Protect As One

Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC)

The RH-ISAC was formed in 2014 as the home of the Retail and Hospitality Information Sharing and Analysis Center (ISAC) and operates as a central hub for sharing sector-specific cyber security information and intelligence. The association connects information security teams at the strategic, operational and tactical levels to work together on issues and challenges, to share practices and insights, and to benchmark among each other – all with the goal of building better security for the retail and hospitality industries through collaboration. RH-ISAC currently serves companies in the retail, hospitality, gaming, travel and other consumer-facing entities.

Our Members

Members represent retail and customer-facing companies throughout the retail ecosystem including retailers, restaurants, hotels, gaming casinos, gift cards, consumer products and more.



Colin Anderson


Global Chief Information Security Officer

Rich Agostino


Chief Information Security Officer

Dave Spooner

Vice Chair

Senior Vice President & Chief Information Security Officer

Grant Sewell


Head of Cybersecurity & Privacy

Ken Athanasiou


Chief Information Security Officer

Jim Cameli

Past Chair

Vice President & Global Chief Information Security Officer

Andy Caspersen


Chief Information Security Officer

Dave Estlick


Chief Information Security Officer

Adam Hirsch


Senior Vice President, Global Information Security

Lauren Dana Rosenblatt


Deputy CISO

Christopher Zell


Vice President, Head of Information Security

Suzie Squier


Member Testimonials

Member Benefits

RH-ISAC Member benefits and service offerings are tailored to drive value for cybersecurity professionals by optimizing efficiencies through automated intelligence sharing, delivering simple and secure access to the RH-ISAC community, curating practical, meaningful and actionable content, and enabling peer-to-peer collaboration and best practice sharing.

Gain access to a private network of industry peers and providers exchanging intelligence and insight within the RH-ISAC community. These trusted communications take place via the RH-ISAC Collaboration Portal, analyst-to-analyst exchanges, and participation in virtual community discussions.

The RH-ISAC facilitates security intelligence sharing, analysis, and understanding through both human and machine-to-machine data exchange. Campaigns, indicators and requests for information are shared across similar verticals to increase context around individual threats, industry-wide threat landscape trends, tools and techniques. Retail and hospitality ISAC analysts provide additional enrichment, intelligence, and insights around information that is shared.

The RH-ISAC offers members a unique opportunity to establish trust-based, peer-to-peer relationships through participation in collaborative in-person and virtual events and streamlined discussion within the Collaboration Portal. RH-ISAC content and events are built from direct member feedback, resulting in carefully crafted sessions that facilitate peer knowledge exchange, deliver leading practices and ensure practical outcomes and lasting connections.

Retail and hospitality members benefit from timely intelligence reports, products, and insights including contributions from our Associate Members:

Organizations who engage with retailers as product or service providers may request an application to participate in the RH-ISAC community as Associate members. Associate members are industry-leading providers committed to adding value within the RH-ISAC community and the activities it supports, understanding industry challenges, and supporting member companies. To drive the strongest possible exchange of value between Associate and Core members, Associate member applications will be carefully considered based on the organization’s ability and commitment to contribute to the RH-ISAC’s mission of advancing the collective capabilities of cyber security professionals in retail and customer-facing companies in the retail ecosystem.

Learn More About Membership

Our Associate Members


Accenture Security helps organizations build resilience from the inside out, so they can confidently focus on innovation and growth. Leveraging its global network of cybersecurity labs, deep industry understanding across client value chains and services that span the security lifecycle, Accenture protects organization’s valuable assets, end-to-end. With services that include strategy and risk management, cyber defense, digital identity, application security and managed security, Accenture enables businesses around the world to defend against known sophisticated threats, and the unknown. Follow us @AccentureSecure on Twitter or visit the Accenture Security blog.


Anomali provides access to their Anomali Threat Stream portal site for RH-ISAC intel sharing. RH-ISAC members can create their user accounts and join trusted circles for intel sharing. Threat Stream account holders can then view incidents, add incidents, add campaigns, sign-up for phishing email ingest, and import indicators.


