System Failure: A Cyber Security Murder Mystery for Business Analysts
When Requirements Become the Attack Surface
Cyber security is no longer a technical problem to be handed off.
It is a business analysis responsibility.
Most major breaches don’t start with hackers or code. They start earlier, in assumptions, gaps, and unchallenged requirements. Systems fail not because they were built badly, but because they were defined that way.
System Failure is a live, immersive cyber security simulation for Business Analysts, BA Practice Leads, Heads of IT, and CIOs. It examines how everyday delivery decisions quietly create, or prevent, cyber risk.
This is not a technical hacking session.
It is a high-stakes investigation into how work really gets signed off.
What Participants Will Gain
- The ability to spot hidden cyber risk in requirements and project documentation
- Practical techniques for writing clear, testable security NFRs
- Confidence to challenge unsafe decisions without slowing delivery
- A shared language between BA, security, and technology leaders
Who Should Attend
- Business Analysts at all levels
- Heads of Business Analysis and Practice Leads
- Heads of IT, Digital, and Technology
- CIOs and senior decision-makers accountable for delivery risk
About the Facilitators
Lewis Carroll and Imtiaz Kaderbhoy are senior Business Analysis practitioners and thought leaders specialising in the intersection of delivery, cyber risk, and decision-making. They help organisations identify where risk is unintentionally designed into systems through assumptions, priorities, and unchallenged requirements, long before code is written.
Together, they design immersive, scenario-based experiences that reflect the real pressures of modern delivery and position Business Analysts as risk leaders, not just requirement writers.
They have worked across large-scale digital change in regulated and complex environments, supporting organisations in financial services, public sector, and technology-led transformation, and are active contributors to international BA and leadership communities.
System Failure brings their shared belief to life: most cyber incidents are not technical failures, but failures of analysis and accountability.