Incident Response Episode Feedback
N
Nathan
Huntress… genuinely… what in the actual hell were you thinking with this month’s “Incident Response” training? These trainings are primarily targeted to end users, which is why I have so many questions.
First off, why on earth would an end user ever get a giant, flashing “CYBER INCIDENT” popup on their machine? Haven’t we spent the last decade drilling into people’s heads that big scary popups demanding action are literally the calling card of a scam? But sure, let’s undo all that.
Then we jump straight into “If you can’t reach IT immediately, feel free to sprint around the office in a full-blown panic.” Excellent advice.
But wait, there’s more. Since IT is apparently unreachable (probably because they’re off sipping piña coladas on a beach somewhere), the user should just go ahead and fix the cyber incident themselves. I mean, why not? They helped set up Grandma’s Roku in 2019. They’re basically a Tier 3 analyst.
And miraculously, they do resolve the incident. Incredible. Truly inspiring. Meanwhile, IT is still horizontal on a lounge chair.
Now that the crisis is over, it’s time for the pièce de résistance: dragging out that dusty USB stick they used to back up their department’s files sometime during the Obama administration and restoring those outdated files right back onto the company drive. Because that’s what they were taught. Time to restore. Boom. Done. Easy.
This video seems far better suited for targeted training within specific IT groups. Anything beyond that feels out of scope. Even providing it to middle management introduces confusion. Are they expected to test system availability? Should they be copying backups or moving files? These are not appropriate responsibilities for non technical staff, and presenting them as such encourages practices that are risky at best. This becomes especially concerning in small businesses where safeguards and separation of duties may not be as robust. A scenario where an office manager like Stan watches this video, decides “Facebook isn’t loading, we must be under attack,” and then starts powering off equipment because he once saw IT do something similar is not far fetched. The training encourages users to “take action,” which can easily be misinterpreted without proper context.
While the video initially frames the character as part of IT, that distinction is lost almost immediately. Within seconds, his role becomes ambiguous, and it’s never clearly reinforced that this training is intended for IT personnel. Without that clarity, the message risks being misunderstood and applied in ways that could create more problems than it solves.
J
Juderson Zhu
Hi Nathan, I've only just started watching the episodes from the SAT admin page as one of our clients asked me to send them a cheat sheet in what to look out for during our controlled phishing campaigns via Huntress. I thought the training should be self explanatory rather than requiring a cheat sheet as I've come from using something similar, Mimecast which were short videos with questions afterwards. To my surprise, these episode appear really lengthy to do. Seeing that you use this, can you tell me how long your users spend on these episodes? My assumption was that these were short videos and a few questions, but to my surprise are lengthy and with questions not related to the issue. I'm just looking out for my users because I don't want them to disconnect from this, it seems like brain rot material.
I also provided feedback and was wondering if you could add to it too?
https://feedback.huntress.com/security-awareness-training/p/needs-improvement-in-relevance-engagement-and-length-to-complete