{"id":1790,"date":"2019-09-17T10:04:18","date_gmt":"2019-09-17T09:04:18","guid":{"rendered":"http:\/\/www.halkynconsulting.co.uk\/a\/?p=1790"},"modified":"2020-08-07T13:45:06","modified_gmt":"2020-08-07T12:45:06","slug":"incident-response-lessons-learned","status":"publish","type":"post","link":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/","title":{"rendered":"Incident Response Phases &#8211; Lessons Learned"},"content":{"rendered":"<p>In a <a href=\"https:\/\/www.halkynconsulting.co.uk\/a\/2019\/04\/incident-response-process-matters\/\" rel=\"noopener noreferrer\" target=\"_blank\">previous post<\/a> we discussed Incident Response (IR) processes and our preference is one that runs Preparation, Identification, Containment, Eradication, Recovery and Lessons Learned (PICERL). In this post, we are going to be looking a bit more into the final phase of IR &#8211; Lessons Learned.<\/p>\n<figure id=\"attachment_1730\" aria-describedby=\"caption-attachment-1730\" style=\"width: 300px\" class=\"wp-caption alignleft\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1730\" data-permalink=\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/04\/incident-response-process-matters\/picerl\/\" data-orig-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=719%2C718&amp;ssl=1\" data-orig-size=\"719,718\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"Incident Response Process &#8211; PICERL\" data-image-description=\"&lt;p&gt;PICERL &#8211; Common incident response process \/ framework&lt;\/p&gt;\n\" data-image-caption=\"&lt;p&gt;PICERL &#8211; Common incident response process \/ framework&lt;\/p&gt;\n\" data-medium-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=300%2C300&amp;ssl=1\" data-large-file=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=719%2C718&amp;ssl=1\" class=\"size-medium wp-image-1730\" src=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?resize=300%2C300&#038;ssl=1\" alt=\"Incident Response - PICER Lessons Learned\" width=\"300\" height=\"300\" srcset=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?resize=300%2C300&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?resize=150%2C150&amp;ssl=1 150w, https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?resize=50%2C50&amp;ssl=1 50w, https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?resize=80%2C80&amp;ssl=1 80w, https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?w=719&amp;ssl=1 719w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" data-recalc-dims=\"1\" \/><figcaption id=\"caption-attachment-1730\" class=\"wp-caption-text\">PICERL &#8211; Common incident response process \/ framework<\/figcaption><\/figure>\n<p>As the final step, this is probably the IR phase that gets most overlooked. But it is one of the two most important. After the excitement and stress of clearing out an incident, it is really important that you learn. Overlooking this step inevitably leads to repeating problems. First you never really solve the problem that let the attackers in. Secondly, any issues your responders faced remain. Together this means you see more incidents and they take longer to resolve.<\/p>\n<p>Learning from experience really is important.<\/p>\n<h2>Lessons Learned<\/h2>\n<p>This phase goes by many names. For example, you might call it a &#8220;debrief&#8221; or a &#8220;wash up&#8221;. The exact name isn&#8217;t as important as making sure you <strong>do it<\/strong>. However, it is also important that this is a learning phase. Avoid falling into the trap of blaming people. Also, avoid any hint it is a witchhunt or an attempt to sack someone. This can be hard, as sometimes a person is responsible. But at a practical level, this should be something outside the IR process.<\/p>\n<p>In this phase, you are trying to answer the following questions.<\/p>\n<ol>\n<li>What happened?<\/li>\n<li>How did it happen?<\/li>\n<li>How did we deal with it?<\/li>\n<li>What went well?<\/li>\n<li>What went badly?<\/li>\n<li>Most importantly, what do we need to change?<\/li>\n<\/ol>\n<p>Now it is totally down to your organisation how formal you want this to be. What matters above all else, is that you go through this. For example, you might decide that <a href=\"https:\/\/www.sans.org\/reading-room\/whitepapers\/incident\/paper\/33901\" rel=\"noopener noreferrer\" target=\"_blank\">major incidents need a formal report and review<\/a>. But then decide that minor events simply need an email update. But other organisations might want a formal report for every incident. Remember, though, that this can be resource-intensive so keep in mind how many incidents you have when deciding this.<\/p>\n<p>The ultimate goal of this phase is to understand what happened. That is really all that matters so the specifics can be quite &#8220;personal.&#8221; It certainly helps if, during planning, you decide how this phase will be run. In the same vein, planning allows you to make sure you capture the right data. Without the right data, you can&#8217;t learn, so you can see the problem here.<\/p>\n<h3>Take Note<\/h3>\n<p>One big caveat to remember is that sometimes the lesson is trivial. For instance, with a single malware event, you probably dont need a full report. <\/p>\n<p>Also, try to focus on how to improve rather than punish. If your lesson learned is that a person messed up, this isn&#8217;t helpful. Instead, you can focus on the need for more training, or better still, improved processes. You might feel people are to blame, but most of the time that is only because technology or process failed.