CyberInt’s Managed Detection and Response offering services are based on ArgosTM - CyberInt’s proven real time digital risk protection platform - consulting and managed services as well as a strong cyber-expert multi lingual analyst team. Serving customers spanning globally and include cyber-secured customers from retail, finance, e-commerce, and gaming industries. Security challenges differ between industries and CyberInt facilitates companies in taking a proactive outside - in approach to cybersecurity. CyberInt’s nuanced understanding of different industries vis-a-vis the rapid growth of attack vectors and sophistication reflects expertise in working with companies of any size and nature to provide continuous monitoring, detection and immediate responses to threats and vulnerabilities. To address real-time threats, and reduce fraud rate, and protect brands, CyberInt utilizes early prevention of brand abuse to avoid crises or downtime, with powerful intelligence-led forensic tools to investigate and respond and contain to never-before-seen attacks in real time before they materialize.


Cybrary is the Security Enablement learning platform that enables organizations with the tools they need to assess, develop, and measure their technical organization’s security skills. In return, giving you the ability to identify gaps, increase efficiency, and reduce risk. Our differentiated creator network of over 2000 unique contributors positions Cybrary to deliver our customers the fasting moving catalog in the industry housing more relevant and up-to-date content than any other provider on the market. We have more than 2.5 million professionals on the platform, including 96% of the Fortune 1000.


Endgame makes military-grade endpoint protection as simple as anti-virus. Leveraging the industry’s most advanced machine learning technology, Endgame enables security operators of any skill level to deliver full-force protection, stopping everything from ransomware, to phishing, and targeted attacks. Endgame is the only endpoint security platform to offer a unique hybrid architecture that delivers both cloud administration and data localization that meets all industry, regulatory, and global compliance requirements. The US military as well as the world's largest commercial organizations rely on Endgame to protect their people, technology and mission, globally. For more information, visit and follow us on Twitter @EndgameInc.


As better-connected consultants, we help our clients navigate the Transformative Age. We do this by connecting the talents, creativity and experience of our entire organization and alliances. This enables us to ask the better questions and find answers to some of the world’s toughest challenges and build a better working world.


FireEye, Inc. (NASDAQ: FEYE) is an intelligence-led security company that protects customers with innovative technology and expertise from the frontlines. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant® consulting. With this approach, FireEye eliminates the complexity and burden of cybersecurity for organizations struggling to prepare for, prevent, and respond to cyber attacks.


Flashpoint delivers Business Risk Intelligence (BRI) to empower organizations worldwide with meaningful intelligence and information that combats threats and adversaries. The company’s sophisticated technology, advanced data collections, and human-powered analysis uniquely enables large enterprises and the public sector to bolster cybersecurity, confront fraud, detect insider threats and build insider threat programs, enhance physical security, improve executive protection, and address vendor risk and supply chain integrity. Flashpoint is backed by Georgian Partners, Greycroft Partners, TechOperators, K2 Intelligence, Jump Capital, Leaders Fund, Bloomberg Beta, and Cisco Investments. For more information, visit or follow us on Twitter at @FlashpointIntel.

Intel 471

Intel 471 provides the RH-ISAC ISAC team with timely and exclusive data on current, real-time threats and pending future threats. This partnership provides the RH-ISAC with increased visibility and focused insight related to the increased number and sophistication of attacks against retailers, online commerce, restaurants, hotels, consumer product manufacturers and other consumer serving industries.


Intezer introduces a Genetic Malware Analysis approach, offering enterprises unparalleled and accelerated incident response. Intezer provides a fast, in-depth understanding of any file by mapping its code DNA at the ‘gene’ level — offering the most advanced level of malware analysis. By identifying the origins of every piece of code, Intezer is able to detect code reuse from known malware, as well as code that was seen in trusted applications. For more information, visit or follow us on Twitter at @IntezerLabs.


