{"id":297,"date":"2021-07-15T00:09:00","date_gmt":"2021-07-15T00:09:00","guid":{"rendered":"https:\/\/www.cycognito.com\/blog\/?p=297"},"modified":"2024-01-22T08:21:21","modified_gmt":"2024-01-22T16:21:21","slug":"5-parts-of-good-breach-disclosure","status":"publish","type":"post","link":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/","title":{"rendered":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure"},"content":{"rendered":"\n

I think it\u2019s safe to say that everyone, except of course bad actors, will agree that it\u2019s always best to avoid a security breach. CyCognito can help with that! Unfortunately, however, the reality is closer to that oft quoted adage, \u201cit\u2019s not if, but when.\u201d So, it\u2019s important to have a contingency plan for how to proceed if\/when your company is the unfortunate victim of a breach, and it\u2019s even better to create this plan before you actually need it.<\/p>\n\n\n\n

Part of a good contingency plan is to consider what, when, where, and how your organization will disclose that a breach occurred, and that\u2019s the topic of today\u2019s blog. I opened the door to this topic with my writeup about the\u00a0Accellion breach<\/a>\u00a0and how breach disclosures were handled during that event, and now I\u2019m making good on the promise I gave to write more of a security practitioner’s guide to how I think breach disclosures\u00a0should<\/strong>\u00a0be handled. Note that this is absolutely, 100% not legal advice, and you should always involve your legal counsel in crafting your breach disclosure process. Rather, these are the observations and aspirations of someone who has been around this particular block a few times in security and seen a few things in terms of breach disclosures both as participant and observer. So without further ado, let\u2019s dig in.<\/p>\n\n\n\n

The power in being responsible<\/h2>\n\n\n\n

The first element to discuss is how to handle the issue of apologizing to your customers if they were impacted by the breach. In order to do this well\u2014or decide if you need to do it at all\u2014it\u2019s important to clarify the difference between responsibility and fault. We live in a litigious society<\/a> and it seems like any apology for a breach or, well, most anything these days, is met with blame and lawsuits even when it\u2019s done with the best of intentions. As a counterpoint, not apologizing will also result in legal action when those impacted find out about it. And they always do. That being said, in my opinion, it\u2019s better to disclose. By disclosing, you are taking responsibility and taking responsibility can help you gain control of the situation.<\/p>\n\n\n\n

To be clear, being responsible doesn\u2019t mean you are at fault or that you should be blamed, although you may find throughout the course of your investigations that your team wasn\u2019t focused on the right things or paying attention to all of the things they should have been. But by being responsible you can move forward with integrity, focus on the aspects of the breach you can influence, and regain your customers\u2019 trust much faster, all of which will ultimately help you recover more quickly, because you hold the power.<\/p>\n\n\n\n

On the other hand, you can look at Accellion\u2019s approach. They began their disclosure statement with: \u201cIn mid-December, Accellion was made aware of a P0 vulnerability in its legacy File Transfer Appliance (FTA) software.\u201d The wording of this first part of the disclosure (\u201cmade aware\u201d \u201clegacy\u201d) reads like this is totally out of their control. Do you now trust that this company doesn\u2019t have other P0 vulnerabilities in its software? Do they sound like they are taking responsibility for their software or are they blame-shifting to abdicate responsibility for software they sold and supported right up until a sudden End-Of-Life<\/a> a month after their disclosure? Fault is being the cause of the failure in question. A responsible organization takes charge of the situation to fix it, regardless of fault.<\/p>\n\n\n\n

The 5 elements of good disclosure<\/h2>\n\n\n\n

What does good breach disclosure look like? Well, in a lot of ways it resembles a good apology because that is what it is. We\u2019ve all seen plenty<\/strong> of bad apologies\u2014in the media, in politics, even in business\u2014but this time rather than give you an example o a poor disclosure, let\u2019s take a look at an outline of the elements that will help you create one that will work well. A good apology has five parts<\/p>\n\n\n\n

    \n
  1. An expression of regret (not just a CYA)<\/li>\n\n\n\n
  2. An explanation of what went wrong (not hiding evidence)<\/li>\n\n\n\n
  3. Taking responsibility (not laying blame)<\/li>\n\n\n\n
  4. Making amends (not just making the issue disappear)<\/li>\n\n\n\n
  5. Request for forgiveness (not a demand for it)<\/li>\n<\/ol>\n\n\n\n
    1. An expression of regret (It\u2019s hard to say, \u201cWe\u2019re sorry.\u201d)<\/h5>\n\n\n\n

