5-Minute Scenario Card Preparation

For Experienced IMs Using Scenario Cards

Minute 1: Scenario Card Selection

Quick Card Selection

Choose based on group and objectives:

Card Review Checklist

Quick scan of selected card:

Minute 2: NPC Motivation Review

Stakeholder Quick-Scan

From your selected scenario card: - [ ] Primary stakeholder (IT Director, Hospital CIO, etc.) - [ ] Secondary stakeholder (Finance, Operations, etc.) - [ ] External pressure source (Regulatory, Customer, etc.)

Motivation Summary

Key stakeholder concerns: - [ ] What they’re worried about RIGHT NOW - [ ] What success looks like for them - [ ] What failure would mean - [ ] Why they can’t just “shut everything down”

Conflict Preparation

Stakeholder tensions: - [ ] Competing priorities (Security vs. Operations) - [ ] Time pressures (Deadlines vs. Thoroughness) - [ ] Resource constraints (Budget, Personnel, Expertise)

Minute 3: Hook Internalization

Why This Attack NOW

From scenario card hook: - [ ] Specific timing trigger (go-live, deadline, event) - [ ] Organizational pressure creating vulnerability - [ ] Real-world deadline creating urgency - [ ] Why normal security processes were bypassed

Professional Context

Make it immediately recognizable: - [ ] Industry-specific situation players will know - [ ] Realistic stakeholder dynamics - [ ] Authentic business constraints - [ ] Natural investigation starting points

Opening Hook Practice

Rehearse scenario opening: - [ ] “[Organization] is 72 hours from [critical deadline]” - [ ] “During [pressure situation], IT approved [vulnerability]” - [ ] “Now [symptoms] are appearing…”

Minute 4: Pressure Timeline Review

Business Deadline Understanding

From scenario card pressure section: - [ ] Specific deadline (Monday go-live, Friday payroll, etc.) - [ ] Consequences of delay (patient safety, regulatory, financial) - [ ] Why the deadline can’t move - [ ] How much time players have to respond

Escalation Timeline

If threat evolves: - [ ] Stage 1: Current symptoms (what players see now) - [ ] Stage 2: Escalation trigger (if not contained quickly) - [ ] Stage 3: Full impact (business/operational failure) - [ ] Time windows for each stage

Urgency Balance

Create authentic pressure: - [ ] Real business consequences - [ ] Realistic time constraints - [ ] Stakeholder expectations - [ ] Professional accountability

Minute 5: Question Preparation

Context-Driven Discovery Questions

Based on scenario card context: - [ ] “Given [organization situation], what would worry you most?” - [ ] “In [industry context], who would feel this pressure first?” - [ ] “What would [stakeholder] be thinking right now?” - [ ] “How would you handle [competing pressures] in this situation?”

Scenario-Specific Follow-ups

From card details: - [ ] Questions about organizational vulnerabilities - [ ] Stakeholder motivation exploration - [ ] Professional experience connections - [ ] Real-world constraint discussions

Final Confidence Check

Quick Scenario Card Reference

Scenario Card Categories

GaboonGrabber Scenarios ⭐⭐

  • Contexts: Healthcare, Finance, Manufacturing, Municipal
  • Good for: All groups, first sessions, clear social engineering
  • Stakes: Patient safety, financial fraud, production disruption
  • Key themes: Trust exploitation, urgent deadlines, stakeholder pressure

WannaCry Scenarios ⭐⭐⭐

  • Contexts: Municipal, Healthcare, Manufacturing, Finance
  • Good for: Network-focused groups, rapid response
  • Stakes: Public services, patient care, production lines
  • Key themes: Network propagation, patch management, business continuity

Stuxnet Scenarios ⭐⭐⭐⭐

  • Contexts: Energy, Manufacturing, Research, Defense
  • Good for: Advanced groups, attribution discussions
  • Stakes: Critical infrastructure, safety systems, national security
  • Key themes: Sophisticated attacks, air-gap jumping, geopolitical implications

Scenario Card Context Examples

Healthcare Scenarios

  • MedTech: Hospital go-live pressure, EMR system vulnerabilities, patient safety stakes
  • Regional Hospital: Emergency department systems, medical device networks, HIPAA compliance
  • Medical Research: Clinical trial data, FDA approval deadlines, research integrity

Financial Scenarios

  • RegionalBank: Payroll processing deadlines, customer transaction systems, regulatory oversight
  • Credit Union: Member service continuity, fraud detection systems, examination pressure
  • Investment Firm: Trading platform stability, client data protection, market confidence

Manufacturing Scenarios

  • SteelCorp: Production line control, supply chain integration, worker safety
  • AutoPlant: Just-in-time manufacturing, quality systems, customer delivery commitments
  • ChemicalCorp: Process control safety, environmental compliance, regulatory inspection

Scenario Card Hook Examples

Time-Pressure Hooks

  • “Hospital go-live scheduled for Monday morning…”
  • “City payroll must process by Friday for 1,200 employees…”
  • “Nuclear plant maintenance window closes in 72 hours…”

Stakeholder-Pressure Hooks

  • “Under project deadline pressure, IT approved ‘critical updates’…”
  • “To avoid regulatory penalties, Finance pushed through vendor access…”
  • “With inspection tomorrow, Operations bypassed security protocols…”

Organizational-Context Hooks

  • “During the biggest product launch in company history…”
  • “While preparing for the annual board presentation…”
  • “As the merger deadline approaches…”

Post-Session Quick Notes

What Worked

What to Improve

For Next Time

Remember: Scenario cards provide rich context that beats 30 minutes of planning. Trust the cards and the participants.