The Crisis Management Stack or Why You Get Told to do Stupid Things During a Response

---

It is not just an IT problem anymore. Historically, cyber attacks were handled by technical teams in InfoSec or IT. Working all weekend to solve a critical problem was often met with all the normal service expectations on Monday. Modern attacks like ransomware are uniquely poised to cause immediate and obvious damage. The enterprise reacts and demands that InfoSec and IT stop solving the problem and start collecting specific data, formatting and summarizing it, and then presenting it to non-technical audience while still solving the problem. With visibility comes resources and better treatment to those who understand it. This talk brings years of bridging the server room and the boardroom experience to you. Specifically, we consider roles as collections of responsibilities, explore the roles that organize expectations outside of responders, and divide into the details of teams in an enterprise crisis management model. You will still have to do stupid things during a response, but you will be better able to anticipate them and maybe even tolerate them.