How to Set Yourself Up for Success and Rock Your Reddit AMA

Reddit is a great tool for engaging with a community. With over 195 million users, Reddit provides a platform for users to engage and interact with their community in real time. My favorite Reddit feature? The AMA (subreddit r/IAmA)—especially as part of a PR campaign.

Highwire client OWASP recently hosted an AMA to answer questions about application security and to raise awareness for their conference AppSec USA.

Reddit AMAs can position your company as a passionate industry leader and provide an honest, valuable connection with an engaged audience—whether you are gearing up for a product or company launch, or even an industry event. And you don’t have to be President Obama or Amy Poehler for it to be successful. Redditors host a variety of AMAs ranging from competitive Pokemon players to Six Flags ride operators.

So, how do you determine if a Reddit AMA is a worthy component for your next PR campaign? Here are some things to consider:

Think before you act. Why do you want to host an AMA? This channel isn’t about raising awarCKYlZqYUsAAPo-deness of a brand or product, and redditors don’t care about the new features to your CRM platform. But if you want to elevate a company’s thought leadership and executive voice—and your executive is willing to share his or her thoughts on a hot topic or industry trend without bringing up their brand—your head is in the right place. Research is an important part of this step as well, so you’ll also want to familiarize yourself with Reddit as a platform. Spend time looking at past AMAs to learn what items typically get more “upvotes” than others, or where Redditors tend to lose interest or resort to the site’s characteristic snarkiness. It’s important to understand the language your audience uses and what topics they care most about.

Develop a plan.  Planning for an AMA takes longer than you might think. When developing the plan, outline each step on a detailed timeline that the spokesperson can follow, as there are several things they need to do that you can’t. Your plan should include:

  • – Detailed instructions on how to submit to Reddit’s AMA Calendar (submissions must come directly from spokesperson’s Reddit handle)
  • – How to submit spokesperson proof—proof is a way to verify that your spokesperson is actually who they say they are. An easy way to do this is to have your spokesperson take a picture of themselves holding a piece of paper with their Reddit username, then have them post it to Twitter. See Breaking Bad’s Bryan Cranston’s proof here.
  • – Promotion timeline with pre-drafted content for social channels
  • – Detailed instructions on how to submit and begin the live AMA

Promote it. Tweet your heart out. Start Twitter promotion and engagement a month in advance wCKYbqykUAAAxqICith a unique hashtag that you know will map back to only your own content (#owaspAMA is what we used for our OWASP AMA). Once the AMA post is live, start driving attention by sharing the direct link to the AMA on social channels. Another way to interact with an even larger audience is to live tweet the top questions and engage with those mentioning your AMA with the hashtag. You can also send “Save the Date” email invitations to encourage attendance. Including an “Add to my calendar” button/link in the email can be helpful to drive attendance.

Extend its life. You hosted an AMA —now what? Depending on its content, you could consider turning the information that was uncovered through the signature Q&A format into a bylined article. However, it can be hard to place repurposed content that’s already been published to social channels, so a better option would be a LinkedIn Pulse post authored by your spokesperson highlighting the top questions and providing more in-depth answers. Recognize the overarching problems Reddit users asked questions about and tie them to larger industry trends. Focus on what items your respected industry colleagues should pay attention to, and what’s troubling users—again without mentioning your brand or product. Use this as an opportunity to provide deeper perspective on trending issues, and keep the AMA alive!

Prepared now? Ready. Set. Reddit!

AppSec USA: The Place to Be for Web Application Security

It’s no secret that cybersecurity is a top concern for the enterprises, government and consumers. And what do hackers target to steal sensitive information? The application layer. According to Verizon’s 2015 Data Breach Investigations report, 61 percent of attacks happen at the application level. From mobile application flaws—such as Stagefright Android—to Web application vulnerabilities—such as the WhatsApp hack—now more than ever, it’s time to educate yourself on application security.

So where can you meet the best application security experts? AppSec USA.OWASP-AppSecUSA2015-logo

Hosted by Highwire client Open Web Application Security Project (OWASP), AppSec USA is a four-day conference where developers, security experts and technologist meet to discuss cutting edge approaches to securing Web applications. This year’s conference is in San Francisco September 22-25, 2015.

Highwire PR will be at AppSec USA and is thrilled for this year’s keynotes from Facebook CSO Alex Stamos, Microsoft MVP Troy Hunt and Department of Homeland Security’s Chief Cybersecurity Official Dr. Phyllis Schneck. Not to mention Fireside Chats with Uber, Twitter, Netflix and Salesforce.

To get the most out of this year’s AppSec USA, here are the top three must-do’s from OWASP global board member Michael Coates:

1. Hands on Training

There is a massive shortfall in the industry for quality security engineers. If you’re technically inclined, learn application security fundamentals from the best-of-the-best to secure your organization through hands on training opportunities.

As cyber threats become pervasive, everyone from developers to incident responders need to stay up-to-date on the latest threats and best practices and tools needed to keep sensitive systems safe.

The trainings range from application vulnerability evaluation to a malware crash course that includes hands-on malware dissection, software debugging, malware analysis and more.

2. Listen, Learn, Discuss

Learn, listen and discuss about pertinent, cutting edge security topics, such as how to address cloud security for your Web applications, how to handle security at scale, and real-time event detection and response. Experts from security companies like WhiteHat, iSec Partners and Denim Group; technology providers such as Docker and Akami; and enterprise security teams like Netflix, Salesforce and LinkedIn will all cover a variety of security topics and enable discussions that address security experts’ burning questions. Additionally, learn about the state of security, its most pressing issues and what it will take to secure them from keynote speakers Facebook CISO Alex Stamos, Microsoft MVP Troy Hunt, Chief Cybersecurity Official of DHS Dr. Phyllis Schneck and more.

3. Build Your Network, Find the Right Talent

A crucial aspect to any conference, network and connect with the brightest security minds in the world at the most concentrated event for Web application security. Discuss the leading topics with people from all parts of the security process including software developers, information security professionals, incident responders, computer security researchers, and corporate investigators.

Hiring? Job searching? AppSec USA also provides the opportunity to network with a wide range of security professionals and find your next gig or next great hire at the career fair. Some of the hottest companies will be participating including Netflix, Twitter, Airbnb, Palantir, LinkedIn, NetSuite, MobileIron and Tableau.

OWASP’s AppSecUSA is the largest application security conference in the world. You won’t want to miss out!

Register now for AppSecUSA and win 4 sold out Giants baseball tickets. If you’re already registered you can Retweet this to enter to win!

If you’d like to get in touch with Highwire PR at AppSec USA, please email owasp@highwirepr.com.

*Top Three Things to Know originally published by OWASP Global Board Member Michael Coates.

 

Survey & Infographic from Black Hat 2015 – Hot Security Topics, Overused Buzzwords and more

The second biggest security conference of the year – Black Hat 2015 – may be critiqued as being more and more corporate (comparing it to its professional counterpart RSA), but the research and hacks remain just as impressive as ever. From cyber espionage, to IoT, to car hacking – a landmark moment forever changing the public’s perception of security – this year’s show was anything but dull. Highwire Security was on the ground surveying attendees and here’s what we found:

Top Trends in Security

In line with conversations with reporters, clients and security experts, the survey found that IoT (40 percent) remains the hottest trend in security this year. And the research at the show holds true – hacking rifles, satellites and even a skateboard. Tied for a close second was application security (30 percent) and board-level security awareness (30 percent) – regardless of the intense frequency of hacks and breaches, there is still a major disconnect between the developer and the board.

While IoT dominated conversation this year, we’re expecting to see a few new topics on the list at Black Hat 2016. For example, the intersection of healthcare and security was a hotly discussed item at this year’s show, with the FDA recently making one of their first comments ever on cybersecurity. Long considered to be a laggard when it comes to security, the healthcare industry is finally starting to acknowledge there is work to be done.

In addition to healthcare, we expect to see cyber legislation shoot up the charts next year. For months, the security research community has been very outspoken about the controversial Wassenaar Arrangement, and with a few other security-focused bills on the floor of congress, the trend is only expected to go up.

What are Security Pros Scared of?

People! Twenty eight percent are most concerned about careless employees and user error – insider threats remain a top cause of many high-profile breaches (ahem, Target). Closely followed by 25 percent concerned about cyber espionage (Sony) and 23 percent concerned about mobile malware (Stagefright). Interestingly enough, only 6 percent are concerned about PoS attacks, when in reality 40 percent of data breaches were PoS breaches according to Trustwave’s 2015 Global Security Report.

OPM OMG

The recent hack on the Office of Personnel Management has dominated headlines for months, with the number of leaked records increasing in almost every update to the story. So many whispers at Black Hat speculated what would happen next: “Who has this data?” “Somebody’s just sitting on it- are government profiles being built?” “What’s the next targeted agency?” 

The ongoing saga of nation state attacks have struck a nerve with the security community- and everybody has an opinion. Many politicians have recently called for increased collaboration between the private and public sectors to thwart these breaches, with 73 percent of Black Hat attendees claiming they agree that the entities should increase information sharing between one another.

Excuse My French

So what’s the worst of the worst in security? Cut these words from your vocabulary and save yourself a few eye rolls. The top buzzwords security pros are sick of hearing are next generation (64 percent), advanced persistent threats (54 percent), thought leader (52 percent) and game changer (52 percent). Oh and while you’re at it, let’s get rid of disruptive (40 percent), hacktivism (40 percent) and BYOD (36 percent) too.

See our full results below, and we’ll see you at Black Hat 2016!

BlackHat Infographic-Revised2

Written by Christine McKeown, Bill Bode, Nicole Plati and Megan Grasty, members of Highwire PR’s security practice

Highwire PR at Black Hat USA 2015

Leave your smart phones, tablets, drones, rifles and cars at home (yeah, I said rifles). This year’s 18th annual Black Hat USA is boasting some seriously cool sessions from hacking sniper rifles to remotely killing a Jeep on the highway to cloning payment devices. Highwire PR’s security practice will be there front and center alongside corporate information security professionals, government infosec pros – oh and hackers.

To say security is a major concern to all is an understatement usa-v2-inactive– just in the past few months we’ve seen the largest government breach to date when the Office of Personnel Management was hacked leaving more than 20 million vulnerable, a vulnerability called Stagefright that can affect millions with just one text message, and to round that out: data breaches are paving the way for a significant jump in cybersecurity funding. This year’s Black Hat attendees are getting ready to learn, network and attend a solid lineup of must-see presentations.

So what session’s are Highwire’s security pros looking forward to most?

Bill Bode, account director
I’m sort of a space nerd (ask me about my idea for my space-themed dive bar, “Space Bar.”) This, combined with my interest in security makes my most anticipated talk a no brainer: Colby Moore from Synack will be taking Black Hat attendees step by step on how to hack a satellite, with real world attack vulnerabilities in his talk, Spread Spectrum Satcom Hacking: Attacking the GlobalStar Simplex Data Service. I wouldn’t miss it for the world (get it?)

Pete Johnson, account manager
The one I’m most excited about is “Remote Exploitation of an Unaltered Passenger Vehicle” by Charlie Miller & Chris Valasek. Andy Greenberg at Wired published a really crazy piece about Miller & Valasek’s research last week—with arguably the best lede in an article I’ve read all year. Given the rapid shift toward connected cars and the industry’s race to usher in a driverless future, these kinds of exploits raise a lot of questions (if you were a fan of Michael Hastings’ work for Rolling Stone, you’ll probably find yourself fighting some gnawing questions).

Denise Schenasi, senior account executive
I’m interested in the session on, “Back doors and front doors breaking the unbreakable system“. Given the recent U.S. Government hack and the increasingly rampant cyber and insider threats on government institutions and their employees, it’ll be interesting to see what this session adds to the industry debate- and their thoughts on whether the government should – or shouldn’t – have backdoor access to encrypted data.

Isaac Steinmetz, account executive
This presentation on “Android Security State of the Union” should be especially interesting given the recent attention that Stagefright garnered. The presentation will draw on data derived from “hundreds of millions” of devices in order to highlight some of the most pressing Android security issues. The scale of this research alone is impressive. Furthermore, it’s extremely timely, as we’re faced with a vulnerability that could affect close to 1 billion Android devices.

