Golden Hour Trust

How to Create Empowerment Leadership in Your Incident Response Preparedness

The Golden Hour is the first operational period of an Incident Response that sets the tone and tempo for how the team (and organization) responds to a cyber event. We talked about the Cyber Curious Command Principles in the last post and walked through myriad important building blocks between Incident Command and Leadership. We left off with the all-important question about trust. Let’s dive deeper into the idea of trust and how that is the essential for the Golden Hour.

No incident can be successfully navigated without a strong leader. This has nothing to do with the title or place in the hierarchy of the organization for that Incident Commander. It has everything to do with becoming a leader without authority over the people you are leading in a challenging time. You are not the leader of the people; you are the leader of the incident. This requires the team to trust you to see them through the incident. So, how do we earn it?

Start with the understanding that trust is about other people; trust is not something you possess, it’s something you give to get. It’s about how you treat other people, how they feel in your company and how they are empowered by you. Trust is earned because it is transactional and must be exercised regularly.  

According to a great article in Harvard Business Review, Begin With Trust, empowerment leadership can be illustrated through what the authors call the Trust Triangle. A simple three-part recipe for earning trust—Authenticity, Logic and Empathy.

By following this triangle, we can trace where we may be experiencing a “trust wobble,” that is, where our balance may be creating an inequity in one of the three points of the triangle. We have special application of this triangle in cybersecurity where often the Logic element is blamed for the lack of leadership ability when in fact, Empathy seems to be where most fall into this wobble when it comes to this field. Here’s why –

Too often cyber leaders are faulted for not being technical enough to lead an incident. This is due to a combination of things including drive for diversity within leadership, lack of training, and lack of management training for technical managers. Regardless of the reasons, it’s the elephant in the room we have the acknowledge.

While knowledge of cyber incident response process and roles and responsibilities is important for an operational leader, the Incident Commander is not the team member actually doing the forensic investigation. They may not be the CISO, SOC leader or other person with the highest title. It really should not be the CEO. That’s not what an Incident Commander role is for. Yes, they need to know what tactical elements are, steps per operational phase, how to properly plan for Root Cause Analysis (RCA) and decisions that need to be made in order to carry out tactical actions to meet strategic objectives during the  response stages, and that is different than Logic of the Trust Triangle.

Logic within the Trust Triangle includes an ability to be a critical thinker. It includes an ability to ask the right questions, bring facts to bear on a given situation, and to rely on sound judgement of subject matter experts (SME). It doesn’t mean you personally have to be the only or the best SME in the group. This is where we often confuse Empathy in leadership. Empathy comes into play because we need to use our communication skills in bringing forward the SMEs who have the facts we need to make decisions as a team.

The most important part of communication is listening. If we’re thinking too much about what we want to say or acting upon the first sentence spoken, we are not truly listening, and our communication and leadership suffers as a result. People need us to hear them, appreciate what they are conveying (even  -or especially  - if we don’t agree or understand it) and to take responsibility for others. In IR, this translates to preparedness where the cross-functional team are heard and play a role in creating the templates and guidelines for the communication-coordination playbook.

Stress and crisis exponentially bring out underlying qualities and biases. Leadership (and trust) are no exception.

As previously discussed, Incident Response is mostly about what you’ve done to prepare for an incident before it happens. This is when you build your trust by demonstrating empathy and empowerment leadership with your cross-functional stakeholders. Build by empowering others. This creates trust and eases the tension during the crisis event by helping others find phycological safety in a stressful event.

Creating a Golden Hour template is the perfect place to start. Not only does it set up the team for success during the response, but it requires specific actions and elements that must be included in the communication-coordination playbook template. By empowering others to create and apply their learnings and requirements into this template, it helps to build trust and demonstrate your responsibility for others’ success when the crisis occurs.  Contact me for a free template that provides the full Golden Hour Communication-Coordinate Playbook requirements. Here’s a quick cheat sheet to start with:

1.       Detection Protocol

2.       Triage Team

3.       Define Call Discipline

4.       Essential Elements of Information Questionnaire

5.       Incident Action Plan Template

6.       Legal Guidance

7.       Communication Protocol

8.       Third-Party Protocol

9.       Escalation Procedures

10.   Coordination Tempo