The “Cyber Scoop” from Kelly Jackson Higgins 

With the current media climate, it’s more important than ever to understand reporters’ news beats to make sure the precarious reporter to PR professional relationship remains mutually beneficial. I had the privilege of speaking to a long-time media friendly of Highwire, Kelly Jackson Higgins, Executive Editor at Dark Reading. Kelly has been a member of the Dark Reading team for almost 15 years covering security, and was recently selected as one of the Top 10 Cybersecurity journalists in the U.S. 

In the Q&A below, Kelly shares helpful insight into how she’s seeing the coronavirus pandemic shape the cyber media landscape and tips from her remote team on how to balance work and life. Oh, and one fun fact that you didn’t see coming! 

Courtney: How are you seeing COVID-19 shape the cyber media landscape? What kind of cyber stories are you interested in covering outside of COVID-19?

Kelly: It’s actually really hard not to see the influence of the pandemic on the industry as a whole now and all of the new challenges it poses to security teams – work from home security, possible budget cuts as the economy suffers, and an exacerbation of already-tight staffing issues. Even so, we want to keep it in perspective and also stay on top of how the attackers are crafting, targeting and evolving their campaigns and where the weak links are for defenders, and any new technologies that emerge.

Courtney: How are you staying sane while working 100% remotely? Any advice to share on how to properly manage work-life balance? 

Kelly: I have had a home office for more than 20 years, and all of our staff and contributors are remote, so there hasn’t been any adjustments there for us. I will say, the biggest challenge in working from home is knowing when to turn it off – it’s always there, and you work longer hours because of it. The key is creating boundaries, both physical (a separate room for your office) and mental. Sure, it’s harder now to go out and do something to decompress, but go outdoors or to another space in your home where you can relax, get some fresh air, or exercise both before and after work.

Courtney: Do you have any tips/tricks for PR folks as they try to engage with security reporters during such a chaotic time? Any PR horror stories? 

Kelly: Please don’t pitch us on stories we have already covered. Our inboxes are already overflowing, so please take the time to see what we have written about before you pitch us about something “new” that we have already posted.

Courtney: Do you look up to anyone in the security industry?

Kelly: My mentor and boss Tim Wilson, a gifted writer whose sharp reporting skills inspired my path, and who always keeps us one step ahead with his vision for Dark Reading. I’d say my security professional role model is Window Snyder. She is one of the smartest and most accomplished experts in the security industry.

Courtney: Do you have a favorite story you’ve worked on? 

Kelly: That’s a tough one — there are articles I was proud of when they were the most timely or telling. If I had to pick one, it’s “The Morris Worm Turns 30” because it was really fun to work on, and it truly was a historic moment for security. 

Title: The Morris Worm Turns 30 “How the historic Internet worm attack of 1988 has shaped security – or not.”

Courtney: One random fun fact? 

Kelly: I was a Division I soccer player in college, and my dream was to be a sports writer. =)

Overall, my interview with Kelly shines light on why investigating reporters’ previous coverage and familiarizing yourself with their news beat is so important before clicking send on that pitch. Reporters’ inboxes are jammed now more than ever due to COVID-19, so be mindful. To Kelly’s point, take the time to find that new story rather than pitching something already covered – it will go a long way in building a trusted relationship and securing that coveted piece of client coverage. 

Ditch your bland COVID-19 security product pitch, reach out to reporters to see how they are doing in this difficult time and build a genuine narrative that will be useful for you and your client. 

Cybersecurity best practices for your new home office

Image source: Unsplash, Luke Peters

 

As Highwire, and other businesses across the U.S., transition to a remote workforce, it’s never been more important for us to consider our personal cybersecurity. Understanding the steps needed to take your security into your own hands is critical to protecting your data, and your company’s data against cyberattacks. We’ve compiled a list of our top five best practices for your easy reference below.

1. Beware of Phishing Attacks

Phishing attacks, specifically on work emails, have dramatically increased as more people work from home because of COVID-19. Phishing attacks often take the form of emails coming from someone posing as a trusted person, like a coworker, attempting to obtain sensitive information like usernames, passwords and financial details. All employees should be hyper-aware of any email that asks you for personal information. Some ways to spot phishing emails include looking at the email of the sender. If it doesn’t have a recognizable email address, it’s probable a scam. If the email uses a generic greeting or has spelling errors, it is probably not from a verified sender. If you’re ever unsure about an email you receive, it’s always better to pick up the phone and call that person directly to confirm before giving away any sensitive information. Another best practice is to never click on anything in an email without checking the sender and instead type the web addresses into your browser yourself.

