OUTFOXM FRAMEWORK 2026
Outfox the Storm
How Boards and CISOs Should Be Wargaming in the Mythos Era
When a cyber incident becomes a crisis, technical playbooks alone don't carry you through. This is OUTFOXM's framework for rehearsing the leadership decision muscle that does, drawn from forty exercises across nine years.
Why most cyber response plans fail under pressure
Most organizations have an incident response plan. Most have done at least one tabletop. Most have invested heavily in technical detection and recovery. And most still freeze, miscommunicate, or make slow decisions when a real incident hits.
The reason is not technical. It is human. Outfox the Storm names the six dimensions that separate cyber wargames that move the needle from ones that just check a compliance box, plus the three elite practices that take a program from good to great.
INSIDE THE FRAMEWORK
Six dimensions that separate real cyber wargames from performance theater
Three elite practices that move a program from good to great
A diagnostic for buyers evaluating a wargaming program
A minimum viable version for teams without budget for a specialist
A pre-engagement vetting tool: how to interview a wargame facilitator
WHO IT’S FOR
Boards and audit committees who need a sharper question to ask the CISO than "are we compliant?"
C-suite leaders responsible for crisis response across functions, not just IT.
Security leaders responsible for incident rehearsal at boards-and-C-suite scale.
Read the Full Framework
No email required. Just tell us who's reading.
About the Author
Maria-Kristina Hayden is the founder of OUTFOXM, a cyber wargaming firm focused on the human side of crisis response. She helps boards, CISOs, and mid-market executives stress-test their teams through realistic, intelligence-informed wargames that go beyond compliance theater. A former cyber intelligence officer and Wall Street cyber director, Maria-Kristina speaks at venues from Capitol Hill to news broadcasts to corporate boardrooms.