Author an Incident Response Playbook for a Fintech Startup
Overview
What this challenge is about.
Author a 4-phase playbook (Prepare, Detect & Analyze, Contain/Eradicate/Recover, Post-Incident) covering 6 incident classes: data breach, ransomware, account takeover, payment-fraud spike, vendor breach, regulatory data request. Specify roles (Incident Commander, Comms Lead, Eng Lead, Legal/DPO), severity tiers (SEV1-4) with explicit triggers, communication tree (Slack + PagerDuty + customer email), and 24-hour and 72-hour decision gates. Run 2 tabletop exercises (ransomware + payment-fraud spike) with around 8 participants each, capture gaps, iterate. Deliver: 22-page playbook, 1-page on-call quick-ref card, tabletop after-action reports, and an auditor-readiness gap list.
The Brief
What you'll do, and what you'll demonstrate.
Author and tabletop-validate an incident-response playbook that satisfies SOC 2 Type II and is usable by on-call engineers at 3am.
Earning criteria — what you'll demonstrate
- Apply NIST SP 800-61r2 to author a working incident-response playbook
- Design severity tiers with operational triggers, not adjectives
- Facilitate tabletop exercises that surface real coordination gaps
- Translate playbook into on-call-usable artifacts
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.