2. Use Two-Factor Authentication

Now that businesses have gone completely digital, all employees should have 2-factor authentication (2FA) for any company logins to ensure that only the right people are accessing certain sensitive data. 2FA only grants a user access once they have successfully presented two (or more) pieces of evidence that they are the person they claim to be. This could mean logging into your account on your computer with your password first, then entering a code you received on your cell phone to confirm it’s you. That second form of identification should always be something that you have on your person, whether a code sent to a cell phone, a security key, or a one time generated code from an app. You should enable 2FA on all of the devices and applications you use for work.

3. Separate Work from Play

As our two worlds, home and work, become one. It is important to keep your work and play on separate computers. When people are at home, it’s easy to mix the two, as you click on links or do things at home you may not typically do in the office. This can lead to major security issues. For example, if your device is stolen and you have your work accounts linked, it may be easier for malicious actors to gain access to sensitive information.

4. Update, update, update

One of the best ways to ensure your devices are secure is to stay up to date on all settings. Users should make sure that all privacy settings are updated across their devices. Updating to the most recent softwares is also important. For example, most online tools like Zoom have been updating their settings during the pandemic to ensure user safety. In addition, we should all remember to update our passwords every 90 days. If you’re currently using a password that your cybersecurity team would laugh at, you may consider a password manager like Dashlane. A password manager stores all login information and helps you create and store complex passwords. Updating your passwords and making sure they are complex will make you less vulnerable to sophisticated cyber criminals.

5. Use a Virtual Private Network 

Hopefully, your new home office has password-protected Wi-Fi and uses at least WPA2 security protocol. But in this new remote workforce, where home Wi-Fi passwords may not be as strong in favor of making them easy to remember, employees may consider using virtual private networks (VPNs) to keep themselves, and the company IP, safe and secure. For those who may not know, a VPN extends a private network across a public network, helping to secure your devices. 

Overall, we know there’s a lot going on for you right now and security may not be at the top of priorities, but we hope these simple tips will show you how easy it is to stay protected during this pandemic and that instilling these best practices across all your  devices will help keep you, your family, and your company safe. 

Have any best practices you follow and would like to share? Reach out to jillian@highwirepr.com to share your best tips and tricks. We’d love to hear from you!

RSA Day 2: Finding New Ways to Explore ‘The Human Element’

RSAC 2020 continues and day 2 kicked off with keynotes and presentations focusing on the prevalence of nation state attacks and the rise of ransomware, leveraging intrinsic security within your organization, and offering an introspective look at the ways technology continues to shape our lives.

For a full recap of day 1’s activities and key takeaways, be sure to check out Highwire’s day 1 blog recap if you haven’t already.

Hacking Exposed

Today’s RSAC started off with a bang as former Crowdstrike CTO and co-founder Dmitri Alperovitch commenced the day’s keynotes with a global debrief on some of the world’s most active nation state threat actors, an analysis of 2019’s top cybersecurity trends (disclaimer: top three were ransomware, ransomware and ransomware), and predictions for the global threats to come in his keynote “Hacking Exposed: Global Threat Brief”. He analyzed major nation state players like North Korea, China, Vietnam, Russia and Iran, and broke down why 2019 was the year of ransomware. “Everyone is a target”, Alperovitchexplained, noting that not only did ransomware dominate headlines in 2019, but also that in 2020 we can expect to see that trend continue along with an increase in threat activity from attackers in Russia, Iran and China. 

Alperovitch also expounded on ways that the U.S. and other western states can mitigate the long term impact of increased nation state attacks – namely by increasing regulation in cybersecurity and expanding the reach of legislative policy in the industry, but also by embracing new technologies and defense strategies as attackers evolve. “The bomber will always get through,” Alperovitch explained. “But just because you have an intrusion doesn’t mean you need to have a compromise.” 

Making Security More Intrinsic

Taking a closer look at the InfoSec world and the current state of cross team collaboration between security and IT teams, VMWare’s Patrick Morley and Southwest Airlines’ Carrie Mills explored ways to make security more intrinsic within organizations, outlining ways to simplify organizational security approaches. New findings from VMWare showed that 77% of SecOps and IT teams don’t engage well. By highlighting ways to maintain positive relationships across teams, both Morley and Mills showed that cross team collaboration will ultimately lead to more successful organizations. 

Technology in New Spaces

But the real highlight of the day was hearing from former NASA astronaut Mike Massimino, and the first woman to command the International Space Station (twice), Peggy Whitson, who discussed not only the possibilities that innovation and technology continue to bring to our everyday lives, but also how to embrace challenges head-on, how to work with new teams (even when they’re 238,900 miles away) and what diversity and inclusion mean in the technology industry today. 

Not only was Whitson NASA’s first female Chief Astronaut, but she’s also spent more time in space than any other American astronaut – male or female. Of her 10 (record-breaking) space walks, not one of them came easy or without hiccups along the way. Elaborating on a single instance when an array that was in the process of being deployed tore in space, Whitson highlighted the cross team collaboration – the human element – that ultimately led to the repair of the array and the eventual success of the space mission at hand. 

Teamwork was one of the core principles highlighted in Whitson’s talk, but so was diversity and inclusion – and not just embracing diverse demographics within an organization, but also empowering diverse perspectives as well. Massimino pointed out that ‘if everyone thought the same way, we would have never gotten to the moon’. NASA’s ability to promote collaboration among teams by leveraging individuals with diverse thought processes and diverse skill sets has ultimately led to the immense amount of innovation and success the organization has been able to achieve over the years, Whitson pointed out. “It’s the human element that makes every group stronger,” Whitson said. 

Overall, today’s speakers really highlighted the need for the collaboration – both across the industry and within internal security and IT teams – to solve both industry and business challenges with increased efficiency, and tomorrow we expect to hear more on the cyberthreat landscape.

Anything we missed? Feel free to send us your thoughts, comments and suggestions at SecLeads@highwirepr.com – and let us know if you’re in town for RSA! We’d love to catch up. 

Tune in tomorrow for another recap of #RSA2020 day 3! 

RSAC 2020: Everything You Need To Know

RSA Conference is quickly approaching, and the #HWCyberSquad is getting its ducks in a row. For close to 30 years, the week-long conference has drawn the best and brightest in cybersecurity to discuss current trends and challenges impacting the space. 

This year, RSAC’s theme is The Human Element, which will explore how even though an automated future is inevitable, our most valuable weapon is and will always be ourselves. While artificial intelligence and machine learning are expected to fight against threats better than we ever could, humans will always be needed when it comes to making challenging ethical decisions. RSAC believes that “when we recognize that cybersecurity is, fundamentally, about people protecting people, the world becomes a better, more secure place.” 

The Human Element isn’t the only thing that will be talked about, though — topics like DevSecOps, AI and ML, and insider threats are set to take center stage alongside even more pressing conversations around election security, ransomware threats, 5G, and privacy. This year, we expect to hear compelling conversations about modern approaches to security as we enter into a new decade — how are we approaching security in new and different ways? 

 

Security Then and Now

As we head full force into 2020, a number of sessions will focus on how security strategies have changed and where they are going. Akamai’s talk on Security’s Grand Challenges, Then and Now will look at where we came from, and how our biggest challenges have shifted, and Forcepoint’s talk on Modern Strategies for Protecting Users and Data in a Borderless World will highlight why modern cybersecurity needs a mindset change. Splunk will be moderating a panel with experts from Intel and Starbucks on Modernizing the Security Operations Center, and Illumio will be highlighting why we need to approach the more powerful threats that we are seeing with a new approach — more powerful segmentation. Each of these sessions hits on a key theme that cybersecurity strategies are not what they used to be — and we need to take a new approach. 

As attackers become increasingly sophisticated, we’re also seeing researchers share in-depth insights into some of the most impactful attacks. In a session, SonicWall shares insights into a Two-Week Conversation with a Ransomware Cell which begins with the young leader of a Russian ransomware cell. Nicknamed “Twig,” SonicWall’s confidential contact unveils how alarmingly easy it is for their cell to find, target and attack modern networks.

 

The Era of DevSecOps

We are continuing to see the security and developer world overlap, as businesses look to shift left and make the transition from DevOps to DevSecOps. We’ll see a number of sessions providing businesses with best practices on bringing security into the development process, from GitLab’s talk on Best Practices for Adding Security to DevOps, to Veracode’s session on helping developers to understand security,  A Security Pro in Developer’s Clothing. From base-level “how to’s” to more technical instruction, the DevSecOps movement is here to stay, and security practitioners will be sharing their unique insights for businesses to be set up for success, including How to Harness Dev and Their Native Tools to Accelerate DevSecOps.

 

How Identity Impacts Security Strategies

Coinciding with RSAC’s human element theme, Code42 and One Identity will both host talks focused on how identity impacts the ways we approach cybersecurity. Insider threats aren’t going anywhere anytime soon, and they’re continuing to impact businesses — Code42 and One Identity outline how practitioners can better secure their organizations by mitigating these risks. 

 

AI and Machine Learning

New technologies are continuing to impact the ways organizations stay secure — particularly machine learning. Intel will focus on how ML can help from two different angles: how we can use ML to protect privacy in a data-driven world and How HW Telemetry and ML Can Make Life Tough for Exploits. They’ll share the benefits of implementing ML technologies into security frameworks and how it can better protect businesses.  

