What if we flipped the script on incident response communications?

Most IR drills ask "what could go wrong?" But what if we started asking "what could go RIGHT?"

Our latest Discernible Drills challenges subscribers to practice positive incident framing during a ransomware scenario. Instead of just damage control, participants learn to:

Transform incident communications into competitive advantages
Identify opportunities to strengthen stakeholder relationships
Reverse engineer foundational investments that enable excellent responses
Convert incident response into lasting business value

Traditional IR training focuses on minimizing impact. This drill teaches teams to maximize opportunity.

By strengthening your skills in positive framing, you don't just respond to incidents more effectively -- you can fundamentally change your role within the organization, becoming a strategic partner who helps businesses navigate challenges while identifying opportunities for growth.

Ready to practice turning your next incident into a new competitive advantage?

There are a lot of great things to say about generalization in the communications field, but you won't find them in my latest blog post about #SecurityCommunications.

The Specialists Edge: Security Communications Can’t Be Generic

https://www.linkedin.com/pulse/specialists-edge-why-security-communications-cant-generic-ensign-ypzhc?

New Security Communication Drill: The Bug Bounty Researcher's Perspective

Join us tomorrow for an interactive security communication drill that flips the script on traditional security exercises. Instead of focusing on the vendor side, we'll put participants in the shoes of security researchers navigating the challenges of vulnerability disclosure.

This hands-on scenario will challenge you to:

Navigate security assessments with limited visibility into internal architectures

Build credibility when you have less system context than internal teams

Communicate effectively through multi-layered teams (triage vendors vs. security engineers)

Balance respect for internal expertise while confidently advocating for your findings

Manage disclosure expectations under tight time constraints

Push for security improvements without full visibility into compensating controls

Whether you're a security researcher, bug bounty program manager, or security engineer, this drill offers valuable insights into improving communications in the vulnerability disclosure process from both sides.

Date: Wednesday, April 23
Time: 12pm ET
Location: Discernible Drills Slack

Subscribe to Join: DiscernibleInc.com/drills

"Trust Chain Turmoil" incident communications drill - tomorrow April 16!

When your Web3 protocol faces a social media smear campaign based on technical misunderstandings, how do you respond?

Our simulation puts security practitioners in the hot seat to practice:

Explaining complex issues to executives

Crafting clear security messaging for internal peers

Defending protocol integrity without jargon

Join our weekly drills subscription to participate!

Subscribe at DiscernibleInc.com/drills

NEW CASE STUDY: How Discernible helped CISO Amy Bogac navigate executive communications and career transition

"Never did I ever think that I would need a personal incident response plan and public relations expert to help manage media inquiries or questions." —Amy Bogac, Baker Tilly CISO

Read how she secured a $1B+ organization CISO role: https://discernibleinc.com/blog/building-ciso-resilience-strategic-communications

You wake up to your phone buzzing. It's not supposed to do that at this hour. Not unless something is very, very wrong.

What will you do in the critical first hour?

Join our next immersive blockchain security communications simulation where split-second decisions collide with core DeFi principles.

Multiple stakeholders.
Millions at stake.
Only a few minutes to act.

Can you balance technical truth with human realities when the clock is ticking?

Register today to join our weekly drills and participate in next week's Web3 simulation.

We're expanding our weekly IR communication drills!

Help us pick the best times by ranking your preferences in our quick survey. Your input matters and will help us accommodate more participants.

Survey link: https://docs.google.com/forms/d/e/1FAIpQLSeKtQNLlU4ZiFPBvG_p4RL9FhW5fF6fjVcvdJjO61Q4PNgpog/viewform

Launching today: Discernible Drills - our new weekly security/privacy communication training delivered via Slack!

Based on 20 years of experience in, this new service helps security and privacy professionals practice communication skills through weekly 60-minute drills.

