The Discernible Blog
Tags
Beyond Damage Control: The Science Behind Apologies
A shift in mindset – from defending organizational pride to rebuilding stakeholder trust – can help guide more effective incident response.
Meeting the Moment: The Art of Apologizing After a Cybersecurity Incident
While the road to recovery from a security incident can be long and rocky, one part of the process is pretty simple: apologizing. At least it should be.
CUSTOMER CASE STUDY: Cisco Secure
Discernible was brought in to provide strategic communications analysis, training, and professional development for Cisco Secure’s then new and expanding leadership team.
Maintaining Composure: Effective Emotional Regulation in Security Incident Response
The ability to remain calm and composed during an incident response is critical to a successful recovery. Yet, it’s challenging to do in practice if you’re unprepared. Written plans and procedures are great (and necessary for compliance). Still, execution is the hardest part, where human emotions often get the better of security teams and their partners across the business.
Empowering Business Leaders to be Savable Victims: Drawing Incident Response Insights from Rescue Scuba Diving
What does being a "savable victim" in the context of cybersecurity incident response look like? We draw insights from rescue scuba diving to emphasize the importance of self-awareness, effective communication, and remaining calm under pressure for both rescue divers and business executives during incidents.
Mailbag: How do you regain trust after an initial communications misstep?
Whether it's a poorly timed announcement, an ill-considered tweet, or a misinterpreted internal message, the key to recovery lies in how you handle the aftermath. Here are a few recommendations on how to navigate your way back from a communications misstep.
Building Trust Between Security and its Peers
Dr. Ryan K. Louie and Kim Burton join Discernible CEO Melanie Ensign for a discussion on how security teams can develop deeper trust with their partners in the business.
Is Your Security or Engineering Team ready for a Chief of Staff?
Advice from a CISO Chief of Staff on how to know when the time is right to hire a Chief of Staff and how to find the right one for your team.
Why No One Listens to Cassandra
The widely misunderstood curse of Cassandra didn’t impact other people’s ability to understand each other. It changed how Cassandra communicated, burying the meaning of her advice in vague and opaque language.
📬 Mailbag: Where should security communications be on the organization chart?
A reader asks: Where should security communications be on the organization chart?
Powerful Expectations: Effective Communications for Bug Bounty Programs
Q&A with Reginaldo Silva, security researcher and former security engineer at Facebook/Instagram
My Top Takeaways from 2023 - and Your Resolutions for 2024
Here are three security communication patterns I observed the most often in 2023 and why you should resolve to address them in 2024.
📬 Mailbag: How do you manage/balance truthful communications about an incident/breach while mitigating legal exposure?
A reader asks: How do you manage truthful communications about an incident while mitigating legal exposure?
“The solution is not buying another server, it’s having better communications.”
Q&A with DEF CON founder and CEO Jeff Moss on the value of security communications.
📬 Mailbag: Are there any examples of good incident response communications?
A reader asks: Are there any examples of good security incident communications?
CUSTOMER CASE STUDY: Twilio
Discernible was brought in by Twilio’s then CISO to find a creative and easily deployable solution to entice people from across the security organization to speak, blog, and generally share the good work the teams were doing and engage more deeply with their cohort outside the company.
A CISOs right hand on how security communications can build credibility across the organization
Jessica Walters is Senior Security & IT Program Manager at Tessian, and former Chief of Staff to the CISO of Cisco’s Security Business Group. I had the pleasure of working with Jessica in her former role and in this Q&A, she shares her perspective on how to use security communications proactively in building an effective security team.
How Security Communications Gives Recruiting an Edge
Lauren Bryant has worked as a senior technical recruiter at Uber, Paypal, Lime, and more. Here, she discusses the critical relationship between recruiting and communications teams when it comes to hiring the best and brightest in cybersecurity and technology today.
Not Just Security: CISOs are Business Executives
New research shows effective communication strategy and execution is critical for CISOs to earn and maintain legitimacy with the business.
Every Security Decision is a Business Decision. Communicate Accordingly.
Glenn Thorpe is the Sr. Director of Security Research and Detection Engineering at GreyNoise and a Discernible Advisor. In this Q and A, Glenn shares his insights into why understanding business and how to communicate effectively is critical for anyone working in cybersecurity today.