Brutalist Security Rapid Decision Making (RDM)

Introduction

This model blends the efficiency and decisiveness of military decision-making frameworks with rapid risk analysis principles. It aims at keeping the structure lean, clear, and highly actionable. It is a practical and straightforward model that allows for rapid decision-making in high-pressure, security-related situations.

The Model - RDM

1. Identify and Define the Problem (Clarity Above All)

What’s the threat? Directly state the problem without ambiguity.

What’s at stake? Clearly define the immediate security risk or situation.

Who is affected? Identify the primary and secondary stakeholders (people, systems, assets, etc.).

Goal: Eliminate ambiguity and ensure a shared understanding of the situation across the team.

2. Assess the Context

Who are the decision-makers? Identify key personnel and their roles (don’t waste time).

Time Pressure. How much time do you have? Is this a matter of minutes, hours, or days?

Resource Availability. What assets, people, or tools can be used immediately? What are the resource limitations?

Goal: Quickly assess the environment and limitations to make an informed decision.

3. Rapid Risk Analysis

Use the Risk-Impact-Response (RIR) model to evaluate potential outcomes.

• Risk: What is the likelihood of each potential risk occurring? (High, Medium, Low)
• Immediate Risks: Assess what can harm the core mission or safety in the next 24-48 hours.
• Long-Term Risks: What are the possible cascading effects of failure?

• Impact: What is the potential severity of each identified risk? (Critical, Moderate, Low)
• Focus on high-severity risks, especially ones that are time-sensitive.

• Response: What actions can reduce the risk, and how quickly can they be executed?
• Prioritize actions that will mitigate the most severe and immediate threats first.

Goal: Prioritize risks and responses in a clear, structured way—ensuring resources are allocated to address the highest-risk scenarios first.

4. Develop Alternatives (The 3-Pronged Response)

Option 1: Immediate mitigation or defensive action (Reactive).

Option 2: Long-term strategic shift or proactive measure (Preventative).

Option 3: Neutral or passive response (Minimal intervention).

Each option should be evaluated on:

• Effectiveness: How well will it address the problem?
• Speed: How fast can it be implemented?
• Cost/Resources: What resources does it require? Is it sustainable?

Goal: Limit options to the most feasible, actionable responses. Evaluate them quickly under pressure.

5. Execute and Adapt (Rapid Execution with Real-time Feedback)

Execution: Choose the best option from the alternatives and act immediately. Focus on speed, simplicity, and clarity in the execution process.

Adaptation: Set up a feedback loop (real-time intel, communication channels) to track changes and make adjustments if necessary.

Goal: Decisive action combined with flexibility. Respond to changes in real-time with minimal hesitation.

6. Post-Action Review and Optimization (Iterate and Improve)

Evaluate: Once the action is taken, assess the outcome against expectations. Did it reduce the risk? Did it cause new problems?

Learn: Document lessons learned in a concise, no-frills manner and quickly integrate them into the next decision-making cycle.

Goal: Continuous improvement, even in high-stakes environments.

Quick Reference Summary - Decision-Making Steps

1. Define the Problem — What’s at stake? (Clear, direct)
2. Assess Context — Time, resources, decision-makers (Fast)
3. Risk Analysis (RRA) — Risk x Impact x Response (Quick priorities)
4. Develop Alternatives — 3 options (Immediate, Long-Term, Neutral)
5. Execute & Adapt — Act decisively, track feedback (Speed + flexibility)
6. Review & Optimize — Learn, adapt for next time (Continuous loop)

Example Application (Real-World Scenario)

Situation: Security Breach

• Define the Problem:
• Unknown actor has breached in and has access to internal networks.
• Assess Context:
• Time: 1 hour until more data leaks.
• Resources: IT and Network teams, firewalls console, monitoring tools, no external support yet.
• Decision-Makers: Head of Security, Director of IT Operations.
• Risk Analysis (RRA):
• Risk: High (attack is active).
• Impact: Critical (data leakage, potential exposure of sensitive info).
• Response: Immediate sysyems shut down, monitor for data exfiltration.
• Develop Alternatives:
• Option 1: Disconnect breached network segment and initiate backup protocols (immediate).
• Option 2: Engage external security support for forensic investigation (long-term).
• Option 3: Try to contain breach by patching vulnerable endpoints (neutral).
• Execute & Adapt:
• Execute Option 1—disconnect breached segment.
• Monitor continuously for signs of further breach, then adapt based on new intelligence.
• Review & Optimize:
• Review the response, update cyber defense protocols, and document the breach analysis.

Key Features of the Brutalist Approach

• Efficiency: No fluff; focus on what matters immediately.
• Directness: Minimal explanation, maximal clarity.
• Flexibility: Iterative process that adapts to fast-evolving situations.
• Pragmatism: Every decision is actionable—nothing theoretical.

To Close

This model emphasizes clarity, speed, and adaptability, with a heavy focus on ensuring high-stakes decisions are made quickly, without overcomplicating the process.

Make sure you adapt it to your specific environment.