Home / Services / Tabletop Exercises

Tabletop Exercises

Practice your incident response plan before you have to use it

Request a Quote View all services
Tabletop Exercises ASSESSMENT
2
CRITICAL
6
HIGH
11
MEDIUM
5
LOW
External perimeter testingPASSED
Application security testingPASSED
Remediation verificationIN PROGRESS
Final report deliveryPENDING
Overview

What This Engagement Covers

A comprehensive assessment tailored to your environment.

Facilitated scenario-based tabletop exercises that stress-test your IR plan, expose communication gaps, and train executives and technical responders on the decisions they'll actually need to make.

Our Process

What We Test & How

What We Test

Ransomware, BEC, insider threat, third-party compromise, cloud tenant takeover, and regulator-focused data-breach scenarios — tailored to your industry and threat model.

Our Approach

Pre-exercise interviews to calibrate the scenario, facilitated roleplay with injects, debrief with observations, and written report with prioritized improvements to your IR plan.

Deliverables

What You'll Receive

Everything included in your engagement report.

Custom scenario tailored to your threat model

Facilitated 2-4 hour exercise

Participant debrief session

Written after-action report

Prioritized plan improvement backlog

Annual or semi-annual cadence available

Methodology

Our Testing Methodology

A structured approach to identifying and validating vulnerabilities.

1

Pre-exercise interviews and scenario design

2

Facilitated roleplay with injects

3

Decision point capture

4

Hot wash debrief

5

After-action report production

6

Improvement tracking

Findings

Common Vulnerabilities We Find

Typical security issues discovered during this type of engagement.

Unclear escalation authority Missing third-party vendor contacts Communication plan gaps (legal, PR, exec) Assumed but unverified backup recovery Regulatory notification timeline confusion Insurance claim process friction
Who It's For

Ideal For

Teams with a documented IR plan
Board-level security reviews
Pre-SOC-2 / ISO audits
Post-M&A integration exercises
Compliance

Standards We Support

SOC 2 ISO 27001 HIPAA PCI-DSS NIST CSF NIS2

Ready to Get Started?

$8,500

Typical engagement: 2-3 weeks from kickoff to report

Request a Quote
More Services

Explore Other Services

Complementary security engagements for comprehensive coverage.

Web Application Penetration Testing

Comprehensive security assessments of your web applications

Starting at $7,500 Learn more

API Penetration Testing

Secure your REST, GraphQL, and SOAP APIs

Starting at $7,500 Learn more

Active Directory & Domain Penetration Testing

Assess your Windows domain infrastructure security

Starting at $10,000 Learn more
Why Us

Why Lorikeet Security

Certified Experts

OSCP, OSCE, CEH, GPEN certified professionals

Auditor Ready

Reports designed for compliance audits

Free Retesting

Validate fixes at no additional cost

Expert Support

Direct access to testing team during remediation

Lory waving

Hi, I'm Lory! Need help finding the right service? Click to chat!