Let’s be honest in most cases, Incident Response tabletop exercises feel a bit like a "check the box" task. Long presentations, dry procedures, and an overall vibe of "let’s get this over with and get back to real work."
This week, I was looking for some interesting stuff online and stumbled upon something that completely caught my attention, and I just had to share it with you. It’s called Backdoors & Breaches.
Basically? It’s Dungeons & Dragons—but for cyber professionals.
It’s a card game (originally born as a physical game, but now has a great, completely free online version) that simulates real-world attack scenarios. The host secretly builds a complex attack scenario (based on the MITRE ATT&CK framework), and your team—the Blue Team—has to detect, contain, and neutralize the incident through actions and dice rolls.
Suddenly, to find out if your EDR caught the phishing attempt, you need to roll a die. Suddenly, in the middle of the game, a "modifier" card is drawn—like "half the team is out sick today" or "the media found out about the incident"—instantly spiking the pressure (and the laughs) in the room.
My takeaway from reading about this? Cybersecurity doesn't have to be dry to be professional.
When you introduce gamification into training and practice, two amazing things happen:
People actually engage: The professional debates that spark around the table ("Why did you check the Firewall before the Active Directory?!") are worth more than any 50-slide deck.
It’s an incredible icebreaker: It connects technical and non-technical folks, creates a shared language, and turns a tedious task into a team experience people actually look forward to.
If you’re looking for a way to refresh your next team meetings or just want to do something fun over a beer at the end of the workday check out their online version. It's free, which brings the barrier to entry down to zero.
Now over to you: Have you already played Backdoors & Breaches or used other games to train your team? And if not how do you manage to make your cyber exercises less dry and more engaging?
Looking forward to hearing your thoughts in the comments! 👇