Skip to content

1.4 Understand Trainees

The better you understand your trainees, the more you can tailor scenarios and pacing to match their reality. A professional CSIRT team needs different scenarios than university students. First-timers need different guidance than veterans. Knowing these differences upfront prevents you from designing the wrong exercise.

Essential Trainees Checklist

Use this checklist to gather the minimum necessary information about your trainees:

  • Who Should Be in the Exercise?

    Invite only people who should be there in relation to the identified need. In other words, those whose thinking and behavior needs to change based on what you defined in section 1.3.

  • Current Role and Responsibilities

    • What they do: Are they CSIRT members, managers, HR staff, or students?
    • Role in the exercise: Will they practice their actual role or simulate a different one?

  • Baseline Knowledge and Skills

    • Starting point: Do they understand basic concepts (what is incident response, what is phishing), or are they beginners?
    • Technical level: Can they work with technical documentation, or do you need to simplify language?

  • Previous Exercise Experience

    • First-timers or veterans: Have they participated in tabletop exercises before?
    • Format familiarity: Do they understand how TTX works, or will you need to explain the format?

  • Motivation and Context

    • Why they're participating: Voluntary training, compliance requirement, or course assignment?
    • What they expect: What do they hope to gain from the exercise?

  • Language and Communication

    • Native language(s): What language(s) do they speak? Are there fluency variations?
    • Domain terminology: What jargon and technical terms do they use in their daily work?
    • Communication norms: Do they communicate formally or informally? Are there hierarchical patterns?

    This influences how you write scenarios and instructions. Using their terminology makes the exercise feel authentic.

  • Organizational and Cultural Context (if relevant)

    • Team composition: Are trainees from the same organization or mixed backgrounds?
    • Existing relationships: Do they already know each other and work together?
    • Shared context: Do they have common processes, tools, or organizational knowledge?
    • Organizational culture: Formal or informal? Risk-averse or experimental?

    This influences case study selection, team dynamics assumptions, and how you frame sensitive topics.

Gathering This Information

A focused conversation with stakeholders or a brief trainee survey usually provides what you need.

Efficient approach:

  • Internal conversations: Individual or workshop. Ask whoever is organizing the exercise about trainees – their roles, experience, expectations, and any sensitivities.
  • Brief trainee survey: If trainees are available beforehand, a short survey (5–7 questions) can gather baseline information.
  • Review existing information: Check previous training evaluations, competency assessments, or past exercise reports.

Tip

For unfamiliar audiences, high-stakes exercises, or complex organizational contexts, consider in-depth interviews, focus groups, or expert consultation.

← 1.3 Find out the Needs 1.5 Understand Constraints and Conditions →