RSA Day 3: The security industry’s dark secret takes center stage

Thursday’s opening keynote addressed an issue that has become front and center for the security industry over the last year—mental health.

Last August at Black Hat was the first time a specific conference track had been dedicated to the infosec community to present on stress, burnout and mental health. Fortunately, that has carried over to RSA which featured a stimulating conversation between Josh Corman of I am the Cavalry and Christina Maslach, a Professor of Psychology (Emerita) and a Researcher at the Healthy Workplaces Center at the University of California, Berkeley.

As Maslach stated, Silicon Valley has always encouraged and rewarded burnout. In the ’90s during the dot-com boom, it was seen as a badge of honor to work for days on end and sleeping (when you could) underneath your desk. You would do this for a couple of years with the reward being some sick stock options.

Workforce shortage exacerbates burnout

The skills shortage in the cyber industry has been a common topic for years now and most vendors use it as a talking point by claiming their AI/ML infused products will augment this issue. This skills shortage has another effect though—increasing the chance of burnout.

As Maslach mentioned to Corman on-stage it’s hard not to react to every single little sound or vibration whether it comes from our phone or computer. However, that is just an everyday human problem, now think about this in the context of a security operations engineer.

Organizations typically use dozens of different tools on a daily basis—CSO reported in 2016 that the average company uses 75. I installed a Google Calendar extension into Slack this week and am overwhelmed just from those notifications, it’s hard to picture that x75.

Culture and managerial structure can be a differentiator

I particularly enjoyed Corman’s personal anecdotes from his infosec career and how different managerial structures and company culture can either help combat or unintentionally encourage burnout.

Companies should be mindful that certain managerial decisions or even reward systems can directly contribute to burnout. Organizations that ask all members for feedback on ways to treat each other better can help be proactive given our resources are people and as stated previously those are already in short supply.

Incident responders are the digital equivalent of first responders in the medical field. At times we have to hold secrets about our work which can add additional stress. Unfortunately, there are times when coworkers are showing signs of burnout and instead of empathy and compassion they are called weak and told they aren’t cut out for the industry.

Stay in your lane

It was refreshing to listen to Corman and Maslach given earlier drama this week as SOAR upstart, Swimlane, attempted a tone-deaf stunt that backfired as RSA banned the vendor from the conference at Moscone.

Swimlane staged a fake protest to promote its product which relies heavily on automation and positioned itself as helping combat analyst burnout and stress. (See a picture of the protest from Tom’s Guide security editor, Paul Wagenseil.)

To make matters worse, Swimlane issued a press release claiming it was wronged by RSA. Whatever buzz they hoped to generate at the show ended up rubbing many the wrong way.

I for one enjoyed my time with the adoptable puppies at the ThreatQuotient booth. This was a cuddlier and friendlier way to generate attention at a packed Moscone Center rather than playing the victim after poking light at mental health to promote a product.

Building a safe and inclusive infosec community

At the end of the day we’re going to get the culture we invest in and it’s important to work for an organization that encourages feedback and ideas from every member.

During a conversation with a data scientist colleague this week he remarked, “the greatest minds of our generation are trying to get people to click on ads.” This was top of mind as I took in Thursday’s keynote.

While it won’t happen overnight, hopefully raising the issue of mental health in our industry and fostering an inclusive and safe environment can counteract the very people who are trying to make us more glued to our screens.

RSA Day 2: Getting More Involved in the Cyber Issues that Matter

While yesterday’s RSA keynotes highlighted the need for increased trust and transparency in cybersecurity, today’s discussions were all centered around how to make those changes a reality – starting with getting individuals more involved in the issues that matter.

Calls for Comprehensive Legislation

Harvard Kennedy School’s Bruce Schneier kicked off the conversation by discussing how technologists can get more involved in impacting cybersecurity legislation. While the internet has developed exponentially since its creation, legislation surrounding it has not. Schneier stressed that this needs to be changed and it needs to start with people who understand the technologies dominating the security landscape on both sides of the battlefield.

He touched on current cybersecurity regulations like the EU’s implementation of GDPR, Australia’s implementation of legislation that enables law enforcement to access encrypted data upon request, and how the U.S. can start getting more involved in the conversation. The takeaway? If we want technology to continue to grow and expand in a way that is going to be beneficial, we have to get it under control. And the best way to ensure its longevity is by getting the people who know it best more involved.

Power to the People

Microsoft’s Corporate VP of the Cybersecurity Solutions Group, Ann Johnson, also used her time to discuss the more human aspects of the industry – namely noting how expanding the cyber workforce and increasing its diversity will be the best way to propel the technology behind it. She emphasized that work in cybersecurity can be the most rewarding, yet the most taxing. This could explain both the exceptionally high stress rate among industry professionals and the three million job openings still vacant within cybersecurity organizations.

