Plays Incident Response
Maya Kaczorowski, Whitney Merrill
BSidesSF 2025 — Here Be Dragons · Day 1 · Main
Maya Kaczorowski and Whitney Merrill turned their BSidesSF session into a live incident response tabletop, walking the audience through a realistic vendor data breach scenario at a fictional fintech company. The exercise surfaced critical, often-overlooked practices: who can declare an incident, when to loop in legal counsel, how to communicate internally without inadvertently creating legal exposure, and what user notification actually requires.
AI review
Kaczorowski and Merrill ran a well-constructed live tabletop and the legal guidance from Merrill — don't say 'breach,' put communications under privilege immediately, recognize that counsel's questions are specific and immediate — is practical content that most engineers have never internalized. The format works. The material is primarily valuable for early-career practitioners.