While tabletop exercises (TTX) are considered a proven tool for finding gaps in an organization’s security posture, they can be painstakingly challenging to plan and implement effectively. In a time where information security teams are understaffed and overworked, are TTX still worth the time and resources? Or are there other ways of ensuring incident response readiness? Navroop Mitter, the CEO of ArmorText, a mobile security and privacy startup, sheds light on the various aspects of tabletop exercises and their effectiveness as a preparedness tool.

Time Stamps



00:02 -- Introduction

00:49 -- Setting the Stage and Compelling Stats

02:48 -- Guest's Professional Highlights

05:12 -- Overview of Tabletop Exercises

07:15 -- Comparing Tabletop Exercises to Simulation

11:12 -- Benefits of Running a Tabletop Exercise

12:36 -- Table Top Exercise Resources

15:18 -- Legal Representation in Tabletop Exercises

17:07 -- Doing Tabletop Exercises Right

23:20 -- Mistakes To Be Avoided

29:14 -- Building Resilient Communication Capabilities

34:28 -- Final Thoughts

Memorable Navroop Mitter Quotes/Statements

"A tabletop is a tool for organizations seeking to enhance their cyber resilience and readiness. It helps you develop muscle memory and identify gaps in your existing plans or other opportunities for enhancement."

"Unfortunately, too often, tabletops are seen as something the cyber folks do alone in their dungeons. But they're just as essential for C-suite senior leadership and the board."

"When we're helping organizations think through tabletops, or the simulations they're going to run, whether it's a very quick, lightweight discussion around the table, or a much more nuanced, immersive simulation, we're asking them to assemble stakeholders like senior leadership board members, IT and security teams, public relations, communications teams, legal counsel, human resources and finance together. This is not about the technologist. It's not just about security. This is about operational resilience. And that means the entire organization."

"When you test your IR plan, even without having a formal team in place, just testing the IR plan alone was nearly as effective; you still had 48 days saved just by having rehearsed and tested your plan, just by having run the playbook before, and understanding what it was to be in that scenario, or something similar to it."

"I think the need of the hour is increased executive and senior leadership involvement."

"Done right, tabletops are actually there to help you prepare for managing regulatory litigation and reputational concerns that often follow these events."

Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast

Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks.

Connect with Dr. Chatterjee on these platforms:

LinkedIn: https://www.linkedin.com/in/dchatte/

Website: https://dchatte.com/

Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338