Johnson encouraged organizations to prioritize a diverse workforce and to foster more positive atmospheres. She discussed how these steps can boost employee retention and provide variety in organizational approaches to issues. She also noted that more diverse teams make better decisions 87% of the time. Johnson highlighted how work in technology and cybersecurity, in particular, is beginning to change. As today’s tools become more capable of alleviating some of the responsibility formerly held by human counterparts, professionals are starting to explore new avenues in the field. “Tech is amplifying our human capacity to separate the humans from the noise,” Johnson said.

Combining Tech and Human Intelligence

Facebook’s Head of Cyber Security, Nathaniel Gleicher, and Twitter’s VP of Trust and Safety, Del Harvey, also discussed the necessary partnership between tech and human responsibility, which together allows platforms to better differentiate between human and non-human interference and determine next steps accordingly. They each discussed some of the sensitivities that both platforms face when regulating user content, most notably how to differentiate technical interference with legitimate content so as not to violate users’ first amendment rights. But both individuals noted that as technology continues to advance, the lines between technology and legislation continue to blur.

Overall, day two of RSA highlighted the incredible contrast between just how far technology and cybersecurity have come, and how much farther the industry and legislation behind it must advance in order to keep it as reliable and benevolent as possible. But if today’s speakers emphasized anything, it was that change is never quite as far away as it seems –  in fact, it is already taking place and it is starting with security technologists like you and me.

RSA Day 1: Takeaways from the #HWCyberSquad

Last year we saw major data breaches monopolize the headlines, while privacy issues became top policy discussion items. 2018 was the year that trust was lost.

The 2019 RSA Conference theme “better” was broken down in this morning’s opening keynotes with the idea of trust in mind as the security community comes together to grapple with these major issues. The keynotes outlined three steps in order to achieve better trust in the future.  

Risk and Trust can Coexist

The first step in building trust within security is recognizing that risk and trust can coexist. Software has increasingly integrated into all aspects of our lives, and with that, data consumption has also increased, creating a high cyber risk environment.

By focusing on risk management and recognizing its prevalence, security teams will begin to gain that trust back. We are seeing this addressed by technologies being created with risk management integrations. New technologies are now ensuring some form of risk management or mitigation options. Along with these integrations, policies are also starting to emerge to support risk management and ultimately ensure trust in a high-risk landscape.

Man and Machine Need to Work Together

The second step is recognizing that if people work closely with machines we will produce the most trusted security. When AI was first introduced to the security world, many people worried that machines would take over jobs, because they could quickly and efficiently resolve issues or questions. However, we found that although machines could get to an answer quicker than any human, they could not explain how they got there. This broke down the trust in the machine’s ability to verify the security it was providing.

We now know that the best way to build trust in security is for human and machine to work closely together. The technology can then accurately and quickly resolve the issues that the security teams identify and ask it to address.

Creating a Chain of Trust

The final step is to build a chain of trust. Having security teams work and communicate together will be the best way to achieve the most trusted results. In the past, security teams worked in the background and only shared insight and data with a closed group of peers. However, this culture has already seen a major shift. There have even been infosec sharing companies created with the sole purpose of sharing insight and data to help others better protect and secure data.

Businesses are learning from this and evolving the chain of trust to also reach consumers by keeping them informed of what data they have collected on each person and what it is being used for.

Moving into 2019, the security industry is already taking major steps forward in regaining trust in what they’re capable of to achieve a better future.

Check back tomorrow for the next blog in this series live from RSA.

The #HWCyberSquad Recommends These Five Security Events in 2019

As one of the biggest security conferences of the year draws closer, the #HWCyberSquad decided to examine other key cybersecurity events that are of value from both a networking and PR perspective. With so much noise around RSA and Black Hat, smaller events are becoming increasingly valuable in publicizing research and for networking with influential contacts in both media and security.

Highwire’s own Ben Wolfson chatted with several notable security influencers from Ars Technica, VICE, Motherboard, WIRED and VirusBulletin on their experiences at some of the lesser-known, but rising-in-influence conferences.

CyberWarCon [inaugural conference was held on Nov. 28, 2018, TBD on 2019 edition]

CyberWarCon kicked off it’s inaugural conference as a one-day, single track event in DC in November of last year. Organized by FireEye’s John Hultquist the content was geared around nation-state topics, ICS cybersecurity and cyber policy debates.

It featured a keynote from Thomas Rid and a compelling debate on U.S. cyber deterrence operations featuring Jason Healey and Neil Jenkins. Both Wired’s Lily Newman and Wall Street Journal’s Dustin Volz voiced their enjoyment of the event. The show generated a lot of engagement on infosec Twitter accounts with other DC-area security reporters in attendance along with many practitioners and incident responders.

Derbycon [Sept. 20 – 22, 2019]

DerbyCon celebrated its eighth iteration this October. The Louisville-based conference has an elite attendee profile comprised of recognized practitioners and more technical security media. According to national security editor at Ars Technica, Sean Gallagher, “media that attend DerbyCon are hardcore security people – [there are a] small number of reporters there [that are] deep in the industry. Outside of DEFCON, [it’s] probably one of the more well-known hacker conferences with high-quality content.”