    Part one is perhaps the hardest part for an organization to do, because it can appear to open your organization to liability by accepting fault. It is important to realize that this is not the case; in fact, several states have adopted so-called \u201cApology Laws<\/a>\u201d for medical malpractice. In these cases, either full or partial protections are provided for, in essence, saying \u201cI\u2019m sorry.\u201d This part of the disclosure could be considered optional<\/strong> in the case of a breach disclosure, especially if your legal counsel is set against it, but it\u2019s a powerful gesture to your customers, and it\u2019s my personal hope that it becomes a best practice. Back in 2013, when Target suffered it\u2019s high profile breach, their CEO posted an excellent example of a breach disclosure<\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n
    Figure 1. Screenshot from Target taking responsibility and saying sorry in their disclosure.<\/h6>\n\n\n\n

    Contrast that with the lackluster December 2020 breach disclosed from T-Mobile.<\/a><\/p>\n\n\n\n

    \"\"<\/figure>\n\n\n\n
    Figure 2. A non-apology apology from T-Mobile\u2019s December 2020 breach.<\/h6>\n\n\n\n
    2. An explanation of what went wrong (Sooner or later the truth will come out)<\/h5>\n\n\n\n

    If the first part of the disclosure was for customers impacted, the next step, explaining what went wrong, is the most important part for the cybersecurity community. Everyone can respond meaningfully if they know what happened. Too many times in an effort to minimize severity or disavow responsibility the details of the breach are so obfuscated that the information is useless. This technique is in stark contrast with the excellent example of full disclosure exhibited by FireEye<\/a> when they suspected the SolarWinds breach may have compromised their penetration testing tools. This level of specificity and transparency is extraordinarily helpful to all concerned, and gave the industry important visibility into a breach that could have gone unchecked for even longer than it did. Hopefully further guidance around Section 2 of President Biden\u2019s May 12 Executive Order on Improving the Nation\u2019s Cybersecurity<\/a> will help to remove legal and psychological barriers to sharing threat information like this in the future.<\/p>\n\n\n\n

    3. Taking responsibility (responsibility implies response ability)<\/h5>\n\n\n\n

    The next part of a good disclosure is taking responsibility for the breach. This does not mean that the breach is your fault, but it does emphasize that protecting your company\u2019s and your customer\u2019s data is something that you fully own and take responsibility for<\/strong>. That is literally the job of cybersecurity. The great thing about taking responsibility is that it shows that you are in control of charting your organization’s course of action. Like the captain of a ship in a storm, it isn\u2019t your fault the waves are high and the wind is blowing, but it is your responsibility to steer the ship as deftly as you can to a safe harbor. In a cyber attack, how your organization responds is your job. How your organization is seen<\/strong> to respond can sink your brand or buoy it through the rough weather. <\/p>\n\n\n\n

    4. Making amends or mending a breach of trust.<\/h5>\n\n\n\n

    Now that you have apologized for and acknowledged the breach, describing what happened as specifically as possible, and showing that your job is to \u201clead the data to safety,\u201d your next step is to describe exactly what you are going to do. It is possible to rebuild customer trust by describing the actions you are taking to make this better, including details on the process, the systems fixed, and the things you can do for your customers like credit reports, fraud detection, and help lines for providing assistance. The easier you make it for your customers to get over the effects of a breach, the faster they will trust you with their data and business again.<\/p>\n\n\n\n

    5. Request for forgiveness (in an unforgiving world)<\/h5>\n\n\n\n

    Asking for forgiveness may not be something that you choose to do in a breach disclosure.  Demanding forgiveness, on the other hand, isn\u2019t ever really appropriate, and should be avoided at all costs. An example of this can be found throughout the 285 pages of testimony<\/a> of former Equifax CEO Richard F. Smith in his 2017 hearing before Congress about the breach in September of that year. The biggest problem with Smith\u2019s apology is that he never apologized for not correcting the things that were within his control, nor did he address the things that he and the company did wrong. He asks for forgiveness for the breach, while never taking responsibility for the messy breach response.<\/p>\n\n\n\n

    As those of us in cybersecurity know, every breach has the potential to negatively impact your company’s brand reputation, the trust of your partners and customers, and your stock price. While the first step should be doing your best to prevent breaches, and CyCognito certainly can help here, it\u2019s important to also think about how to productively and appropriately respond if and when breaches occur. By communicating quickly about any incident, sincerely apologizing to customers, clearly detailing the breach to the cybersecurity community, and delineating the actions being taken to make amends, it is possible to rebuild the trust of users and shareholders alike.<\/p>\n","protected":false},"excerpt":{"rendered":"

