It’s Monday morning in the Crisis Sim Content team at Immersive Labs. You’ve made a coffee and are ready to start the day. How do you proceed?
Option 1: Jump on a call to check in on the status of your team’s projects – but a weekend catch-up and dad jokes are mandatory first.
Option 2: Check your emails from clients who need your help creating customized content so that they can exercise their teams effectively.
Option 3: Drop everything to start a new scenario based on a huge cyber crisis that’s happened overnight – an IT software management company has been attacked, knocking out payment points at Swedish supermarkets.
The start of my day could look like any of these options. The Crisis Sim content team creates interactive, dynamic cyber crisis scenarios for employee exercising. We’re a small team, mostly based out of Bristol, and juggle a lot of plates in our day-to-day work – from inventing fictional companies and scripting mock voicemail messages to researching industrial control systems and their vulnerabilities. We’re made up of first-class researchers, game designers, and experts in the human factors behind crisis management. We’re also not afraid to switch from one task to another very quickly.
Option 3 days are the most intense. We track emerging cyber threats as they happen, but when they reach a tipping point, we have to muster our resources to create a scenario as quickly as we can for our customers. This usually involves task switching completely, as decided with our manager in the morning stand-ups. In July 2021, I moved quickly to create a scenario about the ransomware attack on Kaseya, an IT software management company.
These days involve a lot of coffee and a concerted research effort to understand the ongoing incident. The key to understanding cyber threats that are still in progress is to judge which sources are reliable. Sometimes we’ll look at more unorthodox sources than your standard Wired or BBC article because Twitter threads and Reddit forums publish information quicker. But it all has to be taken with a pinch of salt to understand what’s really going on.
Once we’ve completed preliminary research, we can start planning the scenario, creating a list of events from beginning to end. This can change drastically day by day – as more verified information comes out, we may have to revise our structure twice or even three times, making for a very fast-paced workday!
While the master events list develops, we also begin to write the narrative and options (just like you saw at the beginning of this article), which help participants practice dealing with threats and ensure they’re sticking to their crisis response plan.
After this, there’s still media to make for added realism and graphs to plot that accompany the scenario and move dynamically with each decision made. These fiddly, final bits of creating a Crisis Sim are always the most time-consuming, and we always forget how long this part takes!
The final stage of a sim spans multiple teams. The sim goes through a rigorous quality assurance (QA) process, where the content gets checked by our excellent presentation QA team to ensure typos are fixed and everything functions correctly. The design team then creates artwork for the scenario to look appealing along with the rest of the catalog content on the platform, and marketing writes a blog to advertise the new piece of content. After all of this research, writing, creativity, and hard work, the scenario is ready to go out to customers. In a very short time, we’ve created a dynamic, interactive Crisis Sim based on a severe, still unfolding cyberattack. It’s a long and intense week, but it’s incredibly satisfying to see our final product being used so quickly, immediately helping companies to improve their cyber crisis response. By Friday afternoon, we’ve truly earned our weekend.
But soon enough, Monday morning rolls around again, and you’re catching up with the team. What’s on the agenda?
Option 1: Offer to help a colleague with some research on their current scenario – you read an interesting article on the weekend that could come in useful.
Option 2: Catch up with your clients to make sure they’re ready to present their facilitated exercise later today and help out with some last-minute changes.
Option 3: Anticipate the next huge cyber threat and start thinking about new content that could help protect your customers.