Mariah Robertson, account associate
Pen Testing a City” sounds like it’s going to be a really interesting talk. As our world becomes increasingly connected, and the idea of hacking airplanes and critical infrastructure becomes a bit more real (and terrifying), it will be interesting to hear about what could happen if hackers were to take down an entire city! Is your city prepared for this kind of attack?

Laura Pezzini, account associate
las-vegas-04Bringing a Cannon to a Knife Fight” should be really interesting — considering how deeply governments worldwide are now involved in trying to boost security efforts, it’s fascinating that the Chinese Communist Party literally has a weapon called the “Great Cannon” to suppress any sites they deem against their agenda with a casual DDoS attack.

Alexi Foster, account associate
Whenever we are hit with a major breach, there seems to be a lot of skepticism around human error, activity, and response. The talk on “Automated Human Vulnerability Scanning with AVA” will be interesting to learn if/how we can test human response to security incidents, and what the behavior analysis finds.

Devon Swanson, account associate
The talk on “Exploiting IT Analytics to Create a Human Layer Security Initiative” is one I have my eye on because Dtex examines the “people-centric” aspect of security that leads to insider threats. This workshop actually sounds super interesting by examining user analytics for the human layer of security threats.

Interested in meeting with Highwire PR at Black Hat this year? Email us at Hi@HighwirePR.com

Post-RSA 2015: The Evolving Security Landscape

“Let’s do things differently; let’s think differently; let’s act differently. Because what the security industry has been doing has not worked.” – RSA President Amit Yoran

The overall consensus and call to action at this year’s conference is the security industry needs to change – as threats become increasingly more sophisticated, we’re racing to evolve faster than the hackers and we are continuing to fall behind in the arms race.

Last year saw a 25 percent increase in high-profile, over-hyped data breaches, but who’s held accountable? Conversations at RSA this year centered around the increased need for board-level discussions and how CISOs can adopt a business mindset; the scary potential of vulnerable connected devices; debates about how threat intelligence should be free; the governments increased involvement and the Department of Homeland Security setting up shop in Silicon Valley, and more.

Highwire’s Security Practice was on site this year taking it all in, supporting clients, attending sessions, networking and throwing a killer happy hour. See the team’s highlights here:

Christine McKeown Elswick, vice president
The overarching message in Amit Yoran’s keynote was a significant moment for the industry. He said,”We are losing this contest. The adversaries are out-maneuvering the industry, out-gunning the industry, and winning by every measure.” This was echoed by the New York Times, Nicole Perlroth in a private panel session on Wednesday who said that we can’t build walls high enough to keep out the hackers, and with traditional AV software not working, something must be done to close the gaps that hackers continue to exploit. It will be fascinating to watch as the arms race continues. Startups like Cylance, a next-generation AV company, are making huge strides in this race against threat actors. They recently blocked 99 percent of all threats in live demonstrations across the United States using real malware to test its new technology against old school AV software.

Bill Bode, account director
RSA is changing. For the first time I can remember, some of the most intriguing security startups in the space- Synack, Tanium, vArmour- opted not to have a booth, instead relying on throwing amazing parties, packing in customer/prospect schedules to the brim and networking events featuring prominent journalists to get the most out of their week in San Francisco. If you look at most of the keynotes from this year, you’ll see a laundry list of outdated legacy players talking about old world problems, but one talk did stand out in particular to me, from RSA President Amit Yoran (referenced above). Above all else, his call for vendor accountability is one that could turn the security world on its head. It’ll be a long road ahead to get to a point of true accountability, but it begs the question- once it’s here, will the constant noise die down? Will we get industry-wide agreement on the “best vendors” when we know which solutions just aren’t making the cut?

Mariah Robertson, account associate
RSA is such a great forum to discuss problems, showcase ideas and share solutions. My favorite part of RSA was seeing how different companies are addressing the biggest pain points in security. For example, at the Trustwave booth, security researcher Garrett Picchioni showed us the most commonly used and easily crackable passwords and demonstrated how quickly criminals could hack into a company’s system and steal passwords: it’s just a matter of seconds. We learned that longer passwords are always tougher to crack, and that “Thisismypasswordnoreallyitis” is a much better password than even a short random string of numbers or words such as “Spring2015” or even “A2qR!” Knowing that weak passwords are the leading cause of data breaches, I recommend everyone change theirs on a regular basis!

