“Containment first. Recovery second. Adaptation third. In that order.”
A confirmed incident is active and the clock is on. You execute the response in order, contain, recover, adapt, drawing on the focus and the resilience measures you built across the missions. Then you close the loop and capture the lesson.
OBJECTIVES
Mission Five of five. Six objectives, in the order you build them. Each marker below also tags the work that builds toward it.
| Marker | LABS | KSAT | Statement |
|---|---|---|---|
| L1 | (L)EARN | Knowledge | Know the response order and why it holds: contain stops the bleed, recover returns the platform to nominal, adapt stops the next one. |
| L2 | (L)EARN | Knowledge | Know the coordination pattern under pressure: the lead names the action, ops repeats it back, executes, and reports complete. |
| A1 | (A)PPLY | Skill | Execute containment and recovery for your role using the resilience measures you already have. |
| A2 | (A)PPLY | Skill | Sequence a response so recovery never starts before containment is complete. |
| B1 | (B)UILD | Ability | Close the loop on a live incident: contain, recover, and name one adaptation that would have prevented it. |
| S1 | (S)IMULATE | Task | Run a contain-recover-adapt response under time pressure on the platform, and work the scored in-platform objective. |
MISSION ROADMAP
HOW YOU RESPOND
A confirmed incident is active and the clock is on. You respond in order: contain, then recover, then adapt. Here is what each role does, drawing on the playbooks and resilience measures you already have.
Focus: sequence and authorize.
- · Hold the contain, recover, adapt order
- · Authorize every action
- · Report to the mission leader at each stage
- · Name the one change to adapt

Focus: execute on the bus.
- · Contain: drop the compromised ground station, cut the path
- · Recover: restore on a clean credential
- · Confirm telemetry is nominal
- · Report each step complete

Focus: execute on the payload.
- · Contain: pause the affected tasking
- · Recover: restore capture and downlink
- · Confirm product is nominal
- · Report each step complete

YOUR MISSION OBJECTIVE & QUESTIONS
You execute the response, then close the loop. Inside the Zendir operator platform you work a mission objective and answer ten fixed questions. The platform scores your answers, so this is operational skill validation, not a quiz. The final objective and questions are confirmed with Zendir.
Contain and recover from the confirmed incident with real operator actions, then close with an after-action.
Orbit: MEO · ~2,222 km · 70° inclination
Ground stations: Tokyo, Anchorage, Houston, Lima, Santiago
Tasking: Respond and recover under confirmed adversary activity
NOTE · Fixed questions, answered and scored in the Zendir platform as operational skill validation.
FROM THE FLOOR TO THE FRONT LINES
This work is not meant to stay on the operations floor. Take your after-action record back to your organization and start the work there. It is how you bring Security Operations, Satellite Operations, and Satellite Design and Engineering onto the same page.
Walk your after-action record off the operations floor and into your own operations. Start this work with your team when you get back.
COURSE COMPLETE.
You began without a shared vocabulary. You now hold an incident-response plan, three role playbooks, two briefing sheets, every detection report, and a live after-action, each a PDF you take into the real world where what you practiced here becomes real impact.
More than that, you trained against a Malware Information Sharing Platform (MISP) taxonomy and the information-sharing posture of the Space Information Sharing and Analysis Center. Space collective defense is not waiting on more training, it is waiting on more participating teams, and you are one. Remember the role: you do not have to be the expert in every console or signature. Security Operations, Satellite Operations, and Satellite Design & Engineering may come from different organizations, and the Full Spectrum professional is the one who builds the cross-functional team across them and gives it one shared language.