<\/p>\n<h2>Summary &#8211; what have we learned?<\/h2>\n<p>In short, the lessons learned phase is critical to good IR practices. However, it entirely depends on your planning and IR data collection. In addition, the exact process should depend on your specific needs and the nature of the incident. Some organisations have a formal process with pre-designed data capture forms. Others go for an ad-hoc meeting. The important thing is making sure it happens and doesn&#8217;t simply burn resources.<\/p>\n<p>If you want to know more, or get some help with an incident or even building your own incident response process then <a href=\"https:\/\/www.halkynconsulting.co.uk\/security\/contact-security-team\" rel=\"noopener noreferrer\" target=\"_blank\">get in touch and our consultants will be happy to assist<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Lessons Learned is the final phase of the incident response cycle. This is where you identify the root cause of the incident and any problems or issues you faced with the response. Your findings should always feed back into the planning phase. This keeps the cycle working and improving. <\/p>\n","protected":false},"author":1,"featured_media":1730,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true},"categories":[5],"tags":[159,151,137,181,173],"class_list":["post-1790","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-cyber-security","tag-dfir","tag-incident-response","tag-lessons-learned","tag-picerl","entry","has-media"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Incident Response Phases - Lessons Learned - Halkyn Security Blog<\/title>\n<meta name=\"description\" content=\"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\" \/>\n<meta property=\"og:locale\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Incident Response Phases - Lessons Learned - Halkyn Security Blog\" \/>\n<meta property=\"og:description\" content=\"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.\" \/>\n<meta property=\"og:url\" content=\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\" \/>\n<meta property=\"og:site_name\" content=\"Halkyn Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2019-09-17T09:04:18+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-08-07T12:45:06+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=719%2C718&ssl=1\" \/>\n\t<meta property=\"og:image:width\" content=\"719\" \/>\n\t<meta property=\"og:image:height\" content=\"718\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Halkyn Security\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:site\" content=\"@HalkynSecurity\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Halkyn Security\" \/>\n\t<meta name=\"twitter:label2\" content=\"Estimated reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#article\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\"},\"author\":{\"name\":\"Halkyn Security\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\"},\"headline\":\"Incident Response Phases &#8211; Lessons Learned\",\"datePublished\":\"2019-09-17T09:04:18+00:00\",\"dateModified\":\"2020-08-07T12:45:06+00:00\",\"mainEntityOfPage\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\"},\"wordCount\":626,\"commentCount\":3,\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"keywords\":[\"Cyber Security\",\"DFIR\",\"Incident Response\",\"Lessons Learned\",\"PICERL\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\",\"name\":\"Incident Response Phases - Lessons Learned - Halkyn Security Blog\",\"isPartOf\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\"},\"datePublished\":\"2019-09-17T09:04:18+00:00\",\"dateModified\":\"2020-08-07T12:45:06+00:00\",\"description\":\"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.\",\"breadcrumb\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#breadcrumb\"},\"inLanguage\":\"en-GB\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Halkyn Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Incident Response Phases &#8211; Lessons Learned\"}]},{\"@type\":\"WebSite\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#website\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"name\":\"Halkyn Security Blog\",\"description\":\"Specialist Security &amp; Risk Management Consultants\",\"publisher\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-GB\"},{\"@type\":\"Organization\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#organization\",\"name\":\"Halkyn Consulting\",\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"contentUrl\":\"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1\",\"width\":\"990\",\"height\":\"170\",\"caption\":\"Halkyn Consulting\"},\"image\":{\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.linkedin.com\/company\/2329571\",\"https:\/\/twitter.com\/HalkynSecurity\"]},{\"@type\":\"Person\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2\",\"name\":\"Halkyn Security\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-GB\",\"@id\":\"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g\",\"caption\":\"Halkyn Security\"},\"description\":\"Halkyn Security Consultants.