Flip Reversal: The 360 Crisis Experience
Ever watched a crisis unfold and thought, "I'd have done that differently?" Now's your chance. Click the link above to secure your spot then hit "attend" to let us know you're coming! Join us for Flip Reversal, a crisis simulation with a twist! We're turning the tables on traditional exercises to give you a unique, 360-degree view of crisis management in an industry that's proven time and time again to be a top target for cyberattacks– the financial services sector. Instead of immediately putting you in the hot seat, you’ll first get a live, inside look at a leadership team as they grapple with an escalating, high-stakes crisis, complete with financial, reputational, and regulatory risks. See their decision-making process, the internal discussions, and the immediate pressures they face – a true behind-the-scenes insight! But you won't just be watching. As their response unfolds, you’ll step into the shoes of crucial external stakeholders such as the media, regulatory bodies, institutional investors, boards, supply chain partners, and more. Based on the live team's actions, you’ll decide how these stakeholders react. Will the media run a critical exposé? Will regulators impose sanctions or demand capital injections? Your choices will shape the consequences. Why you can't miss Flip Reversal: See it From the Other Side: Gain invaluable insight into how crisis responses are perceived and the impact they have externally. Behind-the-Scenes Access: Understand the unfiltered pressures and dynamics within a team managing a crisis. Challenge Your Assumptions: Observe a response and decide if you would have acted differently. React & Lead: Experience the challenge of both influencing a crisis as a stakeholder and leading a response team through the aftermath. Get more information and register here.Beyond the Situation Room: What Your Crisis Response Looks Like to the Outside World
You've just experienced "Flip Reversal," a crisis simulation that put you in two critical seats: witnessing internal crisis leadership, and then becoming the external stakeholders reacting to their decisions. Now, let's dive deeper. This webinar goes beyond the exercise debrief to explore the critical gap between internal crisis management and external perception and how strategic choices made inside the "situation room" ripple outwards, shaping reactions from the media, regulators, partners, and the public. The webinar will cover: The perception gap: Why even well-intentioned internal decisions can be misinterpreted or amplified by external audiences. Anticipating stakeholder storms: Key strategies for proactively understanding and managing the diverse expectations and potential reactions of your critical stakeholders. From reaction to relationship: How to build robust external relationships before a crisis hits, turning potential adversaries into allies. The power of external influence: Understanding how stakeholder responses can directly impact the trajectory and outcome of your crisis. This webinar is for anyone who wants to deepen their understanding of crisis dynamics, and how to bridge the divide between internal action and external impact. Don't just manage a crisis; understand how it's truly perceived.From Abstract to Action: Immersive One's Compliance Solution
We're in an age of rapid digitization. Different industries are embracing technologies like artificial intelligence (AI) and cloud solutions, driven by the ambition to shift from analog to digital. This transformation demands robust cyber resilience, but the sheer complexity of compliance with regulations and frameworks is a major challenge for organizations. It can be hard for staff to understand something that feels abstract or disconnected from their roles, and organizations often struggle to bring it to life. Proving adherence to standards is one thing; ensuring every team member understands their role in safeguarding digital health is another. Here’s how we’re creating services to help. Cutting through the complexity One of the toughest hurdles in today's digital landscape is evidencing compliance with regulations and frameworks. As a reminder, here’s the difference between the two: A regulation is a legally binding rule or order, often enforced by a government authority. A framework is a structured set of guidelines, principles, or best practices designed to help an organization achieve a specific goal or comply with regulations. It can be difficult to demonstrate the value of compliance and help your team understand the importance of aligning with a structured framework to meet regulatory demands. That’s where Immersive One, powered by our Cyber Resilience Advisory Services, can cut through the complexity. We transform abstract compliance into tangible, impactful experiences that resonate throughout organizations. It’s not just about ticking boxes – we support a deep alignment with your digital strategy, focusing on both regulations and structured frameworks. This ensures your organization not only meets compliance requirements but can quantifiably prove and improve its risk reduction efforts, giving your board clarity and confidence. Bringing the CAF framework to life In my role as Cyber Resilience advisor at Immersive, I’ve operationalised Cyber Assessment Framework (CAF) objectives A-D with a public healthcare customer by leveraging our Crisis Simulation product. Here’s how a framework like CAF truly comes alive: Our customer ran weekly live engagement sessions, resulting in an impressive 1,200 users actively interacting with the program. Following these sessions, participants gained access to a curated collection of labs, each