Engaging the Media: Telling Your Story

so hello everybody thanks for coming to hang out my name is Steve Reagan senior staff writer at CSO online that I'm getting too close to that speaker so I'm gonna stand over here we are going to somewhat use the slides we had in Washington DC earlier this year but we're going to talk more about not just basic media training we're going to walk you through pitching and getting your story out and developing a story that works not just for you but also for the journalists some of the slides we have are extremely relevant to that some of them are not so what's gonna happen is this we work through this we're just gonna skip the irrelevant slides yeah

we'll go all the way towards the end mostly and we're gonna workshop this so that what that means is if you have questions where I we're talking raise your hands so we can get to you right away and occasionally when we need to make an example or to do an example we're actually just going to pick one of you and we're going to kind of run through it like a little bit of a role play the goal is to share information so to make sure that you get the most out of this session I encourage you to ask plenty of questions we're not afraid of them and ask hard questions we like those and we'll be brutally honest yes

we will be horribly on it so if you give us a pitch and we don't like it at least you're going to understand why oh come on what break the habit of a lifetime man what xpk all right so the first thing you need to have a consciousness of is that we have goals you have goals there may be some matching up between them maybe not you want to understand what you are trying to get across with your message and then figure out how to angle it into what the journalist needs are for the story so before you approach someone in journalism you want to understand why you're talking to him in the first place and have that in mind

so are you doing it to raise your profile you need to raise your company's profile is this a business development thing you're doing or is there specifically something that you want to get awareness out about that relates to the general community and that may have person that may have selfish motivation in addition to your your civic mindedness but you know that's that's a good motivation and then you have to understand that reporters are going to assume things about you when you come in to talk to that when you approach them to talk to them they're gonna try to figure out what your motivations are because they're going to either assume we've got something to sell or you're

trying to do something along the lines that boost your business or they may have misconceptions about the and depending upon who you talk to if you're talking to something information security journalism they may have fewer misconceptions about what goes on in your profession but people in general media you're gonna have a varying level of knowledge about how IT works and how information security works and if you're coming into them as an anonymous source or if you're just coming to them cold calling them and you're not representing a company necessarily or even if you are representing company they may have questioned whether you are a legitimate source of information about this Oh real quick show of hands could you hear me

I'm clear to you all right great I could put that down how many of you familiar with the term cold call this is really important to pitch it all right so nine times out of 10 the pitch that a journalist gets is a cold call that means I don't know you and you don't know me but man you've got a hot story you want me to report on it I will ignore that nine times that attended so will there because it's usually never relevant to what I cover it's never relevant to a topic that I'm interested in and it's never relevant to something my publication worries about Co so it's a security publication so if you're

writing to me about blockchain and why your new ICL starts I would set your email on fire if that was possible fortunately I can't so I will just delete it but these are the types of things we have to roll out with so when he talks about that we'll make assumptions about you if you pitch me something completely unrelated the first assumption I'm gonna make is you're probably never somebody I've ever going to want to speak to ever okay and it's not your fault because you've gotten advice from a PR firm or a PR person that says here's how you craft your pitch here's a media list of a thousand reporters you just hit everybody they never taught you actually

how to build a relationship or crap that email or tailor the template which is why sometimes just before our essay I get emails it's a dear first name I welcome you to conference it's just this horrible form email that you paid thousands of dollars for from a media company and wasted all that money because that's a pitch that just got ignored by a journalist another thing that will be sure to make sure your pitches is ignored is if it comes from a mailing list oh yeah and that's a common tactic a lot of PR firms now do is they send you ball they send out in a ball to a list and at the bottom it says

unsubscribe and of course I click yes he's been asked for his email in the first place and why are you sending us an email is not tailored to us and it's on a mailing list or even worse every every single person in the world is in the CC a man called the 300 and the 300 is a group of 300 journalists who all got the same email from CBS now again what kind of publication do I work with straight security why would I need anything from CES I would that's great fun I was on a list with 300 other journalists and we were all in the CC field and of course the most awesome thing happened and most of you are used

