Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

Strengthening Incident Response: Combining Tabletop Exercises with Red Team Engagements

Learn how integrating tabletop exercises with red team assessments creates a more comprehensive evaluation of your organization's incident response capabilities. Security expert Shanni Prutchi shares practical approaches for testing both your technical controls and response processes against realistic attack scenarios.

Session Summary

In this presentation, Bishop Fox offensive security consultant Shanni Prutchi explains why testing incident response capabilities requires more than just technical evaluations. Drawing from her unique background in both offensive security and incident response, she examines how traditional approaches often leave critical gaps: red team exercises test technical controls but not processes, while tabletop exercises evaluate procedures but not actual detection capabilities.

Prutchi outlines two complementary approaches to combine these methodologies. The first involves conducting tabletop and red team exercises simultaneously, forcing response teams to follow established processes during an active simulated attack. The second uses a completed red team exercise as the foundation for a subsequent tabletop discussion, allowing teams to extend scenarios beyond technical limitations and involve executive decision-makers more efficiently. Throughout the presentation, she shares real-world examples of common gaps discovered during these exercises—from organizations lacking accessible offline copies of incident response policies to communication breakdowns where CISOs wouldn't recognize responders' phone numbers during a crisis. By integrating both technical and procedural evaluations, organizations can develop truly resilient incident response capabilities that address the complete lifecycle of security incidents.

Who Should Watch

This session is valuable for security leaders responsible for incident response planning, SOC managers evaluating program effectiveness, red team practitioners looking to deliver more business value, and executives who participate in crisis decision-making. Organizations preparing for compliance requirements around incident response testing will also benefit from Prutchi's practical guidance on comprehensive evaluation approaches.


Shanni P Headshot

About the author, Shanni Prutchi

Former Fox

Shanni Prutchi previously served as a Security Consultant III at Bishop Fox focused on threat modeling, architecture security assessments, and application penetration testing. She graduated from Rowan University in New Jersey with a B.A. in Computing and Informatics and completed student research projects building smart contracts and calculating return on security investments (ROSI). She holds CompTIA Security+, PenTest+, and Associate of (ISC)² CSSLP certifications. In her free time she enjoys visiting museums, public speaking, and baking delicious sweets.

More by Shanni

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.