CHANNEL · DIRECT

Contact.

One form, seven reasons. Pick the door that fits the message.

Research questions, archive citations, field reports, Pack proposals, speaking invitations, press, partnerships — or just a question. Choose a topic and we'll route it to the right pair of eyes inside a week.

01
The form

What are you reaching out about?

Pick a topic. The form adapts. Required fields are marked with a green dot.

Research / archive — quick context
Field report — quick context
Pack — proposal pointers

Public repo, gist, or shared doc. We can also exchange drafts via email after first contact.

Speaking — event details
Press — outlet & deadline

Plain text. No links required, but they help — repos, post-mortems, decks, anything you want us to see.

We use your email only to reply. No marketing list, no third-party sharing. License & attribution.

Message received. ✓

We'll reply from labs@deretticyberlabs.com within five business days. If you don't hear back, check spam or resend with "RESEND" in the subject line.

02
Other channels

Or skip the form.

PRs and issues are public; email and LinkedIn are for everything else.

GITHUB deretticyberlabs/ir2-framework Issues · PRs · Discussions → EMAIL labs@deretticyberlabs.com Direct, no triage → LINKEDIN /deretti-cyber-labs Updates · Events · Roles →
03
Before you write

A few things that save us both time.

Common questions. If yours is here, the answer is already on this page.

Can I cite the framework in my paper, book, or training material?
Yes — framework content is released under CC BY 4.0, so attribution is the only requirement. Use the publisher (Deretti Cyber Labs), document title, and version. Example: IR 2.0 v0.1.0, Deretti Cyber Labs, 2026. To have a passage reviewed before publication, include the excerpt in your message.
Can I cite the threat research archive in academic work?
Yes — the same CC BY 4.0 license applies to archive entries. Cite by entry title, publisher, and year. Example: NotPetya, Threat Archive, Deretti Cyber Labs, 2017. Per-entry permalinks live at /research/archive/{entry-slug}/; older entries may reflect terminology and source availability from the original period and should be read alongside current vendor advisories.
I'd like to contribute a Pack. What's the process?
Open an issue or pull request on the GitHub repository. The pack schema is documented at /packs/pack-schema-doc.md; the starter pack at /packs/starter/ is a working example. Pack proposals, field reports, documentation improvements, and standards-mapping contributions (NIST CSF, NIST 800-61, CIS Controls) are welcome — the Common Controls Backbone is a v1.0 target. Maintainers review within a week.
Do you accept guest articles or sponsored research?
No. The lab's editorial independence is part of why the work is intended to be useful, and accepting sponsored content would undercut the rest of the catalog.
Are you available for keynotes or panel discussions?
Selectively. Send a message with venue, audience profile, expected length, and date so the request can be evaluated alongside other commitments.
Will you review my organization's incident response plan?
The lab publishes IR 2.0 openly so that teams can self-assess against the framework. The framework documents, the four pillars, the Calm Loop, and the Crawl → Walk → Run roadmap are designed to be used directly. For paid engagements that fall outside the lab's open-publication scope, see deretti.net.