The content is extremely technical and now gets over 1,000 attendees. From a PR standpoint, many speakers attend to workshop and present material they hope to submit to DEF CON later in the year. Key takeaway: This conference is of high value to network and learn. Note:  Founder Dave Kennedy recently announced the September 2019 show will mark the last edition of DerbyCon.

HOPE — Hackers on Planet Earth [July 20-23, 2018; TBD for next edition]

Typically a bi-annual event held in Manhattan, the content and attendees are very much in-line with the cyberpunk movement. Topics that are popular include internet free speech/regulation, encryption, privacy and more. While this might not be an event to recommend your client participate in, it is a great one to meet reporters on-site and attend as a PR practitioner.

According to VICE Motherboard’s cybersecurity reporter, Lorenzo Francheschi-Biccherai,the audience is more activists and political than other conferences. Talks are less research driven and are more political. There are some interesting talks but totally different style than Black Hat and DEFCON.”  

VirusBulletin [Oct. 2-4, 2019]

VirusBulletin is a magazine solely dedicated to the prevention, detection and removal of malware which has an annual conference in late-September or early-October for cybersecurity pros. The location changes each year (2018 edition was in Montreal) making it a global conference, albeit more expensive to travel to. The speakers and attendees are often the who’s who of security researchers with the majority of influential security companies represented.

Lily Newman, cybersecurity reporter at WIRED, attended this year’s event and confirmed the crowd is largely researcher focused, but not academic like USENIX. It’s one she felt was very valuable and hopes to attend again. According to VirusBulletin editor, Martijn Grooten, “Virus Bulletin is the main event where researchers and others working in threat intelligence get together to discuss the latest threats and the tools to detect and analyze them.”

ShmooCon [Jan. 18-20, 2019]

ShmooCon has rocketed in popularity over the last few years and with 2,200 attendees at January’s event, it’s difficult to get in. From a PR standpoint, you’re unlikely to get a ticket unless you work with a sponsor company. Shmoo, along with DerbyCon, functions as a workshop for practitioners to present material they hope will be accepted at DEFCON. This is an intimate venue and conference and that works to your advantage by providing direct access to practitioners and media. Given its location in DC there is usually a strong mix of media that attend — if your client is presenting it’s an opportunity to set up 1:1 reporter meetings.

Sean Gallagher is a huge fan and frequent attendee of Shmoo. He enjoys it as its a lower paying threshold for people to attend and the audience is all security practitioners meaning a lot of sources to network with. Given the location in DC, ShmooCon still has a good audience mix of students, government agency and vendor practitioners.

For 2019, look at these shows if you want to learn something new or take advantage of the locale to set up media briefings. And if you’re headed to RSA 2019, Highwire’s security practice will be there so reach us at secleads@highwirepr.com if you want to catch up!

#HWCyberSquad Named “PR Team of the Year” by Info Security Product Guide

Highwire’s security practice (#HWCyberSquad) was recognized as the Public Relations Team of the Year by the 15th Annual 2019 Info Security PG’s Global Excellence Awards, and as the leader of this tenacious group, I could not be more honored and proud of our team!

Over the years, our cybersecurity practice has expanded and evolved, becoming a core component of Highwire’s diverse client base. We work with innovative global brands who are tackling the cybersecurity problem from different angles — from applying AI to emerging threats, to creating new categories around human centric security and bridging relationships between security and DevOps, we have deep experience that runs the security gamut.

Our team has been responsible for driving multi-faceted integrated PR campaign, leveraging social media to amplify earned and owned content with paid promotion, and developing meaningful relationships with top tier media in the security space for the better part of its past 10 years as an agency. To be recognized and rewarded for our hard work means so much to our team, and further exemplifies our belief in the work and effort that we are putting in every day to elevate our clients’ stories.

The Global Excellence Awards, compiled by the industry leader in information security research – Info Security Program Guide, recognize cybersecurity programs and information technology solutions with innovative products, solutions, and services that are setting the bar higher for others in all areas of security and tech.

In addition to recognizing Highwire for its work in the industry, we are proud to share that this year’s Global Excellence Awards also recognized five of our outstanding clients for their ground-breaking work in security, including:

  • Akamai was recognized as a Grand Trophy Winner, a gold winner for both Enterprise Secure Access and Security Products and Solutions for Retail of the year; a silver winner for Innovation in Enterprise Security, DDoS Mitigation, Security Products and Solutions for Media and Entertainment, and best overall Security Company of the Year; and a bronze winner for White Paper or Research Report of the year.
  • Code42 was recognized as the Security Products and Solutions for Enterprise winner of the year.
  • Darktrace was recognized as a gold winner in cloud security, and Industrial Control Systems (ICS) and SCADA; a silver winner for Cyber Security Vendor Achievement of the Year, for its launch of the first ever autonomous response technology to neutralize cyber-attacks; and was recognized as the Best Overall Security Company of the Year.
  • InfoBlox was recognized as the New Products and Services winner of the year, for the Infoblox ActiveTrust Suite; and a bronze winner for Best Deployments in U.S.A..
  • Ixia was recognized as a silver winner for Best Security Hardware Product (New or Updated version), for Vision ONE with Active SSL; and a gold winner for Cyber Security Vendor Achievement of the Year, for serving as an integral addition to Keysight’s continued industry leadership.

