I had a lovely interview about IoT security with Emmy-award-winning reporter Kerry Tomlinson of Archer News this past week at BSides Jackson. It’s unfortunately rare in our field that we get to have such productive, mutually beneficial conversations with members of the media. There’s a lot of uncertainty and (often justified) lack of trust between both parties – which makes it easy to forget that presenting a coherent, technically correct, and comprehensible message on information security and privacy is crucial for everyone.
Since organizations like I Am the Cavalry are already approaching the outreach problem primarily from the side of security professionals, I’d like to take a slightly different approach by specifically addressing journalists and the media.
We need your help!
With the plethora of hacker conferences which are gaining legitimacy and attention across the world, there are many opportunities to address our community. Hacking conference call-for-papers are often open to everybody, not just people gainfully employed in security. You are welcome to apply and lend your unique perspective to these problems. It doesn’t have to be DEF CON or Black Hat. There are many smaller options which record and post talks, and have great reach within our community.
Here are some important topics which you could help educate us about, by sharing your perspective:
- What is it like being a journalist covering security? What are the challenges?
- How should we prepare for a media interview?
- Many people in security feel burnt by misquotes and misinterpretations of their work. How can we better avoid this? What should we do if we feel we have been misrepresented by a media organization?
- How can we better vet news outlets which want to work with us?
- How can we help you as subject matter experts or fact checkers?
- How can we help you present our most important security research to society without sensationalizing?
- How can we better format and target our blogs and research for the media?
We want to help you!
There are plenty of security topics that are timely and highly relevant to journalists and the media, and many of us are willing to offer education and insights to your communities of practice, if offered opportunities to do so.
Here are some topics which many willing security professionals (including myself) could provide a range of insights and training on at media conferences and educational programs:
- How to conduct secure and private communications with sources and colleagues.
- How to maintain operational security and avoid leakage of sensitive personal information.
- How to secure computers and mobile devices.
- Understanding, detecting, and avoiding social engineering.
- How to approach hackers (white, grey, and black hat) for information on security research.
- The realities of hacker “culture” and work, and how these differ from fictional stereotypes.
- Current issues with malvertising on news sites, how to better decrease the risk thereof, and their effect on the rise of adblockers.
I want to take a moment to thank the many journalists and reporters who do fabulous coverage of security topics right now (especially Steve Ragan, who wrote the essential article on how to deal with the media as a hacker) who associate with our community on a regular basis. Thanks for dealing with our foibles and for doing great work.