Security Collaboration Groups

Application Security

This working group meets on a monthly basis for an open forum discussion where practitioners and thought leaders can tackle challenges in product security, application security, and software security fields. Topics include: DevSecOps, cloud security, security champions, security by design, shifting left, and security automation tooling.

Automated Alerts

ATO Prevention

This strategic-level group is focused on identifying and promoting the adoption of group identified industry best practices regarding account takeover (ATO) threats, as well as sharing mitigation strategies.


Dark Web

A specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.

Identity & Access Management

This group provides the opportunity to hear from others working on identity and access management (IAM) for their enterprise, customers or both. In monthly calls, an RH-ISAC member shares their company's journey with lively Q&A that follows.

Incident Response

This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences; collaborates on incident investigations, threat hunts, and tabletop exercises.

Risk Management

This community is interested in developing enterprise risk management policies that can mitigate the impact and likelihood of attacks. In partnership with CyberGRX, the benchmark initiative allows all RH-ISAC members to complete a free self-assessment, analyze common high risk areas, and discuss strategies to improve security posture.

Security Awareness

This working group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Bi-monthly meetings cover topics such as phishing program strategies, application and secure code training, and leveraging threat detection tools to identify risky behavior.

Team Icon

Security Operations

This group shares operational strategies to help improve the efficiency and effectiveness of security program capabilities. The group arranges monthly interviews of strategic leaders who share their journey in building their information security program. Each interview includes time for discussion.


Third-Party Risk Management

This working group shares insights and information for building a third-party risk management program, including how to work with internal teams to identify and assess suppliers and verify what vendors have elevated levels of privilege within your networks.

Automated Alerts

Vulnerability Management

This group is dedicated to the exchange of best practices for identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. A proactive approach to security allows for appropriate prioritization of potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited

Tool-Based Groups


Crowdstrike Falcon EDR

A place for users of the Crowdstrike Falcon EDR tool to ask each other questions, discuss use cases, and share best practices.



The goal of the MISP Working Group is a steady-state collaborative environment for RH-ISAC members to exchange experiences in MISP development, and to jointly mature their current MISP implementations by focus and collaboration on MISP implementation best practices. The working group is also supporting and informing RH-ISAC efforts to implement an ISAC MISP instance, based on member interest, in order to further support member collaboration and threat sharing.



The SOAR (Security Orchestration, Automation, and Response) Users’ Group provides a forum for members to learn how others are effectively using software solutions and tools to streamline and automate security operations.



The objective of the Splunk Users’ Group is to learn how other members are making the most effective use of Splunk. This includes ingesting RH-ISAC threat intel from TruSTAR, building detections, managing alerts, configuring custom dashboards, and integrating with other tools to increase automation.



The goal of the YARA Users' Group is to provide a collaborative community where YARA users can learn from other malware detectives, and build and share techniques and descriptions (a.k.a rules).

Industry-Focused Groups

Gaming & Hospitality Special Interest Group

The Hospitality & Gaming Special Interest Group fosters a secure, collaborative forum for gaming, hospitality, and entertainment organizations to share threat intelligence. Information shared through this special interest group will translate to detection, mitigation, and improved response capabilities to reduce business risks, protect customer accounts, and create safer experiences within our ecosystem.


Franchise Working Group

The Franchise Working Group addresses cybersecurity issues within the franchisee operating model, vendor outsourcing/solution provider support, cybersecurity framework models, and shares best practices to address challenges and increase awareness among franchisees to collectively mitigate risks.

secure, automated reports to optimize your cybersecurity

Operational Technology Special Interest Group

The objective of the Operational Technology Special Interest Group is to provide best practice collaboration for those retailers who may have manufacturing or plant capabilities and are concerned with the unique security challenges for enabling internet of things (IoT), connective devices and technology that supports retail production operations.

Join your peers at RH-ISAC

Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.

RH-ISAC Cyber Intelligence Summit Sept. 2021 Dallas, TX

Register for Summit

Our biggest event of the year is back in person on September 20-21! Join your RH-ISAC peers in Dallas for this annual two-day conference featuring interactive, practitioner-led discussions, breakout sessions, and keynote presentations.