.png){kind=small}
Don't let an incident catch you off guard - download our new Incident Comms Playbook for effective incident comms strategies!
By submitting this form, you agree to the Privacy Policy and Terms of Use and agree to sharing your information with Rootly and Google.
July 15, 2025
6 mins
Insights from a 16-year Google SRE on balancing structure and speed when every second counts.
Brandon Chalk is a veteran SRE with 16 years at Google, specializing in security-focused incident response. He brings deep experience balancing operational rigor with the real-time demands of large-scale outages.
In the world of incident response, the ability to adapt quickly is just as crucial as having a solid plan in place before things go sideways. While it might seem logical to try and have a playbook for everything your team has ever encountered, this can actually impede your response cadence when it matters most.
Response efforts are inherently unpredictable and trying to plan for everything isn’t the best approach. A structured approach balancing industry standards and frameworks alongside minimal processes allows your team to respond with repeatable steps while providing a wide enough berth for: “Whoa. We’ve never seen that before!” ****If you try to document every single variant of an issue, it can waste valuable time as an Incident Commander (IC) scrolls through endless pages of documents trying to find a match rather than immediately assessing, making a judgement call and adapting.
Balancing rigid processes with a lack thereof can opitimize your incident management strategy and ensure your team is prepared to not just respond to anything, but also respond effectively under any circumstance.
While every company responds to incidents differently, there are a few common denominators that always make sense. Standard processes and frameworks, such as an incident response plan and the incident response life cycle provide a foundation for all your response efforts. They provide a structured approach to responding when you don’t know all the facts and ensure all responders are speaking the same language.
Consider two companies, Company A and Company B. Company A does not have a unified response framework in place but a couple dozen playbooks. While Company B, has a unified plan but very few playbooks. The initial response efforts for Company A might be a bit chaotic as teams trying to find “the right playbook,” which ultimately delays the response effort. While Company B is in a position where everyone knows their role, communications are clear and each step (e.g. containment) is clearly defined, no matter what the underlying issue is.
There can be infinite variations within a given framework but terminology and general concepts are similar enough. While Company A might have a different process than Company B for looping in executives during a high visibility investigation, the end goal always remains the same: keeping executives informed. Both teams arrive at the same destination but take a slightly different route.
This approach won’t cover everything you might experience but provide you with a flexible toolbox to adapt to anything. It provides guardrails while leaving some wiggle room for your response efforts.
In some response environments, there can be a tendency to try and plan for every single incident you might encounter. At first, it seems like a logical approach. Knowing how to handle everything that might come your way provides a peace of mind and something to fallback on when fires are burning. Junior team members always have something to follow when they are unsure. And when your team lead is on vacation, there’s no uncertainty.
However, there are some key downsides to this approach. An obvious one is more documents and processes to manage and keep up to date. As workloads increase and priorities change, it’s rare to see documentation being at the top of the stack. Why burden yourself with additional documentation when a solid framework is sufficient?
Another con is increased friction and a reduced response cadence. By having an overly prescriptive process, you don’t allow your responders to exercise judgment when it matters most. Not allowing any flexibility from what is written can severely decrease your response cadence at critical times as stakeholders discuss the nuisances of what’s written vs. what is actively happening.
For example, an enterprise might have a mandatory “approval matrix” in place with multiple levels of approvals required when rotating the passwords of users. During a critical incident where dozens of employees were phished, the IC could be waiting for hours for the necessary approvals rather than allowing them to make an immediate judgement call during a crisis. These are the response traps you should try to avoid.
Do you need a RACI chart for every type of incident you might encounter? Probably not. If you have a well defined incident response plan, it will should cover most scenarios. And for those it doesn’t, it should provide your incident commander with a framework to determine what’s best, either on their own or alongside stakeholders.
A well defined incident response plan provides an agreed upon framework everyone can not only align on, but also respond from. This means it has the added benefit of being a blueprint for what can be automated to free up cycles -- we need to create a tracking doc for every incident -- and provide more bandwidth to your responders for more nuisanced decisions that require skilled input.
Every responder needs to be comfortable navigating ambiguity. It might seem counter intuitive to think that “less is more” but in high stress response efforts, any reduction of cognitive load is usually a net positive. By reducing steps your responders have to take, you free up bandwidth to help them due what they do best, put out fires.
In conclusion, effective incident response hinges on balancing structured processes with flexibility. While frameworks can offer a strong foundation, rigid playbooks can slow teams down and increase cognitive load during critical moments. By taking a lean, adaptable approach, you empower your responders to use their judgement within clear parameters that accelerates response cadence and reduces friction. This strategic balance ensures that teams stay focused on what matters most: responding efficiently and effectively.
.png)
Get more features at half the cost of legacy tools.
Get more features at half the cost of legacy tools.
.jpg)
Get more features at half the cost of legacy tools.
Get more features at half the cost of legacy tools.
.jpg)
Get more features at half the cost of legacy tools.
.avif)
.png){kind=icon}
.png){kind=icon}