IntSights is redefining cyber security with the industry’s first and only enterprise threat management platform that transforms tailored threat intelligence into automated security operations. Our groundbreaking data-mining algorithms and unique cyber reconnaissance capabilities continuously monitor an enterprise's external digital profile across the surface, deep and dark web, categorize and analyze millions of threats, and automate the risk remediation lifecycle -- streamlining workflows, maximizing resources and securing business operations. This has made IntSights’ one of the fastest growing cybersecurity companies in the world. IntSights’ has offices in Amsterdam, Boston, Japan, New York, Dallas and Tel Aviv. To learn more, visit:

The Media Trust

The Media Trust is on a mission to fix the digital ecosystem. Through continuous client-side monitoring of websites and mobile apps, we provide transparency into the complex relationships delivering the consumer experience. From malware and customer hijack prevention to data leakage and performance-sapping activity, our digital insights identify and remediate brand-damaging and regulation-violating activity so you can build a healthier, more valuable digital environment for your customers. Avoid regulatory fines. Drive more revenue. Govern your digital assets with The Media Trust.


ReversingLabs offers a 30-day trial of its A1000 investigation solution and core to its Titanium Platform. This provides RH-ISAC members risk and threat insights into the top priority files and objects at the speed, accuracy, and scale needed for today's large digital enterprises. ReversingLabs offers user training, including quarterly webinars, as well as product updates, and user support.


Based in Colorado Springs, CO, R9B (root9B, LLC) is a leading provider of advanced cybersecurity services and training for commercial and government clients. Combining cutting-edge technology, tactics development, specialty tools, and deep mission experience, R9B personnel leverage their extensive backgrounds in the U.S. Intelligence Community to conduct advanced vulnerability analysis, penetration testing, digital forensics, incident response, industrial control system (ICS) security, and active adversary pursuit (HUNT) engagements on networks worldwide. For more information, visit

Shape Security

The world's largest enterprises rely on Shape Security as their primary line of defense against fraud and attacks on their web and mobile applications. Shape customers include three of the Top 5 US banks, five of the Top 10 global airlines, two of the Top 5 US insurers, and two of the Top 5 global hotels. The company has raised $100M+ from Kleiner Perkins, Google Ventures, Eric Schmidt, and other leading investors to build an advanced web, mobile, artificial intelligence, and machine learning platform for global scale application defense. The Shape platform, covered by 50 issued patents and 100+ additional patent applications, was designed to stop the most dangerous application attacks enabled by cybercriminal fraud tools, including credential stuffing (account takeover), product scraping, unauthorized aggregation, and other threats. Shape was named by CNBC as one of the 50 most disruptive companies in the world. Today, the Shape Network defends 1.4 billion user accounts from account takeover and protects $1B of in-store mobile payments worldwide. Shape is headed by industry leaders from Google, Cisco, IBM, Raytheon, Palo Alto Networks, and the Department of Defense.


Sixgill, a leading cyber threat intelligence company, automates the monitoring, collection and analysis of exclusive-access deep, dark, and surface web sources to detect threats and alert customers of potential cyber attacks. RH-ISAC’s analysts will have access to Sixgill’s intelligence portal, which provides actionable intelligence on relevant threats to the retail and hospitality sector.


SpyCloud is a pioneer in breach discovery and account takeover prevention. We strive to help businesses of all sizes mitigate data breaches by proactively alerting when employee or customer assets have been compromised. We accomplish this through our early-warning breach detection service powered by a world-class team of intelligence analysts.

Stroz Friedberg

Stroz Friedberg is a global leader in cybersecurity, forensic investigations, and due diligence. We offer expertise in cyber incident response, security assessment and consulting, forensics, and investigations. Having worked with the largest players in the B2C space, our experts improve top tier retailers’ ability to defend against, respond to, and prevent cyber disruptions. Whether protecting systems and customer information from data breaches, thwarting point of sale attacks or malware, or remediating gaps in a company’s cyber strategy, we seek truth so clients can find resilience.


Symantec Corporation (NASDAQ: SYMC), the world's leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. Organizations across the world look to Symantec for strategic, integrated solutions to defend against sophisticated attacks across endpoints, cloud and infrastructure. Likewise, a global community of more than 50 million people and families rely on Symantec's Norton and LifeLock product suites to protect their digital lives at home and across their devices. Symantec operates one of the world's largest civilian cyber intelligence networks, allowing it to see and protect against the most advanced threats.