focused on specific CAF principles and tailored to their individual roles. The customer can now prove and improve their alignment with this important resilience framework. When it comes to customer requirements, we deliver content at pace. Recognizing the immediate need to prepare for the NIS2 Directive's implementation, we identified a critical requirement: to exercise the mandated reporting uplifts proactively. In addition to understanding the new rules, organizations need to build familiarity and competence before a real-life crisis. This led to the development of one of our first Crisis Simulations specifically designed around NIS2. The simulation delivers exceptional value by immersing teams in the entire NIS2 reporting lifecycle. It ensures that compliance isn't just understood but instinctive, making your organization truly resilient to NIS2’s demands. Try it out The NIS2 Directive is rapidly becoming a regulatory priority across the EU and is relevant for any organization operating in or with Europe. Are you ready for it? If you’re a customer, the NIS2 Crisis Sim is available to try on Immersive One now: ShareYourDocs Breach – NIS2 Reporting.Feature Focus: Crisis Sim Presentation Mode Uplifts
Here at Immersive, we're constantly striving to push the boundaries of cyber education and make our simulations as realistic and impactful as possible. We believe that truly effective learning happens when you're immersed in a genuinely challenging and engaging scenario. That's why we're incredibly excited to announce a significant uplift to the UI and UX of our Crisis Sim Presentation Mode. These aren't just cosmetic tweaks; they’re impactful changes, requested by you, designed to elevate the realism and engagement of your crisis simulation exercises, making the experience more dynamic and true-to-life for you and your team. A modern makeover for a seamless experience First impressions matter, and we’ve given the Presentation Mode UI a thorough modernization. This refresh delivers a cleaner, more intuitive aesthetic that’s not just pleasing to the eye, but also enhances clarity and reduces cognitive load during high-stakes scenarios. Our goal was to create an environment that feels contemporary and professional, reflecting the gravity of the simulated situations. Crucial UX enhancements for heightened realism Beyond the visual refresh, we've implemented several key UX changes that directly address the need for increased realism and participant engagement: The optional countdown timer: Feel the pressure build! In a real crisis, time is often a critical factor. Now, with the addition of an optional countdown timer, facilitators can introduce this vital element directly into the Presentation Mode. This isn't just about a ticking clock; it's about replicating the pressure and time constraints that decision-makers face in genuine incident response. This subtle yet powerful addition can significantly heighten the sense of urgency and consequence for participants, driving more active and strategic thinking. Navigating back: review and reflect in read-only mode Ever wished you could quickly refer back to a previous piece of information during a fast-paced crisis? Now you can! We've introduced the ability to navigate back to previous injects in a read-only mode. This means participants can revisit past communications, intelligence, or decisions without impacting the live progression of the exercise. This feature fosters better situational awareness and allows for more informed decision-making, mirroring the investigative and analytical processes that occur during a real incident. Companion App integration: all your content, always on hand Perhaps one of the most impactful changes for participant engagement is the surfacing of all content and static rich media directly on the Companion App. Previously, certain elements might have been facilitator-driven. Now, everything from critical intelligence reports to simulated news articles, social media feeds, and relevant imagery is immediately accessible to participants on their personal devices. This comprehensive content delivery ensures that participants have all the necessary information at their fingertips, enabling them to actively participate, analyze, and collaborate without disruption. It transforms the Companion App into a truly indispensable tool for the exercise, fostering deeper immersion and a more authentic crisis experience. Why these changes matter Our core mission at Immersive is to make learning about cybersecurity as effective and memorable as possible. These updates to Crisis Sim Presentation Mode directly serve that mission by: Increasing realism: By incorporating elements like time pressure and readily accessible information, we're making our simulations more closely resemble the complexities and demands of real-world cyber crises. Boosting engagement: When participants have all the information they need at their fingertips and can actively interact with the scenario, their engagement levels naturally soar. This leads to more meaningful learning outcomes and a greater retention of critical skills. Enhancing learning outcomes: A more realistic and engaging environment naturally fosters better decision-making skills, improved teamwork, and a deeper understanding of crisis management principles. These enhancements will provide an even more powerful and immersive experience for both facilitators and participants. We're confident that these changes will lead to even more impactful learning and a greater readiness to tackle the cyber challenges of tomorrow. Share your thoughts We can't wait for you to experience the difference, and we’d love to hear your thoughts on the changes. Log in to your Immersive platform and explore the enhanced Crisis Sim Presentation Mode today!ISO 27001 and the Immersive One Platform: Strengthening Your Information Security Posture
