Incident Response Management

Draft regulatory breach notifications and affected individual communications for GDPR, CCPA, HIPAA, and state law incidents. Produces compliant, timely notification documents for IR and legal teams.

Triage cybersecurity incidents by severity, classify attack vectors, and prioritize containment actions. Supports SOC analysts and IR teams during active security event response.

Guide digital forensics evidence collection, chain of custody documentation, and artifact preservation for cybersecurity incident investigations and legal proceedings.

Build detailed incident response playbooks for specific attack scenarios. Covers phishing, ransomware, insider threat, DDoS, and cloud compromise with step-by-step response workflows.

Investigate insider threat incidents including data theft, sabotage, and privilege abuse. Structure evidence collection, HR and legal coordination, and investigation documentation for security and HR teams.

Write internal and external communications for cybersecurity incidents. Produces executive briefings, press statements, customer notifications, and employee updates for IR and crisis communications teams.

Analyze malware incidents from detection through eradication. Document IOCs, assess persistence mechanisms, map MITRE ATT&CK TTPs, and guide removal and remediation for IR and SOC teams.

Conduct post-incident root cause analysis and produce PIR reports with contributing factors, timeline reconstruction, control failures, and remediation recommendations for security incidents.

Design threat containment strategies for active cybersecurity incidents. Advise on network segmentation, credential isolation, endpoint quarantine, and controlled detonation approaches for IR teams.