Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio (16 Hours)

Security Defense and Detection TTX w/ Amanda Berlin and Jeremy Mio

Instructors: Amanda Berlin and Jeremy Mio

Includes: Six months of complimentary access to the Cyber Range

Security Defense and Detection TTX is a comprehensive four-day tabletop exercise that involves the introduction to completion of security TTXs (tabletop exercises), IR playbooks, and after-action reports. The exercises are paired with video and lab demonstrations that reinforce their purpose. The training as a whole is compatible with the world’s most popular RPG rules.

The preparation phase will walk students through the creation of specific IR playbooks that can be utilized in any environment as well as during later parts of the class. The next phase introduces the gamification of the TTXs. The students split up into separate “corporations” with assigned verticals, hit points, armor class, budgets, strengths, and weaknesses. Selection of departments and skills allow the players to further their modifiers. Throughout the exercise, each company will take turns rolling their way through decisions such as large purchases, attack severity, defense capability, and incident response decisions.


  • Learn to participate in and create tabletop exercises, playbooks, and after-action reports that map to security frameworks
  • Get experience with decision analysis under pressure as a team
  • Understand how to create after action reports and to present results


  • C-level executives wanting to learn more about tabletops and specific technologies
  • Defensive Security team members (Data Forensics, Incident Response, Analysts)
  • Security Auditors
  • Internal Awareness Teams / Trainers
  • Infosec personnel interested in defending against social engineering
  • IT support staff
  • Anyone interested in learning more about tabletop exercises


Intermediate knowledge of Windows and Linux systems.


  • Note taking material.
  • System capable of participating in the video session.
  • Stable Internet connection with sufficient speeds for video conference.
  • Software capable of reading standard documents (MS Office, Google Drive, LibreOffice, etc.)
  • Optional: A unicorn

Optional for Lab Hands-On:


  • 60+ tabletop scenario examples
  • Incident Response Playbook examples and templates
  • After Action examples and templates
  • Digital copy of the Defensive Security Handbook written by the famous Amanda Berlin
  • Character (Organization) Sheets
  • Slide Deck


Amanda Berlin – (@infosystir) Amanda Berlin is a Lead Incident Detection Engineer for Blumira and the CEO and owner of the nonprofit corporation Mental Health Hackers. She is the author for a Blue Team best practices book called Defensive Security Handbook: Best Practices for Securing Infrastructure with Lee Brotherston through O’Reilly Media. She is a co-host on the Brakeing Down Security podcast and writes for several blogs. She has spent over a decade in different areas of technology and sectors providing infrastructure support, triage, and design. She now spends her time creating as many meaningful alerts as possible.

Jeremy Mio – (@cyborg00101) –  Jeremy has focused expertise within the evolution of security convergence, the merger of physical and information security, and cyber-warfare. He is an Information Security Officer within local government and Principal within CodeRed LLC. Previously, he worked within Fortune 500 in enterprise information security as well as physical security through training/contracting. Jeremy researches and tests small UAVs [drones] for their use in defense applications in cyber warfare and intelligence, relying on Open Source technology and OSINT.


Please keep an eye on this page and the training schedule for details on when this course will run again.

Join the Wild West Hackin’ Fest Discord server to stay updated on future training and webcasts: Join Our Server!