By Khushali Dalal
Wednesday, June 16, 2025
Khushali Dalal | Product Security Engineer, Juniper Networks | Chair, Women of FIRST (WoF) SIG
This July, I had the honor of leading a session at the Women in International Security and Cyberspace (WiC) Fellowship held at the United Nations Headquarters in New York. Together with my colleague Klée Aiken, we presented a dynamic, hands-on simulation: “Cyber Incident Simulation Through a Public Policy Lens: Can You Piece Together the Attack?” This wasn’t just another tabletop. It was an opportunity to step into the shoes of both incident responders and policymakers — blending technical clues with geopolitical realities.
Participants worked in teams to analyze an “evidence packet” from a fictional breach at Toastville Inc. The clues included:
The goal? Piece together the breach timeline, identify key phases of the attack chain, and propose response strategies — while also answering tough questions like:
What made this exercise unique was its multilateral context. Participants didn’t just focus on indicators of compromise — they discussed:
We also wove in real-world considerations: Should AI-powered detection be standardized across borders? How can norms of responsible state behavior guide private sector action in crisis?
This session took place alongside major international discussions at the UN, the 11th and final substantive session of the five year OEWG (Open-ended Working Group on security of and in the use of information and communications technologies).
The Toastville Tabletop Exercise (TTX) was just one session alongside others covering international law, cyber norms, and gender inclusion — part of a fellowship co-led by GFCE, UNIDIR and partners from around the world.
Our participants were cyber professionals from ministries, foreign affairs, regulators, national CSIRTs, and research organizations — each bringing invaluable perspectives to the table. It was inspiring to see how quickly they collaborated, navigated ambiguity, and pushed for accountability.
This simulation reminded me that effective cyber incident response doesn’t stop at the technical level. The policy, diplomatic, and human dimensions are equally critical — especially when incidents cross borders, sectors, or national interests.
Thank you to FIRST for the opportunity and the brilliant global community of cyber leaders shaping a safer, more collaborative digital future.
Published on FIRST POST: Apr-Jun 2025
The July 2025 Toastville TXX was the third in a series of interactive exercises designed to raise awareness and understanding of operational incident response across cyber diplomats at the OEWG. Participation in this initiative was made possible through the newly launched FIRST CORE program, launched in June 2025 with our launch partner and founding CORE partner, Fortinet. To learn more about FIRST CORE or become a CORE sponsors to enable even more community and capacity building initiatives at https://www.first.org/community