Episode 65

full
Published on:

19th Feb 2025

Inside Incident Response: Turning Chaos into Cohesive Teamwork

Our latest episode brings in security expert Iain Pye, who shares military tales with me, your host James Rees, about what really happens when everything goes wrong. We get stuck into the nitty-gritty of incident response - the sleepless nights, the pressure from executives, and how to keep your team going when they're running on fumes. 

From ransomware attacks to system meltdowns, we chat about war games and escape room scenarios, exploring how organisations can build proper resilience rather than just ticking compliance boxes. We dig into why most incident response plans gather dust in drawers and what happens when you actually need to use them. Ian brings a refreshing military perspective to corporate incident management, showing how battlefield experience translates surprisingly well to handling information security crises. 

Whether you're dealing with compromised systems or insider threats, this episode packs practical wisdom for those moments when everything falls apart.

3 Key Talking Points and Reasons to Listen:

  1. Building Resilience Through War Games: Discover why military-style drills and wargaming are crucial for effective incident response. Iain and I explore how regular team exercises - from realistic ransomware scenarios to creative "zombie apocalypse" simulations - help build the muscle memory and team dynamics needed when real crises hit. We share practical examples of how to run these exercises effectively.
  2. Managing Team Stress in a Crisis: Learn the critical importance of managing your team during long running incidents. We break down the practical aspects often overlooked in incident response plans - from implementing proper shift patterns to ensuring your team stays fed, rested and functional during multi day crises. Find out why pushing your team to exhaustion is a recipe for disaster.
  3. Turning Incidents into Improvements: Understand why post-incident analysis is where the real value lies. We discuss how to turn incident learnings into actionable improvements, including how to leverage serious incidents to secure necessary budget improvements. Learn why the "five whys" methodology is essential for preventing future incidents and strengthening your security posture.


On building muscle memory through repeated training: 

"It's drills essentially. It’s doing the same thing over and over again and having that natural reaction. So you train your body - your mind, essentially - so if the proverbial poo does hit the fan,  you can react in the right way and in accordance with what your SOPs [Standard Operating Procedures] might be."

Iain Pye


Listen to this episode on your favourite podcasting platform: https://razorwire.captivate.fm/listen


In this episode, we covered the following topics:

  • Military Training for Incident Response: Learn how military-style drills can transform your team's ability to handle high-pressure security incidents with confidence and precision.
  • Importance of Incident Response in Infosec: Master the essential skill of incident response and protect your organisation from data breaches and ransomware attacks effectively.
  • Human Reactions to Emergencies: Discover practical techniques to keep your team calm and focused when emergencies strike, avoiding costly panic-driven mistakes.
  • Role of Team Trust: Build unshakeable team trust that enables swift, coordinated responses during critical incidents.
  • Communication During Incidents: Develop clear communication strategies that keep stakeholders informed and confident during crisis situations.
  • War Games for Preparation: Create engaging war games and scenarios that prepare your team for real world incidents while building stronger team dynamics.
  • Impact of Incident Stress on Teams: Protect your team from burnout during long-running incidents with proven strategies for managing stress and fatigue.
  • Lessons Learned Post-Incident: Turn every incident into an opportunity for improvement by conducting effective post-incident reviews that actually strengthen your security.
  • Importance of Documentation and Reporting: Create documentation and reports that drive real change and secure essential resources for your security programme.
  • Scenario Planning for Various Risks: Build comprehensive scenario plans that prepare your organisation for any crisis, from common incidents to worst case scenarios.


Connect with your host James Rees

Hello, I am James Rees, the host of the Razorwire podcast. This podcast brings you insights from leading cyber security professionals who dedicate their careers to making a hacker’s life that much more difficult.

Our guests bring you experience and expertise from a range of disciplines and from different career stages. We give you various viewpoints for improving your cyber security – from seasoned professionals with years of experience, triumphs and lessons learned under their belt, to those in relatively early stages of their careers offering fresh eyes and new insights.

With new episodes every other Wednesday, Razorwire is a podcast for cyber security enthusiasts and professionals providing insights, news and fresh ideas on protecting your organisation from hackers.


For more information about us or if you have any questions you would like us to discuss email podcast@razorthorn.com.

If you need consultation, visit www.razorthorn.com, We give our clients a personalised, integrated approach to information security, driven by our belief in quality and discretion.


Linkedin: Razorthorn Security

Youtube: Razorthorn Security

Twitter:   @RazorThornLTD

Website: www.razorthorn.com


All rights reserved. © Razorthorn Security LTD 2025



This podcast uses the following third-party services for analysis:

OP3 - https://op3.dev/privacy
All Episodes Previous Episode

Listen for free

Show artwork for Razorwire Cyber Security

About the Podcast

Razorwire Cyber Security
The Podcast For Cyber Security Professionals
Welcome to the Razorwire podcast where we share information, best practices and up to date news in cyber security and infosec.

Our mission is to help you become a better cyber security professional and support our vision of creating an agile community of cyber professionals who are stronger than ever before.

This show is first and foremost about sharing knowledge and benefiting from collaboration. We bring you the advice and wisdom of both your host, James Rees, and his guests to build on the strength and depth of your own knowledge and experience.

Your host James Rees is an information security veteran with over 25 years of industry experience and is the founder of Razorthorn Security, delivering expert security consultancy and testing services on a day to day basis to some of the largest and most influential organisations in the world, including many in the Fortune 500.

The Razorwire podcast is for cyber security professionals looking for new ideas and the drive to improve their response to cyber security events. Through collaboration, we can strengthen our defences.

For more information about us or if you have any questions you would like us to discuss on the podcast email podcast@razorthorn.com or head to www.razorthorn.com