// Who we are
Siege Table Security was founded on a simple belief: most security failures are human failures - not technical ones. Exercises should surface that reality, not paper over it.
// Why we exist
Most tabletop exercise vendors are in the business of making clients feel prepared. Scenarios are kept manageable. Answers are not challenged. Reports are written to document effort, not surface failures.
We think that's backwards. A tabletop exercise that your team "passes" has told you almost nothing. An exercise that surfaces three genuine coordination breakdowns, two detection gaps, and one escalation path that doesn't exist - that exercise has value.
The founding team brings combined expertise in endpoint detection and response, incident response, and security operations. We have been on the other side of real incidents. We know what breaks. We know what the questions sound like when the pressure is real. We replicate that environment - on purpose.
"An exercise that your team passes has told you almost nothing. An exercise that surfaces real failures - that has value." — Siege Table Security
// Combined expertise
Deep familiarity with how EDR tooling generates telemetry, where it misses, and how adversaries evade it. We probe whether your detection coverage is real - not just deployed.
Experience running and supporting real incident response engagements. We know where IR playbooks break down under actual pressure and where communication chains fail first.
Background in operating security programs - not just advising on them. We understand the constraints, the tool sprawl, the understaffing, and the alert fatigue that define real environments.
// Founding team
Co-Founder - Security Operations
10 years in security operations, digital forensics, and incident response. Started in DFIR doing hands-on investigations for government and enterprise clients, then moved into building and running security operations programs from the ground up - zero to 24x7 coverage, full EDR/SIEM/SOAR stack, MSSP partnerships, in regulated environments with thousands of endpoints. Has hunted threats, built detection logic, and managed the full incident response lifecycle across healthcare, financial services, and government. Deeply technical. Doesn't manage from a distance.
Co-Founder - Security Leadership
Nearly two decades in IT infrastructure and security operations, the last several years spent running security programs at scale in highly regulated healthcare environments. CISSP. Has led the build-out of security teams, implemented enterprise security programs, and operated at the intersection of complex infrastructure and adversarial risk. Bilingual. Brings both the technical depth and the organizational leadership experience to understand where programs break - and why.
// How we operate
That is the entire point of hiring us. If your team had a bad exercise, you have the information you need to improve. If we let you think it went well, we've wasted your time and your money. We won't do that.
There are no improvised scenarios here. The exercise is constructed from your actual environment data. We know your hosts, your controls, your crown jewels, your exposure surface. The scenario is built around what can realistically happen to you - not a fictional company.
We do not help you check a box. We help you understand whether your team can function under real incident conditions. If your current goal is a compliance checkbox, we are probably not the right fit. We can refer you to firms that specialize in that work.
When an engagement ends, your environment data is deleted. We do not retain operational data between engagements. We do not use client data to train models or benchmark against other clients. We wrote a full transparency page so you don't have to ask.
// Work with us
No sales call. No commitment. Get a scored gap report from the self-service tool and see where you actually stand before deciding whether to go further.