Frequently Asked Questions

We tailor our exercises to the organisation and so the time required for each exercise will vary. Typically, however, we conduct a number of 1-2 day sessions spread over a number of months.

Prior to each exercise we conduct a consultation period to understand how the organisation functions and to agree which areas to test. We allow time between the sessions so that organisations can digest and address the lessons identified during each exercise.

We offer a range of exercises of varying scales and complexity.  The introductory level exercises are highly suited to an organisation that is just beginning to develop a cyber security programme.  

These exercises help identify fundamental issues and challenges prior to major investments in products and services.  They also help maintain an operational focus to the development of policy and procedures. This helps avoid spawning a new bureaucracy that does little to improve the cyber security of the organisation.  Read more on how an exercises can help an immature security programme.

Exercising provides a way of exposing existing policies and plans to reality in a controlled and objective way.  Organisations are increasingly under pressure to improve their cyber security from numerous directions.

Exercising provides a way of establishing priorities so that the most important issues are addressed first.  They also provide evidence for why these issues need to be addressed first.

No plan is perfect and the dynamic nature of both the threat landscape and of organisations themselves means that plans must be routinely tested.  There have been several high profile incidents in recent years where organisations experienced an incident despite having a well funded and established cyber security programme.  

Routine exercising of their policy and procedures would almost certainly have highlighted some of the deficiencies in their security posture that ultimately led to these incidents.

We offer a competitive service that is priced in line with current industry rates for cyber security professional services.  Our focus on short engagements helps reduce the burden on people's diaries while maximising exposure to our world class expertise.  

Exercising provides a platform to test an organisation's cyber security footing in a holistic way.  It provides a way to objectively assess the value that products and services deliver helping you to get  the most from your cyber security budget. The insight that exercising develops will deliver value far in excess of the cost of actually conducting the exercise.

Clear Cut Cyber was established by ex-military professionals with an established record of developing and delivering training exercises.  They have world class experience of offensive cyber operations and can bring this experience into the heart of your organisation.

All Clear Cut Cyber exercise facilitators are CISSP certified professionals and have worked at the highest levels of UK cyber operations.  They all have served in the military for significant periods and have first hand experience of delivering large scale exercises.

Exercises provide an engaging and interesting platform for communication.  Cyber security often tends to focus excessively on either the technical or the policy aspects.  Cyber exercising helps provide a rigid focus on business operations and allows specific concerns to be raised to seniors in an objective and engaging manner.  

Exercises should not be designed purely to make an organisation fail, however they are a platform for identifying weaknesses.  We provide a range of different scales and complexities of exercises so that seniors can be exposed to the concept of exercising in a bite-sized manner.  This means seniors support for exercising can be developed over time.

We have written a blog post addressing exactly this question, so please take a look.