Today’s incident response ain’t your grandfather’s IR. But the psychology surrounding it hasn’t changed an iota. This is precisely what Sam Rehman, EPAM’s Chief Information Security Officer and SVP, and Tab Bradshaw, Chief Operating Officer at Redpoint Cybersecurity, are talking about on this #SecurityByDesign conversation.

“It really comes down to the preparation piece,” says Bradshaw. It’s about being well prepared and asking: “How often do you prepare in your organization, at a technical level, at an executive level, to handle some sort of incident?”

Rehman agrees and says that he has clients wondering, “OK, so when am I done?” The perception is that being IR-ready is enough, he says. “That's not the case. It's a muscle. It's emotion. It's how you work. It's how you react to it.”

There are benefits to knowing the proper way to react. “A well-handled breach really builds credibility,” says Bradshaw, adding that the word “reasonable” is omnipresent in IR documentation. He says: “Reasonableness is not just about having a mitigation strategy.” It’s also about, say, practicing tabletop exercises. Regularly. So that when you’re asked about doing regular tabletop sessions, the answer is, as Bradshaw puts it: “Yes, we did it every quarter for the past five years. We feel like we're in a pretty good spot that if something happens, might not be perfect, but we think we have good preparation, consistent preparation, consistent practice, to your point, to respond to the incident when it does occur.”

Rehman says that security people are “used to having that sudden sense of violent impulse and urgency coming to us,” but what about the business leaders and everyone else in the organization? He asks Bradshaw about IR communication: “How do you guide the team through it, especially when everybody's thinking about, ‘Oh, am I gonna be on the news?’”Of the thousands of breaches Bradshaw and his team have responded to, for “a third, maybe half” of them, there is “some internal chaos at the client—and it's not because anybody's doing a bad thing.”

“It really comes down to what I call C-squared,” says Bradshaw, which is shorthand for “communication and coordination. Someone has to be the quarterback.”

Bradshaw says the chaos is about “a lack of preparation and testing.” A tabletop exercise needs to be a live fire exercise: “Doing it once a year is not good.” Too many organizations treat IR as a checklist, which is a mistake. He says: “It's a living, cross-functional discipline that evolves with the threat landscape externally, obviously, and also internally as people move.”

And so?

Get moving. Hit play and get ready.

Host: Lisa KocianEngineer: Kyp PilalasProducer: Ken Gordon