Blue Team Con 2026

10:30am CDT

Game of Cones: Why Your Crisis Plan Shouldnt Melt Under Pressure

Saturday September 12, 2026 10:30am - 11:30am CDT

Your incident response playbook is sitting on a server. The server just got encrypted. Now what?

Most organizations invest heavily in plans they never actually test: polished documentation, detailed runbooks, maybe a shiny new SIEM. Then a real crisis hits. Ransomware. A breach notification deadline. A regulator on line one and a journalist on line two. And everyone discovers, at the worst possible moment, that having a plan and having a practiced plan are two very different things.

This session draws on 18+ years of crisis management consulting across financial services, healthcare, and critical infrastructure — and a parallel career as a court-qualified expert witness in cybersecurity matters — to make one foundational argument: you cannot exercise your way to readiness during a crisis. You have to earn it before one arrives.

We'll start by untangling two exercise types that organizations routinely conflate. Technical Tabletop Exercises are built for your engineers and incident responders: deep, system-specific scenarios that evolve with each inject, stress-testing malware analysis, containment decisions, forensic timelines, and recovery procedures. Crisis Management Exercises are built for the people making the ransom pay/no-pay call at 2 a.m., fielding questions from the board, and deciding what to tell regulators before the mandatory notification window closes. Both matter. They serve different audiences, surface different gaps, and fail in different ways when neglected.

From there, we get practical. Using concrete inject examples drawn from real engagements, we'll examine what a realistic inject sequence actually looks like, how scenarios should evolve under pressure, and how to design exercises that surface real gaps rather than validate comfortable assumptions. We'll walk through common failure patterns: the outdated playbook nobody printed, the escalation path that dead-ends at a person who left the company, the executive team that spent the first 45 minutes of a simulated breach trying to figure out who was supposed to be talking to legal.

We'll also cover the human dimension that most exercise frameworks undercount: trust. You cannot know whether the person next to you will stay calm under real pressure until you've watched them handle simulated pressure. Exercises make your colleagues' behavior predictable. That predictability: knowing who steps up, who freezes, who asks the right questions, is what separates a coordinated response from organized chaos.

Attendees will leave with a practical framework for designing and running exercises that actually move the needle, a clear model for separating leadership-track and technical-track scenarios, and concrete guidance on building post-exercise debrief processes that drive iteration rather than just generating a report nobody reads.

One durable truth ties it all together: the calmest person in the room on the worst day of the organization's life didn't get there by accident. They practiced.

So should you.

Speakers

Richard Suls

US Lead, Advisory Consulting, Reversec

Richard Suls is US Lead for Security Advisory Consulting at Reversec Consulting, where he designs and delivers crisis management exercises and technical tabletops for major financial institutions, healthcare organizations, and critical infrastructure operators. He brings 18+ years... Read More →

Saturday September 12, 2026 10:30am - 11:30am CDT
Swissôtel Chicago 323 E Wacker Dr, Chicago, IL 60601, USA

Talk

Company Reversec
Audience Intermediate
Subject Governance / Risk / Compliance
global Y

Blue Team Con 2026

From $0.00

Tickets

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Richard Suls

Get help with the event

Choose your checkout method

Success you have shared X tickets.

Blue Team Con 2026

10:30am CDT

Richard Suls

Get help with the event