The Discernible Blog
Why No One Listens to Cassandra
The widely misunderstood curse of Cassandra didn’t impact other people’s ability to understand each other. It changed how Cassandra communicated, burying the meaning of her advice in vague and opaque language.
📬 Mailbag Reader Question
A reader asks: Where should security communications be on the organization chart?
Powerful Expectations: Effective Communications for Bug Bounty Programs
Q&A with Reginaldo Silva, security researcher and former security engineer at Facebook/Instagram
My Top Takeaways from 2023 - and Your Resolutions for 2024
Here are three security communication patterns I observed the most often in 2023 and why you should resolve to address them in 2024.
📬 Mailbag Reader Question
A reader asks: How do you manage truthful communications about an incident while mitigating legal exposure?
“The solution is not buying another server, it’s having better communications.”
Q&A with DEF CON founder and CEO Jeff Moss on the value of security communications.
📬 Mailbag Reader Question
A reader asks: Are there any examples of good security incident communications?
CUSTOMER CASE STUDY
Discernible was brought in by Twilio’s then CISO to find a creative and easily deployable solution to entice people from across the security organization to speak, blog, and generally share the good work the teams were doing and engage more deeply with their cohort outside the company.
A CISOs right hand on how security communications can build credibility across the organization
Jessica Walters is Senior Security & IT Program Manager at Tessian, and former Chief of Staff to the CISO of Cisco’s Security Business Group. I had the pleasure of working with Jessica in her former role and in this Q&A, she shares her perspective on how to use security communications proactively in building an effective security team.
How Security Communications Gives Recruiting an Edge
Lauren Bryant has worked as a senior technical recruiter at Uber, Paypal, Lime, and more. Here, she discusses the critical relationship between recruiting and communications teams when it comes to hiring the best and brightest in cybersecurity and technology today.
Not Just Security: CISOs are Business Executives
New research shows effective communication strategy and execution is critical for CISOs to earn and maintain legitimacy with the business.
Every Security Decision is a Business Decision. Communicate Accordingly.
Glenn Thorpe is the Sr. Director of Security Research and Detection Engineering at GreyNoise and a Discernible Advisor. In this Q and A, Glenn shares his insights into why understanding business and how to communicate effectively is critical for anyone working in cybersecurity today.
Keep Calm and Plan On: Expert Advice on Incident Response Communications
In this Q&A with Brooke Pearson, we discuss the relationship between internal and external communications as part of a comprehensive incident response program. Brooke is the former head of security awareness at Uber and Discernible advisory board member.
CEO Interview: “Words with Impact: Communication Tips for Privacy Technologists”
An interview with Discernible CEO Melanie Ensign and the Shifting Privacy Left Podcast.
Turning Incident Response Communications into a Sustainable Security Communications Program
The best incident response communications are built on a foundation of strong, ongoing security communications. Here are a few thoughts on how to do that.
Communication Measurement and AI
There is a lot of promise for AI in making it easier and more cost-effective for organizations to adopt an outcomes-based approach to measurement instead of merely counting outputs. Imagine, for example, that we could use AI to quickly and more expansively track the impact of the specific content, language, and timing of incident response communications.
CUSTOMER CASE STUDY
“I noticed that Melanie has a rare ability to speak in headlines and get right to the point in a compelling way… I wanted to learn how to do that.”
Communication Research Takes on the Myths of Privacy Compliance
We can’t build trust without understanding and if people don’t understand how their data is used, the rights they have, and how to exercise them then all our efforts to build trust in our privacy programs are for naught. To do this, we need to measure the effectiveness of our communications, including the channels, language, and visuals we use – so that we can adjust as needed to ensure the people whose data we’re using never feel duped into sharing it.
CUSTOMER CASE STUDY
The hallmark of Discernible’s approach is that incident response plans are designed to address a variety of security-related incidents regardless of severity or impact.
A CISO’s Guide to “Negative Megaphoning”
Negative megaphoning can have a significant impact on the reputation of your company as well as specific teams, like infosec. It may seem obvious that organizations want to minimize negative news headlines, but how often do CISOs think about their reputation as an employer and how that affects their ability to hire and retain talent?