Skip to content

1.5 Understand Constraints and Conditions

Every exercise operates within certain conditions and constraints. Understanding these upfront helps you make realistic design decisions and avoid surprises later. You don't need perfect information—just enough to know what's possible and what's not.

Stakeholder Alignment

If you're creating an exercise for a client or organization (rather than for yourself), clarify the basics before you start designing.

Key things to align on:

  • What problem are they trying to solve? This connects directly to the need you identified in section 1.3.
  • What outcome do they expect? Be specific—completed training, validated procedures, or identified gaps?
  • What are the constraints? Time, budget, technical limitations, legal restrictions.
  • Who approves what, and when? Understanding the approval chain prevents delays.
  • How will you communicate progress? Regular check-ins, written updates, or final report only?

Tip

A brief kickoff conversation and a simple written summary help ensure alignment. Share it back with stakeholders to confirm you understood correctly. This doesn't need to be a formal document—even a one-page summary covering these points is enough.

Team Composition

We recommend having at least two people involved: an exercise designer (who creates the exercise) and a subject matter expert (who provides domain insight and validates realism). This combination helps balance instructional design with realistic content.

If you're working alone, find someone who can review your scenarios for accuracy—even informal validation catches unrealistic assumptions.

Planning Approach

Work backwards from your delivery date with clear milestones. This helps you identify what's realistic and where you might need to adjust scope.

Key milestones to consider:

  • Stakeholder meetings – the aim is to get necessary inputs and decisions.
  • Content ready for platform.
  • Pilot or review session (if doing one).
  • Final delivery date and location or mode.

Note

If you're working on a tight timeline, be realistic about what you can achieve. A focused exercise that works is better than an ambitious one that's rushed.

Delivery Conditions

Location and Format

  • Where: Physical room, online platform, or hybrid?
  • When: Time of day affects energy levels—post-lunch exercises need different pacing than morning sessions.
  • Duration: Not just total time, but also breaks and session structure.

Technology and Infrastructure

  • Platform access: Can all participants access the INJECT platform? Are there network restrictions?
  • Supporting software: For communicators (like MS Teams etc.), sharing of files and other relevant tasks.
  • Hardware: Do participants have individual devices (laptops, tablets), or are you using a shared screen (beamer, projector or large monitor)?

Contextual Details

To create realistic scenarios that participants recognize as relevant, you need specific details from their environment. These are conditions for authenticity—without them, your exercise feels generic.

Collect early:

  • Email formats and domains: What do their actual email addresses look like? (e.g., firstname.lastname@company.com vs f.lastname@org.cz)
  • Document names: What are their policies, playbooks, and forms actually called? (e.g., "IR Playbook" vs "Incident Response Manual v3.2")
  • System and tool names: What tools do they use daily? (e.g., Google Workspace, Microsoft O365, custom systems with specific names)
  • Organizational structure: What are departments called? Who reports to whom?
  • Role titles: How do they actually refer to positions? (e.g., "CISO" vs "Head of Security" vs "IT Security Manager")
  • Process and politics: How do they actually escalate incidents? Who gets called first? What's the approval chain?
  • Geographic specifics: Office locations, time zones (if relevant for scenarios).
  • Visuals: Pictures, logos, templates etc.

Warning

These details are harder to change once scenarios are created. Gather them during your initial stakeholder conversations or through a brief documentation review.

Hard Constraints

These are limitations you typically cannot change—design around them rather than fighting them.

Resources

Time, energy and money. Be realistic.

Legal and Compliance

  • Data restrictions: What information can you use in scenarios? Real names, actual incidents, or sensitive data may be off-limits.
  • Compliance requirements: Are there mandatory topics you must cover or specific formats you must follow?

← 1.4 Understand Trainees Phase 02: Specify →