Incident Response Simulation - Operational Enlightenment

Had the pleasure of coordinating a deep IR Tabletop simulation recently and found it rewarding to see the live growth of the participants as their perspective expanded and understanding of their estate and operational nuances became known. I enhanced the simulation to include recent news, relevant file hashes, proper breadcrumbs if you will. Also exercised alternate communication pathways to evaluate reach and span of their security program across the organization. While some parties engaged were well prepared with an operational mindset, response plans within reach, some were less prepared due to role in the corporate function. These gaps are better identified and addressed during the simulation rather than adding to the pain of "live response".

Early on in my career I found that physically walking into the end user operational environment to be key to our success. Understanding their process, their nuances; like "why are you still running this million dollar glorified dishwasher on Windows NT 3.51."

Operational Enlightenment has proven time and again to be a foundation in filling security gaps. We cannot just cover things with policy or recommendations, we must address the deficiency identified in a repeatable and resilient approach that will withstand the next rebuild. Regularly simulating attacks and outages in your operating environment and growing your teams to understand the where, why, and how of your technology estate can change your outcome. Exercise your plan thoroughly and often! Reach out if I can ever be of help!

Shaun Drutar