High-Fidelity Security Tabletop Facilitation

This skill automates the complex process of designing, running, and documenting professional security operations tabletop exercises (TTX). Instead of spending days drafting scenarios and injects, developers and security leads can generate comprehensive exercise packages tailored to their specific stack and playbooks.

What it does

• Architects realistic multi-stage incident scenarios (Ransomware, BEC, Supply Chain, etc.).
• Generates timed "injects" with specific evidence artifacts (log snippets, alerts, tickets).
• Validates existing IR playbooks and cross-functional escalation workflows.
• Produces professional After Action Reports (AAR) with strength/gap analysis and remediation trackers.

Why use this skill

Prompting a generic AI often results in shallow, linear stories. This skill follows a rigorous evaluation framework, forcing participants to make hard decisions at each stage. It integrates context from your SIEM, EDR, and SOAR tools to create realistic technical hurdles while managing the non-technical aspects like legal, PR, and executive briefings. It ensures your IR drills are audit-ready and demonstrate measurable resilience improvement.

Supported Deliverables

• Exercise Plan: Strategy, scope, and objectives.
• Facilitator Guide: Detailed prompts, expected answers, and observer notes.
• Inject Schedule: A timeline of technical and business developments.
• Scorecard & AAR: Structured evaluation of team performance and gap identification.