CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!We have a lot to cover in this issue: AI myths to unravel, war stories from the field, and real-world breaches to learn more about. Whether you're here for insights, hot takes, or just to see how weird this gets, you're in the right place!
Welcome to our first Lore & Order newsletter! The Ally team is so glad to have you.
To kick things off, we want to share our thoughts on our use of AI. We believe our stance on this is important given the impact this technology is having all around us.
Our perspective on AI is this—it’s a tool. It is not a person, it does not replace people. The only thing it shares in common with humans is that it can be wrong. We are using AI to help organizations improve their cyber incident response capabilities by enhancing the quality of peoples experience facilitating and being facilitated through a cyber tabletop exercise. We aim to do this sustainably (more on that later).
Our approach is human-centered; we’re not removing Facilitators from the equation. We are shaping the technology into useful tools that will support them in creating engaging experiences. We give Facilitators the power to correct any output and ensure quality for their clients.
For us, the future is not AI—it’s seeing more Facilitators run more TTX in every organization. It’s hearing about every business surviving a breach because they were able to respond quickly and effectively to protect their customers and employees. We hope to see you there.
You allies in IR,
Rob & Scout
Dear Asa,
Summoned late on a Saturday night, I answered a noble's call — one of their main towers had gone dark. CPU spiked, access lost, chaos everywhere. I requested the sacred scrolls (logs, traces) and began my investigation.
Moments in, the noble asked, “Is it done?” Clearly, they’d never faced dark magic like this. I explained: identifying fileless malware — invisible beasts — takes hours. I ventured to the server’s heart, captured traces of the spirit, and retreated to study.
But when I returned, I found ruin. A guard, misguided and impatient, had cast an untested script. The malware struck back. Systems crashed. Entire rooms vanished.
The siege lasted 12 hours. I left with my gold — and a warning: never battle digital demons unprepared.
— Lead Cybersecurity Engineer | Technology
Imran Ahmad joins host Luke McNamara to explore how C-suite leaders and boards are reshaping cybersecurity conversations. They get into why training before a breach actually works, how ransomware forced executives to get serious, and where AI fits into the risk equation. It’s a candid look at what cyber leadership really needs to sound like in 2025. Listen to the Episode
Chris Krebs is out at SentinelOne. The former CISA director says the decision was his, but the context says more. After Trump called him and the company out by name, Krebs stepped away to take the fight on himself. Most of the industry stayed quiet. That silence says plenty too. His exit signals more than just a career move—it’s a bellwether moment for leadership accountability in cyber. Read More on LinkedIn
The CVE Program—core to how the world tracks software vulnerabilities—barely avoided a shutdown after CISA waited until the last minute to renew its contract with MITRE. The move raised real concerns about long-term stability. If your systems rely on CVE data (and they do), this funding chaos is more than just a headline. See Why This Matters
A major hack took 4chan offline last week and exposed its entire userbase—including .gov and .edu accounts. Nearly a week later, the site’s still down, its admin team is MIA, and users are split between panic and relief. With back-end code, mod lists, private messages, and user data all leaked, this might finally be the end of one of the internet’s most infamous and chaotic...places. Learn All About It
.png)
At Ally, we are doing things differently than traditional security software companies. We believe software should not suck, and that’s why we’re dedicated to building high-quality user experiences that actually achieve desired outcomes. We do not “move fast and break things.” We move fast to provide value.
So, welcome to the Build Chronicle—your behind-the-scenes look at the magic we’re making. To start, we want to introduce you to our lawful good mascot, Asa (pronounced ace-ah, though we are fine with ass-ah if that floats your boat).
Asa is a TTX Facilitators dream assistant. She cares for your clients and is as committed as you are to helping them become better prepared. She does this by providing assistance in note-taking, participant engagement, performance analysis, insight development, and action recommendations.
She knows preparedness is the key to real resilience, and prefers tabletops as the way to improve IR because they are highly effective when done well. She loves bringing people together, building community in security, and has a strong sense of duty to supporting Facilitators who believe in the power of TTX to forge a better tomorrow.
Asa is your Ally in preparing your clients for battle against incident chaos and evil threat actors. We hope you grow to love and appreciate her as much as we do.
Strong security starts with stories worth sharing, tools that actually help, and values that don’t crack under pressure. Especially now, when the line between human smarts and machine guesswork keeps getting fuzzier. We’ll be back next month, but until then, keep your people safe, question the hype, and remember: AI doesn’t make the call—you do!
About Ally Security
Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.
The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.
