Rooted in Security: Inside session 3's interactive cyber crisis simulation

Rooted in Security returned for its third Women Who Build, Break and Lead session, bringing together women from across the cybersecurity community for an evening that was as interactive as it was insightful.

Attendees took part in a live cyber crisis simulation led by Reflex Security. Working across roles including Incident Commander, Security, Legal, and Communications, participants were challenged to navigate a developing security incident, make decisions with limited information, and collaborate under pressure.

After the session, we caught up with Stephanie Zavala to reflect on the evening, the discussions that took place, and what attendees took away from the experience.

For those who couldn't attend, can you tell us a bit about the tabletop exercise and what attendees were challenged to work through?

Reflex Security brought their simulation platform and AI agents, and attendees were assigned roles such as Security Team, Legal, Communications, and Incident Commander. We were introduced to a fictional company, its services, and customer base before the simulation began.

As the scenario unfolded, participants were tasked with determining whether they were dealing with a legitimate security incident, analyzing logs and available evidence, and assessing the potential impact based on their assigned responsibilities. Once the breach was confirmed, teams collaborated through the platform to make decisions, communicate effectively, and work toward containing and resolving the incident in real time.

As the exercise unfolded, were there any decisions, discussions, or different approaches that really stood out to you?

I was particularly impressed with Niyanta, who stepped into the Incident Commander role. She demonstrated a strong understanding of incident response, effectively guiding communications, coordinating stakeholders, and helping the team stay focused on the most critical next steps.

What do you think the exercise highlighted about preparing for and responding to real-world cyber incidents?

The exercise reinforced how unpredictable real-world cyber incidents can be. In many situations, it is not immediately clear what an attacker has accessed, how far they have progressed, or what the full impact may be. Success depends on having a strong technical team, well-defined processes, and a capable leader who can guide decision-making while information is still unfolding.

What do you hope everyone took away from the evening, whether it was from the exercise itself or the conversations that followed?

One of the biggest takeaways was seeing how effectively the group worked together under pressure. My hope is for everyone who attended takes this experience back to their teams, discusses how the platform can help remote teams truly get to know each other in pressured situation rather than looking at a presentation. I think engineers always like a gamified experience, and this was definitely it!

One of the goals of Rooted in Security is to bring women across cybersecurity together. How did this session reflect that?

We had CISOs, GRC leaders, PAM leaders, Security Services leaders, and Security TPMs in the room, representing a wide range of industries, backgrounds, and experiences. Despite those differences, the collaboration was seamless. It was fascinating to hear how different groups approached similar challenges and how outcomes varied based on industry, organizational structure, and risk tolerance.

This reflects a core pillar of Rooted in Security: creating a space where women across cybersecurity, at every stage of their careers, can share knowledge, learn from one another's experiences, and bring diverse perspectives to the conversation around security leadership.

What's next for Rooted in Security, and what can people look forward to?

Our next session is scheduled for August 19. We are currently exploring a panel discussion focused on career progression and leadership journeys within cybersecurity. That said, given how quickly the security landscape evolves, we remain flexible and may pivot to another timely topic that is particularly relevant to the community at that time.