Hacker News new | past | comments | ask | show | jobs | submit login
The things we find hardest in incident response (incident.io)
20 points by sjwhitworth 12 days ago | hide | past | favorite | 1 comment

"Let folks know why you’ve joined, how you can help, and that you're taking 5 mins to get up to speed. Don’t be afraid to put the brakes on the response and ask literally everyone to provide an update on what they’re seeing, what they’re doing and what they need."

This might be the most important bit of advice here; the corollary is barely mentioned at the end, and deserves more discussion:

When you think you know what's going on, what's caused it and how to fix it, recap your evidence and argument and make sure that if the group has been uncovering evidence against that hypothesis, you don't ignore it. Few incidents will be made much worse off by a five minute delay in applying the right fix; there's no end of the trouble you can get into by applying a terrible fix.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact