Case Study
Cyber Security & Operational Decision-Making
Context
An overseas defence and security organization had a problem: their leaders understood cyber as a technical issue, but couldn't connect it to the operational decisions they actually made.Personnel responsible for planning, coordination, and command needed to understand how cyber incidents affect real operations—not at a technical level, but in terms they could act on. What does it look like when things go wrong? What decisions actually matter under pressure?The challenge wasn't just working out where the gaps were. It was helping them fix it.
What They Needed
The organization needed their leadership team to be able to:
Understand who was actually targeting them and how attacks happen in practice
Recognize operational failure when cyber incidents occur - not just "the network is down" but degraded command, disrupted logistics, damaged morale, loss of public confidence
Make practical protection decisions under time pressure
Talk about cyber risk in operational terms rather than technical jargon
This wasn't about delivering information. It was about changing how they thought and decided.
Approach
I structured the work around three questions:
Threat — Do leaders understand who the adversaries are and where the real vulnerabilities sit?
Effect — Can they connect cyber incidents to operational consequences?
Protect — Do they know which decisions actually matter under pressure?
The engagement combined scenario-based decision work, case study analysis, and structured discussion. Rather than teaching them what to think, I wanted to show them how cyber-operational incidents actually unfold and what that means for their decisions.
I deliberately avoided technical depth. The question was whether they could make sound decisions when cyber and operations collide—not whether they could define zero trust or explain how phishing works
What I Did
The work ran over several sessions and included:
Scenario discussion where leaders worked through decisions under simulated pressure
Case studies of real incidents to show the operational patterns they needed to recognize
Interactive exercises that demonstrated identity compromise, defender fatigue, layered defence, and decision-making under uncertainty
Facilitated reflection on what was working and what wasn't
Discussion of practical protections that actually matter
The sessions were designed to make the decision pressures visible rather than theoretical. Leaders needed to see what failure looked like and practice working through it.
What Changed
By the end of the engagement, leaders had:
A clearer mental model of how cyber incidents unfold and affect operations
Better understanding of how cyber risk connects to command, logistics, morale, and national resilience
Greater awareness of identity, access, and human factors in operational security
Practical insight into layered defence and what decisions matter under pressure
A shared vocabulary for discussing cyber risk at the right level
The consistent feedback was that cyber security made sense in a way it hadn't before—and that it was directly connected to the decisions they were actually making.
What They Got
The organization received practical guidance they could use:
Reference material covering the Threat-Effect-Protect framework
Decision guides for cyber-operational scenarios
Case study summaries showing operational patterns to watch for
Structured notes from the sessions
These weren't theoretical documents. They were tools the organization could actually refer back to when making decisions under pressure.
Format
Multi-session structured engagement
Scenario-based decision work
Interactive practical exercises
Facilitated discussion and reflection
Supporting guides and reference material
This sits within Sense work: helping organizations understand cyber-operational risk before committing to action. The engagement combined assessment and capability development—working out what leaders understood, then helping them improve their decision-making under pressure.
Developed and delivered in partnership with Join Momentum
-.. .-- -.-.
Registered in Northern Ireland · Company No. NI736868
Registered Office: Office 1612, 92 Castle Street, Belfast, Northern Ireland, BT1 1HE
