Many cybersecurity regulations require organizations to test their incident response capabilities. In practice, that often translates to periodic tabletop exercises that confirm a meeting took place, but offer little insight into real readiness.

In this clip, Cloud Range CEO Debbie Gordon and TAG CEO Ed Amoroso discuss the gap between the language of regulatory requirements and their real intent. While many organizations rely on periodic tabletop exercises to satisfy audits, those exercises often fail to show whether teams can operate under pressure or respond more effectively over time.

The conversation explores why simulation-based exercises better reflect what regulators are ultimately trying to achieve: ongoing practice, measurable outcomes, and real preparedness. It also highlights how organizations are increasingly using live-fire simulations to support technical readiness, executive response, and GRC needs through a single, repeatable approach.

This clip highlights a shift away from one-time exercises toward repeatable, measurable preparation that actually improves readiness over time.