Play Today.
Respond Tomorrow.
Challenge is TALAS's flagship cybersecurity tabletop exercise. Custom-built for your organization, grounded in real threat intelligence, and designed to train the active decision-making that matters when an incident is actually unfolding.
Schedule Your EventThe Industry
Got It Wrong.
The tabletop exercise market has drifted to two extremes. Neither reflects what actually happens during a cybersecurity incident.
Exercise
Every control works perfectly. Every process executes flawlessly. The team is commended. No issues are identified. You leave with a compliance artifact, and no real understanding of where you'd actually fail.
Stress Test
Everything that can go wrong does go wrong. The exercise is designed to break the team regardless of actual readiness. Intense, but equally unrealistic, and it fails to build the decision-making capability that matters most.
in the middle.
In a real incident, most controls work - sometimes. Teams adapt as new information emerges. The skill that matters isn't knowing the playbook. It's making sound decisions when the playbook doesn't fully apply. Challenge was built for exactly that.
What's
Included
Challenge uses four distinct inject types to create variety, realism, and genuine decision pressure. Every event is built from a combination of all four.
Injects
Participants step into a live scenario and respond in character: Fielding an inbound call, handling a media inquiry, briefing an executive under pressure. These injects test the human side of incident response: communication, composure, and judgment under the stress of a real incident.
"A reporter from a regional news outlet has called the main office line. They've heard a rumor about a data breach and are asking for comment before their story goes to print. How do you respond?"
Injects
Binary or multi-option choices that advance the scenario along different paths based on the team's selection. These are the branching points - decisions that change the game. The choice the team makes determines which version of the incident they're now managing.
"You've identified suspicious activity on two systems. Do you isolate the affected machines immediately, potentially alerting the attacker - or do you continue monitoring to gather more intelligence before acting?"
Injects
Decisions where the outcome is probabilistic, determined by rolling a ten-sided die calibrated to the client's own discovery data. The die represents reality: most controls work, but not all. The roll removes the illusion of certainty.
"Your culture survey shows 70% of employees know how to properly report phishing. You roll the die: 1–7, the email is reported and you have the intelligence. 8–10, no one flagged it and the attacker's campaign proceeds undetected."
Triage Injects
Participants are presented with partial information and must ask the right questions to reveal additional intelligence. The rule is simple: if you don't ask, you don't get the information. This is the inject type that most directly mirrors real incident response.
"The SOC has flagged anomalous outbound traffic. You're told there is a traffic volume spike — nothing else. What do you ask? What do you need to know before you decide what to do?"
How Challenge
Works
Every Challenge engagement is built from scratch — eight phases from first design session to final report, each calibrated to your organization's actual threat landscape.
A co-led kickoff to establish logistics, workstream balance, and scenario guidance. Clients direct where to stress-test: Specific systems, coverage gaps, personnel. Once direction is set, TALAS takes over the build entirely.
TALAS builds a proprietary threat model by selecting across five threat variables, producing a precise attacker profile that drives every downstream design decision.
Every scenario begins with a deliberate choice across five axes. The combination produces a threat profile that is specific, plausible, and grounded in your actual risk environment.
With the threat model established, TALAS researches real-world attackers and campaigns that match the profile, grounding the scenario in current intelligence and real-world attacks rather than hypothetical constructs.
TALAS gathers client-specific data across three areas: Culture and awareness, technical controls, and network design. This data becomes the statistical foundation of the event.
Discovery data calibrates a ten-sided die. If 70% of employees know how to report phishing, a roll of 1–7 succeeds, and 8–10 represents the 30% who didn't. Outcomes feel earned, not scripted.
The attack is written as a full 4–6 page narrative, from the attacker's reconnaissance to the moment of breach. The exercise drops them mid-incident, after the attacker has already gained a foothold.
The scenario is broken into discrete moments "injects" each presenting a decision, a challenge, or new information. A branching decision tree routes participants to different paths based on the choices they make, replicating the non-linear nature of a real incident.
A TALAS facilitator leads participants through the live scenario across both workstreams over 2 to 6 hours, in-person or virtual. The exercise can run with both teams together, or with executives briefed mid-event by the technical team, mirroring how real incidents escalate.
Detection, scoping, containment, eradication, recovery, all managed by the technical team.
Communications, legal, public relations, executive decision-making all managed by leadership.
TALAS delivers a formal post-event report including the complete scenario, research, and documented observations. Identifying both what worked and where gaps were identified. The report serves as the regulatory compliance artifact demonstrating a formal incident response test was conducted.
Engagement complete. Regulatory evidence delivered. Gaps documented. Your team knows exactly where they stand, and what to do about it.
Ready to
Roll?
Schedule a conversation with TALAS to discuss your organization's incident response posture and build a Challenge event designed around your actual threat landscape.