Along the same vein as Execution, a bloated and esoteric incident response plan encumbers training of the team. LEO’s framework compartmentalizes the important knowledge sections of the plan, as related to each discipline. This not only accelerates time to certification, but it also provides better training experiences, and makes it easier for a team member to maintain subject proficiency. In addition, connected compartmentalization helps train on changes that percolate through the plan.


Under the constraining timeframes of today’s breach notification laws, team members must have a full command of the company’s response plan and their individual roles on the incident response team. LEO’s incident response framework facilitates training by decoupling relevant training information from the overarching plan, instead placing it in a separate discipline-controlled document that is compact and easy to review. Each discipline has its own training manual. LEO advocates a certification process that ensures the team member has read and understands relevant procedures and directives, both for his/her team and others. Though it sounds daunting, entire teams can be certified in just a few hours under this program. The results of employing certified team members during company incident response exercises are apparent, improving the overall simulation experience as well as the quality of training. It also boosts team morale.


LEO is a seasoned team of cyber trailblazers and creative practitioners who have the deep experience and operational knowledge to combat the cyber skills gap. From information security program / policy development to virtual security experts to on-demand threat hunting and response, LEO delivers tailored security solutions to your organization through creativity, experience, and commitment.


  • Please complete the following form and one of our team members will get back to you as soon as possible.