CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!Inside: Tabletop victories from the field, Marsh highlights controls that really move the needle, and JLR three-week disruption reminds us why crown jewel operations must be impregnable. Oh, and a small (okay, game-changing) upgrade to Ally’s tabletop recording upload experience.
One of the best parts of running tabletops: there are multiple ways to play the game.
Over the past couple of weeks, we’ve seen some great campaigns unfold:
Here’s the real magic: when you run a TTX well, people want to join. Fun doesn’t mean frivolous. It means that people are engaged instead of preoccupied, interacting instead of snoozing, and collaborating with their fellow humans instead of fighting the scenario. When you have this combination, it's ideal for learning, retention, and ultimately for the buy-in you need to move your client programs further along the path to preparedness.
If you’ve got an opportunity like the ones above, don’t hesitate to reach out. We’d love to help you roll initiative!
Your allies in IR,
Rob & Scout
Which cybersecurity fortifications are the most effective at reducing risk? Marsh’s Cybersecurity Signals study maps defenses to outcomes, showing where the strongest shields really hold. Claim Your Download
This week’s Risky Business podcast spotlights “Shai-Hulud,” a throwback worm cleaving its way through npm packages. The hosts break down how a supply-chain infection can spread like the plague – lessons tailor-made for scenario building in your next tabletop. Listen In
Jaguar Land Rover’s (JLR) UK production lines have been down for nearly three weeks after a cyberattack laid siege to operations. It’s a reminder that disruptions aren’t just IT issues, they can halt crown jewel business functions for weeks at a time. Read the Battle Report
A breach struck SonicWall’s firewall configurations, compelling the company to rally its defenses with password and VPN key resets. No zero-days were uncovered, but the disruption shows how even the sturdiest walls can be tested, making this a useful case study. Review the Defense Scroll
Crafted by our epic engineer, Elvira!
One of the first features in our After-Action Reporting arsenal was simple: slot in a recording you already captured and let Ally do the rest. Facilitators can use this tool to test internally, empowering them to step into client sessions with confidence.
However, uploading hefty TTX recordings takes time, so we designed a flow that shows exactly where your file is in its journey. Now you’ll see clear stages and helpful context, making uploads a guided quest from start to finish.
And because every great journey deserves a great diversion, we’ve added Ally’s Crown Jewel Runner inside the uploader! Play in-app to run, dodge, and stomp your way to the top of the leaderboard.
At month’s end, the highest score earns an Ally quarter zip fit for a fierce Facilitator. Send your high score screenshot to scout@ally.security to claim your spoils!
We’ve covered fortifications, field victories, and even a worm on the loose. Until next time, may your uploads be swift, your exercises lively, and your Crown Jewel Runner scores high.
About Ally Security
Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.
The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.
