Cyber security training works best when participants are not passive listeners. The current training direction led by Marius Parescius is built around realistic decision-making: crisis simulation, role-based exercises, incident analysis and lessons from real cyber cases.
The most practical format is the “Black Monday” ransomware crisis simulation. A company starts the week with encrypted computers, unavailable servers, damaged backups, pressure from attackers, anxious clients and urgent questions from management, lawyers, communications teams and employees. The point is not to describe a crisis. The point is to let the team feel how quickly a cyber incident becomes a business, legal and reputational problem.
Training formats
- Ransomware tabletop simulation: a 4-hour or full-day role-based exercise for managers, IT, legal, communications, finance and HR teams.
- Financial process cyber risk training: incident scenarios for accounting and finance departments, including payment manipulation, supplier data changes, access control and internal approvals.
- Incident response workshops: first-hour decision-making, isolation, evidence preservation, notification duties and communication when normal systems are unavailable.
- AI and cyber hygiene training: practical use of AI tools, safe handling of information, account protection, phishing resistance and digital identity protection.
- NIS2 and management readiness sessions: governance, responsibilities, vendor risk, documentation and practical preparation for audits or incidents.
Forensic and expert angle
Public training materials describe Marius Parescius as an IT forensic expert and cyber security specialist with more than 35 years of experience, consulting businesses, public institutions and law enforcement in real cyber incident investigations. This expert background is especially important in training: participants learn not only what should be done in theory, but also what investigators, lawyers, insurers, regulators and executives will need after the first shock has passed.
That includes evidence handling, timeline reconstruction, account and access review, communication discipline, decision logs and practical cooperation with external experts. In real incidents, these details can determine whether an organisation can restore operations, defend its decisions and avoid repeating the same failure.
What participants take away
- A clearer incident command structure: who decides, who documents, who communicates and who isolates systems.
- A practical checklist for notifications to regulators, police, insurers, partners and customers.
- Better understanding of ransomware, account takeover, social engineering and financial fraud patterns.
- Concrete gaps in backups, access rights, communication channels and internal approvals.
- A first draft of an incident response plan that can be adapted inside the organisation.
Cyber crisis training is useful precisely because mistakes are allowed in the simulation. In a real incident, the same mistakes are expensive, public and often irreversible.