Accessibility

Building Cybersecurity Resilience: TTX Coaching and Training in Brazil

On a mission to bolster cybersecurity preparedness, EU CyberNet and LAC4, with experts Julia Schuetze and Andrés Velázquez, executed a full-day tabletop exercise (TTX) training for CTIR Gov in Brazil to equip Brazil’s national cybersecurity response teams with the tools to design and facilitate their own sector-specific exercises. Julia Schuetze and Andrés Velázquez reflect on their experience.

Structured Learning for Real-World Application

The day began with participants experiencing key elements in incident response, focusing on the importance of communication strategies, responsibility, and notification processes. Designed for immediate applicability, participants engaged in carefully structured exercises that simulated realistic cybersecurity threats, progressing from basic responses to more complex, unpredictable scenarios.

A core focus of the training was handling information overload and ambiguity — two common elements in real incident responses. Participants worked through scenarios with customized templates and standardized processes for managing communication flow. This resulted in real-life challenges where coordinating many different requests and people “knocking on your door” can be difficult while figuring out a reasonable response. The scenarios were crafted to empower participants to make rapid, informed decisions under pressure, encouraging cross-sector collaboration and real-time problem-solving.

Meta-Reflection and Coaching

What set this training apart was the integration of meta-reflection, where the participants were encouraged to not only engage in the exercises but also critically analyze the design choices made by the facilitators. Julia Schuetze and Andrés Velázquez incorporated reflection sessions throughout the day, guiding participants to think about the broader objectives behind each exercise and how they could adapt similar models to their own needs.

This made for funny moments, as they shared their design process in which by recognizing the cultural context, and incorporating tasks derived from relevant legislation, they had to ask CTIR many questions to ensure that the exercises are aligned with legal requirements and real-life contexts. In the coaching, participants laughed – “this is why you asked so many questions.”

After each exercise, the facilitators held a dedicated coaching session to discuss the outcomes, challenges faced, and key takeaways. Participants shared feedback on what they found useful and how they could improve their processes. This reflective coaching encouraged a mindset of continuous learning and adaptation, essential for evolving cybersecurity threats.

Key Takeaways and Impact

By the end of the day, participants not only understood the mechanics of designing and facilitating a tabletop exercise but were also equipped to lead their own. The hands-on nature of the training, combined with structured feedback and reflection, ensured that participants left with tangible skills that could be applied immediately within their sectors.

The collaborative nature of the training, especially the open dialogue between the consultants and CTIR Gov’s local team, reinforced the importance of adapting global best practices to fit the unique cultural and legislative context in Brazil. By aligning the exercises with local laws and regulatory requirements, the training became a blueprint for other teams in Brazil to follow.

Looking Ahead

The success of this TTX training reinforces the importance of collaboration and continuous learning in cybersecurity. This training not only strengthened Brazil’s cybersecurity posture but also provided a model that can be replicated across other sectors and serves as a catalyst for more sector-specific exercises, empowering teams to respond effectively in an increasingly complex threat landscape.

Photos


Keep reading similar articles
Montevideo Hosted International Workshop on Security by Design to Strengthen Cybersecurity

From November 20 to 22 2024, cybersecurity professionals, policymakers, and technology experts from Uruguay participated in the LAC4 Workshop “Security by Design”. This landmark event equipped organisations and participants with the knowledge and tools to embed robust security measures into the design phase of digital and physical products and services.

LAC4 General Assembly: Taking Stock on the Past Year’s Achievements

The 2nd Ordinary General Assembly of LAC4 convened on November 7 in Santiago de Chile at the margins of the High Level EU-LAC Digital Alliance Dialogues on Secure Connectivity and Artificial Intelligence and Ninth Ministerial Conference on the Information Society in Latin America and the Caribbean to review and take stock on LAC4’s the past year’s achievements.

CyberWeek@LAC4 2024 Wrapped: Building Regional Cyber Capacity Resilience in Santo Domingo

CyberWeek@LAC4 2024 gathered cybersecurity professionals, experts and practitioners from Latin America, the Caribbean, Europe, and beyond to share insights and strengthen cross-regional collaboration from 11th to 14th November 2024 in Santo Domingo, the Dominican Republic.

CyberWeek@LAC4 2024 Day 2 Round-Up: Ransomware, Artificial Intelligence in Cybersecurity and Crisis Management

With a full agenda spanning topics from ransomware to AI-driven defense, experts shared during the second day of CyberWeek@LAC4 strategies, real-world examples, and practical tools to tackle the complex cyber challenges facing Latin America, the Caribbean, and beyond.

CyberWeek@LAC4 2024 Day 1 Round-Up: Cyber Threats, Response Readiness, and Collaborative Strategies in Focus

The first day of CyberWeek@LAC4 2024 opened with a lineup of sessions that laid the foundation for cross-regional collaboration on cybersecurity resilience.

CyberWeek@LAC4 2024 Opens with a Plenary Session in Santo Domingo

CyberWeek@LAC4 2024 launched today in Santo Domingo with an opening plenary session and a reception for participants and stakeholders from Latin America and Caribbean region and the European Union.