1
    incident-lessons-learned-review

    incident-lessons-learned-review

    Convert cyber incident evidence into blameless post-mortem reports, root cause analyses, and action trackers.

    Updated May 2026
    Security scanned
    One-time purchase
    Universal SKILL.md Standard

    $10

    · or 50 credits

    One-time purchase

    30-day refund guarantee

    Secure checkout via Stripe

    Included in download

    • Conduct 5-Why root cause analysis for security incidents
    • Generate executive summaries of cyber tabletop exercises
    • terminal automation included
    • Ready for Universal SKILL.md Standard
    • Instant install

    Sample Output

    A real example of what this skill produces.

    The skill produces a structured blameless post-incident review report covering incident scope and timeline, response performance metrics (MTTD, MTTI, MTTC, MTTR), root cause analysis using a five-whys methodology, a blameless review of what went well and what needs improvement, a prioritised improvement action tracker with placeholder owners and due dates, a playbook update requirement list, and a one-page executive summary suitable for CISO or board reporting. All ownership assignments and SLA targets requiring organisational confirmation are clearly marked as placeholders throughout.

    About This Skill

    Professional Defensive Post-Incident Reviews

    Transform chaotic incident data into structured, actionable intelligence. This skill facilitates deep-dive lessons learned sessions following cyber security incidents, near misses, or tabletop exercises. It moves beyond simple summarization, applying rigorous analysis methods to improve your organization's security posture.

    What it does

    • Evidence Synthesis: Consolidates incident timelines, logs, and stakeholder inputs into a single source of truth.
    • Blameless Analysis: Conducts root cause analysis (RCA) using 5-Whys or Fishbone methods, focusing on systemic improvements rather than individual fault.
    • Metric Generation: Calculates key performance indicators like MTTR and MTTC based on provided timestamps.
    • Actionable Outputs: Generates executive summaries, playbook update plans, and tracked action items with clear owners and validation criteria.

    Why use this skill

    Standard AI prompting often yields generic retrospective advice. This skill enforces strict defensive IR standards, ensuring outputs are evidence-based, tool-agnostic (unless specified), and audit-ready. It bridges the gap between technical recovery and executive reporting, ensuring that "lessons learned" actually result in updated playbooks and detection logic.

    Use Cases

    • Conduct 5-Why root cause analysis for security incidents
    • Generate executive summaries of cyber tabletop exercises
    • Convert incident timelines into tracked remediation actions
    • Identify gaps in IR playbooks and detection logic from real events

    Reviews

    No reviews yet - be the first to share your experience.

    Only users who have downloaded or purchased this skill can leave a review.

    Security Scanned

    Passed automated security review

    Permissions

    Terminal / Shell

    Allowed Hosts

    csrc.nist.gov
    attack.mitre.org
    veriscommunity.net

    File Scopes

    incident-lessons-learned-review/**

    Tags

    cybersecurity
    incident-response
    post-mortem
    devsecops
    governance

    Universal SKILL.md Standard

    Frequently Asked Questions

    Learn More About AI Agent Skills