Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
	Claims 1-20 are pending.

EXAMINER’S AMENDMENT
	The application has been amended as follows: 
An examiner’s amendment to the record appears below. Should the changes and/or additions be unacceptable to applicant, an amendment may be filed as provided by 37 CFR 1.312. To ensure consideration of such an amendment, it MUST be submitted no later than the payment of the issue fee.
Authorization for this examiner’s amendment was given in a telephone interview with applicant Christian Basballe Sorensen,  on 06-29-2022.

Claims are amended as follows:

1.	 (Currently amended) A computer-implemented method for evaluating preparedness in dealing with cybersecurity threats among cybersecurity personnel in an organization, comprising: 
	selecting a cybersecurity response team in the organization for evaluation;
	after selecting the cybersecurity response team, automatically generating threat scenarios from known security attack scenarios; 
	providing a first set of threat scenarios from the generated threat scenarios to the cybersecurity response team in a live environment;
	recording one or more tactics used by the cybersecurity response team in response to the first set of threat scenarios including: time taken to determine one or more threat types, time taken to prepare and deploy response tactics to overcome each of the one or more threat types, and effectiveness of the response tactics in overcoming each of the one or more threat types;
	providing a second set of scenarios from the generated threat scenarios to the cybersecurity response team in a static environment including a plurality of questions related to one or more threat types and associated response tactics;
	recording a plurality of responses provided by the cybersecurity response team in response to the second set of scenarios;
	automatically generating  personnel assessment scores based on the recorded responses provided by the cybersecurity response team in response to the first set of threat scenarios and the second set of threat scenarios;
	contextualizing the personnel assessment scores based on parameters including  lateral movement,  command and control, and exfiltration; 
converting the contextualized personnel assessment scores to dynamic visual representations; and
	providing automated recommendations in a configurable dynamic dashboard to improve performance of the cybersecurity response team based on the contextualized personnel assessment scores and the dynamic visual representations, wherein the automated recommendations include information related to performance of each cybersecurity personnel in the cybersecurity team and optimized cybersecurity technology and processes to reduce cybersecurity performance gaps in the organization.
5. 	(Currently amended) The computer-implemented method of claim 1, wherein contextualizing the determined personnel assessment scores further comprises transforming the personnel assessment scores into data categories including alert, detect, and protect.
7. 	(Canceled)
8. 	(Currently amended) A system, comprising:
at least one processor; and
at least one non-transitory computer readable storage medium storing instructions thereon that, when executed by the at least one processor, cause the system to:
select a cybersecurity response team in the organization for evaluation;
after selecting the cybersecurity response team, automatically generate threat scenarios from known security attack scenarios; 
provide a first set of threat scenarios from the generated threat scenarios to the cybersecurity response team in a live environment;
record one or more tactics used by the cybersecurity response team in response to the first set of threat scenarios including: time taken to determine one or more threat types, time taken to prepare and deploy response tactics to overcome each of the one or more threat types, and effectiveness of the response tactics in overcoming each of the one or more threat types;
provide a second set of scenarios from the generated threat scenarios to the cybersecurity response team in a static environment including a plurality of questions related to one or more threat types and associated response tactics;
record a plurality of responses provided by the cybersecurity response team in response to the second set of scenarios;
determine personnel assessment scores based on the recorded responses provided by the cybersecurity response team in response to the first set of threat scenarios and the second set of scenarios;
contextualize the personnel assessment scores based on parameters including  credential access,  lateral movement, command and control, and exfiltration; 
convert the contextualized personnel assessment scores to dynamic visual representations; and
provide automated recommendations in a configurable dynamic dashboard to improve performance of the cybersecurity response team based on the contextualized personnel assessment scores and the dynamic visual representations, wherein the automated recommendations include information related to performance of each cybersecurity personnel in the cybersecurity team and optimized cybersecurity technology and processes to reduce cybersecurity performance gaps in the organization.
12. 	(Currently amended) The system of claim 8, wherein contextualizing the determined personnel assessment scores further comprises transforming the personnel assessment scores into data categories  including alert, detect, and protect.
13. The system of claim 12, wherein alert data is related to cybersecurity performance alerts that are to be sent for alerting probable threat activities, detect data is related to cybersecurity threats that are identified, and protect data is related to cybersecurity threats that were blocked by the cybersecurity response team.  
14. 	(Canceled)
15. 	(Currently amended) A non-transitory computer readable medium storing instructions thereon that, when executed by at least one processor, cause a computer system to:
select a cybersecurity response team in the organization for evaluation;
after selecting the cybersecurity response team, automatically generate threat scenarios from known security attack scenarios; 
provide a first set of threat scenarios from the generated threat scenarios to the cybersecurity response team in a live environment;
record one or more tactics used by the cybersecurity response team in response to the first set of threat scenarios including: time taken to determine one or more threat types, time taken to prepare and deploy response tactics to overcome each of the one or more threat types, and effectiveness of the response tactics in overcoming each of the one or more threat types;
provide a second set of scenarios from the generated threat scenarios to the cybersecurity response team in a static environment including a plurality of questions related to one or more threat types and associated response tactics;
record a plurality of responses provided by the cybersecurity response team in response to the second set of scenarios;
determine personnel assessment scores based on the recorded responses provided by the cybersecurity response team in response to the first set of threat scenarios and the second set of scenarios;
contextualize the personnel assessment scores based on parameters including  credential access, lateral movement, command and control, and exfiltration; 
converting the contextualized personnel assessment scores to dynamic visual representations; and
provide automated recommendations in a configurable dynamic dashboard to improve performance of the cybersecurity response team based on the contextualized personnel assessment scores and the dynamic visual representations, wherein the automated recommendations include information related to performance of each cybersecurity personnel in the cybersecurity team and optimized cybersecurity technology and processes to reduce cybersecurity performance gaps in the organization.
18. 	(Currently amended) The non-transitory computer readable medium of claim 15, wherein contextualizing the determined personnel assessment scores further comprises transforming the personnel assessment scores into data categories  including alert, detect, and protect.
20. 	(Canceled)

