picking up the pieces
play

Picking up the pieces A guide to Post Incident Review @kleeut - PowerPoint PPT Presentation

Jan 29, 2024 •249 likes •767 views

Picking up the pieces A guide to Post Incident Review @kleeut Picking up the pieces A guide to Post Incident Review @kleeut Klee Thomas Clean code enthusiast Code Crafuer Lover of stupid shirts Organiser of Newcastle Coders Group Senior

  1. Picking up the pieces A guide to Post Incident Review @kleeut

  2. Picking up the pieces A guide to Post Incident Review @kleeut

  3. Klee Thomas Clean code enthusiast Code Crafuer Lover of stupid shirts Organiser of Newcastle Coders Group Senior Sofuware Developer at nib health funds @kleeut @kleeut

  4. Agile Pairing Clean Code TDD Dev Ops Continuous Integration Continuous Delivery Etc @kleeut @kleeut

  5. Something is going to go wrong Our customers expect more from our sofuware We are building systems that are more complicated and complex. @kleeut @kleeut

  6. Cynefin Complex Complicated Chaotic Simple @kleeut @kleeut

  7. Something is going to go wrong Our workforce is more and more transient. Something is going to go wrong. @kleeut

  8. Create a prepared culture @kleeut

  9. Post Incident Review (PIR) @kleeut @kleeut

  10. Analysis of an incident Exposing Reflection on: What happened ● What went wrong ● How we responded ● How we can improve ● @kleeut @kleeut

  11. The Flow of an incident @kleeut @kleeut

  12. Something is going wrong Fix it Back to work @kleeut @kleeut

  13. Something is going wrong Fix it Back to work @kleeut @kleeut

  14. Incident Life Cycle @kleeut

  15. Detection Response Readiness Resolution Analysis @kleeut @kleeut

  16. Detection Response Readiness Resolution Analysis Analysis @kleeut @kleeut

  17. When to run a PIR As soon as possible @kleeut

  18. As Soon As Possible Memory fades We make fake memories Within 2 days of resolution @kleeut

  19. Regularly Do this for large and small incidents We learn more about the weaknesses in our system We get practice at running reviews. @kleeut

  20. Path to great Post Incident Review @kleeut

  21. Example Something is Customers stopped being able to access https://klees-example.com. going wrong Ops added more disk space to the virtual machine. Fix it Ops rebooted the server. Customer requests went back to being fulfilled. Back to work Back to work @kleeut

  22. Root Cause Analysis @kleeut @kleeut

  23. 5 Whys A great technique for Root Cause analysis Get beyond the immediate answer Just keep asking “Why?” @kleeut @kleeut

  24. Why did the site go down? • No disk space. • No disk space. Why? Why? • Too many logs • Nobody added more space Why? Why? • No log rolling • We didnt know space was low Why? Why? • Using a custom log manager • Bill turned off alerts Why? Why? • John didnt want another • Too many alerts over night dependency @kleeut

  25. 5 Whys - problems No repeatable outcome Root Cause analysis can lead to blaming an individual. @kleeut

  26. Blame Blame is natural and human Blame happens when we’re in pain Blame leads to fear Fear leads to hiding/misrepresenting facts @kleeut @kleeut

  27. Blame If you dont blame a successful product launch on one person, why would you blame a failure on one person? @kleeut @kleeut

  28. Don’t blame the person Blame the process, not the people - Edward Deming @kleeut

  29. “ The Prime Directive “ Regardless of what we discover, we understand and truly believe that everyone did the best job they could, given what they knew at the time, their skills and abilities, the resources available, and the situation at hand. @kleeut @kleeut -Norm Kerth, Project Retrospectives: A Handbook for Team Review

  30. Contributing factors @kleeut

  31. Ishikawa / Fishbone / Cause & Efgect Diagram Primary Causes Secondary Causes Problem @kleeut

  32. Categories 6 “M”s - Manufacturing 8 P’s - Product Marketing Machines Product Methods Price Materials Promotion Mind (People) Place Measurement Process People Physical Evidence Performance @kleeut

  33. Ishikawa / Fishbone / Cause & Efgect Diagram Monitoring Methods People Problem Code Systems @kleeut

  34. Ishikawa / Fishbone / Cause & Efgect Diagram Monitoring Methods People Oncall person Inadequate hard to reach alerting Inadequate Klees-example checking of stopped serving Disk server Uptime requests Not enough disk Too Many logs Code Systems @kleeut

