Incident Response & Resilience
Be ready before it happens. Have someone in command when it does.
Most organizations find out their incident plan doesn't work in the middle of the incident. I help you build a plan that holds, rehearse it until it's instinct, and, when something does go wrong, take command and get you through it.
Where to start
The productized front doors into this practice.
Incidents aren't an if. A breach, an outage, a ransomware hit, a failed migration: at some point something goes badly wrong, and the only question is whether you're ready. Readiness isn't a document you bought once. It's a plan that fits your actual business, people who've practiced their roles, and a clear answer to "who's in charge when it happens." This practice covers all three, across the whole arc: prepare, rehearse, respond.
I've run technology under real pressure and owned the call when it counted. That's the experience behind every part of this. Not theory about incidents, but having been in them.
Prepare → Rehearse → Respond
Prepare: Incident Response Plan Development
When the alarm goes off is the worst time to figure out what to do. We build you an incident response plan that actually fits your organization: who does what, who decides, who gets called, how you communicate, how you recover. Not a generic template that looks reassuring and falls apart under pressure. A plan your people can actually follow when adrenaline is high and the clock is running.
Rehearse: Tabletop Exercise
A plan you've never practiced is a theory. We design and run tabletop exercises that put your team through a realistic scenario, a breach, a ransomware demand, a key system down, and walk through exactly how you'd respond, in the room, before it's real. It's where you find the gaps safely: the unclear ownership, the missing contact, the assumption that doesn't hold. Teams come out of a good tabletop genuinely readier, and often it's the moment leadership finally understands what an incident would actually demand of them.
Respond: Incident Response Coordination & Recovery
When something is actively going wrong, you need one person to take point: stabilize the situation, direct the right specialists, make the time-critical calls, keep leadership informed, and get you back on your feet. That's the role we step into. See Incident Response Coordination & Recovery.
An honest word on live response
We lead and coordinate incident response and bring in vetted specialist partners for deep forensic and technical work. We're not a 24/7 security operations center staffed around the clock, and we won't pretend to be. What we are is the accountable point of contact that takes command of your response and stays with it until you're recovered. If you need continuous around-the-clock monitoring, that's a managed-services arrangement we set up deliberately, with a real partner and a real service level behind it. See Fractional Leadership & Ongoing Advisory.
Who this is for
You're a leader who's realized that "we'll figure it out if it happens" isn't a plan. Maybe a peer just got hit and it got your attention. Maybe a customer or insurer is asking whether you have an incident response plan. Maybe you've lived through one and never want to be that unprepared again. Or maybe something is wrong right now, in which case, don't read, reach out.