I’ll spare us both the statement about posting here more often in the new year, so that when I wind up not doing that, you don’t have to feel like you’re an accessory.
What I’m about to write about actually happened last fall – I had been watching my city’s CERT program webpage for a class I could attend, and I nearly didn’t go to this one because the full-scale exercise day was going to be the Saturday before Halloween. The Saturday before Halloween! One of the most critical pumpkin-carving and decoration-setting-up days of the year! But I had to buckle down if I wanted to get serious about this.
I didn’t tell the group this, because I thought it might immediately identify me as weird1, but I had been interested in attending one of these ever since I took my HSEEP (Homeland Security Exercise and Evaluation Program) class for work years ago. A lot of the framework for the program is around mobilizing groups of people who may not have any engagement at all with security planning – some of my classmates were, for example, people in charge of understanding emergency response plans for hospitals and then training staff and orchestrating practice exercises for them. This was pretty different from working in information security incident response, where I’m on a team full of people doing 24/7 monitoring and expecting to occasionally declare and run incidents. There’s also a FEMA podcast that I listened to a little of during this time that also talked about the importance of engaging local community groups to increase response capabilities through the use of free and available volunteer labor, so that’s how I wound up in my local CERT boot camp.
The all-day Saturday-before-Halloween exercise was the part I was most looking forward to because it would be the first exercise I participated in that wasn’t information security focused. Not only was it not at all information security focused, the instructors chose me to function as a team lead and so I had to oversee a team of five people to do a neighborhood assessment, light search, and injured-person triage and then lead a combined team of nine people to do rescue – in an organized manner, across a multi-level fire training tower, while handling radio communications and while the very kind and helpful volunteer disaster victims screamed in the background.
This gave me a few things to be grateful for regarding the usual state of the incidents I tend to handle in my day job.
I think at some point I’ll have some thoughts coalesce into a Viewpoint about things that information security people could take away from what I experienced and learned, but I’m not quite there yet. It’s something to do with the way that FEMA podcast talked about engaging local groups – not only is this a mobilizing force you can build up, but you have to first understand your neighborhood before you can do almost anything. It’s a little bit like the “security champion” angle that has become popular in certain circles now, but I think those are still missing…something. Look, I said it wasn’t coalesced yet.
In the meantime, I did sign up to be a part of the team that can be paged out in emergencies, and my work team very graciously rearranged things to cover for me when I was recently called to help look for a missing person and leave flyers with local businesses. It’s been really nice during the training class and refresher meetings to get to know people who live near me but that I absolutely would not have run into otherwise.
—–
- I know I *am* weird and it will always come out eventually, but I had enough first days of school to learn that maybe giving it a few weeks is a good call okay ↩︎
kerstyn.blog 
Leave a comment