to this somebody had reply all and said this is not relevant and it's what's the difference and don't hit reply all and this chain kept going for weeks to the point that we actually created a Facebook group and we all regularly communicate more notice than 300 and it's the funniest stamp thing I can't even explain it how powerful it was but this is bad PR okay now get the company and the company from the the CES finish in the PR that said that out yeah that's 300 reporters that will never work with the video matter who their clients are and that's a problem for them and if you're we could be Earthcare client that's a

problem for you which is even worse so the unsubscribe link you'll see that for me I have filters based on HTML I've read all my emails and text so if you send me an HTML email just ignore it goes right to a folder and I might read the emails in that folder once a lot and you just generally assume it if something comes in an e in HTML it's a phishing email mmm well I mean also I mean I got I did some start analysis for this talk and I got 218 emails about black cap and two of those included a PDF that I was supposed to open with absolutely no security at all and the

other one was a Dropbox thing yeah you can download a download a press release from there [ __ ] that for gay myself right on that yeah you know that's that's great I'll go to I'll use do it via tour from my burner computer but yeah I don't think that's gonna happen but that type of email I will get seven times a day leading up to a conference because it's cheap its quick and it's fast and the PR teams know that you're paying not just for access to their media list you're paying for volume so if they tell you we pitched a thousand journalists five times about your product this week pay us what are you

gonna think that's a good thing but what they didn't tell you was we pitched eight thousand journalists the email bounced 800 times 200 journalists got that email but only one of them actually ready and nobody's responded to it we did that five times so we all hate it but yeah and the thing is like there are so many different tracking things that go into these emails that allow them to know when we've read it that I literally have a filter now that honestly just tells you that I read it even though I've never seen that it just pains it so before you approach a reporter do some research about them understand what types of stories they

write yeah a good feel for whether they're the right person for you to approach for the story or not and that's about 50% of the battle right there if you have a good understanding of what it is they cover who their audience is and what they're most likely to write stories about then you will have a good feel for whether they're the right person to talk to and if they don't seem like they cover what you want to talk about then don't contact them it's just that simple so how do you know who it is do you want to talk to how do you know that they're the right reporter well the first thing you got to think of is what is it you

want to talk about how many of you have a product an actual product you would love to talk to the media is there anybody entering with an actual product Wow tell me okay so think about your products and what you do at force point okay which one of us is likely the reporter you would want to reach out to first so you have Ars Technica the register CSO and cio and then Thomas TomSka I know but everybody else doesn't know that so okay so I'm number one because I'm security focused and that's exactly what they do Ars Technica and the register because they have reached right and then you have the actual technical skills so when

they want to reach a technical audience they're going to go to Thomas this is a very common thought habit but the question is is how do you get the message across because technically it's not one pitch for all of us it's a different tailored pitch for everybody she gets it and she's done that before I've got it tailored pitches for CSO and CIO even though I actually read them both I don't tell anybody some of you tailor them to the pub I love that and it shows but not everybody knows I see the emails for both sides there's a reason for that it's because we actually keep the same bottle account because it's easier through this way but

you would tailor the pigeons to each one of us individually because that's the smart thing to do we can tell when it's a blast and we ignore those so think about your product or the message you want to get out and which one of us you want to reach in half so what kind of pitch works good for you um since we pretty much focus on the consumer end of things this is for Tom's guide not Tom's Hardware oh sorry yeah not that that's a very very common thing I actually don't record times hardware my friends do they sell right across the aisle for me I'll afford them something if it seems to be in their interest but what Tom's guide

does is just sure ask computer secure I mean consumer security doesn't get into the enterprise stuff doesn't get into the big hardware it doesn't get into the cloud that much unless it's something that I think consumer law a person sitting at home would use so for me if it impacts that person directly then I'm interested otherwise I will politely say I'm sorry we just don't kind of cover enterprise security I'm gonna say I mean as a JIT so back in two SEC's but this stuff American PRS really need to work on this ship because when a story breaks and they set high we have comment from so-and-so on this story it comes in a day late know what yeah weigh

