Halloween-themed announcement graphic for new Discernible Drill about building incident response infrastructure after supply chain attacks. Features black cat, pumpkins, and event details: Wednesday, October 29, 12-1pm ET in Discernible Drills Slack. Subscribe at DiscernibleInc.com/drills

open source packages got compromised.

engineers are getting questions on social media.

volunteer maintainers found out from hacker news.

enterprise customers are furious they weren’t notified first.

This week’s focus: community expectations, rapid disclosure, & coordinating external maintainers.

When Ransomware Groups Target Executives: Lessons from Our Latest Discernible Drill — Discernible Inc This Discernible Drill showed participants that transparency and industry coordination reduce business risk by providing customers actionable information and security teams complete threat intelligenc...

Debrief from most recent security communications drill, "Operation Harassment: When Ransomware Groups Target Your Executives," based on the Salesloft/Drift ransomware incident.

discernibleinc.com/blog/when-ra...

Promotional graphic for Discernible Drills featuring a tabby cat wearing orange sunglasses and holding an orange megaphone. The image announces a new drill titled ‘Code Red Headlines: When Security Incidents Become Front-Page News’ scheduled for Wednesday, August 27, 12-1pm ET or Thursday, August 28, 1-2pm PT in the Discernible Drills Slack. A black ‘Subscribe to join’ button and the URL DiscernibleInc.com/drills appear at the bottom.

In this week’s Discernible Drill, we’ll help you practice:

✅ Identifying technical evidence that helps skeptical reporters understand complex security topics.
✅ Spotting gaps in your PR team's security knowledge that could lead to miscommunication.

#SecurityComms #IncidentResponse

Mastering Cross-Functional Privacy Communications — Discernible Inc Privacy incidents aren't just about breaches -- they're often about cross-functional misalignment on privacy expectations. Our recent privacy communications drill revealed how to bridge departmental l...

Privacy incidents extend far beyond data breaches -- they're often about cross-functional misalignment on privacy expectations.

How can security professionals bridge departments to prevent privacy missteps before they damage user trust?

👇

discernibleinc.com/blog/privacy...

eBook: Security Incident Communication Playbook -- Vol. 1 — Discernible Inc This book debunks five dangerous myths that undermine incident response effectiveness. You'll discover why transparency alone isn't enough, how to balance legal concerns with human connection, and why...

Stop treating security incidents like damage control exercises. They’re inflection points in building influence.

We published a new book with some of our Discernible Drills scenarios + frameworks that turn incidents into opportunities.

discernibleinc.com/store/p/secu...

Our latest drill simulates an AI agent data breach where third-party services inadvertently expose customer conversations -- sound familiar?

Subscribe to join our weekly drills at: discernibleinc.com/drills

We seen this trend growing among security vendors as well in the race to the bottom for content marketing.

This week's **brand new** Discernible Drill focuses on the critical but often overlooked communication bridge between security engineering and customer support because the best technical fix means nothing if your customers don't understand what's happening.

#IncidentResponse #SecurityCommunications

🚨 New 60-minute Discernible Drill: “Data Double Agent”

Practice the hardest part of insider threat response — stakeholder communication when trust breaks down.

Perfect for security teams who need to manage competing priorities during incidents.

📬 Mailbag: What's the best approach for sharing vulnerability findings with developers to avoid inciting defensiveness? — Discernible Inc Effectively communicating security vulnerabilities to development teams requires understanding emotional dynamics and reframing findings as opportunities rather than criticisms. By applying proven com...

"What's the best approach for sharing vulnerability findings with developers to avoid inciting defensiveness?"

Find out how we answered this reader's question in the blog post below. 👇

discernibleinc.com/blog/-mailba...

Black cat hiding in a bathtub, only eyes peaking over the side.

We’re taking a break this week since many folks are traveling to Vegas for conferences & events.

Next week’s drill will focus on insider threats.

Subscribe now & get your first month of Discernible Drills free!

Join today → DiscernibleInc.com/drills

Use promo code FREEMONTH at checkout.

How Organizations Sabotage Media Relations by Misunderstanding Security Communications — Discernible Inc Organizations that treat security communications as crisis media relations sabotage their own credibility. Effective security communications require comprehensive internal messaging and stakeholder tr...

Treating security comms as crisis PR focused only on press statements = trying to make major withdrawals from a trust account you never bothered to fund.

Ongoing stakeholder comms make security incidents manageable rather than catastrophic.

discernibleinc.com/blog/sabotag...

🔥 New Discernible Drill alert:

In this week’s simulation you’ll practice balancing company values with rapid open source incident response, coordinating communication across distributed teams, and managing client relationships.

Subscribe to join our weekly drills at DiscernibleInc.com/drills

🔥New Discernible Drill!

Inspired by McDonalds, our new drill covers more than technical remediation - you’ll navigate:

🛣️ Multiple disclosure paths (coordinated, immediate, regulatory)
🤝 Complex researcher relationships
🫣 Uncooperative vendors who resist transparency

DiscernibleInc.com/Drills

How Organizations Sabotage Media Relations by Misunderstanding Security Communications — Discernible Inc Organizations that treat security communications as crisis media relations sabotage their own credibility. Effective security communications require comprehensive internal messaging and stakeholder tr...

