shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

246
active users

#securitycommunications

1 post1 participant0 posts today

What if we flipped the script on incident response communications?

Most IR drills ask "what could go wrong?" But what if we started asking "what could go RIGHT?"

Our latest Discernible Drills challenges subscribers to practice positive incident framing during a ransomware scenario. Instead of just damage control, participants learn to:

✅ Transform incident communications into competitive advantages
✅ Identify opportunities to strengthen stakeholder relationships
✅ Reverse engineer foundational investments that enable excellent responses
✅ Convert incident response into lasting business value

Traditional IR training focuses on minimizing impact. This drill teaches teams to maximize opportunity.

By strengthening your skills in positive framing, you don't just respond to incidents more effectively -- you can fundamentally change your role within the organization, becoming a strategic partner who helps businesses navigate challenges while identifying opportunities for growth.

Ready to practice turning your next incident into a new competitive advantage?

🪲 New Security Communication Drill: The Bug Bounty Researcher's Perspective

Join us tomorrow for an interactive security communication drill that flips the script on traditional security exercises. Instead of focusing on the vendor side, we'll put participants in the shoes of security researchers navigating the challenges of vulnerability disclosure.

This hands-on scenario will challenge you to:

🐛 Navigate security assessments with limited visibility into internal architectures

🐞 Build credibility when you have less system context than internal teams

🐛 Communicate effectively through multi-layered teams (triage vendors vs. security engineers)

🐞 Balance respect for internal expertise while confidently advocating for your findings

🐛 Manage disclosure expectations under tight time constraints

🐞 Push for security improvements without full visibility into compensating controls

Whether you're a security researcher, bug bounty program manager, or security engineer, this drill offers valuable insights into improving communications in the vulnerability disclosure process from both sides.

🗓️ Date: Wednesday, April 23
🕰️ Time: 12pm ET
🗺️ Location: Discernible Drills Slack

🔥 Subscribe to Join: DiscernibleInc.com/drills

📢 "Trust Chain Turmoil" incident communications drill - tomorrow April 16!

When your Web3 protocol faces a social media smear campaign based on technical misunderstandings, how do you respond?

Our simulation puts security practitioners in the hot seat to practice:

✅ Explaining complex issues to executives

✅ Crafting clear security messaging for internal peers

✅ Defending protocol integrity without jargon

Join our weekly drills subscription to participate!

Subscribe at DiscernibleInc.com/drills

💫 NEW CASE STUDY: How Discernible helped CISO Amy Bogac navigate executive communications and career transition

"Never did I ever think that I would need a personal incident response plan and public relations expert to help manage media inquiries or questions." —Amy Bogac, Baker Tilly CISO

Read how she secured a $1B+ organization CISO role: discernibleinc.com/blog/buildi

Discernible IncHow Amy Bogac Built CISO Resilience with Strategic Communications — Discernible IncCase Study: Specialized communications coaching from Discernible helped CISO Amy Bogac navigate career transitions, strengthen reputation management skills, and build a stronger executive presence.

You wake up to your phone buzzing. It's not supposed to do that at this hour. Not unless something is very, very wrong.

What will you do in the critical first hour?

Join our next immersive blockchain security communications simulation where split-second decisions collide with core DeFi principles.

Multiple stakeholders.
Millions at stake.
Only a few minutes to act.

Can you balance technical truth with human realities when the clock is ticking?

Register today to join our weekly drills and participate in next week's Web3 simulation.

🔥 Launching today: Discernible Drills - our new weekly security/privacy communication training delivered via Slack!

Based on 20 years of experience in, this new service helps security and privacy professionals practice communication skills through weekly 60-minute drills.

- Covers 12 different incident types
- Text-based with multimedia elements for auditory learners
- No PO required - individual subscriptions
- Currently runs Wednesdays 12-1pm ET with more times coming soon
- Two tiers: $50/mo or $100/mo

Security incidents are more than breaches, and communication is more than media statements. Practice makes perfect.

Learn more at discernibleinc.com/blog/introd

Discernible IncIntroducing Discernible Drills: The Power of Persistent Practice — Discernible IncJoin a new incident response communication drill with industry peers every week!

