What are some resources to create cyber table top exercises/scenarios, besides CISA?

like
Posting as :
works at
You are currently posting as works at

If you want to have some fun with it, you can play with backdoors and breaches from black hills. I've got it running on steam too.

like

Agreed. Backdoors and Breaches is a good way to kick start table top exercises methodologies.

like

After a few it does get repetitive- here’s what we like to do.

- remove a key player from the game and make others have to respond
- involve third party coordination
- look at your risk landscape especially around known vulns and/or technical debt
- expand outside of IT test your crisis communication process

like

It needs to also be tailored to the client (their threat profile, most likely attackers, industry, key business impacts to target, technical environment). From there, MITRE ATT&CK.

like

Can use MITRE to create the structure/injects based on specific adversaries.

like

Commenting to stay on this thread as I’d like to know as well.

like

The bhis game is cool but I have been hesitant to use it with an actual client. Some of my team members have done cool things like make videos and "news clips".

like

Related Posts

I have a interview scheduled for Data Scientist job can any one suggest me. I am looking for a career transition to Data Science domain.

Most South Asian names seem to be anglicized in the US. Since it seems inevitable, any new parents have experience with getting ahead of the curve & going with an anglicized version in birth cert?

like

what kind of roles at FAANG have you all exited to from management consulting?

like

What are some of the best consulting firms for a software engineer? Is MBB still considered elite in this area too?

like

What are the Top MBAs outside of M7 to land an MBB role?

like

What is the experience required to become senior manager in US taxation

I have 2 offers one from my Current company and one from Cisco my current company is giving 10 percent more than cisco Where should I go should I join cisco or stay in my current company( a small stablished startup )Considering my final goal as FAANG (similar) and I come from a Small College Cisco Amazon Uber Walmart

like

Anyone is a tech role in healthcare ? If so what is your title so you enjoy it?

like

For all the 🐠 that switched from consulting to product, which role provided you with more tangible skills? I know I’m making some broad strokes here, but thought it might open other discussions as well

like

I’m a Junior accountant, recent MBA grad in Finance, located in NYC, just got laid off due to a merger. Anybody hiring or know any opening positions?

like

Got offer from BCG for ECT. Read numerous comments about ECT being not attractive compared to Generalist track. Also heard challenges about billability/utilization. Any views/ guidance appreciated!
I am not super keen to become a partner (selling) and main reason to join will be working with different clients, smart talented people and a good brand. End goal (at the moment atleast) is to stay for few years and return to the industry. 15 YOE

like

Currently in Private Equity (in India), have an offer to join the PE practice of MBB in SGP. What are the exit options like? Would it help if i stayed in India PE role for a few more years and then try to move or would gaining SEA experience help get me into a PE role in SGP in a few years? Context: Hard to find growth+ tech focused PE roles in SGP at the moment & want to make a move in the next few years. Please advise.

like

I’m almost 2 years in to my first job out of college and am experiencing my first burn out. Where did my love and passion for my job go? The effects of a toxic manager are really setting in. Please tell me that it gets better if I find a new position! I want that love for my career back.

likefunny

I recently took up a Customer Success Manger role at a engineering software company. Previously I was a Project Manager at the same company but wanted to move out of my engineering services role. I primarily took this role hoping to get exposure to providing SaaS services as company is transitioning at software cloud. My long term goal is to move into tech as my current customers are mostly in O&G. Is customer success a good entry point go get into one for the big tech companies?

likesmarthelpful

Getting my executive MBA from Ivy League & have 11+ years of financial services consulting experience. On average, how much should my next job pay?

like

I want to leave my captive company. I don’t think I am ready to be totally on my own even with a cluster group etc. There is an option to be subcontractor in another independent company. I can write she said like 300 companies in many states, it would be helpful because I have many friends out of state. Is taking 25% of sales for giving CRM and companies too much? Seems like a lot. It is like “owning your book” but I assume I would pay a high price if I want to totally manage myself in a futu

likehelpful

If you get a full time offer from the firm where you interned during your summer after your first year of MBA, will the offer pay for your second year of tuition?

like

Is it awkward to ask your second MBA recommender to be your additional reference for Sloan, such that they know that you are not using them as your 1st refommender choice?

For the context, Sloan only requires one LoR.

Also related, how often does Sloan contact the additional references?

like

What has been more beneficial to your career and why: specializing in a service offering or an industry?

like

Anyone jump from consulting to sales? Mind blown by some of the salaries I've heard. Generally, I have a negative view on sales, just from the slimy salesmen I've dealt with in the past, but I can be wrong. Interested to hear if you've made the jump

like

More Posts

My girlfriend is willing to break off our entire relationship because she found out my mom doesn't approve of her. We have no issues between each other but she said she can't be with someone who's family doesn't like her.

like

Tag yourself - I’m the blue text in a majority of interactions with men and I’m 👏 over 👏 it 👏

Thought you folks would appreciate this meme as well.

Post Photo
likefunnyhelpful

Hi ,
Can some one please refer me ?
I have experience in automation Testing .
YOE-2.1 LWD-4th October

like

Any recommendations for a one time cleaner? Looking for someone to clean the entire apartment including bathroom, kitchen, dusting throughout including ceiling fans, vacuum and mop, and clean the oven.

like

Looking for recs for an outdoor party spot this summer. 20ish people on a Sunday afternoon, chill vibe, not too loud, somewhere people can easily come and go. Best I’ve got so far is Kaiser Tiger or metropolitan tap room. Any others? Thanks!

like

Hi All,  I have two offer on hand.

