Cybersecurity from the attacker mindset

Playing the attacker to identify cybersecurity weaknesses and opportunities

Everyone in your organisation contributes to good cybersecurity. Everyone can also help with finding cybersecurity weaknesses. They just need to think creatively.

An attacker mindset workshop with your organisation is an interactive and creative setting that will uncover your cybersecurity challenges and fixes.

Outcome

We ask staff to take on the role of a cyber attacker then work together to design an attack and strategise. We’ll:

  • build a bigger review of current state systems with a wider staff view

  • discuss creative cybersecurity concepts, and ways to communicate across the organisation about cybersecurity concerns

  • improve awareness, appreciation and agency across the organisation for a culture of cybersecurity.

Service description

The attacker mindset is a powerful tool. It means thinking like a cyber attacker and using their ways of making sense of the world, human behaviour, data and technology.

By taking on the attacker mindset, your team can better understand cybersecurity, find weaknesses and defend your organisation.

When an organisation can switch its stance between defensive and offensive approaches to cybersecurity, it’s more prepared. You can talk about and take actions that explore, find and see threats and weaknesses and use this to expand on your cybersecurity system design.

The more brains the merrier. Diverse ways of thinking, knowledge and views mean a better result in finding cybersecurity problems. We’re more likely to understand and make defences for a bigger range of attacks.

The attacker mindset workshop is a safe space to be creative and role play. Staff can get out their ideas and experiences of cybersecurity weaknesses they don’t always have the power to in their everyday roles.

When cybersecurity and IT people play the attacker, their specialist knowledge flips to expose the cracks in the system, rather than defend it. Our workshop is a safe space to play the role and talk about it, and find ways to improve your cybersecurity posture.

Our approach

In workshops, we invite and guide all staff to take part in activities to:

  • improve cybersecurity systems

  • get leaders, cybersecurity teams and other staff to work together and share what they know

  • be creative in thinking about how you do cybersecurity

  • build relationships and work out what to do about cybersecurity risks.

When staff, leaders, and cybersecurity and IT teams work together and listen to each other, everyone can:

  • bring up ideas to improve security

  • build the cybersecurity culture in the organisation, and get to know it well

  • appreciate each others' roles in making a more secure system.

Engagement

We tailor the attacker mindset workshop on the size of your organisation and the setting we do it in.

This is what a typical partnership might look like when you engage us for an attacker mindset workshop

Initial briefing meeting (one hour):

  • Meet with the core project sponsor or person who builds your cybersecurity culture. We’ll get to know each other and work out who should be involved and how.

Deliver the workshop (2 - 3 hours)

  • Hold an attacker mindset workshop in the setting we decide is best together. This could be online or in person.

Wrap-up:

  • Debrief with the cybersecurity/IT team and project sponsor to get ideas and opportunities for actions.

  • Report on findings with recommendations.

Cost

The cost of an attacker mindset usually falls between $5,000 and $10,000 (ex GST).

This varies with the number of people and length of the workshop or series of workshops.

If discuss an attacker mindset workshop that fits in your budget and gives you and your team the most value, let’s chat.