Japanese Manufacturing,
Killer Robots, & Effective
Incident Handling
With Scott & Kevin
Slide 2
Slide 2 text
Introduction
- Who We Are
- What We’re About
- What We’re Gonna Share
Slide 3
Slide 3 text
Who We Are?
Kevin aka @bfist
Response Lead @ Heroku
Scott aka @sroberts
SIRT Lead @ GitHub
FOR578 Instructor
Slide 4
Slide 4 text
WHAT WE’RE ABOUT?
MAKING INCIDENT RESPONSE MORE
EFFICIENT WITH SCIENCE ENGINEERING
Slide 5
Slide 5 text
WHAT WE’RE GONNA SHARE?
A LOW COST, COLLABORATIVE METHOD FOR MANAGING COMMON
INCIDENT RESPONSE WORKFLOWS
Slide 6
Slide 6 text
You’ve Got 99
Problems
- Moving up the Maturity Model
- Enable multiple responders
- Provide easy to comms to
stakeholders
- Incidents come in waves
- You’re poor and have no $$$
Slide 7
Slide 7 text
Project Management
Slide 8
Slide 8 text
JIT
(Just In Time)
- Management Theory from
Toyota
- Create as Needed/Not as
Planned
- Limits Inventory
- Lots of IR Parallels
Slide 9
Slide 9 text
Introduction to
Kanban
- A factory floor level
production management tool
- Spatial representation of tasks
through a series of phases
- Adapted to multiple non-
manufacturing industries
Slide 10
Slide 10 text
Introduction to Kanban
Slide 11
Slide 11 text
No content
Slide 12
Slide 12 text
No content
Slide 13
Slide 13 text
Useful For..
- Short Term (JIT) Tasks Around
Incidents
- Long Term Management Task
for Projects & Continuous
Output
Slide 14
Slide 14 text
Warning
We use the same tool (Kanban)
BUT…
We use kanban very differently
(And that’s cool!!!)
Slide 15
Slide 15 text
Example
Slide 16
Slide 16 text
Platforms:
GitHub Projects
- Notes, artifacts, and boards in
one place
- Assign cards to people
- Easy API
- No Built In Templating
Slide 17
Slide 17 text
GitHub Projects
Slide 18
Slide 18 text
Platforms:
Trello
- Kanban is their main product
- Full featured GUI
- Card based discussions
- Attachable Files
- Many Integrations
- Mature API
Slide 19
Slide 19 text
Trello
Slide 20
Slide 20 text
Incident Stages
- Preparation. } Built Here
- Identification
- Containment
- Eradication
- Recovery
- Lessons Learned
}
Helps Here
Slide 21
Slide 21 text
Preparation
- Build template Kanban boards
for common incidents
- Start with a column for basic
information sharing
- Do you have things that need
to be done in every incident?
Slide 22
Slide 22 text
Other Stages
- Create a column for
containment, eradication, and
recovery tasks.
- Do you need to roll creds for
this incident?
- Do you need to revoke
hardware tokens?
Slide 23
Slide 23 text
Example:
Malware
Incident
Slide 24
Slide 24 text
Lessons Learned
- Create a column for lessons
learned
- Dumping ground for the retro
Slide 25
Slide 25 text
Meat &
Potatoes
(And Simplicity)
- 3 Columns
- In Progress
- Done
- Canceled
- Assign People to Tasks
- Canceled cards should have an
explanation
Slide 26
Slide 26 text
Example
Slide 27
Slide 27 text
Example: Lost/Stolen Laptop
Slide 28
Slide 28 text
Workflows:
System Triage
- New
- Live Response Requested
- Live Response Received
- Analyzed
- Remediated
- Returned