Sign up to save your podcasts
Or
Share Sneha Regmi on Using Blameless Retros to Enable High-Pressure Decisions
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Sneha Regmi on Using Blameless Retros to Enable High-Pressure Decisions
Sneha Regmi, Director of Security Operations & Resilience Engineering at a major Financial Services organization, has an incident command framework that prioritizes scope and impact determination over immediate containment, even when executives are panicking. Her teams assign ownership in the first 60 seconds, then the lead verbalizes every decision and next three actions aloud, continuous narration that keeps stakeholders aligned and prevents chaos. She pulls subject matter experts into preliminary investigations early, building credibility to make time-sensitive calls later without second-guessing.
On insider threat, Sneha flips the standard monitoring-first approach. Her framework starts with prevention controls around business-critical systems, then layers detection only where prevention blocks legitimate work. Prevention without detection leaves blind spots; detection without prevention means everything looks normal until it's not. Her teams renamed the program from "insider threat" to "insider risk" after realizing the original framing damaged organizational trust.
Topics Discussed:
Assigning incident ownership within the first 60 seconds and verbalizing every decision to prevent stakeholder panic
Eliminating traditional tiered SOC structures in favor of engineering-enabled responders who write detections and handle incident response
Prioritizing scope and impact determination over immediate containment to avoid rushing decisions during high-pressure incidents
Building blameless retrospective practices that enable teams to make split-second decisions without fear during future critical situations
Implementing prevention-first insider threat frameworks around business-critical systems before layering detection controls
Pulling subject matter experts into preliminary investigations early to build credibility for time-sensitive containment decisions later
Managing security operations burnout by setting clear escalation criteria for weekend pages versus business-hours workflows
Leveraging AI and automation for alert backlog triage while reserving human decision-making for high-impact critical investigations
View all episodes
By Dropzone AISneha Regmi, Director of Security Operations & Resilience Engineering at a major Financial Services organization, has an incident command framework that prioritizes scope and impact determination over immediate containment, even when executives are panicking. Her teams assign ownership in the first 60 seconds, then the lead verbalizes every decision and next three actions aloud, continuous narration that keeps stakeholders aligned and prevents chaos. She pulls subject matter experts into preliminary investigations early, building credibility to make time-sensitive calls later without second-guessing.
On insider threat, Sneha flips the standard monitoring-first approach. Her framework starts with prevention controls around business-critical systems, then layers detection only where prevention blocks legitimate work. Prevention without detection leaves blind spots; detection without prevention means everything looks normal until it's not. Her teams renamed the program from "insider threat" to "insider risk" after realizing the original framing damaged organizational trust.
Topics Discussed:
Assigning incident ownership within the first 60 seconds and verbalizing every decision to prevent stakeholder panic
Eliminating traditional tiered SOC structures in favor of engineering-enabled responders who write detections and handle incident response
Prioritizing scope and impact determination over immediate containment to avoid rushing decisions during high-pressure incidents
Building blameless retrospective practices that enable teams to make split-second decisions without fear during future critical situations
Implementing prevention-first insider threat frameworks around business-critical systems before layering detection controls
Pulling subject matter experts into preliminary investigations early to build credibility for time-sensitive containment decisions later
Managing security operations burnout by setting clear escalation criteria for weekend pages versus business-hours workflows
Leveraging AI and automation for alert backlog triage while reserving human decision-making for high-impact critical investigations