Antares
All posts
Incident ResponseFebruary 4, 2025·6 min read

Tabletops that actually work

Most tabletop exercises produce a report. Good ones produce changes.

The point of a tabletop is not to confirm that the plan exists. It is to find the decisions leadership will have to make under pressure — and rehearse them with the actual people who will make them.

What good tabletops have in common

  • A scenario that matches the organization's actual threat profile, not a generic ransomware story
  • The real people in the real roles — not their delegates
  • Decision points that force trade-offs, not just process checks
  • A facilitator who is willing to make the room uncomfortable

A tabletop that ends with everyone agreeing the plan is fine has wasted everyone's time. The point is to surface the gaps — and then close them before they get tested for real.

More from the blog
Leadership

The quiet cost of reactive security programs

Most programs fail not from missing tools but from missing priorities. A short note on what reactive looks like — and what to do about it.

Governance

What boards should actually ask about cybersecurity

A short list of questions that produce real answers — and the ones that don't.

Have a situation worth discussing?

Notes are short by design. An advisory call covers what context actually requires.

Schedule a Consultation