Exercise programs

Continuous cyber exercising leads to high readiness

It's tough to respond effectively to an incident if you are not prepared. Exercises prepare organisations to respond confidently and effectively, reducing harm from avoidable actions and getting back to business.

Our cyber security exercise programs

Crafted to meet objectives

Before we craft an exercise, we first identify what the objectives are. Whether it's to test inhouse forensic capabilities, validate procedures and playbooks, understand compliance against relevant regulations, or all the above, we will design the exercise to ensure the participants' actions can be captured and measured against the objectives.

Frequent and accessible

One or two exercises a year aren’t enough to stay prepared. People, technology, and threats constantly change, so regular practice is essential. Our exercise programs help you stay ready for the threats that matter most.

Remote or onsite delivery

We always use our cyber security exercise platform, Gauntlet, to deliver top-quality exercises. This allows us to run exercises remotely or onsite, making sure all participants have what they need, wherever they are.

Meaningful outcomes

Our exercises capture real metrics using advanced technology. With our expertise, we turn these metrics into actionable steps, helping you improve readiness and see real results.
“...ever-evolving cyber risks and threats..."

The nation’s cyber incident response capabilities need to mature and adapt to ever-evolving cyber risks and threats. Cyber exercises like Cyber Storm allow the cyber incident response community to practice and measure the effectiveness of their capabilities and continuously improve.

Cybersecurity and Infrastructure Security Agency (CISA)
Department of Homeland Security, United States Government

Frequently asked questions about exercises.

As a startup that focusses exclusively on cyber security exercises, we field many questions about them. These answers may help you consider if exercises are right for your organisation, and perhaps give you a new perspective about them. If you have any other questions about exercises, get in touch.
Contact us
What are exercises?

Exercises (also referred to as sims) are scenario-driven simulations of a cyber incident. Participants respond to the incident and underlying threats by performing a variety of actions such as incident management, forensics, communication, and reporting. Parts of the scenario, known as injects, are released over the duration of the exercise. These injects usually provide more information about the threat and may change the actions or decisions made by the participants.

Exercises can take different forms (discussion based or functional, remote or onsite), represent different incident types (e.g. ransomware), and can be as long or as short as they need to be. Exercises are sometimes thought of as big events, involving lots of people, being complex, and taking lots of time and resources. It doesn't have to be this way and, if done correctly, are manageable and easily align with the organisation's normal business practice and security program.

Are they effective?

Extremely effective, but only if done correctly.

The key to an effective exercise is that the objectives are well defined, the exercise is crafted to meet those objectives, and that the right data is captured so factual findings and insights are possible. Most importantly however, exercises need to be as realistic as possible with participants acting as if they were responding to a real incident. This is why we always advocate our customers use their production network, invested capabilities, and existing processes when participating in an exercise - it's as close to being real as possible.

Who should participate?

Anyone who is involved in incident response should participate in exercises. Incident response involves many different capabilities across an organisation and so exercises should reflect this.

Teams that we commonly involve in our exercises have included security operations, crisis management, media and PR, executives, legal, and other technology teams.

How often should we do them?

As often as you can. Especially if you are consistently targeted, provide critical services, and/or have important data to protect. Exercising against common threat scenarios will ensure the organisation can respond effectively when those threats manifest.

Evolving threats, discovered vulnerabilities, churn in personnel, network rearchiteching, investment in new tooling, and other changes - these will always impact an organisation's readiness to respond to an incident. By frequently exercising, the impacts from these changes are neutralised.

What types of exercises are there?

There are two main types - tabletops and functional exercises.

Tabletop exercises involve discussing what actions one would perform based on the presented scenario. The action is not physically performed. Functional exercises do involve participants actually performing relevant actions, such as creating a ticket in their case management system, searching telemetry in their environment, or preparing a media statement to deliver at a news outlet. Both types of exercises meet different needs, but functional exercises are more realistic and therefore yield better findings and insights.

Build Readiness. Respond Effectively.

Request demo
Our technology
Connect with us on social media
Solutions
GauntletExercise programs
Company
About usCase studiesCareersContact us
Learn
BlogMediaEvents
Resources
GuidesSample scenariosExample reports
Other
PrivacyGauntlet Terms of UseDisclaimerSuppliersTrustCookie preferences
© 2025 Retrospect Labs Pty Ltd. All Rights Reserved.