MM-ISAC Blog

Digging into cyber resilience in mining and metals.

Guidence

3 min read

Effective Incident Response Starts Long Before the Incident

Picture of Rob Labbé Rob Labbé: Dec 5, 2025 1:35:29 AM

Cyber incident response is often viewed as a technical domain, with practitioners skilled in malware reverse engineering, network and host forensics,...

Guidence Incident Response Resiliency Training
Read More

7 min read

Moving to Security Cost as a Metric

Picture of Rob Labbé Rob Labbé: Nov 10, 2025 9:23:46 PM

I’ve talked about security cost as the key metric to report on your security program when working with executives and the board. What we have not...

Guidence Metrics Risk Quantification FAIR
Read More

1 min read

A Cautionary Note on Sensationalism in Cyber Security Headlines

Cherie Burgett: Sep 8, 2025 12:00:00 AM

This month’s focus is on the importance of double-checking the work of security researchers and headlines. We live in a fast-paced news cycle and a...

Guidence Threat Intelligence
Read More

2 min read

Phishing Education - Maybe 'Best Practice' is not Best After all

Picture of Rob Labbé Rob Labbé: Aug 12, 2025 12:00:00 AM

As security practitioners and leaders, we must contribute to the professionalization of our field by searching out data and evidence-based solutions...

Guidence Resiliency Phishing Training Mental Health
Read More

2 min read

Moral Frameworks in CTI and High-Stakes Communications

Cherie Burgett: Aug 11, 2025 12:00:00 AM

We live in very polarizing times, particularly in the US. We choose our words carefully, tiptoe around topics that might devolve into argumentation...

Guidence Hermeneutics Threat Intelligence
Read More

3 min read

Precision vs Accuracy When Predicting Security Cost

Picture of Rob Labbé Rob Labbé: Jun 5, 2025 12:00:00 AM

As I talk through the practical application of the security cost framework with our members, we are consistently running into a common stumbling...

Guidence Metrics Risk Quantification Budget FAIR
Read More

4 min read

Guide to Traffic Light Protocol (TLP)

Cherie Burgett: Apr 15, 2025 12:00:00 AM

Key Points: TLP is a Sharing Protocol. Companies that do not share threat information are at a disadvantage. Overclassification stifles sharing...

Guidence Threat Intelligence
Read More

3 min read

Building a Phishing Program

Picture of Rob Labbé Rob Labbé: Mar 8, 2025 12:00:00 AM

Phishing is a significant compromise vector for all companies in all industries. At theMining and Metals ISAC annual conference in November, we...

Guidence Incident Response Phishing
Read More

4 min read

Digging Into Security Cost

Picture of Rob Labbé Rob Labbé: Jan 14, 2025 12:00:00 AM

After my last post on using Security Cost as a metric and the basis for a core security team/CISO objective, a few Mining and Metals ISAC members...

Guidence Metrics
Read More

3 min read

The Hermeneutics of Cyber Threat Intelligence Part 3: Planning and Curation

Cherie Burgett: Jan 10, 2025 12:00:00 AM

What does a Greek god, a German philosopher, and a Museum Curator have to teach us about Cyber Threat Intelligence?

Guidence Hermeneutics Threat Intelligence
Read More
1 2 Next