David Bianco (twitter) ends a year-long break by posting a great piece on “Why your CIRT should fail!” David talks about tackling the natural biases that may form when investigating incidents, specifically by having a diverse team.
I like to remember my days in hard sciences back in college. You didn’t do experiments to necessarily prove every hypothesis you made. A vast majority of your experiments were failures that you learned from. We learn the most from failures (mistakes, being wrong…), failure is inevitable, and failure is often unpredictable.