alt Hacker NewsIt may also be relevant to study what in aviation is called MCC, Multi-Crew Cooperation. That's all about catching errors and making decisions under pressure as a team.
For example, two crew in the simulator, one as captain and the other as first officer, with some external resources like a dispatcher on the ground and air traffic control. The scenario is a flight over high terrain with zero visibility, the trainer then introduces a failure for example an engine fire with inability to maintain altitude.
You could as captain start making decisions immediately but you'll then loose the input of your FO and not optimally use the resources you have. Or you could start a long conversation together about what to do, but you would crash into a mountain (or burn) due to being too slow.
MCC is about how to get the team on the same page quickly, avoid tunnel vision and rushed wrong decisions, while being fast enough to deal with the problem. And making effective use of outside resources like air traffic contol. Of course it's quite aviation specific, but there are several concepts that work in other areas as well.
Yep totally. It's something I've incorporated. Especially where the main incident commander gets overwhelmed with decisions, tunnel vision or distraction. For example getting trapped into threat hunting rather than commanding.
I actually think most cyber incident responder training for the commander is pretty weak because it doesn't do a great job of instituting the stress element. Physical security training does it in a much better way. The result is the need to create custom stuff. Because some shitty off the shelf big vendor table top or similar ain't gonna do it.