it or it's basically X what would be a problem but an TX manufacturer here has a comment to say about it this is bollocks we can't use this yeah I can't count how many times I've got an email the day after Everton story yeah somebody's saying we have an executive you'd like to comment on this story I mean the story has been written the story is gone yeah I think I'm gonna be updating it especially there's a one-off sort of thing why would I take a random executive and take a quote from them and incorporate it into a new story about something already covered my favorite thing is when I get a comment or we have

comment through the story it's a story I broke so not only did I reported first it's a story I pretty much worked on for a long time because what I write I have to you're telling me about a story I've broken you're actually pitching me my own story in Xena it's a classic example of a PR firm not paying attention to who they're pitching or wow it's a fly blast that goes out but like they were telling you you get these emails the prime example is here last week just before the car ready got popped they announced that they'd agreed so I wrote the story about 45 minutes after data ended without some data breach and for the

next two days I'm getting pictures about the road of a degree there's nothing more to act but everybody's gonna comment they want to sit I get that you want to put your your person in the spotlight but it's too late now there's nothing new to add to that story which whelming the classic cases want to cry I mean there was almost a dd8 ddos attack against journalists just like yeah we'd like to comment about this we'll come over this well every one of the [ __ ] world wants a cone about this give us something new what a story breaks we have the option to either not cover it or chase the story it's think

of it ambulance chaser okay and what happened to let's say let's say Shawn breaks the story about X well Ian's energies are gonna say we need to drive so now these two duck stories about eggs now you've got a cover story about ax cos those two F stories and I have a choice do I cover this story or do do I chase them and cover the story because everybody else is writing about it or do I just skip it and tired I look for a third option can I add something relevant and something new to what they've talked about can you build on it yeah yeah right and that's exactly so Dan Gooden and I both cover security

doors Dan's the guy who covers our breaches and good solid solid heat and he writes our daily news I tend to write features or I backstop him when things overflow for him but I'm also he's more breaches vulnerabilities sort of what I would classify as the red and I'm more of Defense so I look for things that are more about defending against things yeah what was of German war about clarification that it's not about only between the publication is it says there's also about between the reporter right yeah in your example reporters like myself if I don't make up more securities oh yeah breaches vulnerabilities attacks like them and research papers series one approached me approached me with some

research or some new attack I'm sorry a new product is not a news story si oh we've got a great new product well whoopee [ __ ] Dubai an advert right listen so I attend in Iowa between the two of us dan I would be the one who would be more likely to cover a product but I'm willing to cover the product within the context of a trend in technology I'll talk about your product is your products dealing with a specific phishing type of attack or a social construct within security otherwise I'm gonna take your para product pitch I'll read through it and learn what I know about your product because then later when I need something

like that and to this point writing about tools we're writing about the person in the trenches the administrator or the support desk person who's trying to solve a problem or put out a fire if that tool would help them through their job I'm gonna write about and in the context I'm going to write why that tool is good for this job and how you can use it to make your life easier that's the kind of story you create but just writing because tool s is cool that's never gonna happen so up to this point we've talked about various types of pitching and everything like that are there any questions about better we always say hey you want to go back good

awesome so tits and tricks when it comes to pitching some of the stuff we mentioned in the last session but to go over it really quickly and when you find yourself in front of a journalist don't fit just tell us you know a lot of times we will avoid meeting with marketing people or spokespeople because they're salespeople at heart the same for CEOs everybody wants to put a CEO in front of a reporter but the thing is the CEOs goal is to bring value to the company by bringing value to the shareholders which means they're going to solve things that's not news I'm really glad that mark Peters heard random bird whatever the guy at Facebook I'm really glad that