    CyCognito employs advanced cyber security methodologies to identify all of your assets so that your IT asset management processes are built rock solid.<\/p>\n","protected":false},"author":15,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[101,6,102,9],"class_list":["post-297","post","type-post","status-publish","format-standard","hentry","category-perspectives","tag-accellion-breach","tag-attack-surface-management","tag-breach-disclosure","tag-cybersecurity"],"yoast_head":"\nFull or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog\" \/>\n<meta property=\"og:description\" content=\"CyCognito employs advanced cyber security methodologies to identify all of your assets so that your IT asset management processes are built rock solid.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\" \/>\n<meta property=\"og:site_name\" content=\"CyCognito Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-07-15T00:09:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-01-22T16:21:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png\" \/>\n<meta name=\"author\" content=\"Jim Wachhaus\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jim Wachhaus\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\"},\"author\":{\"name\":\"Jim Wachhaus\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0\"},\"headline\":\"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure\",\"datePublished\":\"2021-07-15T00:09:00+00:00\",\"dateModified\":\"2024-01-22T16:21:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\"},\"wordCount\":1605,\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png\",\"keywords\":[\"Accellion Breach\",\"Attack Surface Management\",\"Breach Disclosure\",\"Cybersecurity\"],\"articleSection\":[\"Perspectives\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\",\"name\":\"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png\",\"datePublished\":\"2021-07-15T00:09:00+00:00\",\"dateModified\":\"2024-01-22T16:21:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png\",\"width\":936,\"height\":164},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.cycognito.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#website\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"name\":\"Cycognito Blog\",\"description\":\"Research, Product News and Latest Updates\",\"publisher\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#organization\",\"name\":\"Cycognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"contentUrl\":\"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png\",\"width\":1720,\"height\":550,\"caption\":\"Cycognito\"},\"image\":{\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0\",\"name\":\"Jim Wachhaus\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g\",\"caption\":\"Jim Wachhaus\"},\"description\":\"Was Director of Technical Product Marketing at CyCognito\",\"url\":\"https:\/\/www.cycognito.com\/blog\/author\/jim-wachhaus\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/","og_locale":"en_US","og_type":"article","og_title":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog","og_description":"CyCognito employs advanced cyber security methodologies to identify all of your assets so that your IT asset management processes are built rock solid.","og_url":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/","og_site_name":"CyCognito Blog","article_published_time":"2021-07-15T00:09:00+00:00","article_modified_time":"2024-01-22T16:21:21+00:00","og_image":[{"url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png","type":"","width":"","height":""}],"author":"Jim Wachhaus","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jim Wachhaus","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#article","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/"},"author":{"name":"Jim Wachhaus","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0"},"headline":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure","datePublished":"2021-07-15T00:09:00+00:00","dateModified":"2024-01-22T16:21:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/"},"wordCount":1605,"publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png","keywords":["Accellion Breach","Attack Surface Management","Breach Disclosure","Cybersecurity"],"articleSection":["Perspectives"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/","url":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/","name":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure | CyCognito Blog","isPartOf":{"@id":"https:\/\/www.cycognito.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage"},"thumbnailUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png","datePublished":"2021-07-15T00:09:00+00:00","dateModified":"2024-01-22T16:21:21+00:00","breadcrumb":{"@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#primaryimage","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/CyCognito_Disclosure_Image-1.png","width":936,"height":164},{"@type":"BreadcrumbList","@id":"https:\/\/www.cycognito.com\/blog\/5-parts-of-good-breach-disclosure\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.cycognito.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Full or Foolish Disclosure: 5 Parts of Good Breach Disclosure"}]},{"@type":"WebSite","@id":"https:\/\/www.cycognito.com\/blog\/#website","url":"https:\/\/www.cycognito.com\/blog\/","name":"Cycognito Blog","description":"Research, Product News and Latest Updates","publisher":{"@id":"https:\/\/www.cycognito.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.cycognito.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.cycognito.com\/blog\/#organization","name":"Cycognito","url":"https:\/\/www.cycognito.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","contentUrl":"https:\/\/www.cycognito.com\/blog\/wp-content\/uploads\/logo-1720x550-1.png","width":1720,"height":550,"caption":"Cycognito"},"image":{"@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/26e362ecf750edd0380a7de5746cf8d0","name":"Jim Wachhaus","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.cycognito.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/79b6bf97cd7168a87f54b0b9f6ce82be?s=96&d=mm&r=g","caption":"Jim Wachhaus"},"description":"Was Director of Technical Product Marketing at CyCognito","url":"https:\/\/www.cycognito.com\/blog\/author\/jim-wachhaus\/"}]}},"_links":{"self":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/297","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/comments?post=297"}],"version-history":[{"count":4,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions"}],"predecessor-version":[{"id":644,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/posts\/297\/revisions\/644"}],"wp:attachment":[{"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/media?parent=297"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/categories?post=297"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cycognito.com\/blog\/wp-json\/wp\/v2\/tags?post=297"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}