Really great talk from John!

Highlights the importance (with some execution tips) of cross-functional collaboration for effective AppSec with a lot less blood, sweat, & tears.

I love the AppSec space because things like building goodwill with devs, optimizing tickets for completion, confirming ownership and maintenance, and setting expectations with partners are all communication tasks — which means you can get better at them by improving your communication skills.

#SecurityCommunications infosec.exchange/@bsidesknoxvi

Infosec ExchangeBSides Knoxville (@bsidesknoxville@infosec.exchange)Building an appsec program is all about trade-offs; unlike usual talks filled with acronyms, this one shows how doing less can lead to better outcomes. Your developers will thank you (or at least not hate you) according to John Heasman! Check out his talk from BSK 2024! https://youtu.be/dp8bg3naG60?si=vhoqDfnvRS8_Jf5a

I stumbled upon a helpful resource for CISOs navigating board communications for the first time. While I'm not a big fan of most NCSC content, this particular piece offers valuable insight to help set expectations if you're new to these kinds of interactions.

In my coaching sessions on board and executive communications with CISOs, I often draw on research by Dr. Anthony Vance at Virginia Tech.

Here are some top recommendations:

🔬 "What do we need to know about the Chief Information Security Officer? A literature review and research agenda": sciencedirect.com/science/arti

🔬 "Taking a Seat at the Table: The Quest for CISO Legitimacy": aisel.aisnet.org/icis2022/secu

🔬"The Security Team at the Top: The Board of Directors": usenix.org/conference/enigma20

For those interested in further exploration, check out the resource on board-level cyber discussions for clear communication: ncsc.gov.uk/guidance/board-lev

www.sciencedirect.comWhat do we need to know about the Chief Information Security Officer? A literature review and research agendaSince its establishment in the 1990s, the role of chief information security officer (CISO) has become critical to organizations in managing cybersecu…

I remember the exact moment years ago while working at Facebook when I realized I never wanted my boss’ job.

Becoming the top PR boss at a mega corp simply wasn’t appealing to me.

I didn’t want to get pulled away from the technical security work, which consequently meant I didn’t need a pipeline of crises to get me promoted up the corporate communications ladder — and that liberated me to focus on improving communications that could PREVENT crises, not just react to them.

#SecurityCommunications

discernibleinc.com/blog/the-st

Discernible IncThe Story of Discernible — Discernible IncConfronting Crisis Heroism Our company logo features a hammerhead shark because that’s how I see specialized security communications: a tangible domain advantage developed through a long, painstaking evolution. That’s the story of  Discernible . The earliest motivation for  D

Check out the rest of this story & others in chapter 2 of a new free ebook with advice for corporate boards on cybersecurity.

"A cybersecurity story that easily could have become a PR crisis on Christmas, ended with a public gathering of unlikely, unsolicited, yet influential allies….

Being proactive about our security reputation led to the decision to put communication advisors alongside our bug bounty team to guide our engineers—and that gave us more control.

For board members concerned with the impact of security issues on external perception, it’s a good exercise to ask how security communication plans extend beyond mandatory disclosures to build goodwill and establish allies in advance of the next security incident. Ask for communication-specific tabletop exercises and note where the business needs more reliable relationships, intel, and experience to help steer the outcome."

tag-cyber.com/advisory/publica

Due to recent industry events, we've pulled up one of our most popular blog posts.

As CEO @Wednesday explains:

"The greatest [reputation] damage is caused by the sleeping giants that don’t receive communications attention until it’s too late. High-frequency incidents have a greater potential to create a snowball effect in regards to public perception. Additionally, your public response to a seemingly simple issue is critiqued more than the original cause."

#IncidentResponse #SecurityCommunications

discernibleinc.com/blog/what-i

Discernible IncWhat is a Security or Privacy Incident? Hiccups, F*ck Ups, and Give Ups — Discernible IncOne of the most common reasons organizations struggle with incident response communications is that their definition of an “incident” excludes most incidents. Too often incident response planning and execution only considers situations with legal disclosure obligations. It’s one reason why so many c