System administrators and security analysts play a critical role in delivering organisational cyber security and resilience. However, these roles are often underresourced and overloaded with repetitive tasks. This is a dangerous combination that creates vulnerability to common cyber attacks based on human error.

This article will help those new people receiving an intelligence report identify a good one. Known bad habits like obscurantism and jargon can undermine a report’s value. Avoiding these shortcomings maximises the value of OSINT. A good way to conceptualise an OSINT report is to compare it to a pie. Just as there are ways to quickly identify a delicious pie, there are things we can look for to spot a useful OSINT report. 

Case study on Tyburn  team supporting a branch of the UK Armed Forces. The focus of the exercise programme was on cyber security threats to the service’s ability to sustain operations. A key requirement was ensuring the credibility of the exercise for a discerning audience. Exercises employed multimedia injects and AI generated content to drive immersion and to demonstrate capability; they successfully raised senior-level awareness of the threat posed by blended cyber-informational campaigns. 

This case study is based on an engagement conducted by Tyburn for a large UK based research organisation. Exercising was provided as part of a wider annual incident response retainer (IRR) with Tyburn, including for the organisation’s leadership team. Exercises went beyond cyber to encompass the full range of threats to the organisation’s security. They enabled the organisation to continue operations despite multiple ongoing events. The organisation’s CRO described their IRR with Tyburn as “the best money we have ever spent”.

The MC ‘02 exercise provides a valuable case study of the challenges that arise in the design and conduct of exercises. The representation of the adversary within the scenario is another instructive area to examine. Unrealistic adversary design or scenario can significantly denude the value of exercising at all.

In 2002, the US military conducted a large-scale exercise called Millennium Challenge (MC ‘02). The exercise was intended to test a set of ideas about how the US military should fight future wars. It also became a case study into how not to conduct exercises.

This bonus article explores the psychology behind cyber incident exercises, focusing on how different formats—live-play vs. table-top—encourage unique learning outcomes. Live-play exercises build practical skills through real-time simulation, while table-top exercises foster critical thinking and strategy. Learn how aligning exercise format with learning goals enhances organisational resilience.