Cyber Labs / About
About

An applied research initiative for cybersecurity operations.

Deretti Cyber Labs publishes frameworks, post-quantum cryptography reference and operator tools, and threat research for teams working through incident response, infrastructure defense, and operational resilience.

What the lab is

Deretti Cyber Labs is the publisher; IR 2.0 is one of its packs. The lab publishes work in three streams. The first is frameworks: open operating models that give teams a common structure they can adapt to their reality. IR 2.0 — the framework's incident-response component — is the first of these packs to publish. Foundations, Assurance, Insurance Readiness, and sector-specific packs are on the roadmap; they will extend reach into broader cybersecurity program work as adopters surface field reports that justify the scope.

The second stream is reference and operator tooling for specific operational topics that warrant their own section. /quantum/ is the first of these — the post-quantum cryptography educational layer for operators below hyperscaler scale, with audience-tier briefings, a foundation whitepaper, glossary, standards reference, decision tree, and a Tools section with five operator artifacts (inventory worksheet, vendor RFP rubric, interactive maturity self-assessment, tabletop scenario, executive one-pager) in HTML and downloadable XLSX/PDF.

The third stream is threat research: durable reference material on emerging threats, hardware-rooted trust, edge security, and cyber-physical infrastructure defense.

The three streams share a common posture — that resilience shows up in how teams make decisions under pressure, capture evidence, learn after the fact, and build the next system slightly better than the last one. The work is intended to remain useful past the news cycle in which it was written.

The discipline shows up in how teams make decisions under pressure, capture evidence, learn after the fact, and build the next system slightly better than the last one.

Who runs it

Deretti Cyber Labs was founded by Tiago Deretti, who serves as a senior infrastructure and engineering leader at a global eDiscovery firm overseeing globally distributed enterprise systems.

The lab's work emerges from that operating context: the frameworks and research published here are developed inside an environment where incident response has to function, infrastructure has to recover, and the discipline has to actually work — not in spite of operational reality, but because of it.

For more on the broader work and writing of the founder, see deretti.net.

Licensing and contribution

Research content is released under CC BY 4.0. Code and reference implementations are released under the MIT license. Frameworks and packs live on GitHub; pack proposals, field reports, documentation improvements, and standards-mapping contributions (NIST CSF, NIST 800-61, CIS Controls) are welcome. The Common Controls Backbone (a single-mapping-to-many-standards artifact) is a v1.0 target; until then, single-framework mappings are the foundation it will sit on. Maintainers review contributions within a week.

For citations, the publisher is Deretti Cyber Labs, with document title and version — for example, IR 2.0 v0.1.0, Deretti Cyber Labs, 2026.

02 · Currently

What the lab is
working on now.

Active publications, presentations, and ongoing research. The Threat Archive entries hold their original timestamps; this section reflects only the current operating window.

v0.1.0
IR 2.0 — current release
Modular operating model for resilient, defensible, security-by-default incident response. Four pillars, the Calm Loop, and a Crawl→Walk→Run roadmap. Released under CC BY 4.0 with reference code under MIT.
Oct 2025
InfoSec World 2025 — Orlando
IR 2.0 presented at InfoSec World, October 27–29, 2025. Slides and supporting materials live in the framework section.
Dec 2025
GRC Outlook — companion publication
Framework piece published in GRC Outlook (December 2025), covering the operating-discipline framing and the four-pillar structure for resilient incident response.
v0.2.0
/quantum/ — Post-Quantum Cryptography section
Educational and operator-tooling layer for the PQC transition. Phase 1 shipped 12 pages (briefings, foundation, glossary, standards reference, whitepaper); Phase 2 added Tools — five operator artifacts with XLSX/PDF downloads and an interactive maturity self-assessment — plus a decision-trees Foundation page. Live at /quantum/.
2026 —
Active research
Ongoing curation of the Threat Archive and continued research on hardware-rooted trust, edge computing security, and the convergence of cyber and physical infrastructure. Active research notes — including the Post-Quantum Cryptographic Exposure analysis — live alongside the framework and reference sections.
Have a postmortem worth preserving, or a pack proposal you'd like to discuss?
Get in touch View on GitHub