Embark on a riveting journey through the highs and lows of cybersecurity preparedness, guided by insightful anecdotes and real-life experiences. Our narrative begins with a nod to the iconic film "Live Free or Die Hard," drawing parallels to the intense scenarios encountered during cybersecurity exercises. Witness the harrowing tale of a simulated cyber catastrophe, where bombs exploded, data centers were destroyed, and critical services faltered. Amidst the chaos, resilience emerged as teams rallied to procure a replacement mainframe, epitomizing the relentless pursuit of continuity in the face of adversity.





Here is the verbatim discussion:

But there's a lot of really good lessons we learned from that um watch the movie Die Hard four Die Hard four with Bruce Willis um it's called live free and die hard where all the power goes out and bombs are going off and it's scary stuff um so we had a situation where um we you know the first day of this exercise you know was probably over the top and most cyber exercises today wouldn't start this way but they had bombs going off kind of like 911 again they blew up our data center they blew up um big parts of government um they hacked other parts of government and all of our services were down for two days and it was very very intense and we were like getting beat up we were like humbled our team was just like we were like done I mean we were really kind of overwhelmed by Thursday afternoon though this is what I want to tell you about by Thursday afternoon we were told there's one more thing you have to do in this exercise to train your team and we said okay what is that they said we have to get our bull Mainframe bull b l l bull Mainframe which was you know that I don't know if they were even bus business anymore but back then they were a big Mainframe shop um we need to get it back online so that we can pay the employees because all of our services are down and we need to get a bll Mainframe but our two bull main frames our main Mainframe and our backup had been were gone one was blown up the other one was hacked and unusable so we had to get a new one so they said to usum we need you to contact bull headquarters in Paris in France and andget a bull Mainframe as soon as possiblany thoughts on how to make it very effective so that some real stuff come out of it so our goal had been not just to kind of be mentally prepared but also to create those responses and to create those templates so that out of that exercise we have some real Readiness apart from the kind of preparedness from the kind of thinking perspective Etc but get all these things written down so what's your thought on that in terms of doing it uh as a single exercise or breaking it down yeah most of the times I've seen it done um again most of my I I I have been a part of couple in the private sector I've been part of more in government and Statewide like you know what if we had a health emergency you know we actually quite frankly did a bunch of exercises around pandemic prior to covid you know and being prepared and obviously there's all kinds of people that need to be involved in that even now there's scenario based things about what's going to happen with vaccines and all kinds of things related that aren't specifically cyber related  you know so one of the things that I've seen I just want to mention a real life story that's like with ransomware they kind of put some some meat to this we had a uh I'm not going to name the name of the company we had a an organization here not a government it was a nonprofit in Michigan that had was faced with ransomware attack and it was um likeabout a let's just say I'm not going to give you too many details but the story makes sense as I go through this like was about a $5 million request they had they had they had encrypted all their data they had no access to anything their backups were were were encrypted they they had not done a good job of separating their backups and and they and they hadn't done a good job but a lot of people have backups but they have they don't test the backups and so the Bad actors get in and they actually encrypted the backups as well so they were kind of you know up a creek um they didn't want to pet um um they didn't want to pay they had cyber insurance and the and in the US the Cyber insurance company said look they came in they were this it's your decision it's always the company's decision but we know these people and we're gonna negotiate it down to 1.2 million we know we can get these guys down from five to 1.2 so they already like the Cyber insurance company had had the Playbook right so we're going to negotiate this down to 1.2 million and oh by the way if you don't do that um we're only going to give you even though the Cyber insurance policy was actually for five million we're only going to give you 1.2 million and we think it's going to cost you like eight like and again I'm not saying this is always true with cyber insurance they almost felt like they had to pay they had to go with what the Cyber insurance company wanted to do to get their data back so sure enough you know. 




Lessons from Intense Cybersecurity Exercises: Our discussion unveils the invaluable lessons gleaned from immersive cybersecurity exercises, where simulated crises push teams to their limits. Through a vivid recounting of scenarios reminiscent of Hollywood thrillers, we explore the transformative power of adversity in honing preparedness and resilience.

Emergency Preparedness and Response: Delve into the critical imperative of emergency preparedness, as organizations grapple with the daunting task of navigating cyber threats in real-time. From securing replacement infrastructure to ensuring the continuity of essential services, proactive planning and swift response are paramount in mitigating the impact of cyber incidents.

Navigating Ransomware Realities: Transitioning to the sobering realities of ransomware attacks, we confront the stark challenges faced by organizations in the wake of malicious cyber intrusions. Through a poignant real-life example, we delve into the complexities of ransom negotiations and the pivotal role of cyber insurance in facilitating recovery efforts. Witness the delicate balance between risk mitigation, financial considerations, and the imperative of data restoration in the aftermath of cyber extortion.



As our exploration draws to a close, we are reminded of the multifaceted nature of cybersecurity preparedness, encompassing both strategic foresight and tactical response. From the adrenaline-fueled scenarios of cybersecurity exercises to the sobering realities of ransomware negotiations, our journey underscores the importance of proactive planning, collaboration, and resilience in confronting evolving cyber threats. Through continuous learning, adaptation, and vigilance, organizations can navigate the complex cyber landscape with confidence, fortified by the lessons learned from both simulated crises and real-world challenges. Join us in embracing the spirit of preparedness and resilience as we navigate the dynamic terrain of cybersecurity in an era defined by digital innovation and uncertainty.



Dan Lohrmann is an esteemed cybersecurity expert and Field Chief Information Security Officer (CISO) for Presidio, celebrated for his impactful career across both public and private sectors. With beginnings at the National Security Agency and roles at Lockheed Martin and ManTech, he has been recognized as CSO of the Year among other accolades. Dan is also a prolific author and speaker, sharing insights on cybersecurity and technology modernization through his award-winning blog and publications.

Bikash Barai
is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud. 


E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)