Back from vacation with rested wisdom (hopefully).
Learned a few things about outdoor recrecation that, of course, extend to #cybersecurity.
Kayaks look quite stable but are exceptionally easy to tip.
Horseplay between my sons demonstrated that, as the younger smaller one looked quite surprised when his prodding paddle flipped his very tall, substantial, very strong brother’s kayak.
And then it was an incident. We’d only sorta planned for it – no money or electronics on any of us. Heading back toward the breakwater and wearing our life jackets. In the moment it was:
🛶Assess -> What do we have? What do we know? Any urgent risks? What’s the next right step? (What was the plan again?)
🛶Early actions based on assessment: Retrieve paddle and kayak. Calm angry boy. Exude patience.
🛶Present kayak to boy and encourage and help him to reseat himself within it.
🛶Breathe and recap when objectives are complete. Plan a retrospective for later.
The physical risks were few. The relational tension was…yowzers. Glad to have been a dispassionate third party there. Took some time and mediation to fix the air between them.
What in your cybersecurity risk-based plans that seems stable because it “always has been” but might tip into an incident, even a small one like this? Incidents are like icebergs. There’s always more to them.
Find a way to keep your metaphorical paddle.
We have some shoes to replace. $$$