The #HWCyberSquad will be at RSAC to learn from the experts, connect with reporters and industry influencers, and gain an even deeper understanding of the pressing issues facing businesses in 2020 and beyond. 

Want to catch up at the show? Email secleads@highwirepr.com, and stay tuned for more RSA content as we get closer to the event.

 

Be sure to stop by the Expo Hall to learn more about each of our clients, listed below: 

Client Booth Locations

  • Akamai: Booth #6153, North Expo
  • BitSight: Booth #1167, South Expo
  • Code42: Booth #6079, North Expo
  • Forcepoint: Booth #5965, North Expo
  • GitLab: No booth but see above for details on speaking sessions
  • Illumio: Booth #5459, North Expo
  • Intel Security: No booth but see above for details on speaking sessions
  • Interos: No booth, but will be on the show floor
  • MobileIron: Booth #1727, South Expo
  • One Identity: Booth #6271, North Expo
  • Qualys: Hosting QSC 2020 at Four Seasons on 2/25
  • SonicWall: Booth #5559, North Expo
  • Splunk: Booth #5865, North Expo
  • Veracode: Booth #5553, North Expo
  • vArmour: No booth, but will be on the show floor

Additionally, check out all of our clients’ events, parties, and speaking sessions throughout the week, listed below:

Events/Parties

  1. Forcepoint RSA Welcome Reception 
    • Location: The St. Regis San Francisco, 125 3rd St, San Francisco, CA 94103, Yerba Buena Terrace, 4th Floor
    • Date: Monday, February 24
    • Time: 7:00 – 9:00 p.m. PT
  2. vArmour Concert Party with Nothing But Thieves
    • Location: The Grand, 520 4th Street, San Francisco, CA 94107
    • Date: Monday, February 24
    • Time: 8:30 p.m. – 12:00 a.m. PT
  3. vArmour + Digital Shadows Security Leaders RSA Party
    • Location: City View at Metreon, 135 4th St #4000, San Francisco, CA 94103, USA
    • Date: Wednesday, February 26
    • Time: 6:00 – 9:00 p.m. PT
  4. Qualys QSC Private Reception
    • Location: Veranda Ballroom on the 5th Floor, Four Seasons Hotel, San Francisco
    • Date: Wednesday, February 26
    • Time: 6:00 – 9:30 p.m. PT
  5. Securosis Disaster Recovery Breakfast
    • Location: Tabletop Tap House, 175 4th St, San Francisco, CA 94103, USA
    • Date: Thursday, February 25
    • Time: 8:00 – 11:00 a.m. PT

Speaking Sessions

  1. Veracode’s Javier Perez Talk on “Time to Spell Out Open Source Software Security”
    • Location Moscone West, 3022
    • Date: Tuesday, February 25
    • Time: 1:00 – 2:00 p.m. PT
  2. Qualys Security Conference 2020 San Francisco
    • Location: Veranda Ballroom on the 5th Floor, Four Seasons Hotel, San Francisco
    • Date: Tuesday, February 25
    • Time: 8:30 a.m. – 4:00 p.m. PT
    • Register here
  3. Splunk’s Oliver Friedrichs, Jac Noel, and Lee Peterson Talk on “Modernizing the Security Operations Center: A Security Leader Panel:
    • Location: Moscone South
    • Date: Tuesday, February 25
    • Time: 3:40 – 4:30 p.m. PT
  4. Code42’s Talk on “The Insider Threat: You’re Flying Blind”
    • Location: Moscone North Expo
    • Date: Tuesday, February 25
    • Time: 4:20-4:50 p.m. PT
  5. One Identity’s Talk on “Security Starts Here…Identity”
    • Location: Moscone South
    • Date: Tuesday, February 25
    • Time: 2:10 – 2:30 p.m. PT
  6. Intel’s Casimir Wierzynski Talk on “Protect Privacy in a Data-Driven World: Privacy-Preserving Machine Learning”
    • Location: Moscone West
    • Date: Tuesday, February 25
    • Time: 1:00 – 1:50 p.m. PT
  7. Intel’s Rahuldeva Ghosh and Dr. Zheng Zhang Talk on “Nowhere to Hide: How HW Telemetry and ML Can Make Life Tough for Exploits”
    • Location: Moscone West
    • Date: Tuesday, February 25
    • Time: 3:40 – 4:30 p.m. PT
  8. Forcepoint’s Homayun Yaqub Talk on “Modern Strategies for Protecting Users and Data in a Borderless World”
    • Location: Moscone South, 207
    • Date: Wednesday, February 26 
    • Time: 2:50 – 3:40 p.m. PT
  9. Veracode’s Chris Wysopal and Jay Jacobs Talk on “8 Million Findings in 1 Year: Fresh Look at the State of Software”
    • Location: Moscone West, 3014
    • Date: Wednesday, February 26
    • Time: 9:30 – 10:00 a.m. PT
  10. SonicWall’s Brook Chelmo Talk on “Mindhunter: My Two-Week Conversation with a Ransomware Cell”
    • Location: Moscone North Expo
    • Date: Wednesday, February 26
    • Time: 10:30 – 11:00 a.m. PT
  11. GitLab’s Cindy Blake Talk on “Best Practices for Adding Security to DevOps”
    • Location: Moscone West
    • Date: Wednesday, February 26
    • Time: 9:20 – 10:10 a.m. PT
  12. GitLab’s Cindy Blake Talk on “How to Harness Dev and Their Native Tools to Accelerate DevSecOps”
    • Location: Moscone West
    • Date: Thursday, February 27
    • Time: 1:30 – 2:20 p.m. PT
  13. Akamai’s Andy Ellis Talk on “20 Years In: Security’s Grand Challenges, Then and Now”
    • Location: Moscone West Street Level
    • Date: Thursday, February 27
    • Time: 10:35 – 10:55 a.m. PT
  14. Illumio’s Talk on “More Powerful Segmentation for More Powerful Threats”
    • Location: Moscone North Expo
    • Date: Thursday, February 27
    • Time: 10:30 – 11:00 a.m. PT
  15. Veracode’s Ryan O’Boyle Talk on “A Security Pro in Developer’s Clothing”
    • Location: Moscone North Expo
    • Date: Thursday, February 27
    • Time: 12:40 – 1:10 p.m. PT
  16. BitSight’s Jake Olcott Talk on “Do Investors Care About Cyber Risk?”
    • Location: Moscone West
    • Date: Thursday, February 27
    • Time: 2:50 – 3:40 p.m. PT
  17. Veracode’s Chris Wysopal and Katie Moussouris Talk on “Coordinated Vulnerability Disclosure – You’ve come a long way baby”
    • Location: Moscone South Esplanade
    • Date: Friday, February 28
    • Time: 8:30 – 9:00 a.m. PT