Allowable Subject Matter
	Claims 1-6-8-13 and 15-20  are allowed.
The following is an examiner’s statement of reasons for allowance:
The prior art Honig et al. (US Publication No.2019/0215328) of record discloses, a system and methods for detecting intrusions in the operation of a computer system comprises a detection model generator configured to request training data from data record, generate an intrusion detection model based on said training data, and to transmit the intrusion detection model to a data warehouse according to the predetermined data format. A detector is configured to receive a data record from a sensor and to determine whether said data record corresponds to an attack based on said intrusion detection model.
	The prior art Xie et al. (US Publication No.2018/0324218) of record discloses, systems and methods for monitoring compliance with security goals by a network . According to one embodiment, a topology of a network segment of a private network is discovered by a network security device associated with the private network. Security policies implemented by one or more network security devices that form part of the network segment are learned by the network security device. Compliance with a security goal associated with the network segment is then determined by the network security device. 
	The prior art Lee et al. (US Publication No.2016/0226894) of record discloses, a method and system, capable of performing adaptive intrusion detection proactively coping with a new type of attack unknown to the system, the system including a data collector configured to collect host and network log information, an input data preprocessor configured to convert data acquired through the data collector into a feature vector, and an intelligence intrusion detection analyzer configured to perform an intrusion detection and a model update by using the extracted feature vector, and an intrusion detection learning model configured to detect an intrusion and learn classification of the type of attack based on training data.
	The prior art Baikalov et al. (US Patent No. 9,800,605) of record discloses, threat risks to an enterprise are detected and assessed by assembling singular threats identified using both direct and behavioral threat indicators into composite threats to create complex use cases across multiple domains, and to amplify risks along kill chains of known attacks for early detection. Composite threat risk scores are computed from risk scores of singular threats to exponentially increase with the number of events observed along the kill chain. Composite threats are combined with normalized values of static risk and inherent risk for an entity of the enterprise to produce an entity risk score representative of the overall risk to the entity.
	The prior art Nguyen et al. (US Publication No.2016/0285907) of record discloses, a cyber-attack scenario simulation system and method may include an aircraft simulator operable to generate an aircraft simulation, a cyber-attack generator operable to generate a cyber-attack simulation, a cyber defense generator operable to generate a cyber defense simulation, a scenario generator operable to generate a cyber-attack scenario including the cyber attack simulation and the cyber defense simulation and launch the cyber-attack scenario against the aircraft simulation, and a cyber-attack scenario analysis tool operable to assess an impact of the cyber-attack scenario on the aircraft simulation.
	The prior art Weast et al. (US Patent No. 9,378,364 ) of record discloses, technologies for managing security threats on a computing system include detecting a security threat to the computing system, determining a plurality of mitigation scenarios to employ on the computing system to mitigate the security threat, and implementing the plurality of mitigation scenarios. Each mitigation scenario includes one or more threat mitigation actions to be taken by the computing system, one or more response systems of the computing system to perform the threat mitigation actions, and a temporal sequence in which the threat mitigation actions are to be taken. The results of each mitigation scenario is evaluated and a validated mitigation scenario is determined based on the results. A user of the computing device may be subsequently trained or habituated to mitigate the security threat by requesting interaction from the user during the implementation of the validated mitigation scenario in response to a threat scenario designed to replicate the security threat.

However, prior arts taken singly or in combination, fail to anticipate or render the following limitation:
determine personnel assessment scores based on the recorded responses provided by the cybersecurity response team in response to the first set of threat scenarios and the second set of scenarios; contextualize the personnel assessment scores based on parameters including credential access, lateral movement, command and control, and exfiltration; convert the contextualized personnel assessment scores to dynamic visual representations; and provide automated recommendations in a configurable dynamic dashboard to improve performance of the cybersecurity response team based on the contextualized personnel assessment scores and the dynamic visual representations, wherein the automated recommendations include information related to performance of each cybersecurity personnel in the cybersecurity team and optimized cybersecurity technology and processes to reduce cybersecurity performance gaps in the organization (as claimed in claim 1, 8 and 15).
	Claims are allowed in view of the above limitations when in combination with remaining claim limitations.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
         Any inquiry concerning this communication or earlier communications from the examiner should be directed to Ali Abyaneh whose telephone number is (571) 272-7961. The examiner can normally be reached on Monday-Friday from (8:00-5:00). If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Kristine Kincaid can be reached on (571) 272-4063. The fax phone numbers for the organization where this application or proceeding is assigned as (571) 273-8300. Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from either Private PAIR or Public PAIR. Status information for unpublished applications is available through Private PAIR only. For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
/ALI S ABYANEH/Primary Examiner, Art Unit 2437