he can do some great thing Frankenberg but if I want to talk to some a at Facebook I want to talk to their security engineers so once you build the products who when this is this is absolutely key point if you trying to give us a quote for a story the chief marketing officer bugger that for again my soldiers it's not it's no use the readers hate it we hate it give us a technical person give us somebody who actually knows what they're talking about if someone's got a CMO in their job title they shouldn't be speaking to the press you know it's simple I know that's part of their job but you know the part of their job is

saying look I'm in marketing I'll give you a tech person but if you're a marketing half [ __ ] off yeah III have to say that the times when a marketing officer has spoken to me for a story it has not gone well for them I speak it like it is and if I'm writing about a product specifically about a product because of the type of coverage I do it's generally not a good thing because I tend to do pen testing on products I tend to do lab testing at products I tend to do analysis of what's going on in a space and if a particular product is getting called out it's usually because there's something strange going

on there like oh they were using fake virus samples for their tests or something no names here [Laughter] we all know who they are so what do you gotta remember we're suspicious and cynical by nation [ __ ] we're not cynics who just time release were realists you haven't been proved right yeah yeah well we're honest you know yeah we're gonna we're gonna make sure you were being honest too so a couple things that Paul said earlier in the last panel he said you know if you're when you want to try to communicate with somebody in the press best to keep it to email if you can to start off with and that's so that you

have a written record of your conversation but but a key point here is if you've got a PR person at your organization and you're reaching out to press and they don't know about it that's a problem okay I love you that's a career-ending a bit because you talk to the press with ibrb yeah and so it's a it's one thing to bump into a person at a conference like this and have a conversation with them I mean I bumped into a guy on a project I've been covering for a while and he can't talk to me because he's not press cleared by his organization and I know that so just go say hi okay but if there are other people who on

that organization I talk to you that's that's a that's a fair game encounter but if you're going directly to the press and talking to the press and not engaging whoever supposed to be handling your media your organization that could be bad for you it could be bad for your company especially in especially if you say something this may be not true or maybe you exaggerate this personal situation that doesn't have the full context or something like that it's always best to have a PR person in the room to help you say nothing that will get you fired that's basically the main reason have a PR person in the room with you is to make you sure should you say

nothing that will get you fired like um like human resources and human resources on that just to manage personnel let's keep the directors from getting fired if you do a phone interview and you've got PR it's good to have PR on the phone with you because if the reporter asked the question it's going to pull you off topic or make you talk about something you shouldn't the PR person's role is to interrupt the the conversation right then in there and to instantly clarify things now a reporter it's really frustrating with the PR person interrupts when they're about to say something really that's going to make a sale but that's their job too but if you go solo then you're on your

own and there's nothing worse being in the middle of the desert all alone and you have a pack of wolves around you because depending on where you are that's exactly what could happen in the front yeah just be real about it this is not a game when you are the focus of a particular story or company is you're by yourself that's why PR is good at home and now we're not covering whistleblowing in the situation because whistleblowing is a totally separate situation definitely right so so everything I just said if your whistleblower you're just referring about it well I would say on a few whistleblowing you've got to be really bloody careful about oh yes and this and

that's this is a couple other points say yeah but yes you really be really careful about how you do it yeah and I guess down and know I'm really knowing the reporter before you do it to when you'd make a pitch make sure that you've checked all of your facts first make sure that you're prepared to back up any claims with additional material if you've got anything in particular that you're trying to present as a situation you want to make sure that you have already thought of how this story plays out of your mind and you've covered all the bases in terms of what this person they're going to ask you about what other things that you might not have

foreseen like for example with the pitch that you got in about the Microsoft having three 5% quad adoption and not thinking about the other 60 they were offended they was really offended and they'll decide if that wasn't the angle we were looking for well [ __ ] you need to think about these things beforehand red team your proposal okay have somebody sit down with you and go through what could possibly go wrong with this pitch before you make this pitch how many of you see a face reports that have come out in the news where you see something that says 60% of all attendees will give or all of C levels will give their password away for

