LET'S TALK
← All work
PagerDuty Severity GuidanceGoogle SRE WorkbookNIST SP 800-61GDPR Art 33TrainingDeep Prototype

IncidentSeveritySim — Severity Classification Trainer

Interactive trainer with 22 incident scenarios across 6 categories. Pick a severity (SEV-1 to SEV-4); get the canonical answer + the 5-dimension impact rationale (blast radius, data sensitivity, customer visibility, regulatory implications, time sensitivity). Tracks accuracy + over-paged + under-paged across the session.

IncidentSeveritySim — Severity Classification Trainer preview
Open live →

What it is

The shape behind every on-call training program — without burning a real incident. New SREs, new compliance leads, new IC rotations — they all need to learn severity classification BEFORE they’re paged at 3am. IncidentSeveritySim is the gym.

What’s in it

  • 22 scenarios across 6 categories: availability, security-breach, data-integrity, shadow-it, compliance, access-control.
  • Pick one of 4 severities (SEV-1 through SEV-4) per scenario; get instant feedback.
  • 5-dimension impact scoring per scenario:
    • Blast radius — single user → region-wide
    • Data sensitivity — no PII → Art 9 special category
    • Customer visibility — internal-only → blocking core flow
    • Regulatory implications — none → statutory clock starts
    • Time sensitivity — days → page-now
  • Realistic catalog:
    • Checkout API 500s for everyone (SEV-1 — page now)
    • Single-AZ EBS volume failure auto-recovered (SEV-4 — log only)
    • Possible production database access by attacker at 3am (SEV-1 — page CISO + outside counsel)
    • DSAR-09167 will miss 30-day GDPR deadline (SEV-3 — known gap)
    • Marketing tag firing without DPA (SEV-2 — Art 28 violation)
    • 240-day former-employee OAuth token (SEV-3)
    • Schema change exposes employee SSN to BI (SEV-2 — even if 0 read, Art 32)
    • Anthropic shadow-IT traffic from unidentified ECS task (SEV-2)
    • Cookie banner reject-all not on layer 1 in EU (SEV-3 — €60M CNIL pattern)
    • Region-wide outage with successful failover (SEV-1 with rapid de-escalation)
  • Session scoreboard — correct, wrong, over-paged, under-paged. Over-paging burns trust and on-call budget; under-paging burns customers.
  • Cross-tool callbacks — every scenario links back to the IncidentLog entry, RtbfFlow path, ChaosScore service, EgressGate signal that would have caught it.

Why this shape

PagerDuty severity guidance + Google SRE Workbook ch. 9 + NIST SP 800-61 Rev 2 all converge on the same core teaching: severity is impact-based, not symptom-based. The two failure modes — over-paging (wakes people for nothing, burns trust) and under-paging (customers feel it before you do, burns brand) — both come from running the call by gut. IncidentSeveritySim is the dojo that builds the gut.

How it ships

Single HTML file, ~20KB. Zero dependencies. 22 scenarios × 4 severities × 5-dimension feedback + session scoreboard in 220 lines of vanilla JavaScript.

Open the tool →