1 min read
A Cautionary Note on Sensationalism in Cyber Security Headlines
This month’s focus is on the importance of double-checking the work of security researchers and headlines. We live in a fast-paced news cycle and a...
Guidence
2 min read
Phishing Education - Maybe 'Best Practice' is not Best After all
Rob Labbé: Aug 12, 2025 12:00:00 AM
As security practitioners and leaders, we must contribute to the professionalization of our field by searching out data and evidence-based solutions...
2 min read
Moral Frameworks in CTI and High-Stakes Communications
We live in very polarizing times, particularly in the US. We choose our words carefully, tiptoe around topics that might devolve into argumentation...
3 min read
Precision vs Accuracy When Predicting Security Cost
Rob Labbé: Jun 5, 2025 12:00:00 AM
As I talk through the practical application of the security cost framework with our members, we are consistently running into a common stumbling...
4 min read
Guide to Traffic Light Protocol (TLP)
Key Points: TLP is a Sharing Protocol. Companies that do not share threat information are at a disadvantage. Overclassification stifles sharing...
3 min read
Building a Phishing Program
Rob Labbé: Mar 8, 2025 12:00:00 AM
Phishing is a significant compromise vector for all companies in all industries. At theMining and Metals ISAC annual conference in November, we...
4 min read
Digging Into Security Cost
Rob Labbé: Jan 14, 2025 12:00:00 AM
After my last post on using Security Cost as a metric and the basis for a core security team/CISO objective, a few Mining and Metals ISAC members...
3 min read
The Hermeneutics of Cyber Threat Intelligence Part 3: Planning and Curation
What does a Greek god, a German philosopher, and a Museum Curator have to teach us about Cyber Threat Intelligence?
4 min read
The Hermeneutics of Cyber Threat Intelligence Part 2: Answering Why?
Why? Why? Three letters, one powerful question. We all ask why. Possibly the very first question you've ever asked anyone was, "Why?"
2 min read
The CrowdStrike Incident - Resilience Matters
Rob Labbé: Jul 21, 2024 12:00:00 AM
Now that most MM-ISAC member organizations impacted by CrowdStrike's issue on Friday are through the worst of the recovery, I want to share some...