Teri Robinson at Security Boulevard on Her Love of Cybersecurity Data Points and the Synergy Between the Media and PR

Editor’s note: This interview is part of Mission North’s new Inside the Newsroom series, which presents highlights of our regular AMA sessions with today’s top tech journalists.

In the course of her long and varied career, Teri Robinson, contributor at cybersecurity publication Security Boulevard, has worn many different hats including writer, editor, consultant, conference speaker and moderator, and award-winning screenwriter.

After earning both a BA and an MA in journalism from Louisiana State University, Teri’s first foray into journalism was particularly memorable. She was sent to the National Audubon Society Gala on Capitol Hill to interview media mogul Ted Turner. The interview was going smoothly until Ted asked for the name of Teri’s publication. When she replied it was a small newsletter called Cable News, Ted, the founder of CNN, started yelling that he “had Cable News.”

Astronaut and senator John Glenn then admonished Ted to “leave her alone, she’s only doing her job.” “An American hero saved me from Ted Turner, which was a very good first journalism outing to write about!” Teri recalls.

Teri describes her move into covering cybersecurity, which included over seven years as executive editor at SC Media, as “a natural evolution,” building on her coverage and love of politics, policy, tech and business. Becoming “fluent in cybersecurity” has proved to be a very smart move as that sector continues to heat up in terms of the widespread attention such stories attract. Teri likes to think of all the people who laughed at her when she was younger for being on “the geek beat,” adding “I’m doing way more interesting stuff than they are!”

During our recent lively AMA with Teri, we talked about her thoughts on the latest cybersecurity executive order, why she likes rapid response, and her biggest PR bugbear. What follows is an edited version of that conversation:

I’m curious about the longevity of executive orders in news cycles? Do you think reporters will still be covering the May cybersecurity EO as 2021 ends?

In general, executive orders get a lot of coverage and press and interest at first as they’re newsy and there’s a flutter around them. And then, it just depends as they’re harder to enforce. What you hope is that an executive order leads to some sort of legislative, regulatory or policy initiative. We keep having these cyberattacks so this particular EO keeps popping up because people are always going to bring it up in the context of ‘Oh, this happened. And now what? What does that mean?’

I think this EO has a good chance of living a longer life in the press. If the private sector starts adopting a lot of the requirements that the administration has laid down for government software contractors, that’s going to create a kind of resilience. The EO is going to create a standard and push the industry and private sector to do what the government contractors have to do.

Are there any topics or cyber trends that you think are beaten to death, but reporters are still covering them even though they’re no longer interesting? 

I would love to answer ‘ransomware,’ but unfortunately, it’s still relevant. A few years ago, I was at Black Hat or RSA, and there were all these declarations that ransomware was dead.

Seriously, I think we need to be very careful with individual data breaches. You could write about a data breach not just every day, but probably every hour, every minute that you were awake or working, because there are so many of them.

However, not every individual breach has real relevance any longer. It’s just another thing that happened. We try to look at the ones that have significance, that mean something to our audience, and then send them off with a lesson.

A breach at a large company which has the kind of data that the bad guys want and that the good guys want protected is important. But, even then, you almost have to find a twist for something a little bit different that people should look out for or that people didn’t expect. 

“You could write about a data breach not just every day, but probably every hour, every minute that you were awake or working, because there are so many of them.”

Regarding breaking news stories, what kind of rapid response pitches do you like to receive? What makes a rapid response pitch a good one versus just inbox filler?

I’ll first acknowledge that a lot of journalists don’t like rapid responses. I don’t think stories should just be based on those comments, but they can be valuable. Rapid response pitches can be important because they show that you have a subject matter expert and demonstrate some thought leadership. Oftentimes, in a rapid response, I find a little nugget which I can then expand out into a pretty cool angle or story.

So with rapid responses, send me something that’s relevant, that shows me that whoever has written the rapid response has really thought about the issue and the nuances around it. If there’s some little nugget that I can run with, then I’ll want to follow up and ask you for additional information and for another thought leader who can elaborate and provide more detail.

“Oftentimes, in a rapid response, I find a little nugget which I can then expand out into a pretty cool angle or story.”

Given that sources speak to different audiences, do you have a preference for who the rapid response comes from, so, a CEO or a VP or a researcher? 

It always depends on what the news is. Sometimes, you need a practitioner to tell you exactly what they’re seeing. They have a better explanation technically of what’s going on and how an organization might have to handle it.

I think that it’s always good to get the person at the top, like a CEO or somebody in the C suite. What I want to hear from them is the impact of the cybersecurity event. Does it affect any kind of buying decision they’re going to make? Is it making them put the brakes on a project or, conversely, feel like they need to get going on that project? That information is valuable to the people that you’re writing for because they’re struggling with those same things.

When you approach the response from that direction, it means that the comments hopefully are going to be less skewed toward products or solutions. I don’t want a product pitch from anybody. I can look up what your products do or I can ask you if I need to include that in my story.

Diving into embargoed research versus third-party surveys, what do you look for there?

I’m obviously always looking for compelling data points. If it’s something that’s astounding, either by the number, six billion people were breached today or something like 85 percent of e-commerce websites aren’t protected, that always catches your attention.

But again, that data might contain something more nuanced that makes you wonder: Am I starting to see the beginning of a trend, or does the data reflect something that people should pay attention to in order to develop good security habits? The meatier the data points, the better.

I’m always glad to honor an embargo to get those data points and then try to write about it and ask some questions beforehand so I can have a story ready to go off of the embargo. But sometimes it’s less important to me to get the story up as the embargo lifts, and much more important that I get time to write up an analysis.

I may even hold onto those figures and use them on a more feature-type story that I’m doing where I need some really good data behind it. So I stick those stats that I want to remember in a folder in the back of my mind.

“I’m obviously always looking for compelling data points. If it’s something that’s astounding… that always catches your attention.”

What is the most annoying thing that PR people do?

It’s offering me subject matter experts and then not providing them when I call, write or visit. Instead, they say, ‘I’ll let you know,’ and then the call doesn’t take place. I had this happen with one expert repeatedly for a year to the point where it became a running joke. I finally stopped trying to contact them, but I don’t hold a grudge. I nominated this person, who will remain nameless, for some of our awards because I thought they really were good at what they do.

In this industry, I feel like everybody’s working toward the same thing in a different way. In PR, you have to represent clients and vendors. We in the media have to get a story out that our audience needs, that’s who we’re serving. I think it’s a symbiotic relationship between PR and the media.