The importance of continuous evidence When audits or investigations happen, it’s not enough to say you’ve got things under control – you need to prove it. That means having solid evidence of your security posture, how it’s been implemented, and a continued commitment to it. Without that, the risk of fines and reputational damage goes up. Being able to demonstrate continuous evidence is crucial for staying in line with the latest directives and regulations. How Immersive can help Immersive helps organizations implement compliance frameworks like ISO 27001 by providing evidence of due diligence, simplifying the human element of security, and enabling gradual expansion of security measures. Depending on your priorities, or where you perceive your biggest gaps to be, these are some of the areas you can leverage in the Immersive platform: Improving the speed and quality of response to emerging threats. Increasing efficacy in recruitment, retention, and career development. Reducing cloud and application vulnerabilities early in the Software Development Life Cycle (SDLC). Here are three practical ways Immersive supports ISO 27001 compliance: 1. Hands-On Labs These labs ensure people across different roles get the right training and skill development. Security and technical teams have varying needs, and our labs help meet those needs by aligning practical learning to specific job functions. A general theme is how failing to provide proper training isn’t just a missed opportunity – it can be seen as negligence. An organization is responsible for providing training tools, which should be aligned with specific roles. Here are some of the ISO 27002 sections that our Hands-On Labs align with: 5.4, 5.7, 6.1, 6.3, 8.7, and 8.27. For more details, see the ISO 27002 implementation guide. 2. Crisis Sim All frameworks emphasize properly exercising staff and those with decision-making responsibilities. This covers everything from traditional tabletop exercise (TTX) at the board level to hands-on scenarios for teams further down the organization. Proving these exercises are happening effectively can be challenging. Traditional exec-level sessions are expensive, time-consuming, and hard to scale. Crisis Sim helps to solve this. It offers a practical, scalable way to run structured exercises across different teams and roles, including the supply chain. Here are some of the ISO 27002 sections that our Crisis Sim solution addresses: 5.4, 5.20, 5.24, 5.34, and 8.16. For more details, see the ISO 27002 implementation guide. 3. Workforce Plenty of areas in the ISO 27001 framework apply to the entire organization, not just technical teams. In some cases, we already have content such as labs and workforce exercises that can be used right away. But often, the focus is on your own internal policies and procedures – and that’s where our customizable templates and lab-building tools come in. The Immersive Workforce methodology gives you a structured way to train your people and show that they truly understand and can apply those policies in real-world scenarios. It’s all about making security awareness practical, measurable, and tailored to your organization. Our Workforce methodology meets the following ISO 27002 sections: 5.10, 5.17, 5.27, 5.34, 6.3, 6.7, and 8.1. For more details, see the ISO 27002 guide. Turning compliance into confidence By tapping into the full power of the Immersive platform, organizations can go beyond just checking compliance boxes. They can actively show due diligence, streamline compliance efforts, and proactively strengthen their information security posture. From hands-on training and crisis simulations to workforce assessments, Immersive provides the tools and methodologies needed to ensure that individuals at all levels are equipped to understand, apply, and uphold robust security practices. Ultimately, this leads to a more secure environment, reduced risk, and clearly demonstrates an organization's commitment to protecting its valuable information assets. Share your thoughts How is your organization approaching ISO 27001 compliance? Drop a comment below and let us know what’s worked, or what you’re still figuring out. For more details on strengthening your information security posture, check out these sources: ISO 27001 framework ISO 27002 implementation guide (for ISO27001) NIS2 DORALevel Up Your Resilience: Analyzing Results and Building a Culture of Continuous Improvement
Welcome back for the final instalment of our series on Cyber Drills! In Parts 1 and 2: Level Up Your Resilience: Unlocking the Power of Cyber Drills with Immersive Level Up Your Resilience: Planning and Executing Effective Cyber Drills with Immersive we explored the fundamental importance of Cyber Drills and the critical steps involved in planning and executing them, all while highlighting the comprehensive guidance offered by The Definitive Guide to Cyber Drilling. Now, we arrive at the crucial stage that transforms a drill from a one-time event into a driver of lasting improvement: analyzing the results and fostering a culture of continuous learning. As Chapter Two: Post-Exercise Analysis of The Definitive Guide outlined, the insights gained from a Cyber Drill are only truly valuable if translated into actionable next steps. This chapter, along with the principles woven throughout the entire guide, provides the framework for turning your drill experiences into tangible enhancements in your cyber resilience. Post-Drill Analysis: Uncovering Key Insights: Once the Cyber Drill is complete, the real work begins. The Definitive Guide emphasizes the need for a thorough analysis of the drill results, focusing on assessing performance against the outlined objectives. This involves: Leveraging Platform Data: Using a platform like Immersive’s, analyze the data generated during the drill to identify areas of strength and weakness in technical execution. Gathering Participant Feedback: The Guide recommends capturing feedback from all participants to understand their experiences, challenges, and suggestions for improvement. Facilitator Debriefs: Conduct debrief sessions with the facilitation team to gather their observations and lessons learned regarding the scenario flow, participant engagement, and any unexpected issues. Identifying Key Findings: Based on the data and feedback, pinpoint the most significant areas for improvement in processes, communication, technical skills, and incident response plans. Reporting and Governance: Communicating Value and Driving Action: The Guide highlights the importance of easy-to-follow reporting requirements and establishing governance processes to ensure that the insights from Cyber Drills lead to tangible changes. This includes: Tailored Reporting: Develop reports that are relevant to different stakeholders, from technical teams to executive leadership, clearly outlining the findings and their implications. Actionable Recommendations: Ensure that reports include specific and measurable recommendations for improvement. Integration with Existing Processes: Feed the findings and action items into your existing security processes, such as incident response plan updates, training programs, and technology deployments. Executive Communication: Clearly communicate the value and ROI of your Cyber Drilling program to leadership, demonstrating how it contributes to overall cyber resilience. Building a Culture of Continuous Improvement: A successful Cyber Drilling program is not a one-off exercise; it's an ongoing commitment to learning and adaptation. The Definitive Guide emphasizes the importance of fostering a culture where: Learning is Valued: Encourage participants to view drills as learning opportunities rather than pass/fail tests. Feedback is Encouraged: Create a safe space for open and honest feedback. Iteration is Key: Use the insights from each drill to refine your scenarios, processes, and training programs for future exercises. Micro-Drills for Continuous Training: As mentioned, consider incorporating "micro-drills" for more frequent, bite-sized opportunities for learning and measurement. Why Immersive for Cyber Drilling: Immersive provides a powerful platform to support your entire Cyber Drilling journey. Our integrated solutions, combining Cyber Range Exercises, Crisis Sim, and Labs, enable you to: Create realistic and customizable scenarios. Engage both technical and leadership teams. Generate measurable results and insightful data. Track progress and demonstrate tangible improvements. By embracing the principles outlined in The Definitive Guide to Cyber Drilling and leveraging the capabilities of Immersive, you can move beyond simply assuming readiness to demonstrably proving and continuously improving your organization's cyber resilience. This concludes our series on Cyber Drills. We invite you to join us on a journey toward a more resilient future. You can download the full Definitive Guide to Cyber Drilling here.Begin Again: How to Plan for Your Next Crisis Sim Exercise
Welcome back to the third installment in our series for managers using Crisis Sim. If you missed the first two episodes, check them out here: Crisis Sim Complete: Now What? Between Two Sims: What to Focus on Between Exercises The threat landscape is ever evolving and shows no sign of slowing down. Focus on cyber resilience is more important than ever. Everyone must continue to upskill and improve their incident response strategy so businesses can function as usual. In this guide, we’ll help you understand how you can effectively prove and improve your organizational cyber resilience in a crisis. Not sure where to begin? Here’s your guide to planning and preparation You've analyzed the data, bridged the gaps in your processes between exercises, and started building a culture of cyber resilience. Now, it's time to gear up for your next simulation! Remember, each exercise is a fresh opportunity to refine your team's skills, highlight existing strengths and weaknesses, and problem-solve together – all while strengthening your organization's cyber resilience. Let's dive into how to plan your next Crisis Sim for maximum impact. Next steps for managers Goals and objectives Every successful Crisis Sim starts with a clear destination. Before you jump in, take a moment to align your exercise objectives with your organization's priorities. Ask yourself: What specific skills do you want to test? Are there already any areas of concern? In a crisis, what are the most important considerations? For example, if your last exercise revealed communication gaps during a ransomware attack, your next objective might be to improve interdepartmental communication protocols within a defined timeframe. Tip: Incorporate next steps, action items, and the ownership of those items in your debriefs! This way, all parties walk away understanding what must be done to address immediate needs. Ahead of a crisis, you should consider areas that have a critical impact on your organization. Factors could include: Reputational impact: Damaged public and stakeholder trust, eroded image, social media amplification, and strained business relationships. Financial impact: Stock price drops, revenue