Your All-Access Pass to Incident Response

August 23, 2017 | Bob Covello
X

Get the latest security news in your inbox.

Subscribe via Email

No thanks. Close this now.

Are you new in InfoSec? Perhaps you are not a newcomer, yet you find yourself wanting to have a greater role in the organization’s security functions. Too often, security operations are based on a need-to-know model, which shuts out many people who would love to know more so they can grow as security professionals.

The path to the need-to-know group is not an easy one, as it requires developing trust and showing that you have certain skills. Some organizations are very hesitant to allow you to show off your skills, especially while you are on their network. Others do not want the slightest hint that you have any hacker skills, worrying more about their liability in such matters rather than how those skills are useful to protect their interests. This is the odd line we walk as security professionals.

Have you considered other ways to break into the circle of trust? Consider the incident response process as an avenue. Many organizations either have, or are in the process of developing an incident response plan. The plan will contain the usual steps for addressing many of the events that will result in the invocation of the plan. If you are not familiar with incident response, now is a good time to learn about it from many of the available resources.

Each incident response plan consists of a team of first responders; the folks who identify an event and make a determination about whether that event rises to the level of a true incident. Once that is determined, various roles and responsibilities activate. This is where the folks who have to take action are set in motion to contain and eradicate the problem.

Part of the incident response process requires good note keeping. This is not the most glamorous of the incident response tasks, but it may be one of the most important, particularly in later stages of the recovery process and most notably when the event needs to be explained to people outside of the security team and in the post-mortem.

Are you up to the task of faithfully recording events, noting just the facts in an emotionally neutral way? This is the perfect opportunity to live out all of your Vulcan dreams, thinking purely logically to capture events. If ever there was a time to volunteer your untapped talent, it may be now.

How are your writing skills? Much of what you will do in this field will require good written and verbal communications. You don’t have to be a scholar; you just have to keep the thoughts clear, focused and consistent. Don’t be afraid to seek assistance from others on the team. They have a strong interest in the proper recording of any incident.

The incident response recording person is offered the equivalent of an all-access pass to the best show in town. It may not be the most fun show in town, as tensions can run very high when a security incident is unfolding. This is all the more reason to show off your ability to remain calm and take accurate account of the events. This could also be your ticket to a broader role on the security team in your organization.

Bob Covello

About the Author: Bob Covello, Guest Blogger
Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online.
Read more posts from Bob Covello ›

‹ BACK TO ALL BLOGS

Watch a Demo ›
GET PRICE FREE TRIAL