Communication advisors helping security and privacy teams grow political capital and influence beyond reporting lines.
#SecurityCommunications #PrivacyCommunications
| Website | https://DiscernibleInc.com |
| Newsletter | https://discernibleinc.com/newsletter-signup |
| Weekly IR Comms Drills | discernibleinc.com/drills |
| https://www.linkedin.com/company/discernible/ | |
| Ethics | https://discernibleinc.com/ethics |
🎉 It’a time for another Discernible Experience mini challenge!
A former employee posted a thread on Reddit claiming your company covered up a breach last year. The post is light on specifics but heavy on implication, and it’s starting to circulate. Three beat reporters have already sent inquiries. Internally, your organization is rattled, and some employees are asking if there’s something to the rumors.
The challenge: Engaging publicly might amplify a false narrative, while staying silent looks like confirmation and you need to address your own team before they start answering questions themselves.
What’s your response strategy, and in what order do you address the audiences who are watching?
Reminder: there's no Discernible Experience this week. All other Discernible services will still be available.
We'll see you on May 13 for a brand new outage scenario.
If you're not yet subscribed to our weekly incident comms community sessions, you can join here: DiscernibleInc.com/experience
ICYMI — CEO @Wednesday’s latest blog post explores how consistent, low-level stress exposure improves effective incident response and why the goal isn't simply to survive big incidents, but to use the smaller ones to move your organization’s threshold.
Read it here: https://discernibleinc.com/blog/the-threshold-moves-with-practice
Effective incident response communication isn't built during crises but through consistent, low-level stress exposure long before one arrives. The same neurological principle that makes experienced cave divers more capable under pressure applies directly to security teams. The goal isn't just to sur
Many bug bounty programs are built on the assumption that researchers understand their findings.
AI-assisted security research has changed that with tools that scan APIs, identify behavioral patterns, and generate vulnerability chains even for researchers who may not have the technical depth to verify, reproduce, or defend what the tool surfaces. The finding can be real and the report can still be broken.
This creates a new set of communication problem that most programs haven’t considered.
Our latest Discernible Experience scenario asks participants to work through a few tough questions:
1) How do you engage a researcher who found something real but can’t explain it?
2) What does a researcher become entitled to know when their submission intersects with an active investigation?
These tensions happen all the time now.
Subscribe to join: https://discernibleinc.com/experience
Psychologist Coltan Scrivner found that people who regularly watched scary movies showed greater psychological resilience during COVID-19. Why? They'd practiced emotional regulation through controlled exposure to fictional threats.
We applied this research when designing Discernible Experience: short weekly drills with industry peers, different scenarios every time, and psychologically safe while still genuinely challenging.
Read the full post: https://discernibleinc.com/blog/embracing-morbid-curiosity-what-horror-fans-can-teach-us-about-incident-response
Research shows horror fans demonstrated greater psychological resilience during the COVID-19 pandemic because they practiced emotional regulation through repeated exposure to frightening scenarios. Security teams can apply the same principle through frequent, varied incident communication drills tha
New scenario drops this Wednesday!
On March 31, two malicious versions of Axios were live on npm for approximately three hours. They deployed a cross-platform remote, self-destructing access trojan through a post-install hook.
Most organizations running builds during that window will never know with certainty whether they were affected.
That is the scenario we'll explore this week to practice:
— How to do executive briefings when scope isn't confirmed
— How to communicate with engineers who already know more than you've told them
— How to make a notification recommendation before you have all the answers
Wednesday, April 22 · 12–1pm ET
Subscribe to join → DiscernibleInc.com/Experience
Your containment worked & now senior leaders are asking what it’ll cost to make sure this doesn’t happen again.
This is a communication challenge as much as a technical one — and most security engineers have never been given the opportunity to practice it.
In our newest Discernible Experience scenario this week, we’ll practice communication tasks in a ransomware incident, from first alert to post-incident investment asks.
🎉 It’s time for another Discernible Experience mini challenge!
Your application security team discovers that a feature shipped six weeks ago logs full request payloads, including fields that contain passwords and session tokens, to a third-party observability platform. The feature is live in production. The logs have been sitting there for 42 days.
The challenge: Engineering wants to quietly fix it and move on. Legal wants to assess notification obligations. You need to get everyone aligned on a path without letting the conversation drag while the logs keep accumulating.
What’s your communication strategy for the next 24 hours — internally and potentially externally?
Join our newest Discernible Experience this week to practice navigating a children's app privacy incident — communicating under legal exposure and briefing executives before the full scope is known.
If you work in privacy or incident response, this one is worth your time.
Subscribe to join our weekly scenarios at DiscernibleInc.com/experience
