Incident Lessons Learned Review
by LocoLoboZ
Convert cyber incident evidence into blameless post-mortem reports, root cause analyses, and action trackers.
- Conduct 5-Why root cause analysis for security incidents
- Generate executive summaries of cyber tabletop exercises
- Convert incident timelines into tracked remediation actions
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Conduct 5-Why root cause analysis for security incidents
- Generate executive summaries of cyber tabletop exercises
- terminal automation included
- Ready for Universal SKILL.md Standard
Sample input
Facilitate a post-incident lessons learned review for a business email compromise that occurred last month. Initial access was via a phishing email that bypassed email filtering. Containment took 72 hours. Key stakeholders are the SOC, IT operations, and the CISO. Produce a blameless review report, improvement action tracker, and executive summary.
Sample output
The skill produces a structured blameless post-incident review report covering incident scope and timeline, response performance metrics (MTTD, MTTI, MTTC, MTTR), root cause analysis using a five-whys methodology, a blameless review of what went well and what needs improvement, a prioritised improvement action tracker with placeholder owners and due dates, a playbook update requirement list, and a one-page executive summary suitable for CISO or board reporting. All ownership assignments and SLA targets requiring organisational confirmation are clearly marked as placeholders throughout.
Convert cyber incident evidence into blameless post-mortem reports, root cause analyses, and action trackers.
$10
· or 50 creditsSecure checkout via Stripe
Included in download
- Conduct 5-Why root cause analysis for security incidents
- Generate executive summaries of cyber tabletop exercises
- terminal automation included
- Ready for Universal SKILL.md Standard
- Instant install
Sample input
Facilitate a post-incident lessons learned review for a business email compromise that occurred last month. Initial access was via a phishing email that bypassed email filtering. Containment took 72 hours. Key stakeholders are the SOC, IT operations, and the CISO. Produce a blameless review report, improvement action tracker, and executive summary.
Sample output
The skill produces a structured blameless post-incident review report covering incident scope and timeline, response performance metrics (MTTD, MTTI, MTTC, MTTR), root cause analysis using a five-whys methodology, a blameless review of what went well and what needs improvement, a prioritised improvement action tracker with placeholder owners and due dates, a playbook update requirement list, and a one-page executive summary suitable for CISO or board reporting. All ownership assignments and SLA targets requiring organisational confirmation are clearly marked as placeholders throughout.
About This Skill
Professional Defensive Post-Incident Reviews
Transform chaotic incident data into structured, actionable intelligence. This skill facilitates deep-dive lessons learned sessions following cyber security incidents, near misses, or tabletop exercises. It moves beyond simple summarization, applying rigorous analysis methods to improve your organization's security posture.
What it does
- Evidence Synthesis: Consolidates incident timelines, logs, and stakeholder inputs into a single source of truth.
- Blameless Analysis: Conducts root cause analysis (RCA) using 5-Whys or Fishbone methods, focusing on systemic improvements rather than individual fault.
- Metric Generation: Calculates key performance indicators like MTTR and MTTC based on provided timestamps.
- Actionable Outputs: Generates executive summaries, playbook update plans, and tracked action items with clear owners and validation criteria.
Why use this skill
Standard AI prompting often yields generic retrospective advice. This skill enforces strict defensive IR standards, ensuring outputs are evidence-based, tool-agnostic (unless specified), and audit-ready. It bridges the gap between technical recovery and executive reporting, ensuring that "lessons learned" actually result in updated playbooks and detection logic.
Use Cases
- Conduct 5-Why root cause analysis for security incidents
- Generate executive summaries of cyber tabletop exercises
- Convert incident timelines into tracked remediation actions
- Identify gaps in IR playbooks and detection logic from real events
Known Limitations
- Requires manual input of timestamps for metrics.
- Not for active incident command or containment.
- Cannot verify physical or legal evidence.
How to Install
mkdir -p ~/.claude/skills && curl -sL https://www.agensi.io/api/install/incident-lessons-learned-review -o /tmp/incident-lessons-learned-review.zip && unzip -o /tmp/incident-lessons-learned-review.zip -d ~/.claude/skills && rm /tmp/incident-lessons-learned-review.zipFree skills install directly. Paid skills require purchase - use the download button above after buying.
Reviews
No reviews yet - be the first to share your experience.
Only users who have downloaded or purchased this skill can leave a review.
Early access skill
Be the first to review this skill.
Only users who have downloaded or purchased this skill can leave a review.
Security Scanned
Passed automated security review
Permissions
Allowed Hosts
File Scopes
Universal SKILL.md Standard
Creator
I design and publish skills built from real professional practice across three areas: cyber security consulting, business operations, and AI workflow engineering. My cyber security skills draw on active advisory work spanning governance, risk, compliance, assurance, and executive reporting. They are built for practitioners who need structured, defensible outputs - not generic templates. My business operations skills cover the day-to-day work of running a consulting practice: bookkeeping, financial tracking, expense reconciliation, and marketing content - designed to reduce repetitive overhead and keep outputs consistent. My AI platform and workflow skills are built for people who want to get more out of Claude and similar platforms - covering prompt engineering, skill architecture, automation pipelines, and agent enhancement. Every skill I publish has been tested in production use before it reaches the marketplace. If it is here, it works.
Frequently Asked Questions
Learn More About AI Agent Skills
More Premium Skills
sast-configuration
Automate the setup and optimization of Semgrep, SonarQube, and CodeQL for high-signal security testing.
designing-hybrid-context-layers
Architects the right retrieval strategy for every query — teaching your agent when to use RAG, a knowledge graph, or a temporal index instead of defaulting to vector search for everything.
ai-automation-qa-pack
Professional QA & UAT documentation generator for AI automation agencies and complex agent deployments.
Bounty Security Pattern Master Library — 399 Vulnerability Patterns
A premium library of 399 vulnerability patterns and DeFi attack vectors for AI-driven bug hunting and security audits.