Approaching Sensitive News Cycles Without Guns Blazing

Today’s media landscape can be an intimidating place. With top headlines touting sensitive topics like geopolitical warfare, the 2020 U.S. Presidential election, and industry competition, it’s easy to see why many organizations shy away from entering the conversation. But not all sensitive subjects need to be scary to broach from a communications perspective. 

In fact, our security practice recently had noteworthy success inserting commentary from clients into the media conversation surrounding Iran’s speculated cyber warfare retaliation on the U.S., following the death of a prominent Iranian military general – an incredibly sensitive topic by all accounts. By leveraging strategic, forward-thinking insights surrounding the news cycle, the Highwire team was able to strategically secure coverage in publications like Fortune, AP, Recode, The Hill and Financial Times that positioned subject matter experts as industry thought leaders.

Taking a deeper look at best practices when it comes to approaching sensitive subjects, here are a few of our tried and true tips and tricks for dipping your toes in the contentious media landscape without being too controversial.

Play to Your Strengths

In order to craft compelling commentary, you need to first identify your company’s tie to the story at hand. Inevitably, there will be hundreds of other companies that are attempting to connect their thoughts to the exact same story. Pinpoint a way that you can offer a unique perspective to cut through the noise.

There are many ways to do this. One example is playing up the thought leader’s background and how it makes him or her an expert on the topic at hand. In the recent Iran cyber threat news cycle, we leveraged a spokesperson’s involvement with the House of Representatives Homeland Security Committee to establish authority on the topic, which led to a briefing and coverage in The Hill. 

Another approach is to take advantage of specific technology considerations and news elements at play. For example, one of the biggest concerns in the Iran-U.S. cyber tension story was phishing and other social engineering tactics being used against government employees – a media and thought leadership gold mine for any phishing expert! 

Leveraging relationships with influential media who know your business and respect your brand is also key. Many times, coverage is earned as a result of an ongoing relationship with a reporter. If you’re apprehensive about getting your message out there, run it by a reporter that you trust before disseminating your message widely.

Compelling Commentary Doesn’t Need to be Negative

Part of the reason our clients had such success in securing placements around the Iranian-cyber warfare news cycle was because we were able to work with our clients to strategically craft commentary that was compelling, without inciting fear, uncertainty or doubt.

Often when we have clients who are apprehensive about commenting on sensitive stories, it is because there tends to be a premonition that compelling commentary needs to be negative and controversial. This is not true. 

The best way to get involved in a story is to provide a unique perspective (as aforementioned) and offer a solution to the problem at hand. With this news cycle, we were able to leverage executive commentary that was forward-thinking and offered a suggested outcome based on expertise and insights that had been gained from witnessing similar incidents play out in the past. 

