Taking Notes During Engagements Brief
Core Skill
Take real-time engagement notes that are structured enough to support report writing, timestamped enough to reconstruct a timeline, and clear enough that a teammate who was not present could understand what happened and why.
Note-Taking Workflow
- Set up a note structure with sections before the engagement begins
- Log each action with a timestamp, the step taken, and why you took it
- Tag significant discoveries clearly — vulnerabilities, access paths, credentials
- Reference screenshots and saved output immediately with descriptive labels
- Write status summaries at breakpoints: accomplished, open, next steps
- Note why when you change approach or abandon a path
Quality Bar
A teammate who was not on the engagement should be able to read your notes, reconstruct the timeline, identify every finding, and understand why you made the decisions you made — without asking you a single question.
Common Pitfalls
- Writing notes after the fact — even thirty minutes of delay loses decision context and timing
- Dumping raw terminal output with no annotation — noise, not documentation
- Personal shorthand only you can decode — notes are team artifacts
- Capturing commands but not decisions — why you ran something matters more than what you ran
Every Entry Needs
- Timestamp
- Command or step taken
- Why you took it and what you expected
- What the result was
- Reference to any saved output or screenshot
Interview Framing
I take timestamped notes in real time throughout the engagement. Every action gets a timestamp, the step, and a note on why I chose that approach and what the result was. I tag findings as I discover them and reference screenshots inline. At the end of each phase I write a status summary. The goal: anyone on the team could pick up my notes and know exactly where the engagement stands.