Future CISOs Facing a Real-Time Cyber Crisis

Students from the Master’s Cybersecurity with CISO specialisation at ISTIC (University of Rennes) took part in a cyber crisis management exercise.

A realistic cyber crisis scenario

The students were immersed in an evolving cyber crisis scenario based on a fictitious local authority that had fallen victim to a cyberattack. Throughout the exercise, the organisers introduced injects such as alerts, incidents, requests and urgent demands that continuously changed the situation. Pressure gradually increased through delays, information overload and a growing number of requests, forcing participants to make decisions under tight time constraints.

To replicate the operation of a crisis management cell, the students took on different roles: CIO, CISO, HR Director, DPO, Director General of Services, or Communications Officer. This structure allowed everyone to immerse themselves in specific responsibilities and highlighted the importance of cross-functional coordination in managing a cybersecurity incident.

Preparing future CISOs for real-world realities

The aim of this immersive exercise was to help students understand the broader context of a cyber crisis and how it unfolds. In a realistic setting, they were able to practise stress management, action prioritisation and information structuring, while developing technical and organisational skills directly related to their future careers.

By facing successive injects and multiple interactions, participants experienced a situation close to real-world conditions, giving them practical preparation for the responsibilities they will assume in their future roles as Chief Information Security Officers.