a candy bar how about my feet god those those [ __ ] things drunk me no so what's really what that told me is six people will give away their password because when you look at the sample size for the support it's like maybe you know 10 people that we stopped in the subway coming out of InfoSec your're well that's nice of you we've got a sandwich for lunch and you stop saying random people if I can do chocolate bar and I have their password it's six number like I like story when you see reports like that I want you all to remember that those reports are very very hyper unrealistic I mean to hear I

mean two two key things with with surveys what was the method what was the methodology and what was the survey sample size I'm sorry if you're talking about us the CSO problem you need at least 2,000 people to actually get a reasonable sample size and also you methodology we asked people on the internet well great you asked people on the internet who cares anyone could have could have done this stuff for a while - yeah lo and behold these reports focus on a problem that guess what that vendor has a solution to it's amazing they see creating a problem and now suddenly they have a spirit into this problem exactly I couldn't write better news let me just

jump right on that except my editors like what are you doing you just wasted eight hours of your day you're fired so these stories don't get any kind of traction but they are useful you know why because it tells me at some point somebody in your organization cared enough about that particular topic to at least pretend to research so if I dig around a little bit maybe I can find a researcher in your organization it was actually knowledgeable about this which means that's somebody I could talk to sources to be like Pokemon I collect them all I can never have too many of them and the more I have within a given vertical market better off I am because remember

earlier when I was talking I said I have to have multiple sources verified before I can write something well if I've got six researchers telling me that the Sun is green and only two of them saying it's blue I'm probably going to run with the headline that the Sun is colorful but the point is is I could show you multiple people saying various resources so when it comes to pitching I want you to think of who the reporter is why you want to pitch them how you're how you're going to get your point across and this is where the game theory comes into this particular I want you to think on the spotlight this is gonna be fun this is

the interview have a seat gopher I want you to pick a reporter and I want you to think of a product you're gonna pitch it to us I want you to convince us to write a story about what you're thinking so instead we will write articles about products you may not want to know oh that's not what helped in testing art sack consumer stuff consumer stuff and you have like general security but reach yeah pretty much come on let's go to czars damn it to adding that's one segment of my very large beach sink deep dive really technical security general really knowledgeable security wide audience very technical security Enterprise focused security straight across the board from all sea levels

down I have an idea I don't know I can't think of which one would be the best place to that's right that's that's actually a good thing because you need to tell your pictures to the individual journalists you need to actually read their stuff work out what they're interested in and then pitch it to them directly rather than just spamming it out on an email list so in this case just pick one of us at random and start your pitch will tell you if we're not the right one I won him in the mindset of thinking about what's a pigeon town

okay this is one that was first I'll let you but how about a cryptocurrency wallet that really doesn't suck okay so you said a wallet that really does accept the currency wallet and foolishly john mcafee has poisoned it like currency means it kind of knocked everyone out order the market wallet somewhere but so okay so you say it's a cryptic wallet that really doesn't suck why does it not suck because it is actually using it uses open source reviewed software well it uses open source software that's been very technically we're very thoroughly reviewed by a premier software security auditing firm it uses it uses hardware that's known to be very safe it is used it uses standard modes of encryption and

things like that things that it doesn't do the things that your typical Bitcoin wallet developer would do such as using you know a s with the same key over every single wallet or a terrible random number generator or you know things like that there's some props for immediately not at least trying to save military-grade encryption you said it's a premier auditing firm well what makes the premier who are they you said that it comes from there was another phrase you other through there that was almost very much open-source software yeah so you said it's audited audited by who Alliance and why does open source software matter for that matter what's wrong with planetary says that's

how's it say the type of questions are coming here so your pitch is good okay it's great for a basement but the problem is you're dealing with technical reporters at a very nuanced environment so security it's a small sliver of a very technical pie and when it comes to the people who cover security on a daily basis they're very focused in particular rooms okay so when you you bring up pitches like this it's a good pitch for a basic technical journalist but it's a bad pitch for anybody that comes technical security on a regular basis because it's too open-ended okay right it's a great car it has four doors and four wheels in the engine