losses, increased costs incurred, including legal fees, potential fines, and recovery efforts. Operational impact: Disrupted operations, production delays, supply chain issues, service interruptions, and the potential for both physical and digital infrastructure damage. Physical safety impact: Cyber incidents can lead to safety system failures, utility disruptions, security breaches, and equipment sabotage – posing serious risks to employees and the public. Legal and regulatory impact: Cyber incidents can trigger lawsuits, regulatory or criminal investigations, and significant fines – especially for safety or ethical violations. Did you know? IBM’s 2024 Cost of a Data Breach Report found that the global average cost of a data breach has surged to USD 4.88 million. Scenario selection and target audience Choose scenarios that reflect the real-world threats your organization faces. Consider the level of difficulty, technical skill, and complexity, and select participants from diverse departments to ensure a comprehensive evaluation. Even though you may eat, sleep, and breathe cybersecurity, others may be less familiar – cater to your audience! Customize exercises from our Scenario Catalog to make them relevant and impactful for your organization. The goal is to realistically test your team’s readiness while reinforcing best practices, processes, and decision making. Consider including participants who aren’t usually involved in cyber incident response to break down silos and boost collaboration. If they’re unclear on how to report an issue, it could delay notification and hinder activation of your response plan. Effective injects and options Design injects that challenge decision making and reflect real-world scenarios. Use branching paths and feedback to boost engagement and learning. Leverage all Crisis Sim features – like Option Ranking, and Inject Confidence – to gather valuable data. This not only highlights knowledge gaps and overall risk, but also directly supports your After Action Report, helping you capture the insights, graphs, and charts managers often look for post-exercise. Tip: Use injects that require participants to consider multiple factors and make tough choices under pressure. This will help them develop critical thinking skills. Preparation and facilitation for a successful exercise Preparation is essential for a successful simulation. Set clear expectations, share resources and training materials, and ensure technical, timing, and contingency logistics are in place. Involve stakeholders and leadership early to gain support and align the exercise with organizational goals – they can provide critical input on objectives, attack vectors, and realism. A well-prepared team is a confident team. Make sure everyone knows what to expect and has the tools they need to succeed. Facilitation During the exercise, focus on managing the flow and timing, encouraging active participation, and paying attention to your team's conversations. We recommend having an internal notetaker who can focus on the conversations so that key insights and takeaways don’t get lost or overlooked. Remember, your role is to guide the learning process and ensure everyone gets the most out of the experience – the discussion and collaboration of your teams is a key benefit! Keep the atmosphere positive and supportive, even when things get challenging. Not all options in a crisis are good options, so encourage your team to take risks, make mistakes, and play out what their gut instincts tell them. Reinforce the idea that this isn’t a test, but an opportunity for individuals, teams, and the organization as a whole to take stock of what improvements can be made. It’s a learning experience for participants and facilitators, not a pass/fail exercise. There’s a reason why athletes practice! It’s better to make mistakes when the game isn’t on the line, and the same goes for incidents! It’s better to be wrong and learn from the exercise than to see these gaps in knowledge and processes play out during a real incident. Feedback and considerations Depending on your exercise objectives, follow up with stakeholders and participants to gather feedback and key takeaways. This can be done through a group hotwash, an anonymous survey, or scheduled feedback sessions after the team has had time to reflect. Tip: Encourage additional feedback after a brief cooling-off period to capture both immediate reactions and more thoughtful insights once the team has had time to reflect on the exercise. Planning your next Crisis Sim exercise is an opportunity to build on your team's strengths and address any remaining vulnerabilities. Set clear objectives, select the right scenarios and participants, design effective injects, and prepare thoroughly to facilitate a smooth exercise. By doing this, you can maximize the impact of your simulations and strengthen your organization's cyber resilience. You know your organization and teams better than anyone, so it’s ultimately up to you how you want to proceed! To ensure your next exercise is a success in proving and improving upon your cyber resilience, we encourage you to prioritize these items: Define and communicate the objectives to all participants, whether it's testing a new process, improving communication and handoffs, or enhancing crisis preparedness. Develop realistic scenarios by incorporating real-world, industry-specific events to create relevant and challenging experiences. Prepare logistics, including technical setups, briefing documents, and technology like video conferencing tools or software. Tip: For presentation exercises, remember to send out calendar holds and account for virtual or in-person meeting logistics! Share your thoughts If you’ve recently started planning your next Crisis Sim exercise, what changes did you make from the previous exercise? What recommendations do you have for others who are beginning their Crisis Sim journey? Join the discussion below!Between Two Sims: What To Focus On Between Exercises
