AWS incident response support for containment, evidence collection, access review, recovery planning, and executive communication during critical events.
Confirm severity, affected accounts, GuardDuty or SIEM findings, business impact, and the first containment path.
Review identity, network paths, logs, workloads, and suspected data movement while preserving evidence.
Coordinate recovery, hardening, executive updates, and post-incident work with AWS and client teams.