HS Blog

Engineering, threat research, product notes.

The work behind the platform — postmortems, detection-engineering writeups, AI architecture decisions, and the operational discipline of running a SOC for SMBs.

HorizonShield research desk showing threat notes, detection engineering, and product analysis
Research, engineering notes, and product decisions published from live CMS content.
3
Posts
6
Categories
22m
Read time
Free
Always
Engineering2026-05-069 min

Building an incident response retainer from the ground up

Every CISO eventually has the same uncomfortable realization: the night an incident lands is a bad time to be hiring an incident response firm. Here is how we structure a retainer that is actually useful when the call comes — and what the common pitfalls look like.

#incident-response#retainer#ciso#playbook
Product2026-05-067 min

Phishing simulations that don't blame the user

Most phishing simulation programs become an annual ritual where the security team sends a deceptive email, watches employees click, and then makes them watch a video as punishment. Useful programs do something else entirely.

#phishing#training#human-factors#program-design
Tutorial2026-05-066 min

How to read your first scanner finding without panicking

A finding lands in your inbox titled "Critical: SQL Injection — production-api-1." Your stomach drops. This guide walks you through the next ten minutes — what to read first, what to ignore for now, and how to know whether the alarm is real.

#scanner#vulnerability#triage#beginner
More from HorizonShield
Academy Library Free scanner Start free trial