We're back with another installment of our series for managers using Crisis Sim. If you haven’t already, be sure to check out Episode 1, which covers Crisis Sim outcomes for managers. The results and data from your first Crisis Sim exercise provided valuable insight into your team’s decision-making skills. But you know this isn’t a one-and-done thing – the landscape is ever changing. There are always new ways to arm yourself and your organization with knowledge and skills. Enhancing your cyber resiliency and improving the quality of your responses to incidents allows you to get back to the most fantastic and underrated aspect of your role as a cybersecurity professional – maintaining business-as-usual operations without interruptions. The opportunities are endless. Where should you focus your efforts? Episode 1 covered outcomes by means of the Results and After Action Report sections of the platform when you complete a Crisis Sim exercise. This blog post will shift gears to what goes on – or should be going on – between exercises. Next steps for managers between exercises Exercise debrief Host a debriefing session for exercise participants and any key stakeholders in your organization you’d like to gather feedback or additional insights from. Debriefing is a valuable process following any exercise, providing a structured opportunity for reflection and learning. Primarily, you’ll want to discuss successes, identify areas for improvement, and gather feedback. A successful exercise debrief will include: Clear expectations and ground rules Reflection on successes and challenges A review of existing processes and procedures Feedback on the scenario, delivery, and identifying improvements for the future Details around the lessons you learned from the exercise Defining action items and ownership Moreover, debriefing fosters open communication and builds trust within teams, strengthening their resilience and overall effectiveness. If you’re looking for additional guidance on debriefs, check out our guide in the Help Center! Internal review If time allows, take a step back and conduct an internal review with stakeholders and leadership. This can be an opportunity to identify trends or recurring patterns that might need a deeper dive, and allow you to determine what’s most important from a leadership perspective going forward. Be sure to consider the following in your internal review: Did you come across any knowledge gaps or assumptions that surprised you? Did you come across any areas of strength that were unexpected? Should you adjust the difficulty or coverage areas? Does the team need to be benchmarked against this same scenario in the future? What other organizational stakeholders should you bring in moving forward? And what will be important for them in Crisis Sim exercising? Implement insights Demonstrate your commitment to improving cyber resiliency by fostering a collaborative learning environment. Encourage open and honest dialogue where your team feels comfortable sharing their perspectives freely, without fear of judgment. This will help you identify both strengths and weaknesses, providing valuable insights that may not be apparent from your own perspective. By implementing changes based on this valuable feedback, you prove your dedication to continuous improvement. Your action plan A key component to improving your organizational cyber resilience is creating and executing an action plan with clear objectives, stakeholders, and deadlines. The After Action Report from your last exercise will provide a solid foundation, but these specifics will help you enhance its impact. Dive into the Inject and Participant Breakdown areas of the After Action Report – this will help you pinpoint your team’s strengths and weaknesses identified in the last exercise, or identify participants that could benefit from individualized training plans to accelerate their development. Using this existing information will help you specify the concepts or topics of priority for you to address between exercises, begin benchmarking progress, and explore additional scenarios down the road. Review scenarios and upskilling content relevant to the areas you identified as needing improvement from the last exercise. In Crisis Sim, you can leverage the existing scenarios in our catalogue, create a custom scenario (from scratch or using our templates), and even take our AI Scenario Generator for a spin! Tip: Exercise specific teams or individuals in Single Player mode between organization-wide sessions to give them additional opportunities to improve their decision-making process. Three key areas of focus between exercises You know your organization and teams best, so what works best for your program between Crisis Sim exercises is up to you. But we encourage prioritizing these areas: Debriefing and feedback sessions to get the most value out of your exercises Individualized or team-focused learning plans for upskilling – don’t forget to leverage relevant content in labs! Reviewing and updating internal processes and procedures that may be out of date or contradictory If you’ve recently completed your first Crisis Sim exercise and begun working on goals for improvement between exercises, what have you focused on? If you’ve completed many, what tips do you have for others? Join the discussion in the comments below!Crisis Sim Complete...Now What?
Picture it: you’ve designed, built, and exercised your first Crisis Sim. You're pleased with the scenario and satisfied to see your team sharpen their skills, deepen their understanding, and boost their incident readiness. You can bask in the glory of this job well done for a moment, but the journey of the Crisis Sim doesn’t end here. The devil is in the details of the exercise data. Completing the exercise and gathering the results is only the beginning of your journey of fostering people-centric cyber resilience! Not sure where to start? We’ve got you covered Remember how meticulously you mapped out those injects and options to build your scenario? The feedback options, the performance indicators, the branching paths, the exercise types? Your hard work is about to pay off. We’ve processed the exercise responses for you because you’ve earned it – and because there’s more work to be done. Next steps for managers Crafting outcomes from outputs You can expand on the work you’ve already put into the exercise by leveraging both the Results and the After Action Report (AAR) for your scenario in the Immersive platform. Follow these steps to access these items: Go to Crisis Sim in the Exercise tab. Locate your exercise. Hint: use the filters available on the left to show “ended” exercises. Click to open your “Ended” exercise. From there, you’ll see how to dive into the available outputs with a few clicks! If you need a bit more info, here are some additional guides from our Help Center: Where to find Crisis Sim exercise results & reports View Results After Action Report (AAR) Analyzing exercise results Results If you’re looking for granular data down to the details of each inject, you can find it here. In Results, you’ll see an overview including the summary from the exercise scenario, along with key details such as scoring and completion metrics. Need to examine responses to specific injects? In the platform, you can quickly drill down into each inject by using the navigation on the left-hand side of the report. By selecting an inject, you can review responses and start to see patterns that emerged throughout the exercise. If you’d prefer raw data, you can export a CSV file of your results. It's straightforward, packed with detail, and puts all the key metrics and figures within easy reach. Check out our documentation for more details on key information and metrics. This is an invaluable resource for anyone passionate about data! It allows you to establish a foundation, set comparative standards, and ultimately gauge and improve your cyber resilience – all with concrete data to back your efforts. If the mention of statistics and spreadsheets doesn't excite you, no worries, the Immersive platform generates an After Action Report for you 30 minutes after completion of your exercise. After Action Report (AAR) Enter the After Action Report! The AAR presents an interactive visualization of your data analysis, offering valuable insights at your fingertips. And, as a bonus, you can download it as a PDF. The AAR is more than a deliverable; it’s a guide to fostering a people-centric cyber resiliency culture. It offers an outline of the exercise and crucial data points that will help drive what you and your team do next. Overall performance, inject-by-inject analysis, and participant breakdown provide a comprehensive view of your team's current capabilities and readiness, wrapped up with relevant recommendations for you and your team. Remember, insights are only available for data that’s collected as part of your exercise, so make sure you offer ranked inject options and enable response confidence and feedback to maximize your exercising. This is defaulted in the Immersive Crisis Sim Catalog presentation scenarios. In the performance overview of the AAR, you'll encounter a high-level snapshot guide for your next steps. Think of this as a performance gauge (based on our experience with Immersive clients) that maps to the following: >=75%: Excellent >=50%: Good >= 25%: Fair >=0%: Needs improvement As you dive deeper into the AAR, these broader performance indicators unfold with more granular data, and you’ll be able to understand the gaps that exist in cyber resilience for your organization. Mind the gap By understanding your organization's current state, you can create targeted improvement plans, whether reinforcing strengths, addressing weaknesses, or identifying opportunities for further training and exercises. This provides a clear starting point for overall improvement and upskilling. Inject breakdowns help pinpoint your team's strengths and weaknesses. Imagine the exercise in a real-world scenario: would there be a data breach, or would operations continue as normal? Assess your team's confidence and accuracy in their responses to identify knowledge gaps and points of failure. Use these insights not to dwell on mistakes but to improve and ensure your team is well-prepared for future challenges. The participant breakdown takes this introspection into your team's capabilities a step further by plotting decision scores against confidence levels. This helps you understand the accuracy and confidence of your team’s responses. Are your strongest team members operating confidently? Are those with knowledge gaps posing risks by overcompensating with confidence? Create an action plan This data helps you prioritize your next steps. Will you address weaknesses, reinforce existing skills, or increase exercise frequency to build confidence? There are plenty of upskilling routes to choose from. After each exercise, you'll see related Crisis Sim scenarios and lab content based on the threats and attack vectors encountered. When creating your action plan, you should consider the following outcomes and their related recommendations: Weaknesses identified at the individual level ⇢ Assign recommended lab content to key users, and reinforce the importance of upskilling by communicating the purpose of the content. Hint: Don’t forget to use assignment deadlines to effectively track progress and keep the team on track. The participants' skills resulted in high accuracy decision-making but low confidence ⇢ Reinforce strengths with clear communication of processes and expectations. Consider reviewing your internal playbooks! Are processes clear, concise, and aligned with organizational needs and expectations? Are policies current and up to date? Are there conflicting processes or policies within your organization? The team performed exceptionally across the board with high confidence ⇢ Test response readiness by exercising on a