As a security practice, we could not be more proud to work with the people that we do, day in and day out. Our teams and our clients are an exceptional group, and as demonstrated above, are certainly doing more than their fare share to pave the way for the future of an industry that evolves and advances quicker than most. For this award, and for our team, our clients and to work in the industry that we do everyday, we are incredibly grateful. Here’s to seeing what the next year has in store.

What the RSA 2019 Speaker Submissions Tell us About Security Trendlines

The RSA Conference in the U.S. has maintained its stance as one of the most popular events in security since its founding in 1991. In 2018, RSA welcomed approximately 50,000 attendees.

While many attendees have griped about how corporate the show floor has become, the keynotes and speaker presentations continue to draw some of the industry’s most forward-thinking leaders on a broad range of topics.

This year, representatives from the committee that selects RSA sessions hosted a podcast where they identified the most popular topics submitted for each track and what they predict to be the 2019 industry trends as a result. Highwire’s #CyberSquad listened in and summed up the key points, which we expect to closely mirror 2019 media trends. Read on for the skinny:

Hackers and Threats Track: DevSecOps to Become Mainstream

This year RSA added a new speaking track called Hackers and Threats to meet a more technical audience that’s focused on live demos and/or code dissection. There are two popular session topics for this track, the Internet of Things (IoT), as well as AI and ML. For IoT the focus is on how security teams can maintain security with the increasing amount of data coming in from multiple devices. For AI and ML, these sessions tie to tactical ways that businesses can leverage these capabilities while also breaking down how adversaries are working just as quickly to create techniques to subvert them. The main message throughout all the speaking sessions in this track is DevSecOps. This is a term the industry will see taking over headlines in the years to come as security teams prove how successful this approach is in ensuring agility, automation, and scalability.  

Emerging Threats Track: Ransomware Maintains Popularity Over Cryptojacking

Cryptojacking took over headlines throughout 2018 as a newly publicized form of attack whereby a bad actor gains unauthorized access to someone’s computer to mine for cryptocurrency like bitcoin. However, recent research revealed that despite the attention, cryptojacking does not have a very high return on investment, with popular websites only making $119-340 per day. So, while cryptojacking will continue to be a focus in the media, due mainly to its newness and ties to organized crime, ransomware will maintain its popularity with cybercriminals and media focus on successful attacks because of its increasingly high earnings – a $2B industry in 2018.

Blockchain and Applied Crypto Track: Blockchain for Good

Blockchain has continuously been a buzzword in the security industry, although the conversations around it have started to shift from a magical unicorn to a tool that organizations are working to understand so they can leverage it for their own security practices. In the Blockchain and Applied Crypto track, leveraging blockchain for good prevailed as the most popular track topic. Moving into 2019, as more companies across industries learn how to create a blockchain system applicable to their security ecosystem, we’ll begin to see a rebranding of this technology toward protection for all.

Security Strategy and Architecture Track: Zero Trust in Third Parties

Organizations face one of their biggest challenges when securing their trust with third-party partners – the grey area between a trusted company employee and an obvious outsider threat. In this year’s Security Strategy and Architecture track, the majority of speaking sessions focus on dealing with this challenge and defining Zero Trust. In order to have a functioning and successful partnership, trust in the access granted to third parties needs to be authorized and access needs to be monitored. This will continue to be a topic of discussion throughout 2019 as companies look inward at their own third-party trust processes and ensure the proper access for all sensitive data they are storing.

Highwire’s cybersecurity practice will be at the RSA 2019 conference to catch up with our clients, speak with industry influencers on the showroom floor, and learn as much as possible about the latest trends to inform new ideas and storylines in 2019 and beyond.

Want to catch up at the show? Email secleads@highwirepr.com.

The Next 10: Making Your Mark in an Evolving Cybersecurity Comms Landscape

#HWCyberSquad leader Christine Elswick shares insights into creating future cyber leaders

A glowing light in cyberspace

Election hacking. Targeted attacks on our power grid systems. Ransomware debilitating global network infrastructure. Hundreds of millions of passwords stolen from businesses in one fell swoop. This is the reality we face in today’s cyber threat landscape.

The continued onslaught of cyberattacks has essentially made cybersecurity mainstream—and effective and transparent communication in the wake of such a crisis is now a critical skill for any business to have. This evolution has created an opportunity for leading vendors to educate the masses about the critical reality of today’s cyber world. If done right, security companies have the opportunity to become household names within the next 10 years.

But the growing market makes it difficult for a single company to stand out from the crowd. So how can a cybersecurity business differentiate itself, rebuild trust in the age of breach fatigue, and educate the world in the wake of cyber warfare?

In this blog, I’ll walk you through strategic recommendations that will elevate your thought leadership, strengthen relationships with the media that matter, and align with today’s headlines.

