While tabletop exercises (TTX) are considered a proven tool for finding gaps in an organization’s security posture, they can be painstakingly challenging to plan and implement effectively. In a time where information security teams are understaffed and overworked, are TTX still worth the time and resources? Or are there other ways of ensuring incident response readiness? Navroop Mitter, the CEO of ArmorText, a mobile security and privacy startup, sheds light on the various aspects of tabletop exercises and their effectiveness as a preparedness tool. Time Stamps  00:02 -- Introduction 00:49 -- Setting the Stage and Compelling Stats 02:48 -- Guest's Professional Highlights 05:12 -- Overview of Tabletop Exercises 07:15 -- Comparing Tabletop Exercises to Simulation 11:12 -- Benefits of Running a Tabletop Exercise 12:36 -- Table Top Exercise Resources 15:18 -- Legal Representation in Tabletop Exercises 17:07 -- Doing Tabletop Exercises Right 23:20 -- Mistakes To Be Avoided 29:14 -- Building Resilient Communication Capabilities 34:28 -- Final Thoughts Memorable Navroop Mitter Quotes/Statements "A tabletop is a tool for organizations seeking to enhance their cyber resilience and readiness. It helps you develop muscle memory and identify gaps in your existing plans or other opportunities for enhancement." "Unfortunately, too often, tabletops are seen as something the cyber folks do alone in their dungeons. But they're just as essential for C-suite senior leadership and the board." "When we're helping organizations think through tabletops, or the simulations they're going to run, whether it's a very quick, lightweight discussion around the table, or a much more nuanced, immersive simulation, we're asking them to assemble stakeholders like senior leadership board members, IT and security teams, public relations, communications teams, legal counsel, human resources and finance together. This is not about the technologist. It's not just about security. This is about operational resilience. And that means the entire organization." "When you test your IR plan, even without having a formal team in place, just testing the IR plan alone was nearly as effective; you still had 48 days saved just by having rehearsed and tested your plan, just by having run the playbook before, and understanding what it was to be in that scenario, or something similar to it." "I think the need of the hour is increased executive and senior leadership involvement." "Done right, tabletops are actually there to help you prepare for managing regulatory litigation and reputational concerns that often follow these events." Connect with Host Dr. Dave Chatterjee and Subscribe to the Podcast Please subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/ Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338 a...