more difficult level scenario. Does the team excel in all areas, or is this an opportunity to better prepare? The landscape is constantly changing, and new threats are constantly emerging. Ensure your team has a wide breadth of knowledge and coverage by continuously proving their skills and encouraging further learning. Three essential steps to maximize your post-simulation impact Of course, you know your organization and teams best, so the Crisis Sim results are always best interpreted by you. Once you’ve analyzed and understood the results, prioritize these steps: Review the results and gather feedback promptly to identify growth opportunities. Did outcomes align with expectations, or were there surprises? Plan specific changes for future Crisis Sim exercises and build a strategic timeline. Should you adjust the difficulty or coverage areas? Is there time for additional training between exercises? Create an action plan with clear objectives, owners, and deadlines to ensure individual and team development. What other organizational stakeholders should you bring in moving forward? And what will be important for them in Crisis Sim exercising? Share your thoughts If you’ve recently completed your first Crisis Sim exercise, what will you do next? If you’ve completed many, what tips do you have for others? Join the discussion below!The Softer Side: Non-technical Benefits to Technical Team Exercises
In my role, I have the privilege of working with many different organizations through their technical exercise events and programs. One of the most rewarding aspects is seeing the spark ignite in the people as they band together to achieve a common objective. In this article, I’ll be sharing some of the common benefits I see emerge across organizations of all sizes, industries, and maturity levels, no matter the exercise's purpose. Encouraging curiosity and problem-solving Cyber Range Exercises provide a virtual network environment to explore. Defensive exercises focus on detecting and monitoring malicious activity, while offensive exercises involve exploiting vulnerabilities to uncover target information. Within these simulated environments, participants must utilize a wide array of skills and decide on the best approach, as the correct course of action isn't always obvious. This technical challenge is great for reinforcing knowledge and applying skills. I've seen players puzzle over unsuccessful methods, forcing them to rethink their approach entirely, asking plenty of “what if” questions before testing them out. This experimentation process educates players while simultaneously promoting lateral thinking and encourages sharing problem-solving insights. Improved communication Trawling through logs and analyzing (or preparing) a malicious payload usually calls for quiet focus. But in the real world, we’re rarely working alone. More often than not, investigations and tests happen in small teams, under pressure, and good communication becomes just as important as technical skill. That’s why team-based exercises reflect this reality. You’ve got to explain what you’re doing clearly, so everyone’s on the same page – both in terms of the situation and the technical jargon. Creating clear written logs and documentation matters too, especially in incidents where language may need to be adapted for different audiences. The most effective teams I've observed in these exercises prioritize organization. They set up a central place to track everything – whether that’s a Teams channel, a spreadsheet, or a crisis response tool – and they’re smart about assigning roles and carving out time to keep everyone synced up. Better distraction management A deliberate challenge I sometimes incorporate into technical exercises is surprise leadership requests for incident updates. This tests the team's ability to rapidly consolidate information under pressure, dealing with the uncertainties of an active investigation. Teams with strong organization, detailed incident logs, and a dedicated spokesperson or team leader consistently manage these interruptions best. Practicing in a simulated setting helps teams stay productive and accurate, even when real-world distractions come into play. It builds the ability to block out noise, manage stakeholders, stay focused on individual tasks while keeping sight of team goals, and smoothly switch contexts when needed. Stronger team dynamics Unlike individual training, these exercises require participants to actively communicate, share knowledge, and rely on each other's strengths to achieve a common goal. Team members learn to understand each other's working styles, identify individual expertise, and build trust in their colleagues' abilities. The shared experience of overcoming technical challenges, even simulated ones, creates a sense of camaraderie and shared accomplishment. While every team comprises diverse personalities and communication styles, it's crucial that each individual feels comfortable and empowered to share their insights and findings. These contributions can significantly alter the outcome; for instance, a critical discovery during a technical investigation might directly influence the business's crisis response strategy. Increased efficiency The more a team works together responding to the exercise challenges, the more they develop shared understandings of processes and expectations, learn to delegate effectively, and identify bottlenecks in their collaborative efforts. Eliminating issues arising from a lack of confidence or familiarity with the team or processes is especially critical for incident response teams, leading to quicker response times and improved agility when situations change rapidly. After each exercise, I like to conduct a team debrief, which is crucial for reflecting on lessons learned. Prompting players to consider their individual strengths and challenges, alongside open discussion about team dynamics and processes, helps identify opportunities for improvement. Technical exercises are undoubtedly key to boosting individual technical proficiency. However, their even greater value lies in cultivating these skills alongside the crucial professional attributes demanded by our field. Considering the significant pressure and expectations placed on these teams to deliver trustworthy outcomes, ensuring their preparedness within a high-trust setting is essential. These are merely some of the advantages I've witnessed through these exercises. Share your thoughts What benefits have you experienced through technical exercising? Share your thoughts in the comments!
