This presentation aims to aid understand between security research and marketing teams, with the goal of streamlining workflow and increasing understanding of roles and responsibilities. Also, how to not go completely crazy working together.
4. Why This Talk?
• Designed to help you get the most out of a relationship with
your Comms team
Featuring: Real! World! Examples!
• We’ll cover best practices and potential pitfalls
• Hopefully give you some actionable advice you can use on
Monday
• Maybe we will also have fun
5. NLPRank:
• What: NLPRank is a threat detection model that utilizes Natural
Language Processing techniques.
A “malicious dictionary of the Internet” to detect threats in real time
Predicts opportunistic phishing attacks and attacks targeting high-
value victims
• Who:
Research: Jeremiah O’Connor, Andrew Hay
Communications: Stephen Lynch, Lynne Cox
6. NLPRank: Timeline of Events
• Jeremiah writes blog detailing his work with NLPRank
• Andrew forwards the blog to Communications Team
• Communications Team decides blog is newsworthy
• Meetings are held to fully understand concept and message
Q: What is the “message”?
• Pitching begins
• Blog is picked up by numerous outlets, including Ars Technica, ThreatPost, etc.
• Jeremiah launches to world-wide acclaim* and all phishing** is gone forever
*Okay maybe not exactly world-wide acclaim.
**Also phishing may still be a thing.
7. From a Research Perspective
• The Good:
Seized an opportunity for timely, newsworthy research
Traveling from Research Land to Production Land to Media
Land
“You can’t have your research in the dark.”
Pleasantly surprised by industry reaction
• The Meh:
Had to let go of the name
Percival who?
Not concerned with press, mainly with getting a working
system
• The Bad:
Marketing and doing blogs takes away from dev time
Video
8. From a Comms Perspective
• The Good:
The researchers followed the process! OMGOMG!
We got coverage on an innovative security story
The Research team saw the system produce results
• The Meh:
Delayed for 2-3 weeks:
Meetings
Pitching
• The Bad:
Having to prove skills to researchers
Communicating an extremely complex idea to the
media, while keeping stakeholders happy
9. Results
• Research team and Comms team established working
relationship
• Large amount of interest and coverage generated
• Higher profile for Jeremiah
• Solidifies our position as security innovators
10. Takeaways
• Communication is key
• Research needs to have an impactful story
• Sometimes you’re not the best spokesperson
A reporter’s time is precious, and opportunities are
valuable
Your words have consequences, whether you’re
independent or repping a company
• Reporter != Researchers
11. Reporters != Researchers
Inhabitants of two separate universes
They need things explained in a way they can understand
Need to see dead bodies, smoking guns, blood, etc.
Hacked ATMs, cars, etc.
Vuln logos! Shiny!
Reporters gonna report, researchers gonna research
Their story isn’t just about you
You can’t dictate what’s interesting to them, or when they can talk to
you
Relationships matter, and your Comms team is managing those
relationships
12. Communications 101
• Who should you be looking for?
Anyone with Communications or Public Relations in their title (varies
w/org), and who focus on security (if possible)
May also work with Content Managers
• Internal/External
Home team v. Agency
• Typical duties include:
Media Outreach
Media Planning
Content Creation
Social Media
Executive Communications
Crisis Communications
Etc.
13. What can Comms do for you?
• Translation:
Making sure your story fits the overall marketing strategy
Making sure reporters know what the real story is
Telling your story without making you look like a whackadoo
• Editing
Reports
Blogs
Speaking submissions
• Personal brand management/protection
• Media training (Happening this weekend!)
Interview support
What to do when a reporter goes off the rails?
14. Help Us Help You: PROTIPS
• Communication is key, communication is key, communication is key
More insight = 10x media outreach
Let us know what you’re working on so we can ID potential stories ahead
of time
• We’re not the fun police: we’re not babysitters, we’re not censorship bodies
• Be ready to explain how your work affects a larger audience
• Be okay with hearing no
Kill the baby
• Don’t blow us off
We know what’s newsworthy and what’s not — it’s our JOB to know
• Commit for the long haul
Don’t adopt a “one and done” interview mentality
15. Getting Help Without Getting Crazy:
• Be patient
• Just like attribution, trust is hard. But you should definitely trust us.
• If your Comms team is just the worst, you have options
Product Marketing
Product Managers
• Be cool with edits
The technical details are up for discussion, but not the message
Researchers write for researchers, and that’s okay.
• Look for the red flags
If someone doesn’t ask questions after you’ve explained something
If they can’t repeat it back to you in an accurate yet simplified manner
16. Speaking of red flags:
• How to get on the bad side of Comms:
• Acting on your own
• Not cooperating
• Not communicating
• Ditching interviews
• Missing deadlines
• Taking things personally
• Lashing out at reporters or other third parties
• Worrying about things you shouldn’t be worried about
17. If You Remember Nothing Else:
• Communication is key
• Patience is a virtue
• Be prepared to get edited and hear the word no
• Remember that your Comms/Marketing team is on your side, and that
they are professionals
• Reporters != Researchers