Integral to this effort is the process of each client learning from the incident and updating their security incident response plans accordingly. One thing that you generally don’t yet find in most such plans is crossing over to the “dark” side of the internet – but moving forward I think it’s likely you may.