Everyone has a plan until they are cyber punched in the face! Or something like that!

People seem to have this misconception that you need to “do a pentest” or some other project based activity to do “security testing” or response planning.

Let’s be real here, you really don’t. But what you do need is a few things:

  1. Authorisation
  2. Time
  3. Some ideas for cyber incidents to plan for

To help people I’ve started to put together a really high level but simple aid to get people thinking about response planning. It fits in with my Plan 2 Fail workbook, the NCSC Exercise in a Box and well loads of other cool resources like these playbooks:

IRM/EN at main ยท certsocietegenerale/IRM (

However the key thing here is my slides ๐Ÿ˜‰ (no really they are just an aid, there’s loads of ways to go about this type of activity). Hopefully people find these useful.