Let’s find gaps in your security incident response, and cultivate security champions while we’re at it.

 
 

We take your security program in its current state, build it into a custom tabletop gaming experience, and determine how well equipped your business is to respond to breaches from threats operating in your industry.

 

In the process, we’ll have a great deal of fun, and the entire business will find your security program far more attractive. Moreover, the business will become aware of all the capital costs associated with potential breaches.

 
 

We can’t help your CISO sleep better at night, but at least they’ll know why, and knowing is half the battle.

Designed for simplicity, tailored for your business.

We pride ourselves on being a security vendor that is immediately valuable to your business, without lengthy onboarding efforts.

From start to finish, our processes are designed to bolt into your security program seamlessly. After the paperwork is wrapped, feel free to hand over the remaining work effort to the newest members of your security team, and rest easy knowing your newly procured tabletop service is in good hands.

How Does It Work?

  • Our Methodology Is Different, We Like It That Way.

    Tabletop exercises often fail to evaluate operational readiness of incident response teams, while overlooking the true costs of the security breach.

    We turn your security program into a customized game instance, while including a relevant threat case observed in your industry.

    Each session details what the breach would cost the business from a labor, asset value, compliance, and customer standpoint.

  • We Understand Your Business, And Your People Within It.

    Convincing your users to consume security awareness training is difficult, convincing your security team to participate in a tabletop is a whole other level of effort.

    All of our sessions are guaranteed fun, engaging, accessible, inclusive, while staying relevant to your security program goals.

    We make information security interesting for everyone, so bring your non-tech business units, we promise they’ll learn something and thank you for the opportunity.

  • Multiple Outcomes For Your Security Program, Without Additional Budget.

    Security programs are complex, and often require a lot of ongoing effort in a lot of different directions.

    Our sessions cover your awareness training requirements, and include incident response primer training for good measure.

    Each game session also finds gaps in your IR plans, and helps the business determine where to appropriate security budget, while meeting the necessary requirements for annual tabletop testing.

We’re Not Done Yet!

  • Paperwork is the least enjoyable part of any information security effort.

    Let us handle it. From the service onboarding, to the after action reports, we have the boring parts well in hand, so your team can keep their focus for your other security program needs.

  • Simulated training works well in theory, but lacks some realism now and again.

    Our breach simulations combine how threat actors breach similar businesses to yours, while incorporating a strong understanding of the economics of computer crime.

  • We have a great IR plan, but we haven’t tested it.

    Let us handle that! Each IR Team Mode game session takes in your existing IR plan, finds the gaps, and wraps your threat case around what we found, ensuring your exercise works properly to identify real gaps in your security program.

  • Once the consulting engagement is over, getting questions answered is tough.

    We get it, consultants are on to the next engagement, which is the nature of the work, but we love hearing from our clients and make ourselves available for the odd follow-up here and there.

    Plus we know your non-tech business units will have a new found curiosity for information security after our sessions, so we like to help cultivate that.

Compliance Friendly Expansion Pack Included

Maintaining information security compliance is a never-ending process, just like the paperwork.

Each game session meets compliance standards for any awareness training requirements, and the IR game mode addresses both insurance as well as compliance requirements for annual IR plan testing.

We can customize your game session to simulate fines for non-compliant controls and types of data compromised.

Finally, a letter to your auditors is included with your after-action report detailing the game methodology and how it aligns with compliance standards, which makes that part of the evidence submission much easier.

Game Mode Selection

Allow approximately 4 hours of meeting time for a complete session. Can be delivered via any chosen virtual conferencing tool currently in use within the organization, or in person. All sessions include certificates of completion for participants.

  • Awareness Training Mode

    Ideal for organizations beginning their information security program development and looking to identify gaps before an incident takes place.

    This session includes a security awareness training presentation which showcases viable threat scenarios, breach impact, and tips to avoid becoming the next victim.

    We follow up with a discussion detailing an effective methodology for incident response within the business.

    Gameplay is designed to introduce and test IR concepts. No former experience necessary!

  • IR Team Mode

    Best suited for organizations with some information security program already developed and who are looking to mature the response effort.

    This session includes either security awareness training or an industry-focused case study detailing breaches and impact to similar businesses.

    The incident response training session includes insight into attacker techniques in addition to covering effective incident response.

    Game-play is designed to test existing incident response plans, procedures, team responsibilities, and security control coverage. Training and game-play is accessible to anyone in the business, we invite anyone to come along and attend.

Testimonials

  • Low & Slow Data Exfiltration

    Syntax Security’s gamified approach to Incident Response (IR) Tabletops provides meaningful, engaging involvement in directed scenarios across all organizational units. Real-world threats are taken into the exercise and responses are combined with your existing IR Plan, providing realistic scenarios that thoroughly test your teams and how they function during an incident. Incident costs are clearly defined and provide leadership an accurate analysis of financial risk due to an incident.

    This approach is highly engaging and is highly recommended for any organization to get an accurate assessment of your IR readiness.

    • James C. Technology College, Calgary Alberta.

  • Admin Workstation Compromise

    A.J ran our team through a very realistic scenario, tailored to our systems and circumstances, using great online tools. It was a simulation, but felt a lot like the real thing and really tested our capabilities and how we work together.

    • Simon Woodside, Cofounder/CTO/CISO - MedStack

We would love to hear from you!

Feel free to reach out anytime for booking inquiries, demos, or any questions you may have.