Purplecon 2019 kirk, incident response drills: how to play games and get good, https://purplecon.nz/talks#kirk, https://www.youtube.com/watch?v=-8BeooqxuAo&list=PLS45xFo74VF546tbfXXtKDO03cVrAalM6&index=7&t=0s
computers are exceptionally good at taking instructions and making very fast, very precise mistakes very reliably. humans are conceptually similar but interpret their inputs and decide on courses of action based on experience. preperation and rehearsal for messy, no-notice events that are definitely (hopefuly) not business as usual makes us more chill for when something (production) does go down due to novel (gremlins) issues. incident responders should practice for sensitive and time-critical events before they happen so they are able to return things to a safe and stable state with grace and aplomb. this talk is for team leaders or security program owners interested in the craft of using incident response exercises to develop their people. we will learn how these synthetic experiences can be devised against specific environments and standards with measurable outcomes. finally we will cover ways to easily scale difficulty and iteratively improve your exercise program.
- How to get from a bad place to a good place
- think about it in advance, perhaps?
- like fire drills, earthquake drills etc
- practice, because real events add real stress on top of the job
- Check Maslow's learning hierarchy
- Telling war stories explicitly passes knowledge on to juniors
- mentoring/coaching is a better structure though
- making exercises “engaging” helps
- “Zombie Preparedness” programme worked
- Being an RPG DM is great preparation
- qv Cathy/TradeMe's similar RPG talk