The TLD ISAC held its first joint workshop bringing together the Threat Intelligence Special Interest Group (TI-SIG) and the CISO-SIG during the 2026 Jamboree in Berlin.

A total of 25 participants took part, representing the TI-SIG, CISOs and equivalent roles, as well as a diverse group of participants from across the CENTR community and with various backgrounds.

Workshop objective

The workshop aimed to develop baseline scenarios for cybersecurity tabletop and training exercises. These scenarios were built on the top five ranked risks identified in the TLD ISAC Threat Landscape Analysis (TLA) 2026 (more information available here).

From quiz to scenario design

Participants began with an interactive warm-up quiz featuring increasingly challenging DNS-related questions. Farm-themed buzzers quickly brought energy to the room, with mooing, barking, neighing, and cock-a-doodles echoing throughout — with the “chicken” ultimately claiming victory.

Following the icebreaker, participants shared experiences from previous cybersecurity exercises before splitting into five groups to develop exercise scenarios.

While the themes were inspired by the TLA, each group independently designed: the scenario narrative, exercise format, threat actors involved, and realistic injects — both internal and external developments intended to create operational pressure and decision-making challenges.

Outcomes and next steps

The workshop produced a diverse set of scenarios and practical foundations for engaging, realistic and effective cybersecurity exercises. These scenarios will now be further discussed within the SIG, refined, and expanded before being shared more broadly with the TLD ISAC community.

We would like to thank the SIG Co-Chairs, Chair, and Vice-Chair for moderating the workshop, as well as all participants for their enthusiasm, collaboration, and creativity.