Don’t Force it if it Doesn’t Fit

With all that being said, perhaps most importantly, you should never feel like you have to comment on a topic if it’s not a fit. Journalists are looking for sources that have a direct tie to the story at hand and who add a new point of view to the discussion. If the expertise and connection to the story is a stretch and your spokespeople are simply sharing more of the same thoughts as other sources, it’s best to sit the news cycle out. 

Uncertainty can be a scary place, but so is inaction. We find that some of our most compelling results are gleaned as a result of proactive outreach, or outreach that would not have occurred unless inspired by a direct tie to a story or reporter or news cycle – and that’s regardless of industry. 

Anything else that we missed? Feel free to let us know at secleads@highwirepr.com, and let us know if you’re attending RSA! We’d love to connect with you.

What We’ve Learned About Privacy & Policy – Thanks to a Little Help From Our Friends

We had the pleasure of hosting a security panel in San Francisco last week, focusing on ‘Privacy and Policy in the Age of Disinformation.’ If you were able to attend, let us be the first to say that we appreciate you taking the time out of your busy schedule to do what is most imperative in this era of disinformation and distrust – learn more about the issue at hand. 

For those of you who were not in attendance, we were fortunate enough to have an expert group of panelists — including Joe Menn from Reuters, Michael Liedtke from The Associated Press, Seth Rosenblatt from The Parallax, and Shaun Nichols from The Register — shed some light on the matter.  Our panelists shared some of the ways they personally have been following along as these issues continue to grow worse entering into election season, a new era of data privacy legislation (via the California Consumer Privacy Act in early 2020), and as we continue through the ever-evolving age of social media.

The panel was moderated by our SVP and head of the Highwire security practice, Christine Elswick, who noted that, “As we head into an election year, questions are still swirling about where the balance is between privacy and security and our freedoms and safety.” Christine continued, “2016 was a rude awakening for Americans who were inserted in their first interaction with social media driven disinformation. But what has happened since, and what does the future look like?” Our expert panelists were there to break down many of these issues and more. 

What does ‘fake news’ mean in 2019?

The panel kicked off by diving straight into what constitutes ‘disinformation’ in this day and age. Joe Menn of Reuters explained that “Disinformation is intentionally false information whereas misinformation is accidental – such as when your grandma misremembers a story from her past”.

The panelists discussed ways to better identify disinformation and the role social media has played in perpetuating the dissemination of false messages. When highlighting how regulation of big tech has begun to factor into the conversation, Shaun Nichols of The Register warned, “We can’t get too focused on Google, Facebook, and big tech models because, if we’re only addressing one type of model, we are going to miss a whole bunch of others.”

Michael Liedtke of The Associated Press also chimed in on the effect disinformation has had on the consumer noting, “Average folks sitting at home are now more suspicious of the information they see online – which is a good thing. Identifying disinformation is not the same thing as stopping it.”

The panel then dove into some of the larger privacy concerns facing us everyday as consumers, writers, PR practitioners, tech enthusiasts, and more. “The problem is, partially, we don’t have a national standard on privacy, but we also don’t have an international standard for a lot of different things that have been around for far longer than digital privacy issues,” explained Seth Rosenblatt of The Parallax. 

When highlighting ways to level the playing field in cybersecurity and bring new perspectives to data privacy awareness in general, Joe Menn of Reuters noted, “I think one thing that would really help affect change in privacy is if there were more senior technology executives who were women. Because I think an extremely alarming percentage of women have been stalked…and women, because they’re frequently victimized in this way to an astonishing extent, are much more privacy-aware.” 

The group’s consensus at the conclusion of the event? There is still much that needs to be done in the world of data governance and data privacy legislation, but what is the best way to deal with the current state of data privacy and disinformation? Give more power to the consumers. Let the people decide if and how and when their data should be used. Only then can we restore democracy to data.

Interested in hearing more about how this panel came to be? Stay tuned for our upcoming blog post on how we created and leveraged digital assets to amplify awareness for the event.

State of the Media Landscape: Cybersecurity Edition

What Black Hat 2019 means for Cybersecurity in 2020

Cybersecurity has never been more important and it has become clear the security community needs and wants more collaboration and communication. From bug bounties and IoT to election security and diversity & inclusion, the industry is evolving and the role of communications is expanding.

At Highwire, we’ve built a dedicated cybersecurity practice with passionate, curious and accomplished team members driving results for our clients. We work with leading companies to uncover creative cybersecurity and tech storylines, and establish unique narratives and voices within those storylines that we showcase in different ways such as conversations with press to earn strategic media placements, collaborations with industry influencers and creative campaigns on social media.

