Every fire starts with a spark. And even the largest mass scale infosec incidents start with a single responder and alert. These are the incidents that break out of the SOC, require coordination across multiple teams, and can expand beyond your organization into industry, regional, or national collaborations. Our standard IR playbooks aren't designed for this scale and scope, but this is a well trod domain in the world of disaster management. Join Rich Mogull, an infosec pro with a 30 year side hobby as a federal disaster response paramedic, as he translates and adapts the Incident Command System (ICS) and the National Incident Management System for IT responses. We'll explore how ICS principles can transform chaotic, resource-intensive responses into structured, manageable operations that effectively coordinate multiple teams and stakeholders.