state-of-the-art the only thing I haven't told you is this car won't start because it doesn't run on any kind of fuel that we could obtain but look at these tires these tires are better than the other guys tires because they've been peer reviewed by guys who make tires it's a great car on paper but it's not really anything what you do it's a fair point but also I just came up with the idea for this like right on the spot I could tell you you say so there's one thing I want to say is you know the pitch you're making is a product pitch that crosses several layers right so it's a Bitcoin wallet I have a reporter

at ours Tim Lee who covers Bitcoin pretty heavily right just so happened he drew the short straw he's our Bitcoin guy today I passed him he also covers blockchain in general so I passed him a story today that I was going to write because I'd have time about the West Virginia I like internet voting using blockchain thing because that was a story I knew he could write competently and I wouldn't have to worry too much about the security pieces of it until later so that's the security pieces of it would be interesting to me from the standpoint I cover open-source quite a bit and I cover security so I'd be interested in digging into what is the

open source one of the other application of it where does his open-source come from what's the community behind it who's supporting the code things like that my drive down and dive down on that and then you start talking about trusted hardware and that gets into space where I would talk about that Peter bright might talk about that Peter he's a lot of hardware for us he would look at okay what is this is this is this TPM are we talking about a trusted platform are we talking about some other sort of hardware that is going to do encryption on board it follows a standard as well-established or just something new what makes it better things like that so

we would ask questions like that and it might and we would have an argument who covers it depending on how good the pitch was whether it was something was on my beat or Peters beat or Tim's beat we'd figure out what gets a story so bottom line especially since you made it all up that was fantastic yeah the other thing is I want you all to give our guinea pig a round of applause so here's my question who wants to try it who wants you to try again somebody else might be a guinea pig there was a guy who raised us and back yeah come on we'll be polite up to a point does he weigh the same as a duck

oh no but I float like small rocks no okay very so rocks we are marketing a service for monitoring patch sources for compliance with Newark sip requirements to allow energy companies providers generators transmission and distribution to comply with the 35 day window requiring them to check for patch availability so you know what's really funny I think of all the standing up you have the only reporter in here that's actually written a nurse's stories excellent I know every it's almost like we're talking about that in this track honestly unless the Blitz these guys have written some in the past I didn't know I I have never eaten about Netta Buell way ahead of me on this one I'm aware of them yeah but

it's not something that I write about in a regular basis and we do have an energy reporter yep and there might be some crossover there where she calls me is it what is this stuff and we'll have a conversation there but generally speaking yeah I don't I mean I only write about nuclear power plants when somebody makes something explode when they spill Pepsi on the console yeah yeah it's how many people joke that kind of pitch I would want to know more so I would tell you to send me the information but on its outset it sounds like a product thing which is not something I would cover however like he said they have an energy

reporter which that would be right of their feet so I could see that you know that would be something I would probably pass on right attaining this start with a product that's fine but you see what I'm saying that would be a pure product story so it's something I want to know about and maybe I could find something in the product to talk about like Newark steps very unique to the can I try it a different way well yeah what I was going to suggest to you is if you pitched it from the problem perspective first and didn't even mention this the product would say you're working in this area you get your foot in the door I'm saying

hey we have this area this area of concern and energy that you need we needed saying these be done about and and then you know soft sell the product fine so more along the lines of after contact with 10 to 15 major names in the top 20 which we can't necessarily give because they are private like you don't have authorization to give you their names power you would find them the top Tony Energy lists we have found that over 50 percent do not comply with Newark SIP requirements for checking patches every 35 days because they find it very difficult to not only get the information from the vendors but also because they can't identify what they

