Frequently Asked Questions

A tabletop exercise (TTX) is a discussion-based session where team members walk through a simulated cybersecurity incident scenario. No systems are tested — participants talk through their roles, decisions, and response procedures. It's the most effective way to find gaps in your incident response plan before a real incident happens.

Every kit includes 6 custom scenario dice (D4, D6, D8, D10, D12, D20), color-coded tokens across 5 categories (positions, risks, mitigations, assets, actions), a legend card with QR code linking to 15 digital scenarios, and a storage container.

The Starter Pack ($79) includes 56 essential tokens. The Standard Pack ($149) includes 106 tokens plus a token tray. The Ultimate Pack ($249) includes all 119 tokens, a premium tray, storage canister, and free US shipping.

Expansion packs add specialized tokens and scenarios for specific compliance frameworks or advanced exercises. Available packs include HIPAA, PCI-DSS, GDPR, CMMC, Red Team, Risk Assessment, AI Threats, Cloud Security, and ICS/OT. Each adds 14-18 tokens and dedicated scenarios for $29-39.

No. Every scenario includes a detailed facilitator script with exactly what to read aloud, when to introduce injects, and how to guide discussion. The legend card also has a quick-start guide. Most facilitators run their first exercise in under 5 minutes of prep.

TabletopSec exercises work with 3-15 participants. The sweet spot is 5-8 people. You need at least one facilitator and 2-3 participants taking on different roles. Larger groups can pair up on roles or have observers.

A typical exercise runs 60-90 minutes. Quick exercises can be done in 30 minutes. Comprehensive exercises with all injects and detailed debrief can run up to 2 hours. Each scenario includes timing guidance.

Absolutely. The dice and tokens are designed for infinite combinations. Roll the dice, draw tokens, and build any scenario you can imagine. We also provide 75 drop-in injects you can mix into any custom exercise. The upcoming AI Scenario Generator will auto-create complete exercise packages from your dice rolls.

We ship to the US, Canada, UK, Australia, Germany, France, and the Netherlands. US shipping is free on the Ultimate Pack. See our Shipping page for full rates and delivery times.

We offer a 30-day return window from the date of delivery. Products must be in their original condition with all components included. Contact hello@tabletopsec.com to initiate a return. See our Shipping & Returns page for full details.

Yes! Our partner program offers 15-40%+ discounts for bulk orders of 10+ kits. We also offer white-label options with your logo on the legend card and co-branded storage. Visit the Partners section on our homepage to request pricing.

Absolutely. Many MSPs, vCISOs, and security consultants use TabletopSec kits during client exercises. Leave a kit with each client as part of your assessment engagement, or use them during retainer-based exercises. The digital scenarios include compliance-ready documentation for HIPAA, PCI, GDPR, and CMMC requirements.

A typical consultant charges $10-15K per tabletop exercise. TabletopSec gives you everything you need to run unlimited exercises yourself for a one-time purchase of $79-249. You get the same quality facilitator scripts, injects, and decision points — plus the physical dice and tokens that make exercises more engaging and unpredictable.

TabletopSec is ideal for organizations that want to run regular exercises (quarterly or more) without recurring consulting fees. For organizations that want external facilitation, TabletopSec is a great complement — consultants love the dice and token system.

Card games have fixed scenarios that participants memorize after a few plays. TabletopSec's dice system generates random parameters every time, so no two exercises are the same. The token system adds physical, tactile elements that make abstract security concepts concrete. And our scenarios include professional facilitator scripts, timed injects, and compliance-ready documentation — not just game mechanics.