Position Cards – Winnti: Biotech R&D Espionage (Large Group)
Place a position card at each team table and IC seat so roles are visible across the room.
How to print:
- Set your printer to A4 landscape (the page forces this automatically)
- Print all 4 sheets — each sheet has 2 positions
- Cut each sheet in half along the vertical dashed line
- Fold each card backward along the horizontal dotted line — the colored side faces outward; the text faces inward toward the person sitting there
Sheet 1 of 4 — Alpha & Alpha Lead
Alpha — Forensics
- Endpoint & memory forensics
- Log analysis & timeline reconstruction
- Evidence preservation
-- FOLD HERE --
Alpha
Forensics & Endpoint
Alpha Lead
- Coordinate findings within the team
- Brief the IC after each round
- Flag evidence that crosses team boundaries
-- FOLD HERE --
Alpha Lead
Forensics & Endpoint
Sheet 2 of 4 — Bravo & Bravo Lead
Bravo — Network
- Network traffic & flow analysis
- Infrastructure mapping
- Containment recommendations
-- FOLD HERE --
Bravo
Network & Infrastructure
Bravo Lead
- Coordinate findings within the team
- Brief the IC after each round
- Flag evidence that crosses team boundaries
-- FOLD HERE --
Bravo Lead
Network & Infrastructure
Sheet 3 of 4 — Charlie & Charlie Lead
Charlie — TI & Recovery
- Threat intelligence & attribution
- External liaison & notifications
- Recovery planning
-- FOLD HERE --
Charlie
Threat Intel & Recovery
Charlie Lead
- Coordinate findings within the team
- Brief the IC after each round
- Flag evidence that crosses team boundaries
-- FOLD HERE --
Charlie Lead
Threat Intel & Recovery
Sheet 4 of 4 — IC & Spare
IC
- Hear all three teams -- synthesize, don't just relay
- Make decisions when teams are stuck
- Maintain shared situational picture
- Prepare and execute handover at mid-point
-- FOLD HERE --
IC
Incident Commander
Spare
- Blank spare card -- cut and fold for additional roles as needed
-- FOLD HERE --
Spare