Security communications != crisis PR

Journalists covering incidents draw on months/years of context about how you communicate with stakeholders during normal operations.

Companies that handle incidents well build credibility long before they need it.

discernibleinc.com/blog/sabotag...

Sign up for our monthly newsletter — Discernible Inc Effective communicators secure more resources, gain greater influence, and deliver more business value.

Our monthly newsletter includes:

• Research-backed strategies for driving security/privacy adoption

• Psychology insights that explain why tech rollouts fail (& how to fix them)

• Tools for educating execs & boards

+ we don’t add you to sales/marketing lists!

discernibleinc.com/newsletter-s...

Goodbye Redwood Forest -- The blue areas are what EO 14225 has marked for deforestation. These are old growth forests, protected by law.

Most IR drills ask "what could go wrong?" But what if we ask "what could go RIGHT?"

Join us this week!

✅ Turn incident comms into competitive advantage
✅ Strengthen stakeholder relationships
✅ Convert IR into business value

#IncidentResponse #CyberSecurity #SecurityCommunications

5 Communication Assets to Build Before Your Next Security Incident — Discernible Inc These elements streamline communications and enable nimble responses that build lasting stakeholder trust and demonstrate your security team's ability to overcome complex challenges.

"…hadn't thought through the communication side as systematically. The stakeholder mapping template was particularly useful - we adapted it for our environment and now have a clearer picture of who needs what information during different types of incidents."

discernibleinc.com/blog/5-thing...

Beyond Damage Control: The Science Behind Apologies — Discernible Inc An apology is an opportunity to demonstrate organizational values, rebuild relationships, and emerge stronger.

"The distinction between defending vs. rebuilding trust was helpful when crafting our customer communication. We combined your approach with guidance from our legal team and saw better engagement from customers compared to our previous incident responses."

discernibleinc.com/blog/beyond-...

Why Decision Frameworks Are the Secret Sauce of Effective Incident Communications, Not Templates — Discernible Inc Discover why predetermined decision protocols outperform templates for managing security incident communications. Learn how to establish effective frameworks that empower stakeholders with the right e...

"We had been relying heavily on pre-written templates that often didn't quite fit the situation. Your post helped us think about empowering our incident response team with better decision-making principles instead."

discernibleinc.com/blog/decisiv...

📬 Mailbag: What are the elements of a successful post-mortem? — Discernible Inc How do leading incident response teams transform post-mortems from technical reviews into engines of organizational change by focusing on cultural integration, behavioral psychology, and systemic patt...

"We were already doing technical root cause analysis well, but hadn't been as systematic about behavioral & systemic patterns you mentioned. We've started incorporating some of your suggestions…it's helping us have more productive conversations about prevention."

discernibleinc.com/blog/-mailba...

The Myth of Shared Responsibility — Discernible Inc The uncomfortable truth is that "shared responsibility" is a myth that allows organizations to talk about security without making consequential changes to incentives and accountability structures.

"This post put words to something I'd been struggling to articulate…shared responsibility becoming a way to avoid accountability really resonated. I referenced it in conversations with our CEO about creating clearer security ownership..."

discernibleinc.com/blog/the-myt...

🎉 OUR 5-YEAR ANNIVERSARY GIVEAWAY WINNERS HAVE BEEN SELECTED & NOTIFIED! 🎉

Thank you to everyone who participated!

We were blown away by your thoughtful comments, so we included a few of our favorites in the comments below.👇

Thanks for being part of our journey over these 5 years. 💙

🏁FINAL DAY OF OUR 5TH ANNIVERSARY GIVEAWAY 🏁

Last chance to enter: Comment with a blog post from our team that impacted your security practices, and tell us why it mattered.

Every comment increases your chances! Winners notified by end of day.

#InfoSec #IncidentResponse #SecurityComms

Only 1 more day to win! We’re turning 5 and giving away 5 1-year subscriptions to Discernible Drills.

🚨 Get your entries in before tomorrow’s deadline!

Tomorrow we’ll select winners for free subscriptions to our weekly IR comms drills!

Comment & tell us which of our blog posts you liked most.

Each comment = new entry

More participation = better chances!

#SecurityComms #PrivacyComms

#ICA25 ICA CAT panel: MIAO-nipulating Cognition: AI Offloading, Expertise, and Relationships - 14-Jun-25, 12:00 PM in Centennial G (Regency 3).

#ICA25 ICA CAT panel: MIAO-nipulating Cognition: AI Offloading, Expertise, and Relationships - 14-Jun-25, 12:00 PM in Centennial G (Regency 3).

Our 5-year anniversary giveaway continues with 5 subscriptions to Discernible Drills Pro up for grabs. ($1,200 value!)

Share which of our blog posts taught you something valuable!

Each post = 1 entry.

Multiple entries encouraged!

Winners selected Friday.

#SecurityComms #IncidentResponse