  35. Heuristics/Bias • Subconcious • Problem solving shortcuts • Save time • Make things more important than they are • Risk ignoring valuable learnings @kleeut

  36. Bias Anchoring - The first piece of evidence is the most relevant Availability - I can think of it therefore it’s true Confirmation - Just because the outcome was good doesn’t mean it was a good decision @kleeut

  37. Bias Hindsight - The answer is obvious... If you know the answer Outcome - Could of, should of, why didn’t Bandwagon Effect - Getting swept up in the crowd @kleeut

  38. How I run a PIR @kleeut @kleeut

  39. “ The Prime Directive “ Regardless of what we discover, we understand and truly believe that everyone did the best job they could, given what they knew at the time, their skills and abilities, the resources available, and the situation at hand. @kleeut @kleeut -Norm Kerth, Project Retrospectives: A Handbook for Team Review

  40. Summary Incident TL;DR; Outline what happened What was the resolution @kleeut

  41. What happened Objective Timeline Multiple points of view • People Involved • Automated Systems • Chat Logs @kleeut

  42. Elaborate Don’t hide what happened • What happened • What did we do Don’t ask why X happened • ask how it happened • what factors informed the decision @kleeut

  43. Key Metrics Who was involved • Incident Commander • Contributors Time to Acknowledge: Time to Recover: Elapsed Time in each phase (Detection, Response, Remediation) Severity: (e.g. fatal, critical, moderate, low, false alarm) @kleeut

  44. Example Summary: On January 13 klees-example.com stopped serving requests. We were able to get it back on line within 20 minutes by allocating more disk space to the server. @kleeut

  45. Timeline 2019-01-12 23:30 - Logs show Disk utilisation passes 90 % 2019-01-13 09:30 - Logs show 503 responses start occuring in the routers 2019-01-13 09:35 - Logs show No 200 responses in routers at all 2019-01-13 09:40 - Customer calls service desk 2019-01-13 09:41 - Service desk contacts dev via Slack 2019-01-13 09:43 - Devs refer to Ops via Slack 2019-01-13 09:45 - Ops identify 100% disk usage on vmke01 2019-01-13 09:46 - Ops increase virtual disk space by 15% 2019-01-13 09:47 - Ops restart server 2019-01-13 09:49 - Logs show 200 responses in routers @kleeut

  46. Who was involved • @Jane, @Bill, @Fred Time to Acknowledge: 11 minutes Time to Recover: 20 Minutes Elapsed Time in each phase: • Detection: 11 Minutes, • Response: 3 Minutes, • Remediation: 4 Minutes Severity: Fatal @kleeut

  47. What went well? For all the bad stuff something must have gone well. Look at all the phases. How can you be more ready @kleeut

  48. What could we improve? There are going to be areas that didn’t work so well. Be aware of blame. • Understand what lead to actions. • Identify processes that may have failed or been missing. Look at all the phases How can you be more ready @kleeut

  49. Action Items Document them as they come up ( Parking Lot ) Small or large, Immediate and long term Commit to some, but not necessarily all. Add them to your issue trackers, Assign them Feed back into all stages of the life cycle. @kleeut

  50. Overview The incident lifecycle: Detection -> Response -> Remediation -> Analysis -> Readiness. Avoid blame with an objective and honest timeline of events Identify what went well and what went poorly Track your actions Run reviews ofuen even on small things @kleeut

  51. Klee Thomas @kleeut @kleeut

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

(Aster)-picking through the pieces of short URL services An investigation into the maliciousness

(Aster)-picking through the pieces of short URL services An investigation into the maliciousness

(Aster)-picking through the pieces of short URL services An investigation into the maliciousness of short URLs Robert Diepeveen & Peter Boers 2016 Motivation Obfuscation Brute force Uniform sample Contributions:

640 views • 22 slides
Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu

Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu

LSE, March 2010 Adapting to Climate Change (within a new economic framework) Picking up the pieces Todays menu Introduction Economic Context Climate Context Solutions & Pathways to Scale Who? 1 Who, what, why

680 views • 42 slides
Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy?