have and when they identify what they have they can't break it out into software swimlanes I'm gonna take your pitch I'm gonna rewrite it for you because what you have is a very good very good base but there's a way to sell it even better I'll take it and the reason why I say this is this is a story I write ok are you aware that 15 of the 20 energy companies right now can't patch within say three to six months they have a real problem with that do you know what kind of problems a typical power plant experiences when they're out of date with patches what kind of attacks they see on a regular basis a few maybe with

that well here's five of them what kind of problems will happen if one of these five attacks hits you could build an entire narrative off of that and the whole thing is the entire time we're talking we're talking about the fact that your product detected all of this without mentioning your product once these are the kind of stories you can build out so you're right along the line but the thing is instead of going for you know eight out of ten or 30% or things like that literally just say look there are twenty really big companies that deal with energy but 15 of them haven't patched their systems in about six months and here's the type of stuff

they've left open its energy it's two years but yes building off on that so that's the kind of things you want you want to get your foot it you know in both cases of our examples there was one key element we talked about we would kind of touched on it when we did this talking to you see but it's really important they got to the point of the store in the actual pitch within the first two sentences of the email or the phone call or everything like that it's called an elevator pitch anybody not familiar with elevator pitching so all you know what that means great for those of you watching at home over on tape an elevator pitch means you

can give me the entire snap to do story in about 60 seconds in the time it takes go from the ground floor to the fifth floor I should know everything there is to know about you or your product or whatever those kind of pitches get our attention and one of the point it makes reading through the emails that we get hundreds of them a days so simple and it helps us determine that's gonna be a story that's not going to be a story that's good so that the email subject in the first couple of sentences hook me I'm probably going to enter you and if you compel me enough that might generate a story all on its own I've written

stories based off the subject line of emails because they were that good and it's because the story was really that like and it was worth it but then I've also completely deleted emails based on the subject is named as the source of the story and he will be happy because people just what's this company what do you got a and and what he did what he did was he reframed it to be again in the public interest for everybody it really honors fifteen or twenty nuclear power plants don't give up the security it's not about selling a product it's about making them the public interest it's it's a backdoor way to promote your product and that's what we want and

you'll say I think I'm probably the only personally I spent two two-and-a-half years doing public relations in the mid 90s it's not something I'm proud about but hey no I helped launched ActiveX in the UK but I'm so ashamed I mean as you saying that in the PR industry it's just like yeah this job would be great for them for clients of [ __ ] journalists but I mean look you need to be able to every client organization wants to get their name into the story you need to be able to do that in a way which and they here wit actually gets your company into a good lie and just saying this is a

[ __ ] problem and we've got the solution to the problem doesn't work you need to add incisive in intelligent comment just like we're great isn't it wonderful [ __ ] up and remember that you know you're gonna tell us this this is a great story but I need to find two other companies in this space exactly I didn't talk to me about what's going on in his space never real simple

[Laughter] you do that it's because you told me the sky is blue and the Sun it's great and people can't patch her than six months but the person after you says that's a bunch of [ __ ] they patch in a few weeks and here's proof to it to back it up so now what do I do and that kind of put you on a platform or a postal so you have to understand a journalist is going to verify everything you've said twice twice and for a lot of reports and a lot of companies getting things verify twice it just won't hold up so you have to know your facts ahead of time which is why as we mentioned

earlier it's very important you know what you're going to talk about free time it happens a depressingly large amount of the time I mean we we had this with with Intel with Specter you know we we pro the story and then they they briefed financial analysts saying this is all [ __ ] it's not going to cause a slowdown a process not at all and they came back to us at well they're saying this is [ __ ] and then thank God Google came through and said actually it's you know if you lie to do it to journalists if you try and stretch the facts you're gonna get [ __ ] you know it's as simple as that and ours is very

good at this COCs I was already good you know Tom's is very good at this seriously just tell the truth just if something's bad just say it's bad also I got it start by catching and telling a lie yeah you go really good on yeah don't be afraid to say I don't know yeah we'll love you for that because that is so easy to write and later it's easy to update it is easy to update which means I've got two stories for the price of water that makes my week we have a question over that sorry good

