Great Circle Waypoints Blog

Items of interest to Great Circle clients and friends

Why is it important to separate the Incident Commander and Tech Lead roles?

There are many roles in high-tech incident response, such as incident commander, tech lead, communications lead, subject matter expert, and so forth. Individuals often fill multiple roles simultaneously, especially in the early stages of an incident; generally, this is OK, and particular roles can be handed off to other individuals as more people join the response. However, in my experience with incident response at Google and elsewhere, having one person trying to act as both the incident commander (IC) and the tech lead (TL) is a recipe for trouble. […]

read more

What’s the most interesting question in a blameless postmortem?

“How did we get lucky?”

I find that this is often the most interesting section of an incident postmortem. In other words, what might have happened, but didn’t? What could have happened, that would have been worse? Incidents often open your eyes to new and frightening possibilities that you hadn’t previously considered, and the postmortem is a good place to explore them.

read more

How often should your engineers be on call?

In one of the Slack channels that I frequent, someone recently asked what a reasonable duty cycle was, for engineers in a 24/7 on-call rotation with a single digit number of pages per week. In other words, under those circumstances, is it reasonable for a given individual to be on call one week in three, one week in four, or what? At least according to Google SRE, it’s a lot less often than that. […]

read more

How to improve your incident response times

How do you measure and improve the effectiveness of your incident responses? You can start by looking at the times associated with your responses. You can set targets for these times, and evaluate how well a given incident response met your targets. Over multiple incidents, you may be able to identify trends, and take steps to tune your response methods based on those trends. In this blog post, learn what the key times are, and how to improve each of them. […]

read more

Senior managers, stop disrupting your team’s incident responses

“How do we keep senior managers from disrupting incident responses?” That audience question generated the strongest response last week at my workshop on Incident Command for IT at the fantastic USENIX SREcon18 Americas.

Senior management definitely has a critical role to play in incident response, but as soon as somebody asked that question, the room lit up; it seemed like all 200 people had tales to share about active incident responses that were inadvertently derailed by directors, executives, and other senior managers. It was clear that this was a significant source of frustration for incident responders and incident leaders in the room.

Incident management is about controlling chaos, and senior management can be a significant source of chaos during an incident, usually without meaning to be. Why is this so, and how can senior managers, incident leadership, and responders all work together to avoid this? […]

read more

Join Our List

Interested in thoughts and tips, future classes, upcoming events, and other tasty tidbits? Join our list! No spam; unsubscribe at any time.

Great Circle Associates, Inc.

www.greatcircle.com
info@greatcircle.com
International: +1 415 861 3588
USA Toll Free: 877 GRT CRCL