- Covers 12 different incident types
- Text-based with multimedia elements for auditory learners
- No PO required - individual subscriptions
- Currently runs Wednesdays 12-1pm ET with more times coming soon
- Two tiers: $50/mo or $100/mo

Security incidents are more than breaches, and communication is more than media statements. Practice makes perfect.

Learn more at https://discernibleinc.com/blog/introducing-discernible-drills

A company that has already grappled with ethical data usage and established clear principles is better positioned to make difficult decisions during an active security incident.

#SecurityCommunications #IncidentResponse

https://discernibleinc.com/blog/how-data-ethics-makes-incident-response-more-effective

Really great talk from John!

Highlights the importance (with some execution tips) of cross-functional collaboration for effective AppSec with a lot less blood, sweat, & tears.

I love the AppSec space because things like building goodwill with devs, optimizing tickets for completion, confirming ownership and maintenance, and setting expectations with partners are all communication tasks — which means you can get better at them by improving your communication skills.

#SecurityCommunications https://infosec.exchange/@bsidesknoxville/113889116299182483

I stumbled upon a helpful resource for CISOs navigating board communications for the first time. While I'm not a big fan of most NCSC content, this particular piece offers valuable insight to help set expectations if you're new to these kinds of interactions.

In my coaching sessions on board and executive communications with CISOs, I often draw on research by Dr. Anthony Vance at Virginia Tech.

Here are some top recommendations:

"What do we need to know about the Chief Information Security Officer? A literature review and research agenda": https://www.sciencedirect.com/science/article/abs/pii/S0167404824003687

"Taking a Seat at the Table: The Quest for CISO Legitimacy": https://aisel.aisnet.org/icis2022/security/security/14/

"The Security Team at the Top: The Board of Directors": https://www.usenix.org/conference/enigma2022/presentation/vance

For those interested in further exploration, check out the resource on board-level cyber discussions for clear communication: https://www.ncsc.gov.uk/guidance/board-level-cyber-discussions-communicating-clearly

I remember the exact moment years ago while working at Facebook when I realized I never wanted my boss’ job.

Becoming the top PR boss at a mega corp simply wasn’t appealing to me.

I didn’t want to get pulled away from the technical security work, which consequently meant I didn’t need a pipeline of crises to get me promoted up the corporate communications ladder — and that liberated me to focus on improving communications that could PREVENT crises, not just react to them.

#SecurityCommunications

https://discernibleinc.com/blog/the-story-of-discernible

Most (not all) CISOs get exactly the amount of authority & resources they’ve earned. No credible c-level executive expects to have maximized budget or political capital bestowed on them at the expense of business objectives. If you want to be treated like a true c-level executive, you have to act like one.

Check out the rest of this story & others in chapter 2 of a new free ebook with advice for corporate boards on cybersecurity.

"A cybersecurity story that easily could have become a PR crisis on Christmas, ended with a public gathering of unlikely, unsolicited, yet influential allies….

Being proactive about our security reputation led to the decision to put communication advisors alongside our bug bounty team to guide our engineers—and that gave us more control.

For board members concerned with the impact of security issues on external perception, it’s a good exercise to ask how security communication plans extend beyond mandatory disclosures to build goodwill and establish allies in advance of the next security incident. Ask for communication-specific tabletop exercises and note where the business needs more reliable relationships, intel, and experience to help steer the outcome."

https://tag-cyber.com/advisory/publications/guiding-cybersecurity-from-the-boardroom

Due to recent industry events, we've pulled up one of our most popular blog posts.

As CEO @Wednesday explains:

"The greatest [reputation] damage is caused by the sleeping giants that don’t receive communications attention until it’s too late. High-frequency incidents have a greater potential to create a snowball effect in regards to public perception. Additionally, your public response to a seemingly simple issue is critiqued more than the original cause."

#IncidentResponse #SecurityCommunications

https://discernibleinc.com/blog/what-is-a-security-or-privacy-incident-hiccups-fck-ups-and-give-ups