Isaac Steinmetz, account associate
This year was my third RSA, but ended up being the first time I was able to see a client present (those pesky “Explorer Expo” passes lock you out of a lot of sessions!). I got to see Veracode’s co-founder Chris Wysopal address a crowded four-sided box in the middle of the expo floor. Before he started speaking I worried that the session wouldn’t attract much attention since it was barely separated from the sea of booths in the hall, but surely enough the box was packed standing room only and Chris’ presentation moved forward with a full audience. It’s always great to see a client’s expertise and respect from his peers so clearly validated at events like this!

Alexi Foster, account associateIMG_2907
The highlight of RSA for me this year was the closing keynote, an interview with Alec Baldwin and Hugh Thompson, RSA’s program chair. They spoke about the cultural implications of a hack, mentioning the Sony hack in particular. It was interesting to hear Baldwin discuss how the Sony hack hurt the entertainment business through more than just preventing box office sales. Now, Hollywood producers might feel afraid to create controversial movies because they fear that those on the opposing side could use “evil forces” on them out of spite. And this idea stretches beyond the entertainment industry- anyone who knows how to hack has the ability to hinder another’s individual expression and creativity through a few lines of malicious code. It’s a scary thought.

Interested in learning more about Highwire PR’s security practice? Email Hi@HighwirePR.com to learn more! See you at RSA 2016.

RSA 2015: What’s Expected, Happy Hour with Highwire & More!

The highly anticipated RSA Conference 2015 is widely recognized as a gathering of the brightest minds in security technology, and Highwire PR’s budding security practice couldn’t be more excited about the diverse lineup of speakers slated to inform and entertain at this year’s event.

In addition to top security executives and influencers, RSA invited Alec Baldwin, who is well-known for not being shy about his admiration for tech devices, as a keynote speaker.rsa2015

But in all seriousness, besides the addition of a Blackberry-addicted pop culture icon, there are many other reasons to be excited about this year’s event.

Modestly described as an “intense week of learning and networking,” the event features over 700 speakers participating in nearly 500 presentations and discussions throughout the week.

So with so much action taking place, what are Highwire’s security-savvy team members looking forward to most?

Mariah Robertson, Account Associate, San Francisco:
Is especially excited to sit in on “Breaking the Glass Firewall: The Changing Role of Women in IT Security,” a five-woman panel determined to see the amount of women professionals in the security industry grow from its current 11 percent. As Mariah says, “It’s inspiring to see women in the security industry talk about the challenges they are facing, and how they can make strides to overcome them.”

Nicole Plati, Account Manager, Chicago:
Has her eye on the “Gumshoes Part Deux – Security Investigative Journalists Speak Out,” with Brian Krebs, Nicole Perlroth, Joe Menn and Kevin Poulsen.

Megan Grasty, Senior Account Executive, New York:
Is interested in “Wait! Wait! Don’t PWN Me!” a make-shift security-themed game show with Trusted Software Alliance, Veracode, NetSuite and Sonatype.

Christine Elswick, VP of Highwire’s Security Practice, Seattle:
Can’t wait to see “From the Battlefield: Managing Customer Perceptions in a Security Crisis” with Nicole Miller. In a world where sophisticated threats are taking down business of all sizes, having a good handle on crisis and issues management is essential.

Bill Bode, Director of Highwire’s Security Practice, San Francisco:
Is most excited for a presentation from Open Garages, in which the research group dives into the cyber safety and security behind automotive computers by controlling an open-source version of Mario Kart. (“Hopefully the N64 version,” adds Bill).

Attending the event for the first time? Check out RSA’s handy survival guide before you try to navigate the expansive expo floor. A few of influential infosec reporter Fahmida Rashid’s tips include: plan ahead, take care of yourself, be smart about the expo floor and always have a backup plan.

Highwire is also excited to be hosting our first ever RSA Happy Hour at the hip new Hawthorn Lounge on Tuesday, April 21 from 5:30-8:30pm. Join us to mix and mingle with journalists, some of the hottest security companies in the space and yours truly. Please contact highwiresecurity@highwirepr.com to register.
Screen Shot 2015-04-16 at 10.19.34 AM
See you there!