Rebuild Trust—We’ve witnessed the expansion of mainstream cybersecurity awareness in everyday society in recent years, as demonstrated through television shows such as Mr. Robot and blockbuster hits like Snowden and Ocean’s 8. As scary as it sounds, cyber interference in the real world has moved out of the realm of science fiction to everyday conversation. Look no further than this year’s midterm elections.

It’s clear that cybersecurity is no longer only for the most technically gifted; it has directly reached the lives of ordinary people. The growth of IoT devices like smart voice assistants or connected door locks means we can’t ignore the threat of cybercriminals to our everyday lives. Further, with Big Tech in the hot seat for its misuse of data, it’s an opportune time for security companies to rebuild trust within the enterprise and beyond.

Security companies need to reach executives outside of the security world now more than ever to raise awareness of what is at stake. We cannot afford to let cybersecurity be a problem only for enterprise security teams alone to deal with. This means that cybersecurity communications cannot be limited to trade and industry publications, but must also reach broader audiences.

Integrate Your Comms—One part media relations, three parts press release, and a dash of analyst engagement. Years ago, this was the recipe for PR success. Today, organizations must take an integrated approach to communications. Leveraging digital strategies such as social engagement and influencer marketing alongside ”traditional” thought leadership is vital to amplifying a company’s vision and cutting through the industry noise.

On the influencer side of things, journalists writing longer-lead feature stories for publications like The Wall Street Journal and New York Times are increasingly seeking non-vendor sources, looking to prestigious academic institutions, think tanks, current and former government officials and in the case of WSJ Pro Cybersecurity, CISOs at non-tech Fortune 500 companies for perspective. Aligning with these influencers will help strengthen your company’s reputation through thought leadership.

When it comes to social engagement, it’s critical that you establish an authentic voice that aligns with your brand across all channels and leverage this medium to extend the life of your content. In the fast-moving, volatile world that is cybersecurity, speed is also critical. You must be able to move quickly and nimbly to get your company’s voice heard.

Get Creative with Telling Your Story—It’s no secret: the industry is crowded. Just two minutes on the RSA or Black Hat show floor or a look at the latest VC investment headlines will tell you that.

Never has PR been more critical to help the real leaders stand out. But it’s important that companies challenge themselves to be creative with campaigns to break away from the pack. This means showing that the company is more than just a product. It means that thought leadership should be supported by identifying independent thinkers with deliberate, experience-tested philosophies. It means discussing real-world examples (even if anonymized!) of how your technology actually makes an impact and stops cyber attacks in real-time across Fortune 500 businesses. These examples tell a story that pulls the reader in.

Don’t Forget the Fundamentals.

  • The importance of a cyber playbook—There are only two types of companies left in the U.S.: those that have been hacked, and those that don’t know they’ve been hacked. With this in mind, companies must have a crisis plan that will guide them through worst case scenarios. Highwire recommends going as far as involving third parties (who will theoretically support the business in a time of crisis) and reporters as part of the course.
  • Rapid response: Unless a spokesperson has direct knowledge of the incident or previous experience that makes him/her an expert on the particular topic, do not ambulance chance—it only undermines their credibility and frustrates reporters. As public understanding of cybersecurity grows, so too will the demand for thoughtful, nuanced reporting on these incidents. The experts who reporters will turn to the most for their thought leadership are the ones who can offer unique insights and help people understand the real impact, without spreading FUD.
  • Increasing importance of strategic events—A way for executives to talk about real issues and interact with like-minded peers, events have become a crucial medium for the industry. The cybersecurity community is a tight-knit group so building on those relationships in person is essential to becoming a respected voice in the industry. In recent years, high profile events such as WSJ.D Live, MIT EmTech and Collision have created dedicated cybersecurity tracks. CNBC and Bloomberg are other top-tier publications placing a heavy emphasis in cybersecurity across their global events, and newer conferences continue to emerge, such as the third annual Aspen Cyber Summit—held for the first time on the West Coast last week. At RSA 2018, Alex Stamos and others launched OURSA to discuss issues not tackled at the larger mainstage conference—diversity & inclusion, privacy & security implications, and ethics of emerging technologies. Watch out for the #HWCyberSquad’s upcoming blog on security events that are becoming strategic opportunities to build relationships and showcase research.
  • Aligning the business to key trends—Tying your business to key trends—both security and non-security related—will be important to elevating the brand and creating a connection to a broader audience. In the next 10 years, topics that will likely to continue to be front and center in the news include: all things artificial intelligence and human intelligence; AI-based attacks; data privacy and GDPR; diversity and inclusion; nation-state security and cyber warfare; the economic impact of security on a global scale; IoT and smart cities; consolidation across the security market; quantum computing and much more.

The internet has become a crowded, labyrinthian place to conduct business and share information. There are hundreds of cybersecurity startups emerging every month, each claiming to have the silver bullet to addressing the cyber crisis, and legacy players snatching up smaller ones in order to acquire next-generation capabilities to remain relevant. But intelligent communications is our map to show us the way forward and create an opportunity for the cyber leaders of the future to make their mark.

