This work presents a methodical and minimalist approach for the implementation of cyber deception strategies that, without compromising effectiveness, seeks to limit its impact on operations, derived from the limitations of its integration in productive infrastructures and the complexity of the subject. To this end, a cyclical and continuous process is proposed, adaptable to environments of different sizes, which allows obtaining most of the benefits associated with complete cyber deception operations, using the least number of elements and through flexible tactics. This approach arose in response to observations detected in experiences working with organizations. To facilitate the implementation of this proposal, and as an additional contribution, a free software tool created for this purpose is provided, which allows its open experimentation and use in production, both for professional and educational environments.

Incident response tabletop simulation exercises allow training people in skills related to reactions and processes in crisis situations. This paper analyzes several experiences of tabletop simulations that resulted in learning of practical utility for the participants. After applying the traditional approach based on conversational interaction, and the modern approach based on interaction through virtual platforms, a new, more accessible and scalable modality was proposed, developed in free software, which allows taking this practice to any environment. In addition, it was found that the exercises carried out in educational environments improve the learning of the topics for both participants and observers.

Active cyber defense is the most recent model that cybersecurity has adopted from its traditional military counterpart. It is considered the most modern approach to defensive design and operations that today's cybersecurity recognizes, and as such still has much to mature. This paper presents the state of the art of active cyber defense in its theoretical and practical aspects and proposes a realistic technical approach for the provision of related professional services, based on other modular services, and considering that existing proposals in the industry are still disparate and uncommon worldwide.