1. Deloitte USI - Analyst - 7.5 Lpa fixed + 75k variable + 3 lac joining bonus

2. EY India - Associate consultant - 8 Lpa fixed + 1.44 lpa variable + 2 lac joining bonus.

YOE: 1 year and TechStack - microservice development ( python + aws + azure)

Which one would be better to join, considering CTC, benifits and WLB?

like

YOE -5.9
CCTC -18+3VP + 20% Promotion in oct22
Location - Gurgaon (UP Hometown)

Paypal, Chennai- 19.5+2 JB+2 VP+4L rsu

LTI, Pune - 28+2.6VP

Please help me choose.

Hi fishes,

I have 3.6 years of experience in automation testing.
I have offers from Publicis Sapient for senior associate l1;
hyland Kolkata for Test Engineer 2;
bny mellon pune

Package is almost same in bny and ps.
hyland giving 2.5 lakh less

Which will be better to join

like

Hi all,

How many days will it take to allocate Bosch laptop for new lateral joinees?

like

Any clue if Oracle India will renegotiate for offer if counter offer is provided?

like

Senior dev working alone in an office, everybody is remote. Thinking of moving to PHX to be fully remote myself, currently in LA. Lower COL. Change to buy house. I like heat. Thoughts? Why? Why not?

How is the PPC/digital advertising department structured in your oganization? Paid social ads and google ads, for example, are under the same manager? Or is the split by KPIs, like awareness vs performance?

likehelpful

Let’s collaborate and share ideas during the academic year! Follow me on IG @bigapplesocialstudies

like

I think Canvas took the holiday today

like

I don’t understand how people keep posting about the bench and being unassigned. I’m in advisory(not audit) and my entire LoS is trending 90%+ utilization

like

New associate: It seems like a lot of you are bitter about your jobs. How long after you started did that happen?

likefunny

What is everyone's at home work setup? Extra monitor? Etc?

And I know many will say don't work at home but there are times I can work from home instead of the office so it's to my benefit

like

So FTX, a multi-billion dollar business, was running on quickbooks per the Financial Services Committee meeting going on right now 😂 Man their auditors gotta be sweating

likefunny

What do you do when clients bring their kids into the office? Have one client whose been doing this.

like

Additional Posts in Cyber Security Bowl

Anyone working in Pharma industry?

like

I’m a woman in my mid 20s and constantly face situations where people outside of cyber (still within the company) that I’m dealing with (older men in particular) who always push back against my cyber/technical recommendations even with managers cc’d. I studied, earned certs, and worked hard to get to where I am. Is it bc of my gender and age? In all honesty, I’ve written recommendations that male counterparts voiced in the past that had ZERO pushbacks.

like

Has anyone left cyber for another technical field (I.e. software engineer) ?

like

I start my journey of being more technical today. I am giving myself 2 yrs. I started a role doing IT controls, Identity and Access Management work. I have prior experience in UAT, business process controls (A-123). I am planning on passing the Security plus and CISSP certs within 2 yrs. Have a TS clearance. Any advice or reality check is welcome.
I will like to do cyber work in the Intelligence Community.

like

Thinking about getting the AWS Cloud Practitioner certification. Does EY have any amazon resources or training materials that they provide? Any advise from people who have taken it before? Thanks!

like
like

I have interviews coming up with BCG. Any BCG Platinion folks willing to discuss example case interview questions?

like

Anyone ever heard of or worked for Sygnia?

like

Is there a demand for privacy professionals? Been seeing this discussed more and more recently

like

Privacy fish - Anyone taken the CIPM and can share what the exam is like?

Content outline seems like application of standard consulting approach, so how do they test it on an exam?

Joining a group that specializes in incident response. Any recommendations on things I can do this summer to prepare on fundamentals/certs?

like

Any company is hiring EU citizens and helping with visa? interested in moving to USA. I'm lawyer, cissp, cisa, cipp/e and specialized n data privacy, cybersec ops and risk management with 8+ years exp

What’s a good taxonomy for defining requirements for logging & monitoring? (i.e., apps, db, infra, etc.)

likefunny

Any EY PPMD 🐠 willing to chat/connect? Interested in learning more about the cyber practice. I’m a new campus hire in the Hoboken office. Thanks in advance!

like

Anyone at Protiviti in their Cybersecurity consulting practice willing to chat? Looking to inquire about pay, culture, etc. Thanks!

like

Currently working in an IT audit role, what is the best way to transition into cyber ?

like

How is Booz Allen cyber strategy and risk management consulting? Got a recruiter inquiry

like

Currently stuck in risk but interested in Cyber. Have done one related engagement from a regulatory perspective. But a lot of posts here making me think it’s harder to break into than I expected (non-technical background). If you had a six sigma green belt / supply chain degree/exp., would you still go through the effort of going into Cyber or take easy risk money being offered / easier transition back to supply chain? 2-3 YOE and trying to decide career course, any advice highly appreciated

like

Salary range for PwC S1 in Cyber Risk MCOL?

like

What do you all think about AWS cloud practitioner
Cert? Not worth if I'm studying for cissp?

like

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Scan your QR code to download
Fishbowl app on your mobile

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal