Large Group Session Preparation and Execution Guide

Large Group Session Preparation and Execution Guide

Overview

A large group M&M session runs 12-15 participants across three parallel teams (Alpha, Bravo, Charlie), each investigating a different slice of the same incident. An Incident Commander synthesizes findings across teams and makes decisions under information pressure. The session closes with a structured group debrief on coordination, communication, and decision-making.

Running a large group session involves more preparation than a standard 4-6 player session, and uses a set of documents that are shared across the IM, the client contact, and the players. The section below shows how they fit together.

How to Use This Guide

This is a checklist-style walkthrough – not a reference document. Read it once before your first large group session. On subsequent sessions, skim the CRITICAL items and skip OPTIONAL items you already have in hand.

For format selection rationale, IC management tactics, and per-format facilitation mechanics, see the Large Group Facilitation Guide. For scenario-specific opening scripts, round notes, and artifact tables, use the per-scenario large group facilitator guide.

Document Purpose When Audience
Large Group Facilitation Guide Format selection, IC management tactics, per-format mechanics Read once before your first large group session IM
This guide Chronological execution checklist Read once; skim CRITICAL items on repeat sessions IM
Large Group Prep Worksheet Fillable session planning form 1 week before – use alongside Phase 1 of this guide IM
Per-scenario facilitator guide Opening script, round notes, Red Flag Dashboard, Envelope Packing Checklist Day-of reference during the session IM
Session Coordinator Brief Room setup and logistics for the client contact Send to client 5-7 days before (Phase 1) Client contact
Intro slides Player orientation before the scenario-specific slides Opening of the session (Phase 4) Players
Warning

Experienced IMs only. If this is your first or second session as IM, run a standard 4-6 player format first.

Working with Your Client Contact

Large group sessions typically involve a client-side coordinator who handles logistics: booking the room, setting up AV, pre-assigning roles, and sometimes printing materials. That person is not running the session – you are – but their preparation directly affects yours.

Split of responsibilities:

  • You handle: All scenario content, printed materials, facilitation, IC briefing, timing, debrief.
  • Client contact handles: Room booking, table arrangement, whiteboard and markers, and pre-assigning the IC if requested.

Send the email below 5-7 days before the session. Adapt it to your client relationship – some contacts want more context, some want less.

Note

Email template – copy and adapt:

Subject: Preparation checklist – [SCENARIO NAME] session on [DATE]

Hi [NAME],

I’m looking forward to running the session with your team on [DATE]. To make sure everything runs smoothly, I need a few things in place before I arrive.

The session runs in three stages:

  1. Investigation (teams work independently on printed evidence cards – approx. 120-150 min)
  2. Cross-team briefing (teams report findings to an Incident Commander – built into stage 1)
  3. Debrief (structured group reflection – approx. 25 min)

Room requirements (your side to arrange):

  • 1 room large enough for 3 separate tables arranged in a triangle or U-shape, plus space to move between them
  • Minimum 3 tables (one per team) – round or rectangular both work
  • 1 whiteboard or flip chart with markers
  • No projector required

Roles to assign in advance:

I will need you to designate 3-4 people before the session:

  • 1 Incident Commander (IC) – someone who does NOT lead incidents in their day job; synthesizes across teams
  • 3 Team Leads (one per team) – can be chosen on the day if preferred

One note about your own role: because you have been involved in planning, you already know elements of the scenario participants will be discovering. Consider taking an NPC role instead – I will brief you on a character and a few lines you play during the exercise. It keeps you involved and sidesteps the insider knowledge problem. Entirely your call.

I will handle all printed materials, scenario content, and facilitation.

Please confirm the room is booked and let me know if you have any questions.

[YOUR NAME]

For a printable coordinator brief the client contact can work from independently, see Session Coordinator Brief.

Phase 1: Decide and Prepare

  • Choose scenario and confirm format (Multi-Team Coordination vs. others)
  • Book the room – minimum 1 table per team + 1 IC space; separate tables strongly preferred
  • Read the per-scenario large group facilitator guide end-to-end once
  • Locate the Session Timeline Card at the bottom of the facilitator guide and read it now
  • Complete the Large Group Prep Worksheet to plan team structure, timing, and inject schedule
  • Assign IC and 3 team leads in advance, or plan team assignment logistics for arrival
  • Identify 2-3 NPCs you are likely to need; practice the lines

Room booking note. For Multi-Team Coordination with 12-15 players, book for 15-20 minutes before your listed start time. You need that buffer for room setup before participants arrive.

