I took one of those Buzzfeed-type tests a while ago on Try Hack Me to determine if I would be better suited for Blue Team or Red Team. The questions were interesting, but after about the second one, I knew what the results were going to point towards. Not long after that, I was unpleasantly unsurprised to discover they suggested I pursue a role in Blue Team, more specifically in an Incident Responder or SOC role. I say “unpleasantly” primarily because our culture and Hollywood have drastically altered my perspective to believe that Red Team is the far “sexier” job field. I know it’s a dumb outlook, but it’s my natural tendency to think that way. I promise I’m working on it.
Besides all that though, it wasn’t surprising because I have quite a bit of experience in an incident responder role. Not specifically in that type of role, but since getting out of school, I feel like all of my jobs in some shape or another have been acting in a firefighter-type role. I wish I could say the construction and facilities world is well thought out and nothing ever goes wrong, but I’d be lying a lot. The type of “emergencies” I respond to have differed with time, but since I first started “really” working, I feel like it’s something I have always had a natural aptitude towards.
When I first started as an engineer, I was dropping everything and responding to a client’s needs. They tore a wall open during construction and found a completely different framing system than what we planned for, and they needed a fix right now to stay on schedule. A contractor needed to brace a building during construction before a hurricane approached. Drop everything else and spend the next two days on just that. My role changed with time, and I moved to a facilities management position. This new role brought its own challenges, and with time I found myself in two different roles involving incident management.
The first was leading a group in the event of a natural disaster. In our area, it was mainly for earthquakes but could involve chemical spills, fires, or other possible emergency incidents. The second was leading incident response teams in the event of facility incidents. These could range from power outages, water leaks, gas leaks, fallen trees, etc. Anything you could possibly imagine happening that could pause large operations that were unacceptable. Both positions were great, and it’s something that I feel I have a knack for.
When something goes wrong, I get a strong urge to want to do something, and more often than not, I tend to find myself in a leadership vacuum and want to step in. Don’t get me wrong, if there’s a plan in place and people in charge, my next inclination is to ask how I can help. My jobs have given me that opportunity multiple times, and even though it feels stressful, it’s something I genuinely enjoy doing. It’s exciting to step into an unknown scenario, weigh the factors and risks, and make what you hope is the best possible and most informed decision possible. Have I been wrong before? Oh yeah. But the times that I feel like I get it right are a fantastic feeling.
So, here’s my quick guide to emergency management. This isn’t set in stone, and if you asked me to recite it during an actual emergency, it would never line up with the original. But with all incidents, you have to have a certain amount of flexibility and the ability to adapt to the scenario and factors involved in it. So take it, change it to best suit you, and let me know if you have any of your own strategies.
- Evaluate the situation, risks, and possible unknowns.
- Know what you don’t know.
- Get people involved who know the things you don’t know, and seek their input.
- Make the most informed decision you possibly can with the information you have.
- Evaluate the outcome of the decision you made.
- If that didn’t fix the immediate or long-term problem, repeat steps 1-5 with the new information from the previous attempt.
- Once the situation has been resolved, perform an After-Action Plan ASAP.
Step 7 is crucial. I think it’s the most important step and should 100% be done as soon as possible with all stakeholders involved. This is the opportunity to ensure this incident doesn’t happen again, or if it does, that you’re well-prepared for it. Things go wrong—it happens. If you plan for them to go wrong, you’ll be much more prepared when they do. Expect the worst, prepare for the worst, and hope for the best.
I mainly bring up all this because I was just involved in one of these incidents earlier today. I wasn’t actually the Incident Manager but served as the SME on the incident. When the managing director needed an informed decision, I recalled what it’s like to be in their shoes and tried my best to give them the best information possible so that they could make the most informed decision they could. It really got me thinking that just because Blue Team isn’t as sexy and cool as Red Team doesn’t mean I wouldn’t be good at it or enjoy it. I enjoy the chaos of a good emergency. Not the best way to put it, but after some inner self-reflection, I think I’m definitely more open to the prospect of shifting some of my studying goals toward a more Blue Team orientation. There’s still lots to learn in both realms, and I’ll keep at it.
As always, thanks for reading, and I’ll catch you all later.
Thanks,
sgtiddlywink
