In my capacity as a Fractional CISO, and throughout my years as a permanent CISO, I have written, reviewed, audited, adapted, and rehearsed countless cybersecurity incident management plans. I have been involved in more incidents than I can count—some minor, some significant, and some truly catastrophic. I have seen first-hand what happens when a company is unprepared. I have witnessed mistakes made under pressure, the fallout of rushed decisions driven by executives demanding immediate answers, and the very human cost of an organisation scrambling in the dark when an incident unfolds.
Recently, while reviewing and rewriting an incident response plan for a client, I started thinking back to base principles. My mind went to the Agile Manifesto (agilemanifesto.org) and the Threat Modelling Manifesto (threatmodelingmanifesto.org), both of which took complex topics and distilled them into guiding principles that have shaped entire industries. This inspired me to do the same for cybersecurity incidents.
And so, I wrote The Cybersecurity Incident Manifesto (thecybersecurityincidentmanifesto.org).
This is not a finished, polished framework. It is a starting point—a call to arms for the security leadership community to step back, challenge our assumptions, and align on what truly matters when responding to cyber incidents. I have published it as a draft, open to feedback via this public GitHub repo, with the aim of refining it collaboratively. The ultimate goal is for this to be a useful tool—one that helps organisations shape their cyber incident response strategies, communicate effectively with executives, customers, and investors, and establish a set of core principles that serve as a foundation for effective incident management.
I welcome thoughts, feedback, and contributions. If this resonates with you, I encourage you to read, share, and join the discussion. Cybersecurity incidents are inevitable, but how we respond defines our resilience.
This work is licensed under a Creative Commons Attribution 4.0 International Licence: https://creativecommons.org/licenses/by/4.0/
#CyberSecurity #IncidentResponse #CISO #SecurityLeadership #TheCybersecurityIncidentManifesto