ThreatConnect provides access to their platform for RH-ISAC members. The ThreatConnect platform helps to identify, manage, and block threats faster by consuming consolidated data, importing your own data, combining external open source threat feeds with your data, and allowing you to act on malicious indicators by using platform-provided signatures to detect threats in your environment.


Build your customer base and streamline transactions with our data, fraud and identity solutions.

In our fast-paced world, today’s customers expect and demand a quick, pleasant and secure experience, whether in person or online. Yet, fraudsters are also evolving, making it more difficult to identify potential fraud fast enough to avoid significant losses. TransUnion offers a variety of solutions to help you more confidently identify good customers and seamlessly move them through the customer lifecycle, while mitigating risk.

To assist our retail and ecommerce customers, we offer solutions that address the onboarding and transaction process. We provide scoring and analytics products that give you a more comprehensive picture of consumers. You can then use our digital marketing solutions for engagement, appropriate targeting and retention. We also offer fraud and identity management solutions to help you verify and authenticate consumers at point of sale, in your call center, or in digital channels. We want to arm you with the tools you need to acquire the right customers, make sound offers and combat fraud—all which enable you to better cultivate loyal customer relationships and drive a healthier bottom line.


ThreatQuotient delivers an open and extensible threat intelligence platform (TIP) to provide defenders the context, customization and collaboration needed for increased security effectiveness and efficient threat operations and management. ThreatQ accelerates the transformation of threat data into actionable threat intelligence by giving defenders unmatched control through a threat library, an adaptive workbench and an open exchange to ensure that intelligence is accurate, relevant and timely to their business. With ThreatQ, customers can get more out of existing security resources, both people and infrastructure.


TruSTAR is part of the tech infrastructure that powers RH-ISAC's threat intelligence exchange. TruSTAR’s platform helps companies operationalize the intelligence generated from the RH-ISAC Community, correlate intel with the users own historical event data, external intelligence feeds, and other sharing groups. This threat intelligence platform gives RH-ISAC members one central destination to analyze and enrich the most relevant data sources for its users.


Valimail is the trusted leader in fully automated email authentication, with the only comprehensive platform for anti-impersonation, brand protection, and compliance used by corporations and federal agencies such as Uber, Fannie Mae, WeWork, and the U.S. Agency for International Development. Valimail Enforce is the only FedRAMP-authorized email authentication service and, because it uses no personally identifiable information (PII), it is also GDPR compliant. Valimail authenticates billions of messages a month for some of the world's biggest companies, in finance, government, transportation, health care, manufacturing, media, technology, and more. Valimail is based in San Francisco. For more information visit

Visa Threat Intelligence

Indicators of Compromise help organizations determine if they have been the target of a breach and contributes actionable data helping merchants avoid future breaches. When payment fraud occurs, Visa’s Risk and Fraud teams collect and analyze information from the breach and that data is provided through an API to VTI subscribers. Because breaches often occur many months prior to fraud, businesses can significantly reduce risk by detecting breaches early.


Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading global information technology, consulting and business process services company. We harness the power of cognitive computing, hyper-automation, robotics, cloud, analytics and emerging technologies to help our clients adapt to the digital world and make them successful. A company recognized globally for its comprehensive portfolio of services, a strong commitment to sustainability and good corporate citizenship, we have over 170,000 dedicated employees serving clients across six continents. Together, we discover ideas and connect the dots to build a better and a bold new future.

Strength Through Collaboration

The RH-ISAC is dedicated to building on a strong foundation of sharing by engaging in cooperative partnerships with industry trade associations, government, law enforcement, and cross-sector sharing forums. The RH-ISAC is a member of the National Council of ISACs (NCI) and a participant in the Department of Homeland Security (DHS) Cyber Information Sharing and Collaboration Program (CISCP). Through the CISCP, the RH-ISAC shares threat information with DHS affiliated agencies including the Federal Bureau of Investigations (FBI), United States Secret Service, United States Computer Emergency Readiness Team (US-CERT) and others affiliated with the National Cybersecurity & Communications Integration Center (NCCIC).