This category explores the strategic layer of cyber security — where long‑term vision, technical architecture, and governance intersect. It covers how organisations design secure systems, build resilient architectures, align security with business goals, and navigate frameworks, risk, compliance, and regulatory expectations. From high‑level strategy to practical implementation, these articles break down the thinking, structures, and decision‑making that shape modern security programs.
Whenever I run a tabletop exercise, the first thing I do is set the tone for the room. I tell everyone that this is not a test and it’s not about catching anyone out. It’s a safe space to walk through our policies, procedures, and decision‑making as a team. The goal is to explore how we work, not judge how anyone performs.
A good tabletop lives or dies on facilitation. A script doesn’t remove spontaneity, it creates psychological safety. It gives the facilitator a structure to fall back on, keeps the room aligned, and ensures the exercise stays focused on process rather than personalities. This script is written so that even a first‑time facilitator can run the scenario confidently while still leaving space for natural discussion and team dynamics.
How to Run a Cybersecurity Tabletop Exercise: Facilitator Script with Discussion Prompts Read More »
An After‑Action Report is where a tabletop exercise turns into something real. It’s the moment where the conversation becomes clarity, and clarity becomes improvement. This AAR captures not just what happened in the scenario, but how the team thought, reacted, hesitated, and learned, because that’s where the real value sits.
How to Write an After Action Report (AAR) for Cyber Tabletop Exercises Read More »
A participant handout sets the tone for the entire exercise. It gives everyone the same starting point, removes uncertainty, and helps people focus on the scenario rather than trying to remember process details. This one is designed to be read in under two minutes, just enough to orient the room without overwhelming it.
How to Create a Participant Handout for a Cybersecurity Tabletop Exercise Read More »
A PIR isn’t just paperwork. It’s where the real learning happens. It’s the document that turns an incident into improvement. To show you what a mature, well‑structured PIR looks like in practice, here’s a full example based on a realistic MFA fatigue and OAuth compromise scenario.
How to Write a Post-Incident Review (PIR) Report (With Real-World Example) Read More »
This article isn’t just a guide, it’s a complete, modern Incident Response Plan aligned to NIST CSF 2.0. A full, real‑world IRP you can use as a reference, benchmark, or starting point for your own organisation.
How to Build an Incident Response Plan: A Complete NIST CSF 2.0 Example Read More »
Most organisations have an IRP. Most discover it doesn’t work the moment they actually need it. Not because the document is wrong, but because it was written for the organisation they used to be, not the one responding to an incident today. Incidents in 2026 are cloud‑distributed, identity‑driven, SaaS‑entangled, and business‑impacting. Modern incident response is
How to Write a Modern Incident Response Plan (IRP) Using NIST CSF 2.0 Read More »
For years, cybersecurity teams followed the traditional NIST Incident Response Process: Preparation, Identification, Containment, Eradication, Recovery, and Lessons Learned. This model shaped how organisations built response capabilities and how students learned incident handling. The threat landscape has shifted dramatically, with cloud‑identity attacks defying linear phases, ransomware spreading before containment can begin, and supply‑chain compromises blurring
The Evolution of Incident Response: Updating the Classic NIST IRP to the 2026 Framework Read More »
If you work in Australia, you’ve probably heard someone mention the ACSC Essential 8 in a meeting, usually right before everyone nods like they understand what’s going on. Spoiler: most people don’t. The Essential 8 is Australia’s baseline cyber security framework, a minimum and a voluntary baseline standard organisations can adopt to meet their cyber
The Essential 8 Explained Like You’re New to Cyber (But Want to Actually Understand It) Read More »
