Klaus Agnoletti
Klaus Agnoletti has been an all-round infosec professional since 2004. As a long-time active member of the infosec community in Copenhagen, Denmark, he co-founded BSides København in 2019.
Currently he's a freelance storytelling cyber security advisor specializing in security transformation and community focused marketing, employer branding, playing security games and other fun assignments and ideas coming his way.
Lately he has also become a neurodiversity advocate speaking about ADHD to educate and break down taboos in an industry with a vast overrepresentation of neurodiversity and not very many talking about it.
Sessions
Incident response isn't just about knowing your tools - it's about coordinating under pressure, communicating when things go sideways, and making calls with incomplete information. Traditional training focuses on isolated techniques, missing the collaborative reality of actual incidents. And most tabletop exercises? Painfully dull. Participants zone out, give checkbox answers, and leave having learned little.
This workshop introduces Malware & Monsters (https://malwareandmonsters.com), a framework that turns IR training into something people actually enjoy. Think tabletop role-playing meets creature-collection mechanics, where teams "hunt and contain" digital threats through story-driven gameplay.
Game-based learning works - research shows it beats traditional instruction for skill building and retention. M&M makes participants actively discover concepts instead of sitting through lectures. Scenarios include organizational pressures, evolving threats, and stakeholder drama, turning abstract security concepts into tangible problems.
You'll experience the full methodology: learn the mechanics, build custom scenarios based on real malware families (mapped to MITRE ATT&CK), and run live simulations. Participants take specialized roles - Hunter, Analyst, Forensicator, Communicator, Coordinator, or Researcher - experiencing how security functions actually collaborate during incidents.
The framework includes legacy malmons from malware history—because history always repeats itself, and understanding past threats reveals patterns in current attacks. The "type effectiveness" system teaches strategic thinking about matching defenses to threats. Evolution mechanics show how attacks escalate when containment fails.
Participants walk away with ready-to-use materials and facilitation techniques for training that actually works.
Best of all? M&M is free to play in most cases.
Tired of security training that puts your team to sleep? What if I told you the most powerful training tool in cybersecurity has been sitting in your game room all along? Welcome to the world of game-based learning, where the proven power of play transforms how professionals master complex skills.
Research shows that humans learn best when working together, yet traditional training methods keep pushing isolated, theoretical learning. Game-based learning flips this approach on its head, creating environments where people forget about office politics and actually engage with the material. Through structured play and collaborative storytelling, participants don't just memorize concepts—they live them, breaking down professional barriers and building genuine understanding through experience.
I'll show you the compelling evidence behind why using roleplaying games work, and demonstrate how to transform resistant learners into engaged participants. Using compelling examples, you'll discover how tabletop role-playing mechanics can turn your most challenging training scenarios—from incident response to zero trust architecture—into adventures your team actually looks forward to.
Join me to learn why adding roleplaying games to your professional development isn't just about making training fun—it's about making it work.
Two blokes. One strategy. Train to Win or don’t bother playing
There is little excuse for organisational failure when executing incident response as nearly every possible cyber security scenario has not only been documented but could be "role played" by your team well in advance of an actual incident.
Join Klaus Agnoletti & Ian Thornton-Trump for a talk focused on creating role playing experiences for your organization - based on the latest adversary threat intel.
Specific Take Aways include:
- Listening at the Door
- Is there a sleeping Panda, Kitten, Bear or Spider lurking in the network?
- Checking for Traps
- Can IR activities be carried out without alerting the threat actor?
- Containment
- Can the threat actor be contained, or will they run and bring in reinforcements?
- Clearing the Room
- The threat actor may put up a fight, do you need to bring in additional help?
- Looting the Room
- The treasure is the experience, the coin is your pay check
A hilarious RPG focused talk combining the best elements of scenario driven IR training with a creative spin.