alt Hacker NewsSo as someone who runs and trains cyber incident response teams. Where a big focus is on MMTx and reducing chance for adversary breakout times. Which are gonna get worse thanks to AI. This paper was actually part of me calling the approach Formula One IR.
Specifically about getting people joining the IR to already have their assigned speciality and first moves ready to go and to begun, as a way to support the incident handler. There's really big benefits to studying the metrics of specific incidents you have to the minute by minute level. So much time saving to be made, accuracy to be enforced and duplication to be reduced.
You can find there's less time wasted in an incident dividing out jobs or lost go inevitable context switching to join the incident. There's already searches, people and clarity about what should mostly likely be done in the first few mins, even though the plan will change and details initially are probably scare. It's really effective and cuts MMTx down a huge amount.
Obviously then the handover itself is a vital part in IR to get done accurately and with speed. So that flows into all of the above. It's a really good paper for thinking through workflows
I must get around to writing it up some day.
It may also be relevant to study what in aviation is called MCC, Multi-Crew Cooperation. That's all about catching errors and making decisions under pressure as a team.
For example, two crew in the simulator, one as captain and the other as first officer, with some external resources like a dispatcher on the ground and air traffic control. The scenario is a flight over high terrain with zero visibility, the trainer then introduces a failure for example an engine fire with inability to maintain altitude.
You could as captain start making decisions immediately but you'll then loose the input of your FO and not optimally use the resources you have. Or you could start a long conversation together about what to do, but you would crash into a mountain (or burn) due to being too slow.
MCC is about how to get the team on the same page quickly, avoid tunnel vision and rushed wrong decisions, while being fast enough to deal with the problem. And making effective use of outside resources like air traffic contol. Of course it's quite aviation specific, but there are several concepts that work in other areas as well.