CLICK HERE TO DOWNLOAD THIS IMAGE & COLOR IT IN!Inside: Scattered Spider’s latest social engineering campaign, how to level up your exercises with MITRE & NIST CSF, and two takes on what’s next for the CISO role. Plus, Rob shares what hiring a North Korean IT imposter might look like at your next tabletop.
How well do you know your colleagues?
We got our team together for our first Ally team meetup recently in Indianapolis. It was great to see everyone face to face, get some productive work time in (yay, roadmap planning), and also get to know everyone better.
Here's a team pic from the event (I think the camera made our legs a little longer than they are in reality):
Speaking of getting to know your colleagues -- I was interviewed for a piece by the BBC on the North Korean IT scammers. It's an interesting piece as Beth interviews several former IT workers or North Korean defectors. The size and scope of the operation and importance to DPRK in terms of revenue is pretty astounding and the scale of the infiltration is still largely unknown. It’ll be interesting to see as more companies come forward with IP theft incidents and data leakages due to this widespread campaign.
This threat is something any hiring manager needs to be aware of and is a great topic for a tabletop. What would you do if your organization hired an IT scammer?
Your allies in IR,
Rob & Scout
The FBI just issued a warning: the cybercrime group Scattered Spider is targeting the aviation industry across the U.S. and Canada.
By calling IT help desks pretending to be employees, they then bypass MFA. Although no flight delays are reported yet, major players like WestJet and Hawaiian Airlines are already investigating “cybersecurity events.”
Vendors, contractors, and anyone in the airline ecosystem should be on high alert. Get the Intel
The role of CISO isn’t just about blocking attacks anymore—it’s about architecting resilience that actually keeps the business running. Turns out, the future of security leadership might look less like firefighting and more like enterprise architecture.
In this episode of the CISO Series, leaders from Frost Bank and GM Financial explore what it really means to simplify security, why disinformation is harder to fight than nation-state attacks, and how entry-level cyber roles do exist (but context matters). Read the Interview
Forget solo quests—modern IR calls for a party of frameworks.
When used in tandem, NIST CSF 2.0 and MITRE ATT&CK help IR consultants and tabletop facilitators level up their scenarios, sharpen reports, and align security tactics with business priorities.
Plus, you’ll get a look at how SP 800-84 and 800-61 Rev3 fit into the mix, helping teams track performance, boost resilience, and turn tabletop chaos into action plans that actually stick. Read the Blog
With new regulations making CISOs personally accountable for breaches, burnout is rising—and 1 in 4 CISOs is ready to quit.
This piece explores a compelling path forward: transforming the CISO into a business resilience architect. That means fewer firefights, more strategy. Less compliance chaos, more impact in the boardroom.
Expectations are growing, but so is the potential. Is your org ready for the next era of security leadership? Learn What's Next
You can now see your exercise visualized in an inject timeline view. Take a deep dive into each inject to see gap identification in context with what decisions were made, why, and what the outcomes were.
Additionally, you can use the timeline to see all collaboration content—questions, ideas, and processes used—per inject!
Have feedback? A feature idea? Submit it via the sidebar in the Ally app! We love hearing from you.
Cheers,
Rob & Scout
That’s it for this month’s dispatch.
From MFA failures in the skies to resilience frameworks that actually stick, we hope this edition gave you sharper questions, smarter playbooks, and a few tabletop prompts you didn’t see coming.
About Ally Security
Ally is here to support facilitators, which in turn creates a virtuous cycle where exercises take less time, provide more value, are run more frequently, and can make every organization can be better prepared.
The unexpected wins. The client curveballs. The chaos you couldn’t have scripted if you tried. Dear Asa is your space to share the stories that don’t make it into the official post-incident report. Script, submit, and enjoy a chance to be featured or quoted in an upcoming post.