\",\"sameAs\":[\"http:\/\/www.halkynconsulting.co.uk\/\"],\"url\":\"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Incident Response Phases - Lessons Learned - Halkyn Security Blog","description":"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/","og_locale":"en_GB","og_type":"article","og_title":"Incident Response Phases - Lessons Learned - Halkyn Security Blog","og_description":"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.","og_url":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/","og_site_name":"Halkyn Security Blog","article_published_time":"2019-09-17T09:04:18+00:00","article_modified_time":"2020-08-07T12:45:06+00:00","og_image":[{"width":719,"height":718,"url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=719%2C718&ssl=1","type":"image\/png"}],"author":"Halkyn Security","twitter_card":"summary_large_image","twitter_creator":"@HalkynSecurity","twitter_site":"@HalkynSecurity","twitter_misc":{"Written by":"Halkyn Security","Estimated reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#article","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/"},"author":{"name":"Halkyn Security","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2"},"headline":"Incident Response Phases &#8211; Lessons Learned","datePublished":"2019-09-17T09:04:18+00:00","dateModified":"2020-08-07T12:45:06+00:00","mainEntityOfPage":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/"},"wordCount":626,"commentCount":3,"publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"keywords":["Cyber Security","DFIR","Incident Response","Lessons Learned","PICERL"],"articleSection":["Security"],"inLanguage":"en-GB","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#respond"]}]},{"@type":"WebPage","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/","url":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/","name":"Incident Response Phases - Lessons Learned - Halkyn Security Blog","isPartOf":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website"},"datePublished":"2019-09-17T09:04:18+00:00","dateModified":"2020-08-07T12:45:06+00:00","description":"Lessons Learned is the final phase of the IR cycle. This is where you identify the incident root cause and problems\/issues responders faced.","breadcrumb":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#breadcrumb"},"inLanguage":"en-GB","potentialAction":[{"@type":"ReadAction","target":["http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/"]}]},{"@type":"BreadcrumbList","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/2019\/09\/incident-response-lessons-learned\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Halkyn Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/"},{"@type":"ListItem","position":2,"name":"Security","item":"http:\/\/www.halkynconsulting.co.uk\/a\/category\/security\/"},{"@type":"ListItem","position":3,"name":"Incident Response Phases &#8211; Lessons Learned"}]},{"@type":"WebSite","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#website","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","name":"Halkyn Security Blog","description":"Specialist Security &amp; Risk Management Consultants","publisher":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http:\/\/www.halkynconsulting.co.uk\/a\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-GB"},{"@type":"Organization","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#organization","name":"Halkyn Consulting","url":"http:\/\/www.halkynconsulting.co.uk\/a\/","logo":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/","url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","contentUrl":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2011\/07\/Untitled-1.png?fit=990%2C170&ssl=1","width":"990","height":"170","caption":"Halkyn Consulting"},"image":{"@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/2329571","https:\/\/twitter.com\/HalkynSecurity"]},{"@type":"Person","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/3cfcd2267f12bbcce6a10159022c3df2","name":"Halkyn Security","image":{"@type":"ImageObject","inLanguage":"en-GB","@id":"http:\/\/www.halkynconsulting.co.uk\/a\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4126abc936773e5e8bd38e030d54306e161190a7d6166dba7edadb6caf13b504?s=96&d=retro&r=g","caption":"Halkyn Security"},"description":"Halkyn Security Consultants.","sameAs":["http:\/\/www.halkynconsulting.co.uk\/"],"url":"http:\/\/www.halkynconsulting.co.uk\/a\/author\/halkyn-consulting\/"}]}},"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.halkynconsulting.co.uk\/a\/wp-content\/uploads\/2019\/04\/PICERL.png?fit=719%2C718&ssl=1","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9yHvD-sS","jetpack_likes_enabled":false,"_links":{"self":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/comments?post=1790"}],"version-history":[{"count":5,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1790\/revisions"}],"predecessor-version":[{"id":1796,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/posts\/1790\/revisions\/1796"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media\/1730"}],"wp:attachment":[{"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/media?parent=1790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/categories?post=1790"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.halkynconsulting.co.uk\/a\/wp-json\/wp\/v2\/tags?post=1790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}