The true leaders will emerge through compelling storytelling that showcases their impact to a broader audience. The age of cyber war is just beginning and it will create lasting change on the world and the cybersecurity industry over the next 10 years. But one thing is certain: communications will be a critical piece of the puzzle in establishing credibility and trust in these uncertain times.

Behind the Scenes with Black Hat Comms Lead

Logo of the Black Hat conference

It’s nearly time for Black Hat USA and given RSA was so late in the year, it seems to have snuck up on everyone quicker than ever.

But no fear, Highwire’s Cyber Squad is on top of it—this year, we interviewed Kimberly Samra, PR Manager for Black Hat and lead for UBM’s technology portfolio, to get a pulse on what the hottest trends at the show will be and how attendees and PR practitioners alike can make the most of their time at the conference this year.

See below for information ranging from themes that will attract a lot of attention at the show—including election security, critical infrastructure and privacy—and tips for how to break through to reporters and tell your story. We hope this information helps you make the most of your time at Black Hat. If you’re heading down and want to meet up with the Highwire Cyber Squad, please email us at secleads@highwirepr.com.

Now, back to our scheduled programming to get the inside scoop from Kimberly Samra, PR manager for Black Hat:

Q) How has PR at Black Hat changed?

The PR landscape has certainly expanded with the growth of the security industry. While we still see the usual big-time security reporters covering the event, coverage is shifting across multiple verticals as the industry transitions and becomes such an essential part of our everyday lives. As discussed in Black Hat’s new research report, “Where Cybersecurity Stands” security has quickly become mainstream, touching everything from politics to international relations, commerce, money and human relations—it really has a hand in everything these days.

So as PR folks ramp up for the event, they should tailor their outreach strategies thinking beyond items specific to security and ensure their pitches demonstrate how people and consumers are affected on a grander scale.

Q) Have you seen a shift in Black Hat audience? More CIOs and technology buyers?

As the event grows we definitely see a wider range of professionals attending. While the Briefings program is at the core of what we offer to our audience, we’ve seen our Business Hall expand to welcome top vendors in the industry interested in sharing their latest and greatest tools and how they’re pushing security innovation forward through advanced research. Our Black Hat CISO Summit has also grown as more executives are making security a top priority.

Black Hat as a whole really brings together every aspect of the industry and is a hub for all things security. It’s the must-attend security event of the year and we’re happy to continue adding to our offerings and the content media is exposed to so they can report critical insights to the public.

Q) What are the top trends you expect to see at the show this year?

Of course we always see a lot of attention around big-name vendors, mobile, IoT, payment systems, critical infrastructure, etc. However, not surprisingly, we’ve seen a lot of buzz around voting technology and privacy. As folks look toward the upcoming elections and draw from all the controversy around the 2016 U.S. presidential race, they’re looking to security experts to answer questions about how vulnerabilities found in voting technology could affect outcomes and any other potential issues that could unknowingly change the course of political history.  

Privacy on the other hand is a vast issue that remains top of mind for people on many levels—from those working in government, the enterprise level and everyday citizens. We’ve all seen headlines pertaining to the Facebook investigation, the global effects of GDPR, and continued reports of security breaches. It’s no secret that people are questioning their privacy and how their data is being used. It’s a widespread topic and the research being done within the security industry is pertinent to learning more and making moves toward protection.

Q) Is there anything new happening at the show?

Yes! We’re really excited about a number of new offerings this year, specifically the expansion of our community programs. Black Hat has taken strategic steps over the years to ensure our program expands and continues to welcome and serve a wider audience. A few years back we began work around inclusivity through dedicated diversity programs. We’re proud that these programs have continued to grow and that we’re now able tap into programming specific to the needs of the community on a much larger scale.

On the Briefings side, we’ll see content coming from the new Community Track, which was developed to provide a forum for discussion on relevant issues currently impacting the InfoSec community. These talks will dive into important topics including careers, legal issues, inclusion, diversity, attribution, substance abuse, mental health, burnout, security awareness, work-life balance and more. We’ll also be holding Community Workshops which have been made to encourage collaboration among the Black Hat community; attendees will be exposed to everything from personal digital resilience to mentorship and career-building strategies.

And of course, we’ll see the return of our scholarship program and our work with non-profit partners, two items we’re really passionate about as we engage with and encourage the next generation of security professionals and give back to the community we service.

Q) What advice can you offer for companies looking to prepare to pitch reporters at Black Hat?

Companies should keep in mind the scale of Black Hat as well as the happenings throughout the week—remember, it’s called “Hacker Summer Camp” for a reason. Do your homework and tailor what you’re trying to pitch specifically to the reporter you’re reaching out to—a pitch that’s only specific to a security product announcement won’t always do the trick.

Questions you should ask yourself: Are you familiar with the headlines out there right now? Does your content pertain to big topics like privacy, critical infrastructure or maybe companies a certain journalist regularly writes about? Think of yourself as a valuable source rather than someone trying to simply sell a reporter on a story.

Also, make it easy on them! There is so much going on leading up to the event and especially onsite, you don’t want your news to get swept up in the hustle bustle especially if press have to decipher your message and how it applies to a potential big story. Take a step back, focus on what the big takeaway is, and figure out the headline—if you were a reporter, how would you envision the story? It’s like delivering a ready-made gift.

