Case Study

Cyber Security & Operational Decision-Making

SENSEDiagnose the real problem
Workshop facilitator briefing participants

Context

An overseas defence and security organization had a problem: their leaders understood cyber as a technical issue, but couldn't connect it to the operational decisions they actually made.

Personnel responsible for planning, coordination, and command needed to understand how cyber incidents affect real operations - not at a technical level, but in terms they could act on. What does it look like when things go wrong? What decisions actually matter under pressure?

The challenge wasn't just working out where the gaps were. It was helping them fix it.

Leadership workshop session

What They Needed

The organization needed their leadership team to be able to:

  • Understand who was actually targeting them and how attacks happen in practice
  • Recognize operational failure when cyber incidents occur - not just "the network is down" but degraded command, disrupted logistics, damaged morale, loss of public confidence
  • Make practical protection decisions under time pressure
  • Talk about cyber risk in operational terms rather than technical jargon

This wasn't about delivering information. It was about changing how they thought and decided.

Workshop discussion around cyber-operational decision-making

Approach

I structured the work around three questions:

  • Threat - Do leaders understand who the adversaries are and where the real vulnerabilities sit?
  • Effect - Can they connect cyber incidents to operational consequences?
  • Protect - Do they know which decisions actually matter under pressure?

The engagement combined scenario-based decision work, case study analysis, and structured discussion.

Rather than teaching them what to think, I wanted to show them how cyber-operational incidents actually unfold and what that means for their decisions.

I deliberately avoided technical depth. The question was whether they could make sound decisions when cyber and operations collide - not whether they could define zero trust or explain how phishing works.

Delivered to 15 personnel responsible for planning and coordination functions, where operational decisions directly affected activity and outcomes.

Facilitated group discussion

What I Did

The work ran over several sessions over 5 days and included:

  • Scenario discussion where leaders worked through decisions under simulated pressure
  • Case studies of real incidents to show the operational patterns they needed to recognize
  • Interactive exercises that demonstrated identity compromise, defender fatigue, layered defence, and decision-making under uncertainty
  • Facilitated reflection on what was working and what wasn't
  • Discussion of practical protections that actually matter

The sessions were designed to make the decision pressures visible rather than theoretical. Leaders needed to see what failure looked like and practice working through it.

Participants in a facilitated workshop

What Changed

By the end of the engagement, leaders had:

  • A clearer mental model of how cyber incidents unfold and affect operations
  • Better understanding of how cyber risk connects to command, logistics, morale, and national resilience
  • Greater awareness of identity, access, and human factors in operational security
  • Practical insight into layered defence and what decisions matter under pressure
  • A shared vocabulary for discussing cyber risk at the right level

The consistent feedback was that cyber security made sense in a way it hadn't before—and that it was directly connected to the decisions they were actually making.

Team working through operational scenarios

What They Got

The organization received practical guidance they could use:

  • Reference material covering the Threat-Effect-Protect framework
  • Decision guides for cyber-operational scenarios
  • Case study summaries showing operational patterns to watch for
  • Structured notes from the sessions

These weren't theoretical documents. They were tools the organization could actually refer back to when making decisions under pressure.

Format

Multi-session structured engagement
Scenario-based decision work
Interactive practical exercises
Facilitated discussion and reflection
Supporting guides and reference material.

This sits within Sense work: helping organizations understand cyber-operational risk before committing to action. The engagement combined assessment and capability development—working out what leaders understood, then helping them improve their decision-making under pressure.

Partnership delivery team

Developed and delivered in partnership with Join Momentum

DWC Consultant Ltd
-•• •-- -•-•

Registered in Northern Ireland · Company No. NI736868
Registered Office: Office 1612, 92 Castle Street, Belfast, Northern Ireland, BT1 1HE

-•• •-- -•-•