Oh Noes!-A Role Playing Incident Response Game

Presented at DEF CON 26 (2018), Aug. 10, 2018, 8 p.m. (Unknown duration).

The term"incident response exercise" can strike fear in the hearts of even the mostly steely-eyed professional. The idea of sitting around a table, talking through a catastrophic security event can be both simultaneously exhausting and incredibly boring. However, what instead of an participating in an"incident response exercise," you instead got to plan an"incident response role playing game?"

Enter our IR roleplaying game,"Oh Noes! An Adventure Through the Cybers and Shit." As part of our day job, we do quarterly IR exercises. In order to make these exercises more engaging, more fun, and more useful, we turned these exercises into a role playing game. We found it so useful and fun, we're releasing it at DEF CON along with numerous scenarios for your dungeon master to take you through.

At this talk, we will talk about gamifying IR exercises and the rules of Oh Noes! We will equip you with dice and your own character sheet and we will walk you through the character creating process. That's right, in Oh Noes! you create your own character with specific skills and abilities that you level up as you play. A group of us will play through a short scenario so you can see how the game works. We will provide several sample scenarios, some ripped from the headlines (and some cribbed from @badthingsdaily) as well as provide guidance on what makes successful scenarios as you transition to be your own dungeon master.


Presenters:

  • Robert Potter - Hacker
    Robert Potter is a 16 year old 10th grader who wears Invisalign. He is the son of Mr.Bow-To-My-Firewall and Mrs.Heidi"clever name" Potter. He likes things that begin with M, including but not limited to Math, Music, and his Mother (my mom told me to put that there). @TauManiac
  • Bruce Potter / @gdead - Founder, The Shmoo Group   as Bruce Potter
    Bruce Potter is the founder of The Shmoo Group, CISO at Expel, and helps run ShmooCon each year in Washington DC. Bruce has over 20 years (yikes!) of experience in hacking and cyber security including working with DoD an Intelligence Community clients as well as numerous finance, healthcare, and transportation companies. Bruce used to do a lot of wireless and network attack and defense work but lately focuses on risk management, threat categorization, and building more secure systems. Bruce has never played D&D but has a son who plays extensively. @gdead

Links:

Similar Presentations: