Incident response testing: our game makes it fun (and effective)

Oh Noes!, our hit role-playing game (RPG), is back by popular demand. Test your IR plan with an extreme soft drink and cheesy snacks!

The best time to test your incident response plan is before attackers actually get inside the building. If you wait until an actual incident, you’re going to have a lot of balls in the air and things might get a little hectic. Managing the technical response, upper management pressure, info that’s spotty at best, you can’t remember the last time you slept—that sort of thing.

So…you need a plan and you need to test it regularly. Unfortunately, testing IR plans can be dull.

We decided to make them fun!

Oh Noes! draws on RPGs like D&D and Shadowrun, combining them with more traditional cyber tabletop exercises.

In Oh Noes!, you and your coworkers create characters with unique abilities and skills. Then you role-play through cybersecurity incidents specific to your organization. You’ll roll dice, gain experience, enhance your skills, and cultivate insight into your IR plan.

We’ve used Oh Noes! at Expel and it’s helped inform our security processes.

And yeah, it really is fun.

Get your copy

Download the Oh Noes! kit

  • The Incident Master Guide (like the Dungeon Master Guide … get it?)
  • A blank character sheet
  • A scenario guide, including sample scenarios to get you started with your first few games and an editable sheet so you can easily create your own

Five stars out of five!”

⎯Dave Merkel | Expel CEO

Anybody want to order a pizza?”

⎯Greg Notch | Expel CISO