Domain-Specific Working Groups

Working groups are domain-specific and focus on sharing knowledge, use cases, and best practices in a given subject area.


Dark Web

This is a specialized group dedicated to identifying, tracking, and indexing sellers and threat actors that target the retail and hospitality industries. Working at an elevated TLP level with stricter guidelines, the group may share more sensitive internal data, with the goal of making intelligence actionable for organizations.

gift card

Gift Card Fraud

This group of retailers is dedicated to gathering collective intelligence on gift card extortion, using relevant data to build cases for law enforcement investigations, and sharing best practices on prevention and detection controls as well as fraud team(s) roles, responsibilities, and organizational alignment.


This group is dedicated to preventing and detecting fraud and all the ways it manifests as a cyber threat against organizations and customers in the retail and hospitality sector. This includes sharing intelligence on ATO, bots, ransomware, phishing, refund-as-a-service and loyalty fraud, and domain takedowns/imposter sites; as well as best practices on fraud security controls, and detection tools.

Identity & Access Management (IAM)

Participants in this group share their company’s IAM journey for the enterprise, customers, or both. Topics include multi-factor authentication (MFA), privileged access management (PAM), customer identity access management (CIAM), role-based access controls (RBAC), just-in-time provisioning, and other zero-trust architecture-aligned IAM principles, as well as single sign-on related concerns.

Incident Response (IR)

This group brings IR teams together to discuss strategies, share experiences, tools, and general sharing of intel and information. The group also shares best practices, playbooks, methodologies, and experiences, as well as collaborating on incident investigations, threat hunts, and tabletop exercises.

secure, automated reports to optimize your cybersecurity

Operational Technology

This group is for retailers who have manufacturing capabilities or use hardware and software to monitor production operations discuss unique security challenges, including the internet of things (IoT), remote access for employees and third-party support, network segmentation strategies, and measuring OT risk.

Risk Management

The group seeks to build meaningful and mutually beneficial relationships with cybersecurity professionals who focus on governance, risk, and compliance (GRC) within their organizations. This community is interested in developing key risk indicators (KRIs), business resiliency, cyber risk quantification, cyber insurance, and governance tools, and cloud governance practices.

Security Architecture

This group is for security architects to discuss high level topics regarding security architecture and their infrastructure.


Security Awareness

This group is dedicated to educating and training employees on information security best practices and developing a security-minded culture within their organizations. Topics include phishing program strategies, building a security champions program, leveraging threat detection tools to identify risky behavior, and planning initiatives for Cybersecurity Awareness Month.


Third-Party Risk Management (TPRM)

This group shares information for building a third-party risk management program and works together to benchmark and assess common retail suppliers. Insights can be used to highlight which vendors are most susceptible to threats and have elevated privilege within their networks, as well as help as practitioners understand inherent risk, implement mitigating security controls, and develop an incident response plan for third parties.

Automated Alerts

Vulnerability Management

This group is dedicated to identifying, evaluating, prioritizing, and mitigating vulnerabilities to protect the modern expanded attack surface. Sharing these best practices helps prioritize potential risks so companies can allocate resources to mitigate vulnerabilities before they become exploited. Other discussion topics include system ownership, application dependencies, secure CI/CD pipeline, and change management.

Tool-Based Groups

Tool-based groups focus on technology commonly used in security stacks.


Crowdstrike Falcon EDR

This group offers a place for users of the Crowdstrike Falcon EDR tool to ask each other questions, discuss use cases, and share best practices.



The MISP Working Group will primarily support the RH-ISAC's efforts to advance our MISP instance’s content and functionalities based on member needs and interest in order to further support member collaboration and threat sharing.



The SOAR (Security Orchestration, Automation, and Response) Users’ Group provides a forum for members to learn how others are effectively using software solutions and tools to streamline and automate security operations.



The objective of the Splunk Users’ Group is to learn how other members are making the most effective use of Splunk. This includes ingesting RH-ISAC threat intel from TruSTAR, building detections, managing alerts, configuring custom dashboards, and integrating with other tools to increase automation.

Special Interest Groups

Special interest groups are unique to personnel roles and responsibilities or industry sectors.

Analyst Community

Nearly 2,500 analysts, threat hunters, and security engineers share real-time cyber intelligence on incidents, threats, vulnerabilities, and associated remediation tactics in this community. The RH-ISAC hosts a Weekly Intelligence call every Tuesday at 1 p.m. ET where members report on the threat landscape.


BISO Community

This group is for to business information security officers (BISOs) who are seeking to better understand organizational alignment, key job functions, required skillsets of the role, as well as the data sources and metrics needed to build and measure the success of a BISO program.

Team Icon

CISO Community

More than 350 CISOs, deputies, and level-equivalents are highly engaged in sharing strategic and operational knowledge for maturing their information security teams. Surveys and requests for information (RFI) provide peer insights on topics related to risk management, security architecture, and resource management.

Consumer Goods

This group focuses on the unique business risks of manufacturing within retail, hospitality, travel, and consumer goods, including working with third parties, business resiliency, doing business in China, and third-party breach playbooks.


Mergers, Acquisitions & Divestitures

This group focuses on approaches to handling cyber diligence and integration planning for acquisitions and divestitures, including discussions about building in-housing vs buying outside support for cyber diligence, creating a cyber integration plan in partnership with the business and IT, calibrating the plan for different integration strategies, and more.


Hospitality and Travel

This group's main objectives are to help coordinate and foster closer collaboration between members, share intel, countermeasures, strategies, and best practices in the hospitality and travel sector.

Small Cyber Teams

Designed for organizations with less than $2 billion in annual revenue, this group discusses how to build and establish an information security program despite common challenges with budget and resources. Topics include staff prioritization, maturity road-mapping, tools and integrations, and security operations fundamentals.

Join your peers at RH-ISAC

Only RH-ISAC members have exclusive access to sector-specific threat intelligence and reports, helping you to strengthen your cybersecurity team.