Lately I’ve been dealing with a lot of ransomware cases. And often our team runs into issues with the IT staff from the victim organization.

I think part of the problem is that they feel like their org has no faith in them when it comes to solving the problem. That they call you in the first place and they put you in charge over them. I wouldnt be happy if you would start telling my team what to do either.

Would not your team want to know what exactly happened and how? Do they have the expertise for that?

I wouldn't want someone from outside, who I don't know and doesn't know the network to come in during a crisis we're trying to solve and start telling my team what to do. I expect that person to discuss things with me and I'll decide what we do.

I might be wrong, but my understanding is that their job is not to tell you what to do, but rather do an investigation and produce a report, including, hopefully, some actionable recommendations on how to prevent/mitigate this class of problems.

Ah, my mistake. You're right. I thought they were third party incident responders.