Tabletops Incident Response
RCCE students will learn tabletop exercise design, facilitation, and analysis for testing incident response readiness across security teams and business stakeholders. RCCE students will learn to develop realistic scenarios based on current threat intelligence, facilitate tabletop exercises that test communication protocols, decision-making under pressure, and coordination between technical and executive teams. The course covers exercise planning, participant briefing, inject management, observer evaluation criteria, after-action report writing, and translating exercise findings into concrete improvements to incident response plans and organizational resilience. This incident response course prepares students to act decisively during security incidents with structured workflows and clear decision frameworks. Starting from foundational concepts, RCCE students will learn containment, evidence collection, eradication, and recovery procedures specific to this domain. Students practice incident scenarios that build the composure, coordination, and documentation skills essential for effective incident handling.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Tabletops Incident Response
- Build detections and response workflows for privilege escalation
- Execute hands-on tasks for advanced cyber defense mastery
- Execute hands-on tasks for beginner level
- Explain Executive Overview fundamentals
- Execute hands-on tasks for why tabletop exercises matter
- Execute hands-on tasks for course learning outcomes — covering IR plans without real incidents, realistic tabletop scenarios.
- Execute hands-on tasks for business case for tabletop exercises — covering Board-level visibility into IR readiness posture.
- Execute hands-on tasks for core definitions & terminology
- Execute hands-on tasks for exercise controller
- Execute hands-on tasks for tabletop exercise lifecycle
- Execute hands-on tasks for assessment area
| Module 01 | Tabletops Incident Response |
| Module 02 | Advanced Cyber Defense Mastery |
| Module 03 | Beginner Level |
| Module 04 | Incident Response |
| Module 05 | Executive Overview |
| Module 06 | Why Tabletop Exercises Matter |
| Module 07 | Course Learning Outcomes |
| Module 08 | Business Case for Tabletop Exercises |
| Module 09 | Core Definitions & Terminology |
| Module 10 | Exercise Controller |
| Module 11 | Tabletop Exercise Lifecycle |
| Module 12 | Assessment Area |
| Module 13 | Key Questions |
| Module 14 | Maturity Indicator |
All hands-on labs run on Rocheston Rose X OS. Students practice tabletops incident response by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Build detections and response workflows for privilege escalation
- Lab 2: Execute hands-on tasks for advanced cyber defense mastery
- Lab 3: Execute hands-on tasks for beginner level
- Lab 4: Build detections and response workflows for privilege escalation
- Lab 5: Explain Executive Overview fundamentals
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Tabletops Incident Response, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI