all key points identified, along with gaps, action items, what went well, and, of course, your recommendations.
Follow-up. Running a great TTX is key, but the point is to identify areas for improvement. Following up to answer questions or provide additional guidance is important.
I personally love running or advising executive tabletops. I find them fascinating and enjoy seeing opportunities uncovered. I have seen CEOs jump in with great ideas and process knowledge, department heads who thought they had a good plan but then realized they didn’t, and representatives from an agency that was relying on another agency for key processes realize that they didn’t actually know how those processes work.
A lot of this may seem straightforward, but it’s easy to get it wrong and there is a lot at stake. If I have learned one thing in my time here, it’s that we often struggle with the basics or lose sight of the real intention. Take the time necessary to plan and ensure that you drive maximum value and impact.
Interested in running a TTX? Reach out, and let’s see how we can help — whether as an independent third-party advisor or having us run one.
David Levine is a VP and executive partner for Forrester. In this role, David works with Forrester CISO, CSO, and other technology executive clients to help them define and achieve their key security, governance, and business objectives. David provides tailored, actionable advice informed by his experiences and works with Forrester’s research, advisory, consulting, events, and data teams to bring the best of Forrester to clients.