power companies are like poverty disarmed and pitched and you taking this like oh my gosh and inspect right in the the headline V about okay so to repeat back for the video she's saying that you know what happens how do you deal with the fact that people sensationalize content when you give it to them and make it into world will end tomorrow because these things are not patched I don't know who wouldn't mention reticular puzzles to do this true

because I wanna close with ground on the ground above ground communities there so we knew that it will not happen and I told them at won't and explain why but then they reached out to another person credibly cook from oh yes right yeah right well that's that's something that I have very specific experience with yeah so and and this happens to me as a source all the time guys so I got a call from an NBC producer a while back asking me if a particular thing you know they want to talk about a particular vulnerability is this really bad what can be done with it and all that and it was something that I had been doing some

research into and I said no this isn't something average people need to worry about this is specific to this particular area and but it is a thing of concern long term for this segment and I'll be happy to talk with you about that more and they said okay we'll get back to you and then they said well we're not going to talk to you guys it it doesn't it isn't like an imminent threat from your perspective and we it's basically the line we use it for is if it bleeds it leads without Frankie so if it bleeds it leads if it's something that's gonna cause death destruction damage that'll go first and that's especially true in broadcast media and with

publications that are more in sort of a tabloid esque format but who is the I they can't hear you who was the publication to contacted you okay so so so you need to you need to judge based on the credibility of this of the publication you're dealing with and that requires you to be a media analyst to some degree on your own and that's something that unfortunately this time in in in our history and it's been true forever I don't know what it hasn't been you need to understand the motivations of the publication's what's driving them as much as you need to understand how to deliver the story so they're on this slide that have good up

you know you go there's a little box off to the side what's this the publication driven by are they driven by page views is their entire business model on making sure they get the most views possible sort of like BuzzFeed something like that or is it you know or is it if it's television is a ratings same thing well with vision also you need the visuals right I mean when you're talking about pure journalist Peale print journalism right then the the hard cymatics come down right but I find the problem with American television is that and also the British television is that it's all focused on the vigil the visuals and if you don't have a visual story you're

gonna get [ __ ] we're running a little bit we're tight on time so that sounds to me like it was a journalist who wanted this sensational fun story not the reality that you're doing so how do you deal with that that is entirely up view it's it's almost in your interest not to talk to the media at this point because they distort whatever you're say so you have a choice that's actually something to cover it does is they help you connect with people to get the real truth out there even if it means for the first few months banging your head against the wall issues like nobody's listening to you conventionally big will this and the

truth does get out there the reality of attack so good state a power grid or something like that becomes focus and the sensationalism in the fund goes away so you have a choice you could stop or you can stick with it but unfortunately you're going to find journalists who already have that narrative in their head and when they asked you those questions they wanted you to say yes certainly going to happen so they could write the doom and gloom when you didn't give them that answer they found someone who did there are always people out there who will give you that quote I this is an analyst at I won't name the company but I called them up about a

story and it was like so what do you want me to say yeah okay [ __ ] off I mean there are people who you know will spread the just ignore them fight against them yeah but give them give me if you got the facts that's what makes the story you know anyone can spread foot all around but give people the facts and you can't fight against that and and you know when you said comes down to this slide you know this is a slide we read you at the end of our presentation in DC the worst in like journalism is like InfoSec got good people and you got bad people though the worst in journalism is just

like the worst in InfoSec you know there are people who are essentially journalistic script kitties we want to go for the easy hill easy kill with the story and they will define themselves and you will be able to identify them and you will have to put danger flags around them and make sure that you don't deal with them and that's how you end up dealing with that it's it's a it's a hard lesson that's why media professionals will be able to help you with that most of the time they'll be able to say okay well we don't want to deal with this particular source because they do this particular outlet because it's a particular outlet is incredible

isn't gonna help our story no all right so we're over our time first thank you to our guinea pig another round of applause [Applause]