Incident Response / Security Operations

Incident Response Runbooks & Tabletop Program

Created practical triage runbooks, severity guidance, escalation paths, and tabletop scenarios based on real operational gaps.

Incident ResponseRunbooksTabletop ExercisesSecurity Operations

Problem

No standardized triage process existed for security detections. Response quality depended on who was on-call, and critical evidence was sometimes lost during initial containment.

Constraints

Small team with rotating on-call, no dedicated SOC, need for documentation that junior responders could follow under pressure.

Approach

Developed detection-specific runbooks with clear severity criteria, escalation paths, and evidence preservation steps. Introduced tabletop exercises to validate the runbooks against realistic scenarios.

Outcome

Reduced incident response time by 40%, established consistent triage quality regardless of who was on-call, and created a repeatable exercise program for continuous improvement.

Tools

EDRSlackConfluencePagerDutyAWS CloudTrail

Key Highlights

Detection-specific triage runbooks
Severity matrix and escalation intake
Monthly tabletop / fire-drill concept
Emphasis on evidence preservation and repeatability
Built for small-team security operations

Details are intentionally sanitized to protect employer and client confidentiality.

← All Work Discuss Security Work