The first rule of appearing smart, they say, is to keep quiet, but keeping quiet doesn't help your PR. What are you to do?This is the third in my series of posts on security PR (see "How To Talk To Reporters" and "How To Disclose A Vulnerability," plus "The Secret Sauce For Security Blogging"),
In that third post, I discussed how writing from on the ground so that people feel more engaged with your writing, as well as sharing real data along with your analysis, assures people that you know what you are talking about, and allows readers to participate.
In these two notions lays the secret of having something smart to say to the press. Specifically, marketing is always frustrated with having nothing new to say, and R&D is always frustrated with marketing being stupid (as they see it) and not getting them coverage that matters.
The key is communication. Marketing is looking to publish information on new products and new sales. So R&D is pressured to meet deadlines. R&D is looking for the branding -- they are even more keyed to it than the marketing department. Only they call it winning the respect of their peers.
As Avi Freedman once put it to me on a long drive from Boston to Philadelphia while drinking gallons of cherry cola, "People constantly underestimate how much geeks want the approval and respect of other geeks."
The respect of others entails something interesting, and something real.
On the ground level, you have the security researchers and the R&D developers. Humans are social beings, and therefore they don't just look at code all day. They share news stories, talk about something they encountered, and discuss something cool they've just seen or done.
You won't always have a new vulnerability to share with the world.
Your job is to befriend and listen to the technologists:
You won't always land gems, but you will establish the infrastructure for finding out when the gems are there.
Don't immediately pressure technologists to write, but show interest in what they say and try to understand why it's exciting.
While it's OK to ask directly -- people should know what you are interested in -- just try and be friendly and see if something pops up.
Once you find such an interesting topic, you can encourage the technologists to make something of it. For example, if they merely implemented something in an interesting fashion, encourage them to blog about it and promise to help with editing. Their experience in solving the problem would interest their peers. In a way, what you are doing is coaching them on how to get their name out there so that they choose to write in the future.
By establishing the relationship, and the blog, you will both find new interesting things to say, as well as establish the branding of the blog so that reporters visit it often.
R&D time is often protected, especially with the pressure you put on them to meet deadlines. Try and be open about how important PR is and how you think the R&D can help. Bring the Big Wig on board, ask that researchers and developers be encouraged to write in the blog, and make it something they want by ensuring the higher-ups show interest in new blogs, which will make sure everyone else is excited to get a good blog written.
Another option is to create a project to get people to center their excitement around. For example, in one company I worked for I hired a few comic strip artists and encouraged technologists to come up with ideas for new comic strips. Whenever someone got excited about something, they'd try and see how it fits in a strip. It was fun for everybody, and we often even met outside of work hours to brainstorm it.
Convincing management that such blogging matters may not be easy, and will be what decides if you will be able to be extremely successful with a blogging strategy, or just have access to what's really interesting, which on occasion you will be able to utilize. It's a win-win situation either way.
Establish communication. Get excited. Then write about it.
Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading.
Follow Gadi Evron on Twitter: http://twitter.com/gadievron Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio