Kevin Liston’s post on table top exercise is much like a pentest but using an exercise to see how effective your defenders are against attacks. It is a good idea because it goes through the phases of incident response (and the attack). I might suggest augmenting this with a custom built attack using metasploit. It is the most exciting experience for defenders when they see the attack all the way through the execution. One training component might be to switch people up on the team to see how they function in each role.