That’s why we were at Black Hat 2019 — we sent a team to support our 14 cyber clients, interact with industry professionals, be active and passionate members of the information security community, and uncover emerging storylines. 

This report details the top trends that we observed at Black Hat 2019 – from industry influencers and reporters to enterprise decision-makers  – as well as a guide to harnessing these trends to not only have the most successful trade show presence in 2020, but also to leverage for broader influence with marketing and PR campaigns. 

To download the report, please fill out the form below. If you are interested in learning more about how to make your cybersecurity story stand out among the crowd, please don’t hesitate to reach out – megan@highwirepr.com

  • This field is for validation purposes and should be left unchanged.

#HWCyberSquad Takes Black Hat 2019 by Storm

Black Hat 2019

Kicking off the 22nd year of Black Hat were keynote speeches from the conference’s founder, Jeff Moss, followed by Dino Dai Zovi, the mobile security lead at Square. Both talks reinforced one main message that was felt in all sessions, briefs, and side conversations that followed – communication is key. 

The security world finally has its well-deserved spotlight, and cyber teams are now being challenged to seize this opportunity and shift their focus to high engagement with departments across companies through thoughtful and strategic communication. 

In Dai Zovi’s talk, he shared his career path through security, starting with research and hacking contests he did in his free time – since security positions weren’t an option when he joined the workforce – to now, were he holds a lead security position with a seat at the head table. From his personal roadmap, Dai Zovi has been able to pull together four main ways that security teams can shift the way they engage and communicate with across all teams at their organizations, which are: 

  • Start with “yes.” In order to engage the world, you can’t shut them out 
  • Meet with teams dealing directly with customers to get a deeper understanding of who customers are and what they struggle with on a day-to-day
  • Use feedback loops and software automation to meet scalability needs 
  • Create a culture of security across an organization, instead of focusing on strategy and tactics

It became clear that the security community was hungry for more communication like Dia Zovi noted above and ready to shift their focus. While technology demos continued to be a huge part of the conference from a marketing perspective, and technical innovations in automation, machine learning, artificial intelligence, and the new, changing definition of endpoint/perimeter security being the main PR drivers, most technical conversations managed to continually turn toward this more human element of cybersecurity.

As we see security concerns around topics that are increasingly more detrimental to society such as, election security, data abuse, privacy issues, AI being weaponized, and widespread disinformation, Dai Zovi’s message on shifting the focus of cyber teams to communication will become more vital than ever. It will open the opportunity for a culture of security, empowering each individual in every organization to be an extension of their security team and allowing cyber practitioners to think big and work together against future cyber attacks. 

Let us know if you’d like to connect with Highwire PR to talk through how communication will change the game for the security industry! Contact secleads@highwirepr.com for more details.

 

#HWCyberSquad is ready for Black Hat 2019… Are You?

As Black Hat USA 2019 draws ever closer, so does the anticipation and excitement for over 19,000 security professionals who call one of the nation’s largest cybersecurity summits a second home.

Always promising and delivering the latest and greatest on threat research, malware and all things cybersecurity, Black Hat has grown significantly over the years, becoming a venue for some of the greatest minds from the world’s foremost cybersecurity organizations to convene and discuss the state of global security, technology and research. 

What We’re Looking Forward To

Def Con, a hacker conversation, featuring former L0pht members, including Veracode’s CTO Chris Wysopal

This year’s event, focusing on DevSecOps, nation-state attacks, vulnerabilities, open-source and more, promises to be bigger and better than ever. 

“Black Hat received an incredibly large number of submissions for this year’s event,” said Heather Donner, Black Hat PR Manager. “This year we will see themes covering the full security spectrum, spanning voting technology, auto vulnerabilities, research on WhatsApp, and major mobile talks. We’re also expecting to see a focus on privacy and consumer risks emerge as a key trend this year.”

A few of our clients weighed in on what they’re expecting to see more of as well:

“The security industry has seen many significant shifts this year – most notably through accelerating industry consolidation which has come to reshape the SOC as we know it. For us, this started with Splunk’s acquisition of Phantom last year, and has continued with a number of acquisitions affecting the SIEM and SOAR market across the landscape,” said Haiyan Song, SVP and GM of Security Markets at Splunk. “I’m always fascinated to hear more from customers and partners on how recent market acquisitions are affecting the rate of product innovation, how analytics-driven security is enabling a new kind of data management, how automation is making people more effective and productive, and how unknown data – or as we call it at Splunk, ‘dark data’ – is impacting privacy, legislation, and in the end how organizations grapple with security.”

“The professions of software development and information security are overlapping more than they ever have before and the trend is accelerating,” explained Chris Wysopal, Veracode CTO and co-founder. “There have always been software companies that have built security products, but this isn’t about that. This is about software developers performing traditional security practices and security professionals building software to secure their organizations.”

