STOic TTX Facilitator Training Series

Introduction to the STOic TTX Facilitator training series.

The series is a comprehensive course in being an effective tabletop exercise facilitator and provides tips for any tabletop exercise facilitator as well as training specifically for the STOic approach. STOic TTX is a HEFESTIS project funded by the Scottish Government.

Introduce to STOic TTX Facilitator Training

2. Exercise Logistics. One of the three core skills in the STOic TTX Facilitator training is Exercise Logistics. How to prepare for, deliver, then report on an exercise. The scenario building and delivery topics are further explained in separate videos in the series.

3. Scenario Building. How to build a dynamic scenario in the STOic TTX Framework. Combining threats, initial impacts, and injects, a facilitator can quickly create challenging scenarios for even the most practiced incident responders.

4. Delivering the Scenario. The phases of delivering a tabletop exercise scenario. Once you have built the scenario, how do you deliver it in an effective way and how can you maximise your chances for a successful exercise? The details of managing the participant engagement and experience are covered in separate videos.

5. Note-Taking and Reporting. Guidance on how to take notes during an exercise and what to report that will be of great value to the participants. This video also covers the STOic TTX note-taking and reporting templates.

6. Participant Engagement Introduction. Introduction to the facilitator skill of Managing Participant Engagement. An introduction to the questions you can use to dig into the participant’s responses and keep the conversations flowing.

7. Participant Engagement: Confirmation Questions. Confirmation Questions are the first question type explored as a part of Participant Engagement. Also known as Active Listening, they have an important role to play for a facilitator.

8. Participant Engagement: Curiosity Questions. Curiosity Questions are the second question type explored as a part of Participant Engagement. The “5 W’s”, “What ifs” and some added bonus questions can help a facilitator delve into the organisation’s incident responses and uncover gaps.

9. Participant Engagement: Consequence Questions. Since a TTX is all in the participant’s minds, people can forget about the consequence of their actions when they imaging responding to an incident. Keeping track of the actions and dependencies can help the scenario run more smoothly. Getting the participants out of their tunnel vision and consider the effects of their actions on others can reveal a number of gaps in an incident response plan.

10. Participant Engagement: Prompting Momentum. How do you keep the discussions in a TTX from dying an awkward death? The video explains some basic group discussion facilitation tips and some tips specifically for tabletop exercises. This video also covers when you need to break the momentum and take the discussion in a different direction.

11. Participant Experience. Go from being a good facilitator to a great one. An introduction to the Flow State and how a facilitator can craft a powerful experience for TTX participants.

12. Pro Tips. A collection of tips for facilitators that did not fit in other videos.

13. TTX Examples and Walkthroughs. Two tabletop scenarios are presented and explained in this final video in the series.

Related resources

Early Warning Service

The NCSC provides a free service to organisations to inform them of threats against their network. This service will notify you on all cyber attacks detected by the feed suppliers against your organisation and is designed to compliment your existing […]

Small Business Guide: Response and Recovery

Guidance that helps small to medium sized organisations prepare their response to and plan their recovery from a cyber incident.

Scottish Information Sharing Network (SciNET Group)

SciNet is a community for Scottish Buisnesses to engage on CiSP. The Cyber Security Information Sharing Partnership (CiSP) is a joint industry and government initiative set up to exchange cyber threat information in real time, in a secure, confidential and […]