So basically the same approach the NTSB and similar organizations use for air crash investigations?

Yup, a culture of fixing what went wrong, not who screwed up. This includes the IT people with their customers incidentally- users who think they’ll be made to feel stupid or criticised by IT won’t call in issues early enough.

Importantly, they need to do this for years, and for all types of incident. If people see someone get fired over a typo which caused an outage, they will absolutely expect the same to happen over ransomware. Reputations: years to build, seconds to destroy.

Good managers create a learning culture where problems are analysed and solutions found that can be worked on as a team. Blame and punishment might work short term but are corrosive and stifle creativity and loyalty.

Yes so well said, Hal, and this approach helps stop toxicity levels from escalating, saving relationships and overall morale 🔥

That is sad😔

At least three or four orgs I’ve worked for were too toxic to be salvaged by this approach. But it would help a lot everywhere else and I don’t think it would ever hurt.

Ayer Hal hablaba de los problemas que encuentra cuando atiende ataques de ransomware. Me parecen muy sensatas las recomendaciones que hace para la gerencia que contrata a un proveedor de gestión de incidentes de ransomware

Cmon we all know there will be a scapegoat. It's been that way since late 80's and early 90's. Management will address the team, soc will address the team members.