“The way businesses use technology has changed dramatically in the last 15 years,” Wysopal continued. “Enterprises are not simply deploying, configuring, and securing vendor produced software. Enterprises are building their own solutions using software assembled from open source, code from their own massive development teams, and run on the APIs and services of cloud providers. Security has to be integrated into every step of the building process and not just assessed at the end. After all, development is continuous now so there is no end!”

What’s New This Year

Always new and always evolving, we asked our Black Hat expert, Heather Donner, what new offerings and programs this year’s Black Hat has in store.

“We’ve added exciting new features and programs to this year’s event to give attendees the opportunity to gain hands-on experience working with new tools and practicing new techniques,” Donner noted. “Attendees can check out the all-new Arsenal Lab, which provides a unique opportunity to play with hardware, ICS gear, and IoT devices in a controlled environment, as well as the first-ever Micro Summits, which are designed to foster education and collaboration on focused topics in the information security industry.”

With the added emphasis on interaction and education at this year’s event, we’re more excited than ever to see what talks from Akamai (here and here), BitSight, Endgame, Forcepoint, Intel, Qualys, Splunk (here and here), and more will bring, and what thought-provoking insights we take away. 

We’re ready for Black Hat 2019… are you?

Let us know if you’d like to connect with Highwire PR at the show! Contact secleads@highwirepr.com for more details.

Analyst Trade Shows Standout in an Increasingly Digital World

For all the talk about marketing’s digital transformation, a heck of a lot of people are still attending physical trade shows. More than 42K attended the largest B2B security show, RSA Conference, in March 2019. More than 180K were in Las Vegas in January 2018 for CES, the massive consumer electronics show.

Many years ago, I believed that trade show popularity followed an inverted arc curve. At the apex of the curve– when a given show reached the peak of its popularity– is marketing saturation. Attendees would realize that a given show’s vendors all said the same thing, or, even worse, that the only people attending were non-practitioners. The show’s popularity would then see a precipitous decline.

My theory is easily disproved, given the longevity of certain shows I have attended for the majority of my career. But also disproven is a belief conditioned deep in my mind that the importance of physical trade shows will ultimately wane, given 1:1 marketing and the internet.

In truth, the concept of the trade show is amorphous and resilient. Alongside horizontal trade shows, such as CES, are a variety of other types of shows, such as user conferences. They commence as gatherings of peers to learn best practices for a specific solution but morph into living, breathing communities of their own.

A similar morphing might be underway among events run by industry analyst firms, which often prove to be wise investments by my clients. Incorporating industry analyst trade shows into a marketing mix is important for any B2B technology company, as long as those companies ponder a few key questions:

What’s the objective of your attendance? For companies interested in branding, a larger horizontal show avails you to a wide audience. Sponsoring trade show happenings, such as receptions or parties, creates buzz. Vertical and industry-analyst-driven events are more precise in their audience, and they should be considered if the objective is equally more narrow, such as driving customer acquisition.

One reason for attending an industry analyst event is to earn an audience with the analysts themselves. Regular communication with them is key to understanding the conditioning of the market and to teach the analyst as to why a given solution is ideal for where an industry is headed.

What is the target audience for the organization running the event? Certainly it’s important to know who is attending a given show, but a better way to look at this is to evaluate the audience that the show’s organizers care about. The more zeroed-in an organizer is on a target audience, the more zeroed-in that organization’s event is on that audience.

Evaluating the audiences an analyst firm cares about is not hard—simply review published research. However, organizations sometimes are misled by the credibility of a given firm and blindly sign up for that firm’s events, even if the firm doesn’t write for the correct end-user audience and has not defined a research area for those users. Most analyst firms place tech vendors in categories; if a given firm doesn’t have a category for you, it’s probably a wasted investment to attend that firm’s events.

Are there desirable outcomes beyond visibility and high-level lead generation? The right analyst trade shows gather a targeted list of influencers that matter to marketing efforts. Today’s digital world presents wide-ranging opportunities to leverage them.

Influencer dinners during the events are an informal setting to discuss trends. If they are positioned as such they have long-tail benefits. Dinner guests are more likely in the future to engage with the host’s content, act as a reference for marketing campaigns, or, obviously, mention the company in online comments or stories.

On-site social efforts by an exhibitor demonstrate that company’s commitment to the target audience. Visuals and short YouTube-quality videos from the events drive better engagement numbers than general thought leadership content.

Physical trade shows remain an important part of an organization’s marketing mix. And increasing the investment in shows run by analysts can deliver a nice return, as long as the audience and potential impact of such an investment are carefully weighed.