What keeps an attacked organization standing is not the thickness of its documentation: it is a trained cell, clear roles and reflexes acquired through exercises. I build your cyber crisis capability, and I train it.
A named cell with distinct roles (crisis direction, coordination, business, IT, legal, communication), explicit activation thresholds, a crisis directory and out-of-band communication channels.
Ransomware, data leak, major outage, email compromise: short, actionable sheets rather than an 80-page plan no one will open under stress.
An annual program of tabletop exercises and simulations, scenarios that hurt where it counts, documented debriefs and corrective actions tracked to closure.
I teach cyber crisis management in a Master's cybersecurity program, and I apply it in the field, notably in M&A contexts where the crisis strikes an organization in mid-transformation: a cell to rebuild between seller and buyer, shifting responsibilities, maximum exposure. The capability articulates naturally with business continuity: the crisis is managed, the business continues.
A named crisis cell with distinct roles, short per-scenario reflex sheets, out-of-band communication channels, a crisis directory accessible outside the IT environment, and explicit activation thresholds. And above all, an exercise program.
A realistic scenario played in near-real conditions: tabletop for the decision cell, technical simulation for the IT teams, injections of unexpected events. Every exercise produces a documented debrief with corrective actions tracked to closure.
These regulations impose incident notifications within 24 and 72 hours, which fall during the crisis, not after it. The notification process must be built into the capability, prepared and tested in exercises, with declaration templates ready to use.
One 30-minute call and you know where your capability stands and which exercise to start with.
→Book a qualification callFirst call free, no commitment. See also the Cybersecurity GRC page.