Players Quick Start Guide

Welcome! Follow these steps to be ready for your first Malware & Monsters session in about 10 minutes.

This guide prints cleanly on a single page – handy to keep next to you during your first session.

Important📄 Start with the Visual Guide

Before anything else, read (or skim) the M&M Visual Guide. It covers the full picture in 8 pages: setup, the core rules, all six roles, and a worked example session. Your IM may share it as a printout before you begin.

Your First Session in 4 Steps

  1. Get a role (2 min) – Your IM assigns you a role: Incident Response Roles.
  2. Open your role card (2 min) – Keep the matching card handy in Role Cards.
  3. Join the scenario your IM opens (2 min) – Keep the scenario card handy and your role card open for quick reference.
  4. Ask questions – The IM is there to help. Nothing bad happens to you for trying something.

What to Have Open

  • Your Role Card and the Quick Reference
  • The current Scenario Card (your facilitator will share a link)
  • Optional: a simple notepad to jot clues and actions

Role Snapshot

Role Focus +3 +2 +1
Detective – Cyber Sleuth Find clues, connect evidence, build the timeline Forensic Analysis Pattern Recognition Documentation
Protector – Digital Guardian Contain the threat and keep systems running Containment Security Architecture Business Continuity
Tracker – Network Analyst Watch the network, follow data flows, block exfil Network Analysis Data Tracking Infrastructure Mapping
Communicator – Stakeholder Liaison Coordinate people, translate impact, manage stakeholders Stakeholder Management Crisis Communication Compliance
Crisis Manager – Incident Commander Set priorities, allocate resources, keep the team moving Coordination Strategic Planning Escalation Management
Threat Hunter – Proactive Defender Hunt hidden threats, anticipate next moves, use intel Threat Detection Intelligence Analysis Attack Prediction

See full details in Role Cards and the Quick Reference.

Level Up After Your First Game