Guest: Angelika Rohrer, Sr. Technical Program Manager , Cyber Security Response at Alphabet Topics: Incident response (IR) is by definition “reactive”, but ultimately incident prep determines your IR success. What are the broad areas where one needs to prepare? You have created a new framework for measuring how ready you are for an incident, what is the approach you took to create it? Can you elaborate on the core principles behind the Continuous Improvement (CI) Framework for incident response? Why is continuous improvement crucial for effective incident response, especially in cloud environments? Can’t you just make a playbook and use it? How to overcome the desire to focus on the easy metrics and go to more valuable ones? What do you think Google does best in this area? Can you share examples of how the CI Framework could have helped prevent or mitigate a real-world cloud security incident? How can other organizations practically implement the CI Framework to enhance their incident response capabilities after they read the paper? Resources: “How do you know you are "Ready  to Respond"? paper EP75 How We Scale Detection and Response at Google: Automation, Metrics, Toil EP103 Security Incident Response and Public Cloud - Exploring with Mandiant EP158 Ghostbusters for the Cloud: Who You Gonna Call for Cloud Forensics EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?