Crafting Scenarios for Real-World Training Applications

How I Build “Engaging” ICS/OT (& IT) Incident Response Tabletop Exercises in 6 Steps (here's how) I have participated in and led more than a few tabletop exercises over the years. I have been fortunate to learn from some really great ones. And some REALLY bad ones. Here's my six-step process for creating a tabletop that participants will be engaged in: 1. Do the Research Do the research on the client and their environment. -> What is important to the client's industry? -> How does the client's industry make money? -> How do "general" cyber-attacks impact the industry? -> What are the most impactful cyber-attacks in their industry? 2. Understand the Environment EVERY environment is different. No matter if it is ICS/OT, IT or both. -> What critical systems exist? -> What does the IT network look like? -> What does the OT environment look like? -> Why is the business conducting the exercise? -> What happens if a critical system is compromised? -> What are the unique physics of their ICS/OT environment? 3. Create Realistic Scenarios Using the information gathered so far, it is time to design the scenario(s). -> Think like an attacker -> Ensure that the scenarios are realistic -> If you are not sure how an attack might work, do not use it -> Create scenarios based off of known attacks against their industry 4. Build Engaging Injects Injects are new pieces of information given to participants as the scenario unfolds. Like getting a new clue when solving a murder mystery. A few of the engaging ones I have used include: -> Realistic phishing emails designed to look exactly like one they would receive in their specific email client -> Fake Twitter and other social media feeds reporting a cyber-attack against the company -> Phone calls received (on speaker phone) by a participant - A security research calls into to report intel on hacker chatter of a breach of the company - How do the team members respond? - Someone calls in as a local reporter asking about a potential cyber-attack against the company - Will an employee share sensitive information openly with an outside party? 5. End with the Worst-Case Scenario Like in a risk assessment, the worst-case scenario for the company must be examined. This could include people being killed, injured, harm to the environment, and a site or the company becoming inoperable. Even worse? Is when it shows up on the news. Use a photo generator to create an image of their environment on the news that shows their worst-case scenario. 6. Finalize the Design WITH the Client It is your client's tabletop exercise, not yours. Make sure to meet their known needs and help them understand needs they might not be aware of. P.S. What do you think makes a good tabletop?

🔴 If learners can’t apply it, they won’t remember it. Too many training programs focus on information instead of application. But knowledge without action doesn’t drive results. Instead, design learning that sticks by making it real-world relevant. Here’s how: 1️⃣ Start with real challenges. Ask: “What problems do learners face on the job?” Then, build training that helps them solve those problems. 2️⃣ Make practice look like reality. Ditch abstract exercises. Use: ✅ Case studies based on real work situations ✅ Branching scenarios with authentic decision-making ✅ Hands-on activities that mirror actual tasks 3️⃣ Encourage immediate application. Don’t just teach—get learners doing. ✅ Give action steps at the end of each lesson. ✅ Have learners apply skills to a real project. ✅ Use reflection prompts like: “How will you use this tomorrow?” 4️⃣ Measure success by performance, not completion. A completed course means nothing if behavior doesn’t change. Learning should solve real problems. If it doesn’t translate to the real world, it’s just noise. 🤔 How do you ensure your training leads to real-world application? ----------------------- 👋 Hi! I'm Elizabeth! ♻️ Share this post if you found it helpful. 👆 Follow me for more tips! 🤝 Reach out if you need a high-quality learning solution designed to engage learners and drive real change. #InstructionalDesign #RealWorldLearning #LearningThatWorks #LearningAndDevelopment

87% of training is forgotten within 30 days. But there's an excellent way to keep retention high so you don't have to waste your resources: simulation. Simulation works so well because the problem with most trainings isn't actually the content. It's the context. Many companies run trainings in a typical classroom setting. And it's easy to understand why. These training programs are incredibly common and I'm sure you know many companies it has worked well for. But the reason nearly 90% of that information doesn't stick is because the classroom setting isn't enough. The only way to remember what you learned is by repeatedly practicing with simulations. You want your training to resemble the actual scenarios as closely as possible. And then you want to drill those scenarios as frequently as possible in a low-stakes environment. Let's say your team needs to practice handling confrontational personalities. This could be for customer success or even internal communication. If they use Exec's AI Roleplay tool and practice with a hyperrealistic AI character (let's call him Jim) who is harsh and blunt, they can flush out all of their mistakes and be way better prepared when that type of personality comes up in the real world. The simulation (especially repeated simulation) creates little hooks all over their brain. And these hooks help embed the content in context. That way, the next time someone on your team faces a "Jim" in real life, their brain will make an immediate connection, and the hooks will help them recall how to communicate efficiently. Simulation is simply a way to make training more immersive. And the more you practice something in an immersive setting, the better you get. If you ever learned Spanish in high school then didn't speak it again, you probably forgot nearly all of it. But if you lived in Spain, you probably stayed fluent. That's the power of immersion. Happy to show you an AI Roleplay simulation demo — Just send me a message.