Picking the Low- -Hanging Fruit: Hanging Fruit: Picking the Low Saving Money and Energy? Energy? Saving Money and Robert K. Kaufmann Disrupting the Status Quo in Electric Energy Management: A Systems Approach to a Sustainable Energy

500 views • 6 slides
Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve

Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve

Warehouse Operations Pallet Rack Replenish Block Stacking (20 lanes) Forward Picking Reserve A-Frame Horizontal Storage Order Bin Shelving and Dispenser Carousel Picking Storage Drawers Order Picking (2 pods) Double-Deep Pallet

238 views • 20 slides
Shaping the Future of Warehouse Operations Dr Tony McVeigh MORE WITH LESS ! 2 ORDER PICKING 3

Shaping the Future of Warehouse Operations Dr Tony McVeigh MORE WITH LESS ! 2 ORDER PICKING 3

The Role of Analytics in Shaping the Future of Warehouse Operations Dr Tony McVeigh MORE WITH LESS ! 2 ORDER PICKING 3 Order Picking Half of the order pickers time is spent on traveling * The retrieval of items from storage in

404 views • 28 slides
RIG THE PERFECT ANGLE EVERY TIME Two picking arms each with five adjustment holes make

RIG THE PERFECT ANGLE EVERY TIME Two picking arms each with five adjustment holes make

RIG THE PERFECT ANGLE EVERY TIME Two picking arms each with five adjustment holes make it easy. NEW! MULTI ROLLERS Picking arms have Unlimited configuration 8 of adjustment. opportunities Extra deep sidewalls Made of

472 views • 3 slides
Exploring a Multi-Sensor Picking Process in the Future Warehouse Alexander Diete September 9,

Exploring a Multi-Sensor Picking Process in the Future Warehouse Alexander Diete September 9,

Exploring a Multi-Sensor Picking Process in the Future Warehouse Alexander Diete September 9, 2016 University of Mannheim About the project Problem Figure 1: Picking process in warehouses 1 Idea Use sensors and video data to enhance the

624 views • 26 slides
Look for pieces with the most character. When you draw you popcorn This will NOT do

Look for pieces with the most character. When you draw you popcorn This will NOT do

Look for pieces with the most character. When you draw you popcorn This will NOT do it!..its all two values. Study the lights and darks! Just a review of WHAT TO DO. SELECT AT LEAST TWO PIECES OF POPCORN THAT ARE INTERESTING..

342 views • 17 slides
Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD

Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD

Improving Chronic Disease Management with Pieces Miguel A. Vazquez, MD George (Holt) Oliver MD (for ICD-Pieces Team) Friday, September 23, 2016 ICD -Pieces: Pragmatic Clinical Trial in Patients with CKD, Diabetes and Hypertension ICD-

524 views • 40 slides
Picking II, Collision and Accelleration Week 10, Fri Mar 23

Picking II, Collision and Accelleration Week 10, Fri Mar 23

University of British Columbia CPSC 314 Computer Graphics Jan-Apr 2007 Tamara Munzner Picking II, Collision and Accelleration Week 10, Fri Mar 23 http://www.ugrad.cs.ubc.ca/~cs314/Vjan2007 News showing up for your project grading slot is

551 views • 44 slides
Welfare conditionality : some issues and concerns for families and children Video presentation to

Welfare conditionality : some issues and concerns for families and children Video presentation to

Welfare conditionality : some issues and concerns for families and children Video presentation to Picking up the pieces : the fallout of welfare reform forum 20 th October 2017 Melbourne, Australia Professor Peter Dwyer Dept. of Social

602 views • 7 slides
Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime

Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime

Transforming the Timing Industry March 2016 Rich Timing Content in All Electronics Only SiTime can Provide Higher Performance, Smaller Size, Lower Power 8 15 pieces 4 20 pieces 3 13 pieces 20 40 pieces $6 $200 value $2 $50

844 views • 28 slides
bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend

bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend

SPONSORED PROJECT bits + bits pieces pieces Resources Websites Used by RFS for direction and guidance Recommend bookmarking Business Procedures Manual http://www.uky.edu/ufs/business procedures manual University Financial Services

451 views • 9 slides
A Few Things To Look For While Picking Stocks Please email questions to max.bohall@trincoll.edu

A Few Things To Look For While Picking Stocks Please email questions to max.bohall@trincoll.edu