And start now! Don’t wait to get your news out to registered media. Remember, their schedules are packed onsite so you need to get on their radars now so they can make time for you.

See here for an interview with Black Hat communications director from 2016 for a look back at trends over the years.

Learn more about Highwire’s security practice here or reach out to us at secleads@highwirepr.com to continue the conversation. We’ll be at the conference, so we’re looking forward to meeting you on the show floor to hear your story!

Know Your CyberEnemy: Thoughts from the Highwire PR RSA Cybersecurity Panel

Conferences are a time to share information and discuss big challenges. That is always easier when you can bring some of the smartest people in the industry together in a single room. Fortunately, the breadth of clients we work with in the cybersecurity industry means that we speak to many of them on a regular basis. Each of them have a diverse perspective and approach to the security problems facing organizations today.

This year we hosted the second annual Highwire PR RSA Cybersecurity Panel series to bring our cybersecurity clients together to share their thoughts on what is driving defender and attacker agendas. We partnered with WSJ Pro Cybersecurity to host a series of panels discussing major trends this year in the security space. A special thanks to our panel moderator, Patrick Coughlin Co-founder & COO, TruSTAR.

Every conversation about cybersecurity focuses on trends in either the offensive techniques of attackers or the new tactics of defenders. With such a broad panel of experts, our discussions were able to inspire interesting perspectives on both.

What are the bad guys up to?

Cybersecurity is as much a human issue as it is a technical one, because unlike many technical problems there is an active intelligent adversary behind every attack looking for deliberate holes. But why do they turn to hacking?

One answer is because it is so easy. According to several of our experts, it’s only getting easier.

“The barrier to entry is very low. If you have the ability to search on Google, you can find the tools you need and have the ability to become an attacker,” said Dave Lewis, Global Security Advocate at Akamai.

And Endgame Chief Social Scientist, Andrea Little Limbago, pointed to three recent self-propagating worms—WannaCry, NotPetya and BadRabbit—that all stemmed from a single exploit leak. “Hackers can leverage what’s already put out there in the open source and leapfrog ahead. The lack of resources required to have an outsized impact is really phenomenal.”

The easy availability of these exploits mean that hackers do not even need to be on the cutting edge of technology to do significant damage. Jeremiah Grossman, CEO of BitDiscovery said “I haven’t seen the bad guys use AI, frankly because they don’t have to. The hacks are so easy. The number of systems they can compromise is so vast.”

These factors make it all too easy for new hackers to get started, and for experienced hackers to level up. “[Attackers] are way ahead! Not just in terms of technology but also in social engineering,” said Simon Thorpe, Director of Product & Account Security, Twilio “A zero day just pops and you are inundated.”

Unfortunately, it doesn’t take much for a hacker to breach an organization.

“The sad truth is the bad guys are getting in through low hanging fruit, such as not patching,” Justin Fier, Director for Cyber Intelligence and Analysis at Darktrace. “I run into a lot of teams that say ‘Until I get a major breach, I’m not going to do anything about it.’”

Bad patching processes are one thing, but the move to the cloud opens up another realm of possibilities for hackers. The urgency to move to the cloud can lead to IT teams making configuration mistakes in their rush to adopt new infrastructure.

“That’s why you see breaches with people moving into the cloud quickly with their S3 Buckets opened up, cryptominers installed,” said Sumedh Thakar, Chief Product Officer at Qualys. “People find about these cryptominers in their environment after they get the bill. I joke that the incident response team is finance.”

The expanding attack space of the digital world, driven not only by cloud adoption, but also by the shear number of new devices.

“If you look at my home, there are probably 80 different addressable devices,” Brad Bell, CIO of Infoblox. “You may not have direct interaction with them now, but they do represent a potential threat vector.”

“I set up a commercial firewall at home and ran traffic analysis for three months. At the end of three months, I found that 8% of my traffic was going to China,” added Jackson Shaw, Vice President of Product Management at One Identity. “I’m not ordering chinese food from that far away. It’s not just a threat at work but also in our homes.”

What do we do about it?

The situation may seem dire, but by leveraging these insights about what drives hackers, the cybersecurity industry has some hope of gaining the upper hand.

Casey Ellis, founder and CTO of Bugcrowd, noted the importance of focusing on the basics, like regular patching, saying “One of the challenges I see in how products are being taken out to market is a focus on APT, which to me is the equivalent of trying to cure cancer while we forget to wash our hands when we leave the restroom.”

Cyber hygiene is important, but perhaps even more important is to identify the advantages we have. When asked about the asymetrics advantage hackers appear to have, Chris Wysopal, CTO of CA Veracode pointed to enterprise detection systems. While breaching a system may be easy, “if you set up your detection correctly, the hacker only needs to make one false move and not look like a regular employee on the network.”

The other advantage defenders have is the vast amount of information we have about hacker activities. Sharing threat intelligence on information exchanges allows cyber defenders to gain a broader picture of what is happening around them and respond to new threats more effectively.

“Organizations are discovering that it is helpful to them to enter into these exchanges,” said Karl Sigler, Threat Intelligence Manager at Trustwave. “I think that any single organization has such a microscopic view of the security ecosystem as a whole. Once you start sharing information suddenly your whole perception changes.”

But of course, while the adversarial side is not purely driven by technical issues, neither is the defender side.

“What I feel is missing the most is the education of the end-user at the very beginning. People are not aware of the threats they could be facing,” said Filip Chytry, Threat Intelligence Director at Avast.

And Scott Register, VP of Security at Keysight added, “When I’m on Facebook and I see those little questions, like ‘What’s your stripper name?’ the questions you answered to get that—your pet, the street you grew up on—how often is that also a security question.”

One step to solving this problem is to demystify the cybersecurity space, according to Michael Daniel, President and CEO of Cyber Threat Alliance. By involving people with other backgrounds in the cybersecurity space, they will bring their unique perspectives with them to help solve the problems we’re facing and bring their understanding of cybersecurity back to their peers.

“We need to diversify our understanding of the security workforce. We need more economists who understand incentives. We need more lawyers who are cyber-smart,” said Daniel. “We need a lot more of the other disciplines to bake cybersecurity into them so that you have a broader understanding.”

Knowledge is power. And in the cybersecurity world, knowledge is also protection. Gathering the smartest minds in the cybersecurity space to discuss what is driving hackers to make the choices they make reveals a lot about what cybersecurity defenders need to watch next.

You can watch the whole panel series on the Highwire PR YouTube Channel here.

Lessons from RSA 2018: Amplifying Key Messages at Industry Conferences

Another RSA has come and gone. Sales and communications teams across the security industry can finally take a moment to slow down and celebrate a job well done. At least until they need to start preparing for Black Hat.

Year after year, the conference has gotten bigger. This year, there were 50,000 security professionals, executives, and vendors in San Francisco milling about the show. And yet for all of the ballooning attendance, the media landscape at the show has changed drastically from years past.

The growth of the show has made many reporters skittish, with many top-tier reporters deciding not to attend this year after citing the increasing corporate nature of the show. This is not a problem confined to RSA, but one that affects every growing conference.

But there are still plenty of opportunities to amplify key messages during these shows. Here are a few ways to make your communications activities at big conferences successful.

Get Friendly with Reporters

If you don’t know the reporters in your space well ahead of the show, getting them to make time for you during the show will be difficult. Their time is limited as they need to balance catching up with old contacts, meeting up-and-coming influencers, taking in key learnings from the show overall, and writing stories.

To make sure you are one of the people on their list, make sure you know what they are interested in before the show. One key reporter at a new tech publication noted that his job often gets him caught up in the day-to-day happenings of the security space, meaning that these conferences are good times for him to get a sense for the bigger picture. Another reporter at an influential security trade publication noted that his plan this year was to explore one topic in-depth that he decided close to the show.

On the other hand, some reporters are only driven by newsworthy events. Don’t be afraid to set up times to chat with them in the weeks before the show to discuss key points from talks or announcements that will go live during the show. Many reporters write pieces in advance to publish that week before their schedule fills up.

Knowing what drives reporters’ agendas at the show is not something that you can guess the week before the conference and hope to have a full schedule. Instead, get to know them as people and strive to understand how you can help them get what they need.

Leverage Social

It’s also important to remember that conferences are great grounds for strong content across social platforms. Not only are a lot of people focused on the same topic at the same time—even narrowed down to a few hashtags—but since many attendees are less focused on work, they have more attention to focus on social media.

Make sure to use the strong images from the show as content to help make individual posts more visually appealing. Tagging relevant people, such as speakers at the show, employees partners or visitors, can also boost engagement by making a human connection and expanding the audience of viewers.

Always make sure to leverage any news coming out around the conference to generate more content, especially if it has lasting impact beyond the conference. People attend these conferences for insights they can use, so they are even more likely to engage with social activity with direct impact on their roles.

Explore Content Alternatives

As the media landscape changes, many publications are looking for alternative ways to make ends meet. Many more publications are open to working with vendors to create sponsored content that relates back to their key messages. With the right planning and promotion strategy, sponsored content can have nearly as big an impact as earned media.

Strong sponsored content highlights the expertise of your spokespeople by discussing major industry trends and sharing thought-provoking opinions, just as they would in earned media. The advantage is that you have more control over what happens to the content after publication. In addition to appearing on the publication website, these pieces can be shared on social media, syndicated to corporate blogs, and reused ahead of the next conference.

These relationships can also do double duty in a few different ways. If you conduct these interviews at your show booth and film them, they can act as part of your conference programming, drawing more visitors or potential leads out of the show. These are also strong opportunities to get face time with these reporters so they get to know you and your company better for their future coverage needs.

Crowded conferences are just a fact of life in the communications field. More attendees mean more potential sales leads, but also more competition for mind time. Vendor communications teams have their work cut out for them, but there are still plenty of opportunities to break through the noise and tell a good story.