Blog Post

The Human Connection Blog
3 MIN READ

Defend as One: Breaking Down Technical Barriers Across an Organisation Through Technical Team Exercising

MarieHargraves's avatar
24 days ago

This article details how a public healthcare account used Immersive Labs’ Cyber Team Simulation for a cross-departmental May Day programme, benchmarking national cyber capabilities. As their Cyber Workforce Advisor, I’ll outline the steps taken, from planning to execution, to achieve this strategic programme.

Where and when did the programme take place?

Jeopardy June was a cybersecurity technical exercise event hosted exclusively for a public-sector health organisation on June 27 and 28, 2024. 

Participants across the account were invited to participate, bringing together a variety of individuals across different trusts to investigate and analyse a compromised network of a fictitious organisation using Immersive Labs’ Team Sim module. 57 participants from 50 different trusts came together across eight teams to participate in the first Immersive Labs Technical Exercise.

Program goals

  • Support the organisation in meeting future challenges and better utilising resources and expertise across the country to defend against cyberattacks, aligned to the cyber futures strategy.
  • Enable national collaboration and provide commonality regarding technical exercises from the SOC to regional cyber team members.
  • Benchmark National Technical Cyber capability.
  • Empower the organisation to realise its benefit vision to ‘the leaders in cybersecurityʼ.

Visual representation of the programme

 

 

Preparation for the event

Kickoff call and planning – Exercise options were discussed with the service owner, and a timeline was created to ensure deliverables stayed on track.

Structured onboarding – Individuals were assigned to teams at random, with the exception of one team dedicated to the Security Operations Centre (SOC). Each team was named after notable figures in UK healthcare history. 

Preparation labs – Before the exercise, participants were assigned a set of curated labs to complete. These labs helped users familiarise themselves with the exercise tools and key security investigation concepts. The focus was on cyber defence, with the labs aligned to the Team Sim catalogue, incorporating tools like Velociraptor and skills relevant to SOC analysts, such as log interrogation.

Orientation and briefing – Immersive Labs hosted a team briefing where the Team Sim interface was shown to help participants understand how to use the platform and what to expect in preparation for the event. The session also included hints and tips for the exercise approach.

The Event

Exercise

The event was held across two slots to ensure that participants could fit the session in and around their day-to-day roles. During the exercise, Immersive Labs Cyber Resilience Advisors and technical specialists were present to support the teams.

Results

 

Of the 8 teams taking part, 3 teams finished the exercise within the allocated time, which was beyond expectations. 3 more teams out of the remaining 5 persevered to complete the exercise beyond the allotted time, showing true dedication.

All teams demonstrated great teamwork, communication and brought a collaborative culture to the exercise. There was a clear desire for more cross-trust events.

The exercise showed that the organisation has skilled talent across its national structure, capable of defending against cyber threats. Perhaps even more significant was the participants' drive to support one another and complete the team simulation, despite never having worked together before.

Participant highlights

Top common themes:

  1. Teamwork: Working with people from different backgrounds and experiences and learning from them.
  2. Different trusts: Meeting and working with people from different trusts and organisations, and seeing the talent across the country.
  3. Real-world simulation: Experiencing what a cyber investigation involves, and working through a real-world scenario.

 

Reflections from a Cyber Resilience Advisor

What stood out to me was how the organisation's commitment to cyber resilience enabled a national-level exercise across a large, federated structure with varied capabilities. By preparing participants and fostering collaboration, leaders and coaches broke down silos and shared knowledge effectively.

Collaboration reached new heights, forming a network of skilled individuals ready to unite during future cyber incidents. Now, they are better prepared and equipped to protect their patients.

Immersive Labs' innovative product set made this national exercise possible. I’m proud to be part of a team that offers an evolving and uplifting resilience training solution.

What’s next

This organisation has a strategic programme across the Immersive Labs platform utilising the entire enterprise product to improve and evidence resilience. 

Following the post-event review, we’ve launched Tech EX 2025, with 15 programmes set for H2 to enhance resilience and meet future compliance needs. This isn’t a one-off exercise, but a continuous process focused on "what’s next".

Share your thoughts

Have you planned or hosted a similar event using Immersive Labs? Tell us about it here!

How many interactions do you have with personnel outside of your local business area? When was the last time you worked with someone from a different team to ensure that challenges were overcome?

Updated 24 days ago
Version 1.0
  • I absolutely loved this event. It's rare to feel such a sense of collaboration and shared sparks of fulfillment in so many groups of random people who had just met for the first time when they were tackling this exercise, but it was definitely there! I was so impressed by the team leads who really brought their teams together too. I can't wait for next time!

  • As a visual learner, I appreciated having the visual representation of the program graphic! Curious what the recommended participant requirements might have been - was there a recommended level of technical expertise, as an example? Or recommended types of roles (maybe for those that don't have or call themselves SOC analysts) that were best suited? 

    • MarieHargraves's avatar
      MarieHargraves
      Icon for Immerser rankImmerser

      Hi MegMarCyberTrust thanks for reaching out!

      The programme was designed to show that anyone regardless of technical ability could utilise Immersive Labs hands on labs to uplift their skill set and take part in a technical exercise.

      A set of labs was placed into a collection to enable them to focus on areas that would align to the CTF. We had soc participants, clinicians as well as front line support staff. 

      One of they key takeaways from the Immersive Labs team was how the teams came together and mentored and coached each other along as we ensured in each team there was a mix of techincal skill and expertise.