Tabletop Exercise

Mandiant Consulting

Test your organization’s cyber incident response plan with scenario gameplay

The Tabletop Exercise evaluates the tools, processes and expertise your organization uses to respond to cyber attacks. Mandiant consultants challenge executive and technical participants with multiple scenarios based on real-world experience in a roundtable environment. This fully inclusive process provides critical feedback on your executive strategies and technical areas of risk in a roundtable environment.


What you get

  • Executive briefing on lessons learned from the exercises that includes a summary of how participants worked with their incident response plan, communications plan and escalation procedure
  • Post-action report with a timeline of events, detailed analysis of participant activities and strategic recommendations for improving detection, response, containment and remediation


  • Conduct quick, efficient, non-invasive evaluations
  • Identify gaps between documented and expected responses and actual behavior
  • Get recommendations for improvement informed by real-world incident response best practices

M-Trends 2018: Understanding Today’s Cyber Attacks

Explore the latest and greatest trends that define today’s threat landscape, based on Mandiant’s investigation of the most successful cyber attacks of the past year.

Download report

Our Approach

Step 1

Scenario Planning and Development

Mandiant experts first take about a week to gather information on your organization’s threat profile, operational environment and specific areas of concern. They also develop scenarios with variations based on realistic attacker behavior, techniques and tactics demonstrated in actual incident response situations.

Step 2

Scenario Gameplay

During the onsite roundtable workshop conducted with stakeholders in your organization, a Mandiant guide introduces these scenarios to participants. Mandiant professionals observe gameplay to determine how closely participant actions and decisions adhere to documented organizational plans and procedures and Mandiant-recommended best practices.

Step 3

Final Report

After the roundtable workshop, a Mandiant consultant shares his/her observations at an initial in-person briefing and delivers a written report that includes a step-by-step summary of scenario inputs and responses for threat detection, response, containment and remediation.