------------------------------------------------------------------------ systems require maintenance quotes wisdom notes projects patching window diet security anti-patterns ------------------------------------------------------------------------ [2024-01-06] > when dealing with an incident, ask "where would this be logged?" if you cant answer that there is a problem. Thats another thingi wrote down at the conference, but I think it was my own thought. Logging is important. but whats more important is having a person that knows things. Logs and alerts dont mean anything if nobody looks at them. ------------------------------------------------------------------------ [2024-01-06] "manual analysis requires domain knowledge and tool proficiency" heres a quote i heard from someone a few years ago at an Educause conference. I dont remember who said it and I dont remember the full context, but I wrote it down because I think there is a lot of wisdom there. This applies to incident response, but also general troubleshooting. You need to understand how things work. How your systems work, and how your org works. This takes time. So when you are getting new analysts, the question is, how can we speed that up? Use popular and accessible systems/tools. Open source is good for this. If you use an obscure, expensive, proprietary tool, good luck finding people with experience. Thats one reason i prefer open source stuff. A college student might have some experience messing around with open source tools because thats what is available to them. spreading org-specific knowledge is harder, but I think its important to take time to talk with other employees/departments about what they are doing. It takes time to build up that knowledge, but you can speed it up if you make an effort.