A Few Things To Look For While Picking Stocks Please email questions to max.bohall@trincoll.edu Agenda Entrepreneurial Management Relative Strength Are Price/Earnings Ratios Important? Stock Buybacks Analytical Practice

187 views • 16 slides
Lecture 16 - Bits & Pieces Welcome! , = (, )

Lecture 16 - Bits & Pieces Welcome! , = (, )

INFOMAGR Advanced Graphics Jacco Bikker - November 2018 - February 2019 Lecture 16 - Bits & Pieces Welcome! , = (, ) , + , , ,

801 views • 42 slides
Lecture 15 - Bits & Pieces Welcome! , = (, )

Lecture 15 - Bits & Pieces Welcome! , = (, )

INFOMAGR Advanced Graphics Jacco Bikker - November 2019 - February 2020 Lecture 15 - Bits & Pieces Welcome! , = (, ) , + , , ,

787 views • 51 slides
Data Structures in Java Lecture 15: Sorting II 11/11/2015 Daniel Bauer 1 Quick Sort

Data Structures in Java Lecture 15: Sorting II 11/11/2015 Daniel Bauer 1 Quick Sort

Data Structures in Java Lecture 15: Sorting II 11/11/2015 Daniel Bauer 1 Quick Sort Another divide-and-conquer algorithm. Pick any pivot element v. Partition the array into elements x v and x v. Recursively sort the

1.58k views • 120 slides
Innovation in Educational Technology Stephen Downes Bayonne, France January 24, 2018

Innovation in Educational Technology Stephen Downes Bayonne, France January 24, 2018

Innovation in Educational Technology Stephen Downes Bayonne, France January 24, 2018 Innovation Innovation means creating value from ideas. http://www.downes.ca/post/67693 As a consensus summary definition, innovation is

770 views • 52 slides
Edge state integrals on shaped triangulations Rinat Kashaev University of Geneva joint work with

Edge state integrals on shaped triangulations Rinat Kashaev University of Geneva joint work with

Edge state integrals on shaped triangulations Rinat Kashaev University of Geneva joint work with F.Luo and G. Vartanov arXiv:1210.8393 EMS/DMF Joint Mathematical Weekend Arhus, 5-7 April, 2013 Rinat Kashaev Edge state integrals on shaped

537 views • 15 slides
Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K.

Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K.

Introduction Firmware Update Analysis Exploitation Reversing and Exploiting an Apple Firmware Update K. Chen Black Hat USA, July 30th, 2009 K. Chen Reversing and Exploiting an Apple Firmware Update Introduction Motivation Firmware Update

2.09k views • 190 slides
Assignment 5 Software and Web Security March 26 rd , 2014 Initial state RAX 0x????????????????

Assignment 5 Software and Web Security March 26 rd , 2014 Initial state RAX 0x????????????????

Assignment 5 Software and Web Security March 26 rd , 2014 Initial state RAX 0x???????????????? RBX 0x???????????????? RDX 0x???????????????? RDI RSI stack RSP xor %rdx, %rdx RAX 0x???????????????? RBX 0x???????????????? RDX

836 views • 40 slides
Runtime GUI Adaptation in Dynamic Software Product Lines Dean Kramer deankramer@acm.org

Runtime GUI Adaptation in Dynamic Software Product Lines Dean Kramer deankramer@acm.org

Introduction & Recap Runtime Adaptation Implementation & Tests Conclusions Runtime GUI Adaptation in Dynamic Software Product Lines Dean Kramer deankramer@acm.org University of West London/Middlesex University FOSD 2014

529 views • 24 slides
The European Spallation Source John Womersley, Director General February 2017 Neutrons are

The European Spallation Source John Womersley, Director General February 2017 Neutrons are

The European Spallation Source John Womersley, Director General February 2017 Neutrons are special Electrically neutral - deeply penetrating ... except for some isotopes Nuclear interaction : cross section depending on isotope (not

974 views • 32 slides
1: Software Development and .NET An approach to building software Overview Programming in

1: Software Development and .NET An approach to building software Overview Programming in

1: Software Development and .NET An approach to building software Overview Programming in software development Life-Cycles for software development Object-orientation and modelling Requirements analysis and specification

520 views • 25 slides

More recommend