Crowdstrike RCA is out
In incident response, security and GRC I’ve often asked the question “How do we train people without the pain?”.
There’s no better teacher than experience. But sometimes that comes with trials and tribulations.
The longest time I spent managing an incident was 27hrs straight. The dark hours were spent in a meeting room where I had to keep waving my arm when the lights went off. That’s when you question career choices… Then you have to write a report afterwards. How do you teach people to respond to a security incident without them hitting the panic button for the ‘World’* or responding like keystone cops? Or even worse, not hitting the big red button when they need to? How do you teach somebody to respond to an audit or conduct an audit?
I’m not sure. I can work with my teams, but in general? If I knew I’d set-up a business.
I do know it’s vital to learn from others experiences. In these areas that’s tough because folk don’t talk. So when you do get access to a report - make sure your younger team members read it.
This is good for software and testing teams as well.
Kudos to the comedian who wondered if this was how the debrief went
*Exec