> For the complete documentation index, see [llms.txt](https://davidjosearaujo.gitbook.io/online-courses/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://davidjosearaujo.gitbook.io/online-courses/cyber-incident-response/incident-response-fundamentals/building-and-ir-team.md). # Building and IR team ## Skills needed * Hands-on technical skills * Networking * Cybersecurity engineering * Memory analysis * Reverse-engineering * Written and oral communication skills * Leadership skills * Legal * HR * PR ## Step 1 - Assess existing skill sets Sometimes what you need already exists in the organization Could possibly need an outside assessment performed Never try ti design requirements aroud the existing team ## Step 2 - Reach out to other departments Reach out as early as possible Be willing to accept some team members are "part-time" IR Remember to vet for things such as clearance levels and condidentiality levels Consider outside consultants for some roles ## Step 3 - Pick your team! Pick team members Set up meetings and orientation Remember the team may include outside consultants and people outside the IT and Security departments ## Step 4 - Acquire funding Without the first four steps, funding requests might not be representative of what's needed None of the other things go forward without funding ## Step 5 - Implement training requirements This will include initial training as well as continuing training yearly --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://davidjosearaujo.gitbook.io/online-courses/cyber-incident-response/incident-response-fundamentals/building-and-ir-team.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.