Praesidium Security Advisors logo
Praesidium
Security Advisors
 Request Consultation
Cybersecurity Tabletop Exercises

Practice the decisions that matter before the incident makes them urgent.

Praesidium tabletop exercises help security, engineering, legal, communications, and executive teams rehearse high-pressure cyber incidents in a structured, realistic format. Each scenario is designed to surface decision gaps, clarify ownership, and leave the organization with practical improvement priorities without exposing the full exercise mechanics in advance.

Purchase a Scenario View Scenarios
Scenario Catalog

Choose the exercise that matches your risk, team, and operating model.

Each tabletop can be tailored to your industry, cloud footprint, vendors, customer obligations, and executive concerns while keeping the exercise concise and decision-oriented.

Identity & Cloud

IAM Compromise Exercise

A cloud identity compromise tabletop focused on suspicious credential use, privilege escalation, access containment, and executive decision-making.

Best for Cloud platforms, centralized identity, production service accounts, or cross-account access.
Security OperationsIncident ResponseIAM/IdentityCloud SecurityInfrastructure EngineeringLegalCompliance/RiskExecutive LeadershipCustomer SuccessCommunications
More info +

Helps identify gaps in credential rotation, privileged access review, MFA enforcement, cloud logging, access restoration, customer notification, and executive reporting.

Purchase this scenario
Engineering & Product

Supply Chain / CI/CD Exercise

A software supply chain and CI/CD compromise scenario centered on suspicious build activity, exposed secrets, release integrity, customer impact, and restoring trust in deployment pipelines.

Best for SaaS companies, product teams, engineering-led organizations, and automated deployment pipelines.
Security OperationsIncident ResponseDevOps/PlatformSoftware EngineeringCloud SecurityIAM TeamProduct LeadershipLegalCommunications/PRCustomer SuccessExecutive LeadershipCompliance/Risk
More info +

Improves CI/CD incident response, secrets governance, release signing and provenance, deployment pause criteria, customer communication, and build system recovery.

Purchase this scenario
Crisis Response

Ransomware Incident Exercise

A ransomware response tabletop focused on rapid containment, backup validation, business disruption, extortion risk, recovery prioritization, and executive crisis management.

Best for Ransomware readiness, cyber insurance procedures, business continuity, and executive decisions.
Security OperationsIncident ResponseIT OperationsIAM TeamBackup/DRBusiness ContinuityLegalCyber InsuranceCommunications/PRExecutive LeadershipCustomer SuccessCompliance/Risk
More info +

Clarifies incident command, endpoint isolation, backup protection, ransom decision authority, recovery order, customer messaging, media handling, and 30/60/90 day resilience improvements.

Purchase this scenario
Endpoint & SaaS

Malware Incident Exercise

A malware and endpoint compromise tabletop focused on detection, endpoint isolation, shared storage containment, SaaS session risk, root cause analysis, and recovery communications.

Best for Remote workforces, shared drives, SaaS platforms, endpoint fleets, and distributed IT operations.
Security OperationsIncident ResponseEndpoint/IT OpsInfrastructureSaaS AdministratorsIAM TeamLegalCommunicationsCustomer SupportExecutive LeadershipCompliance/Risk
More info +

Improves malware triage, endpoint isolation, shared storage containment, SaaS session revocation, root cause reporting, customer messaging, and endpoint hardening priorities.

Purchase this scenario
External Perimeter

Forgotten Edge

An advanced external perimeter compromise scenario focused on unknown internet-facing assets, legacy systems, stale credentials, lateral movement, cloud expansion, data exposure, and regulatory pressure.

Best for Cloud growth, acquisitions, legacy infrastructure, incomplete inventory, or hybrid environments.
Security OperationsIncident ResponseInfrastructure/NetworkingCloud SecurityIAM TeamAsset ManagementIT OperationsLegalPrivacyCommunications/PRExecutive LeadershipCompliance/RiskCustomer Success
More info +

Strengthens external attack surface management, unknown asset ownership, emergency isolation authority, segmentation, service account governance, breach communications, evidence preservation, and modernization planning.

Purchase this scenario
Expert-Level Intrusion

Silent Embassy

A nation-state intrusion tabletop focused on stealth, long-term persistence, trusted vendor relationships, identity abuse, living-off-the-land activity, critical infrastructure concern, attribution uncertainty, and strategic executive decisions.

Best for Critical infrastructure, regulated industries, government contractors, healthcare, financial services, manufacturing, utilities, and sensitive operational environments.
Security OperationsIncident ResponseThreat IntelligenceIAM TeamCloud SecurityInfrastructureLegalRisk/ComplianceExecutive LeadershipCommunications/PRBusiness ContinuityGovernment RelationsThird-Party Risk
More info +

Improves advanced threat hunting, identity trust recovery, vendor exposure review, attribution language, law enforcement coordination, critical system segmentation, executive risk decisions, and strategic communications.

Purchase this scenario
Insider Threat

Trusted Hands

An insider threat tabletop focused on privileged access abuse, behavioral warning signs, authorized misuse, data theft, sabotage, HR/legal coordination, privacy concerns, and customer assurance.

Best for Privileged administrators, sensitive repositories, remote access, restructuring, or limited insider monitoring.
Security OperationsIncident ResponseIAM TeamHRLegalInfrastructure/CloudCompliance/RiskInsider ThreatExecutive LeadershipCommunications/PRIT Operations
More info +

Clarifies HR/security coordination, monitoring authority, access review triggers, device collection, suspension decisions, evidence preservation, offboarding controls, insider communications, and privileged access governance.

Purchase this scenario
Vendor Access & Ransomware

Locked Operations

An enterprise ransomware scenario beginning with third-party access compromise and escalating into identity abuse, lateral movement, data exfiltration, ransomware detonation, operational disruption, extortion, and long-term recovery.

Best for Vendor remote access, critical operations, interconnected business systems, shared identity platforms, and ransomware resilience concerns.
Security OperationsIncident ResponseIAM TeamInfrastructure/CloudBackup/DRBusiness ContinuityLegalCommunications/PRExecutive LeadershipCompliance/RiskThird-Party RiskCustomer SuccessCyber Insurance
More info +

Improves vendor access governance, MFA enforcement, privileged account control, backup isolation, incident command, double extortion response, recovery prioritization, customer communication, and long-term ransomware modernization planning.

Purchase this scenario
Ready to Rehearse

Turn uncertainty into practiced response.

A focused conversation is enough to select the right scenario, tailor the participant list, and plan a tabletop that leaves your team sharper without overwhelming the calendar.

Purchase a Scenario