We're back with another installment of our series for managers using Crisis Sim. If you haven’t already, be sure to check out Episode 1, which covers Crisis Sim outcomes for managers.

The results and data from your first Crisis Sim exercise provided valuable insight into your team’s decision-making skills. But you know this isn’t a one-and-done thing – the landscape is ever changing.

There are always new ways to arm yourself and your organization with knowledge and skills. Enhancing your cyber resiliency and improving the quality of your responses to incidents allows you to get back to the most fantastic and underrated aspect of your role as a cybersecurity professional – maintaining business-as-usual operations without interruptions.

The opportunities are endless. Where should you focus your efforts?

Episode 1 covered outcomes by means of the Results and After Action Report sections of the platform when you complete a Crisis Sim exercise.

This blog post will shift gears to what goes on – or should be going on – between exercises.

Next steps for managers between exercises

Exercise debrief

Host a debriefing session for exercise participants and any key stakeholders in your organization you’d like to gather feedback or additional insights from.

Debriefing is a valuable process following any exercise, providing a structured opportunity for reflection and learning. Primarily, you’ll want to discuss successes, identify areas for improvement, and gather feedback.

A successful exercise debrief will include:

• Clear expectations and ground rules
• Reflection on successes and challenges
• A review of existing processes and procedures
• Feedback on the scenario, delivery, and identifying improvements for the future
• Details around the lessons you learned from the exercise
• Defining action items and ownership

Moreover, debriefing fosters open communication and builds trust within teams, strengthening their resilience and overall effectiveness.

If you’re looking for additional guidance on debriefs, check out our guide in the Help Center!

Internal review

If time allows, take a step back and conduct an internal review with stakeholders and leadership. This can be an opportunity to identify trends or recurring patterns that might need a deeper dive, and allow you to determine what’s most important from a leadership perspective going forward.

Be sure to consider the following in your internal review:

• Did you come across any knowledge gaps or assumptions that surprised you?
• Did you come across any areas of strength that were unexpected?
• Should you adjust the difficulty or coverage areas? Does the team need to be benchmarked against this same scenario in the future?
• What other organizational stakeholders should you bring in moving forward? And what will be important for them in Crisis Sim exercising?

Implement insights

Demonstrate your commitment to improving cyber resiliency by fostering a collaborative learning environment. Encourage open and honest dialogue where your team feels comfortable sharing their perspectives freely, without fear of judgment.

This will help you identify both strengths and weaknesses, providing valuable insights that may not be apparent from your own perspective. By implementing changes based on this valuable feedback, you prove your dedication to continuous improvement.

Your action plan

A key component to improving your organizational cyber resilience is creating and executing an action plan with clear objectives, stakeholders, and deadlines. The After Action Report from your last exercise will provide a solid foundation, but these specifics will help you enhance its impact.

Dive into the Inject and Participant Breakdown areas of the After Action Report – this will help you pinpoint your team’s strengths and weaknesses identified in the last exercise, or identify participants that could benefit from individualized training plans to accelerate their development.

Using this existing information will help you specify the concepts or topics of priority for you to address between exercises, begin benchmarking progress, and explore additional scenarios down the road.

Review scenarios and upskilling content relevant to the areas you identified as needing improvement from the last exercise. In Crisis Sim, you can leverage the existing scenarios in our catalogue, create a custom scenario (from scratch or using our templates), and even take our AI Scenario Generator for a spin!

Tip: Exercise specific teams or individuals in Single Player mode between organization-wide sessions to give them additional opportunities to improve their decision-making process.

Three key areas of focus between exercises

You know your organization and teams best, so what works best for your program between Crisis Sim exercises is up to you. But we encourage prioritizing these areas:

1. Debriefing and feedback sessions to get the most value out of your exercises
2. Individualized or team-focused learning plans for upskilling – don’t forget to leverage relevant content in labs!
3. Reviewing and updating internal processes and procedures that may be out of date or contradictory

If you’ve recently completed your first Crisis Sim exercise and begun working on goals for improvement between exercises, what have you focused on? If you’ve completed many, what tips do you have for others?

Join the discussion in the comments below!