System administrators and security analysts play a critical role in delivering organisational cyber security and resilience. However, these roles are often underresourced and overloaded with repetitive tasks. This is a dangerous combination that creates vulnerability to common cyber attacks based on human error.

This article will help those new people receiving an intelligence report identify a good one. Known bad habits like obscurantism and jargon can undermine a report’s value. Avoiding these shortcomings maximises the value of OSINT. A good way to conceptualise an OSINT report is to compare it to a pie. Just as there are ways to quickly identify a delicious pie, there are things we can look for to spot a useful OSINT report. 

Case study on Tyburn  team supporting a branch of the UK Armed Forces. The focus of the exercise programme was on cyber security threats to the service’s ability to sustain operations. A key requirement was ensuring the credibility of the exercise for a discerning audience. Exercises employed multimedia injects and AI generated content to drive immersion and to demonstrate capability; they successfully raised senior-level awareness of the threat posed by blended cyber-informational campaigns. 

This case study is based on an engagement conducted by Tyburn for a large UK based research organisation. Exercising was provided as part of a wider annual incident response retainer (IRR) with Tyburn, including for the organisation’s leadership team. Exercises went beyond cyber to encompass the full range of threats to the organisation’s security. They enabled the organisation to continue operations despite multiple ongoing events. The organisation’s CRO described their IRR with Tyburn as “the best money we have ever spent”.

The MC ‘02 exercise provides a valuable case study of the challenges that arise in the design and conduct of exercises. The representation of the adversary within the scenario is another instructive area to examine. Unrealistic adversary design or scenario can significantly denude the value of exercising at all.

In 2002, the US military conducted a large-scale exercise called Millennium Challenge (MC ‘02). The exercise was intended to test a set of ideas about how the US military should fight future wars. It also became a case study into how not to conduct exercises.

This bonus article explores the psychology behind cyber incident exercises, focusing on how different formats—live-play vs. table-top—encourage unique learning outcomes. Live-play exercises build practical skills through real-time simulation, while table-top exercises foster critical thinking and strategy. Learn how aligning exercise format with learning goals enhances organisational resilience.

In the fifth article of our cyber incident exercise series, we highlight the value of ongoing exercise programmes to build operational resilience. Regular exercises, integrated within a broader resilience strategy, enhance efficiency, continuity, and measurable outcomes. Discover how programmatic exercising helps organisations adapt, improves incident response, and strengthens resilience over time.

In part four of our cyber incident exercise series, we examine executive-focused exercises. Designed to prepare leaders for cyber crisis management, these exercises emphasize strategic communication and decision-making under pressure. Table-top formats are ideal, balancing technical fidelity with time-efficient engagement. Learn why effective communication and rapport with executives are essential for impactful exercises.

In part two of our cyber incident exercise series, we explore how format and level choices impact an exercise's effectiveness. Learn the differences between table-top and live-play formats, and how exercises at board, managerial, and operational levels target distinct objectives.

Our third post on exercising: scenario design. Crafting realistic scenarios is vital to test cyber response effectively, requiring an understanding of the organisation’s threat environment, internal structure, and technical capabilities. Discover why organisations benefit from external expertise to ensure scenarios are credible, intelligence-led, and tailored to unique challenges.

Explore the importance of cyber incident exercises for organisational resilience. This guide for executives covers why exercises are essential for testing response capabilities, meeting regulatory requirements, and fostering teamwork. Learn how to set objectives, establish metrics, and measure ROI. Tyburn offers tailored incident exercises to meet your goals.