IC selection note. Choose someone who does NOT lead incidents in real life – a senior analyst, a business-side participant, a network engineer. Brief them in advance: “Your job is to synthesize across teams and make decisions when they disagree. You are not expected to know more than the teams – you are expected to integrate what they know.”

Scenario read-through note. The first time you read the facilitator guide, pay attention to the Red Flag Dashboard and Central Dilemma sections. These are the two things you need internalized before the session begins. Everything else can be referenced during the session.

Phase 2: Print and Pack

  • Locate the Envelope Packing Checklist at the bottom of the per-scenario facilitator guide
  • Print all 21 artifact cards (organizational-context.qmd – all tiers)
  • Stuff envelopes per the Envelope Packing Checklist in the per-scenario facilitator guide
  • Print the IC Decision Packet (5 pages, A4 portrait, staple)
  • Print tent cards and the Session Timeline Card from the per-scenario facilitator guide
  • Prepare wearable team markers (lanyards with printed badge cards, or colored adhesive name badges)
  • Prepare the Red Flag Dashboard as a laminated IM reference card
  • Write opening delivery on index cards; rehearse the 90-second hook
  • Prepare contingency injects (optional)

Envelope packing note. Once envelopes are stuffed and sealed, stack each team’s set in round order – Round 1 on top, Round 5 at the bottom – and bind with a rubber band or paper clip. You now have a single physical object per team stack. Distribution becomes: pick up the next round’s 3 envelopes, walk to each table, hand it over. That is 30 seconds of execution, no thinking required.

Wearable team markers note. Tent cards identify team membership at the table; they stop working the moment someone stands up. For sessions where participants move – cross-team briefings, whiteboard work, IC circulating between tables – add a wearable marker. Lanyards with a printed badge card (team color background, team name, role) are the cleaner option for enterprise settings. Colored adhesive name badges are faster: one color per team, participants write their own name on arrival, no pre-printing needed. Either works; bring whichever you can prepare. Distribute at the door as participants arrive, before teams are seated.

IC Decision Packet note. Hand the IC Decision Packet to the IC at the start of the session. Brief them: “After each cross-team briefing, fill in one sheet. You will use this in the debrief.”

Phase 3: Room Setup

  • Arrange 3 team tables in a triangle or U-shape; IC position at the gap
  • Place sealed envelopes face-down at each team table, sorted by round, R1 on top
  • Put NPC reference card and Red Flag Dashboard at the IM position
  • Set whiteboard to IC’s right; label 3 columns: ALPHA / BRAVO / CHARLIE
  • Place a timer where teams can see it
  • Set sticky note pad and thick marker at each team’s table
  • Test that all 21 artifact cards are printed clearly – no cutoff text, no faint ink
  • Place round transition signal (bell or clapper) at IM position (optional)

Room Layout

flowchart TB
    WB["WHITEBOARD\nAlpha · Bravo · Charlie"]
    AT["ALPHA TABLE"]
    BT["BRAVO TABLE"]
    CT["CHARLIE TABLE"]
    IC(["IC POSITION"])

    AT & BT --> IC
    IC --> CT

    WB ~~~ AT
    WB ~~~ BT

IM circulates outside the triangle. IM stands near IC during cross-team briefings.

Team separation is deliberate. Teams should not be able to easily see each other’s artifacts during the analysis phase. Information asymmetry – each team holding a different slice of the picture – is the central mechanic of Multi-Team Coordination. The IC position in the gap is also deliberate: the IC must physically move between teams to collect information, which reinforces the synthesis role.

If the room does not allow a triangle, a U-shape with the IC at the open end achieves the same separation. A straight-line arrangement (all teams in a row) does not work – teams on opposite ends will communicate directly and bypass the IC synthesis moment.

Phase 4: Opening

  • Seat teams, distribute tent cards, give a one-sentence format overview
  • Brief the IC privately (or in front of the group): 3-sentence summary of their job
  • Display the Large Group Intro Slides to orient players before switching to scenario-specific slides
  • Read opening delivery from notes – do not improvise the first symptom description
  • Release Round 1 envelopes; start timer

IC briefing language (adapt to scenario): “Your job in Round 1 is synthesis, not decision-making. You will hear three separate threads from three teams. Your task is to find the connection – which thread represents the active situation right now.”

Intro slides note. The intro slides cover the team structure, IC role, round flow, rules, and objective. Show them to the full group before switching to the scenario-specific slide deck. They take approximately 10 minutes. If you are not using dice, skip the dice slide.

Opening delivery note. Read from the per-scenario guide verbatim the first time you run a scenario. The hook is calibrated to give exactly enough context without naming the malmon family or pointing teams at the answer. Improvising risks giving away the Central Dilemma before Round 3.

Phase 5 – During the Session

  • Walk the room at T+15; use Red Flag Dashboard to catch early divergence
  • Call cross-team briefing at end of each round regardless of team readiness
  • Do not reveal the Central Dilemma before Round 3
  • When the IC freezes: “What did Bravo tell you? How does that change Alpha’s finding?”
  • When a team is stuck: ask one navigation question from the facilitator guide, then leave
  • When a team is running ahead: direct them to the Discussion Prompts section of the guide (optional)

Timing targets. For a 120-minute session (4 rounds): 20 / 25 / 25 / 20 minutes per round, with 30 minutes for debrief. For a 150-minute session (5 rounds): 20 / 25 / 25 / 25 / 20 minutes, with 25-30 for debrief. If running long, cut team analysis time before cutting briefing time – the IC synthesis is where learning crystallizes.

IC intervention ladder. Use these in order before escalating:

  1. Nothing – silence is often the right intervention. Wait 30 seconds.
  2. “What did [Team X] tell you? How does that change what [Team Y] found?”
  3. “What is the minimum you need to know to make a provisional decision?”
  4. If paralyzed: redirect to the team leads – “Alpha lead, give the IC your top finding in 30 seconds.”

Optional: Dice

Dice are off by default. Add them when you want the IC’s containment or response call to carry mechanical weight – when poor synthesis should have consequences, or when the group would benefit from a moment of genuine uncertainty.

When to roll: Round 3 onwards only. The IC announces a decision and the outcome is genuinely uncertain. Before executing, ask: “Do you want to roll for this?” Do not roll during team analysis – evidence cards produce fixed outputs.

Modifiers:

Condition Modifier
Response matches malmon type +2
Response mismatches malmon type -2
All 3 teams briefed IC before the call +1
IC called before all 3 team briefings arrived -1
All 3 teams reached a shared recommendation Advantage (roll 2d20, take higher)
Time pressure -1 to -2 (see per-scenario facilitator guide)

Difficulty: Easy (5+) / Medium (10+) / Hard (15+) – listed in the per-scenario facilitator guide.

Degrees of success:

  • Critical (natural 20, or beat target by 8+): Full success plus one bonus – evidence preserved, containment faster than expected, or a deadline window extended
  • Success (meet or beat target): The call holds
  • Partial (within 3 below target): The call holds but with a complication – time lost, a secondary system affected, or a team finding proves incomplete
  • Failure (4+ below target): The call does not hold – introduce a Red Flag Dashboard inject at the start of the next round

IM-only rolls: Roll a d20 privately at the end of Round 2 and Round 4. Target: 10+. If the roll fails, introduce one item from the Red Flag Dashboard at the start of the next round. Adds unpredictability without any player-side overhead.

Phase 6 – Debrief (25 Minutes)

  • Open with 30 seconds of individual reflection before group discussion
  • Use the 5 Debrief Focus questions from the per-scenario guide, in order
  • Spend no more than 5 minutes per question – move on even if discussion is live
  • Ask “who owns fixing this?” before moving to the next question
  • Close with one sentence per person: “One thing I will do differently next week” (optional)

Opening the debrief. Before anyone speaks: “Take 30 seconds and write down the one decision point you most want to revisit.” Starting with a writing prompt prevents the first loud voice from setting the frame for everyone else.

Per-scenario debrief questions. These are at the bottom of the per-scenario facilitator guide, calibrated to the specific arc and Central Dilemma of each scenario. Use those rather than the generic cross-format questions in the Large Group Facilitation Guide – they land better because they are anchored to moments the group actually experienced.

Phase 7 – Post-Session: IM Self-Review

Capture these notes before leaving the room. They are inputs for your next session.

  • Which Red Flags from the dashboard were triggered, and which were not
  • Which NPC lines you used and whether they landed
  • Timing: which round overran, and which round lost the IC
  • One facilitation decision you would make differently
  • Whether the difficulty level was correctly matched to this group

Why this matters. Large group sessions surface IM habits that standard sessions do not. The IC management moment in Round 3 – when the IC is paralyzed and you decide whether to intervene – is a decision that improves only with reflection. If you leave without capturing it, you make the same call the same way next time.