Communication advisors helping security and privacy teams grow political capital and influence beyond reporting lines.
#SecurityCommunications #PrivacyCommunications
| Website | https://DiscernibleInc.com |
| Newsletter | https://discernibleinc.com/newsletter-signup |
| Weekly IR Comms Drills | discernibleinc.com/experience |
| https://www.linkedin.com/company/discernible/ |
This week’s brand new Discernible Experience is focused on influencing the outcomes of high-risk or high-emotion bug bounty engagements.
If you’re already a subscriber, jump into the Slack tomorrow to practice separating the validity of the finding from the behavior of the person who submitted it — and navigating internal stakeholders who are pulling in different directions.
New subscribers can join the community at: DiscernibleInc.com/experience
Our Discernible Experience team is off this week.
We’ll be back on June 24 with a brand new scenario for subscribers to practice bug bounty de-escalation.
Incidents with truly terrible user notifications are far too common.
This week's Discernible Experience scenario puts you in the seat of a Security Engineer who knows exactly what users need to know — and has no formal authority to make sure they get that information. Sound familiar?
You'll practice:
→ Articulating what "good" looks like in incident communications (not just what's wrong)
→ Mapping the organizational conditions that sideline security during notification
→ Designing the pre-incident structures that get security's voice into the process before it's too late
The best time to build communication influence is before you need it.
Subscribe at DiscernibleInc.com/experience
Security pros are quick to criticize how other organizations communicate about an incident even when they don’t know how to influence what their own organization says by doing the work that makes a good statement possible.
What happens when you have eight hours, incomplete evidence, and a reporter who may or may not have accurate information? The security team’s job isn’t to spin it. It’s to tell leadership exactly what you found, what you can’t determine, and why — so someone else can make an informed decision about what to say.
That distinction is harder to execute than it sounds.
New live scenario this Wednesday for subscribers. discernibleinc.com/experience
This week's Discernible Experience simulation follows a Web3 governance incident where the protocol worked exactly as designed.
A $40M insurance fund was drained through a legitimate governance vote, meaning there was no hack, no exploit; but nobody read the proposal so they missed the clause buried inside.
Your job is to communicate to a decentralized community when you have no email list, limited authority, and an on-chain record that's already public.
Subscribe to join at DiscernibleInc.com/experience
This week's Discernible Experience scenario is built around a question most security teams can't honestly answer until they're already in trouble:
→ What communication infrastructure do you actually have with your vendors' security teams?
Not their account manager or general support line. A named contact, a contractual notification obligation, and a pre-agreed escalation path.
We created a new insider threat simulation to walk through:
→ Sequencing internal disclosures
→ Making the first call to a vendor's security team
→ Deciding what to tell your own customers when you don't have forensic visibility of the vendor's network
Most of what makes this scenario hard (like most real incidents) is preventable and we'll practice what to do about that.
Join us to practice!
Subscribe at DiscernibleInc.com/experience
Our newest Discernible Experience simulation is inspired by the chaotic incident with edtech vendor Canvas.
On Wednesday, our subscribers will get to practice a few things:
1) separating confirmed facts from unconfirmed ones
2) determining what your institution actually owns in a third-party breach
3) communicating honestly & credibly before you have all the answers
Subscribe to join: DiscernibleInc.com/experience
🎉 It’a time for another Discernible Experience mini challenge!
A former employee posted a thread on Reddit claiming your company covered up a breach last year. The post is light on specifics but heavy on implication, and it’s starting to circulate. Three beat reporters have already sent inquiries. Internally, your organization is rattled, and some employees are asking if there’s something to the rumors.
The challenge: Engaging publicly might amplify a false narrative, while staying silent looks like confirmation and you need to address your own team before they start answering questions themselves.
What’s your response strategy, and in what order do you address the audiences who are watching?
Reminder: there's no Discernible Experience this week. All other Discernible services will still be available.
We'll see you on May 13 for a brand new outage scenario.
If you're not yet subscribed to our weekly incident comms community sessions, you can join here: DiscernibleInc.com/experience
