Ahead of this year’s Black Hat conference, our host Christine Blake welcomed Becky Bracken, Editor at Dark Reading, to Inside the Media Minds.
For the last 13 years, Becky has been immersed in the world of cybersecurity journalism, and has loved every minute of it. Before she started her journey in cyber journalism, she started as a print journalist for a group of telecommunications magazines in the early 2000s along with some television and other multimedia. Then in 2010, she took her first nosedive into cybersecurity by joining Threatpost. Afterwards, she joined the Dark Reading team in 2022, where she focuses on cloud, application security, threat intelligence, notable cyber incidents and security research.
Be sure to tune in to the full episode or read the transcript to discover more about Becky’s journey to cybersecurity journalism, her plans for this year’s Black Hat and how companies can break through the noise, including:
- Why she loves talking to members of the cybersecurity community
- AI is more than just a buzzword
- MOVEit is the biggest story going on right now
- What the Dark Reading crew is doing at Black Hat
- Her agenda at this year’s conference
Timestamps:
0:47 – Becky’s Background Before Dark Reading
2:12 – Her Love for the Cybersecurity Industry
4:11 – What’s Been Grabbing Becky’s Attention Recently
6:35 – Her Most Memorable Cyber Story
8:58 – Organizations Need to MOVEit to Patch this Vulnerability
11:35 – Dark Reading’s Plans for Black Hat
13:11 – Most Valuable Intel from a Reporter’s Perspective
15:11 – How Vendors Can Cut Through the Noise
17:30 – The Behind the Scenes of Becky’s Black Hat Planning
19:57 – Becky’s Favorite Black Hat Flashback
21:39 – How to Best Contact Becky
23:46 – What She’s Most Excited to See at Black Hat
24:25 – Life Outside of the Newsroom
Missed an episode of Inside the Media Minds? Check out all of our past episodes here!
Transcript
Christine Blake (CB): Welcome to Inside the Media Minds. This is your host, Christine Blake. This show features in-depth interviews with tech reporters who share everything from their biggest pet peeves to their favorite stories. From our studio at W2 Communications. Let’s go Inside the Media Minds. Hi, everyone, this is Christine Blake, the host of Inside the Media Minds, and I’m super excited today to welcome our guest Becky Bracken, Editor at Dark Reading. Welcome, Becky.
Becky Bracken (BB): Hi, Christine. Thanks so much for inviting me. It’s great to be here.
CB: Thank you so much for agreeing to come on. I know you’re probably super busy, um, you know, working and then gearing up for Black Hat coming up, which I’m sure we’ll get into here in a little bit.
BB: Absolutely.
CB: So, let’s go ahead and get started. I’d love to just hear a little bit about your background. I know you were a freelancer, you wrote for Threatpost and a few other cybersecurity publications recently, and then a few other general publications earlier in your career. Can you give us an overview of your background, and then how you got, um, to where you are now?
BB: Sure! Thanks for asking, I rarely get to talk about myself as a journalist. So, it’s a little awkward, but yes, I, I, uh, was a print journalism major, graduated and was a print journalist, um, for newspapers right out of college, and then I got hired to work on a group of telecommunications magazines, right in the early 2000s. And, so, I was working on telecom, when we were still describing to our readers, what an API was, and, and, that sort of thing. So, I came up with a bit of tech, pivoted, did some television and you know, kind of gathered as much multimedia experience as I could, and, um, you know, kept covering telecom, then I got an opportunity through a colleague to join Threatpost, which was really my first sort of nosedive into cybersecurity, and I really love it. And so then went from Threatpost over to Dark Reading, where I’m doing the, uh, webinar series on the editorial side, a bit of reporting and writing, editing and that sort of thing.
CB: Wow. Yeah, that’s quite a background. So how did you, how do you feel about the cybersecurity space now that you’re kind of deep into it with at Dark Reading?
BB: It’s terribly exciting, um, the most exciting thing for me, as a person who, you know, my tools in my toolbox are about writing and communicating. And so, for me, being able to interface, interface with really brilliant people who were doing cutting-edge work is really exciting. I mean, it’s an I got to learn something new every day. So, it might as well be something interesting. There’s also a little bit of cops and robbers, uh, aspect to it, which makes it fun and exciting. But, um, most importantly, the cybersecurity community is an incredible group of generous people generous with their time, um, with their advice. And so, you know, coming into, I guess, my fourth or fifth year in the industry, I’m just so grateful to all the people who have taken tons of time and care to explain the way they view the world. And so, I hope I do that justice in my work every day.
CB: Yeah, no, definitely. I think it’s definitely learning every single day up from you know, the resources, I’m sure that you talk to on a regular basis.
BB: And what we’re all learning, I mean…
CB: Yeah
BB: …even experts on the other end of the phone, I mean, that’s kind of the most exciting thing about it. You know, I, I was in a room with CISOs recently at RSA, where I’m sure most of us were.
CB: Mhm.
BB: And I was asking them, you know, about the stress level, and, you know, how do you how do you handle that? And one of the frankest answers I got, which was off the record, so I won’t share the source. But they said, we’re in this business because we like a crisis. We are comfortable in a crisis. We like running to the crisis and solving it and so I guess I’m sort of akin to that as a journalist spirit. So, I find that aspect of it kind of interesting as well.
CB: Sure. Yeah, that is super interesting. Good perspective. So, I know we’re we hear a lot about and read a lot about especially in Dark Reading about the latest breaches and vulnerabilities, hearing a lot about AI these days. What are some of like the major topics that you’re seeing, that you’re covering, and kind of your take on those?
BB: It’s interesting you mentioned AI, I don’t think it’s a big secret that that is sort of the the new, um, I don’t want to say buzzword because it, it, is legitimate, but I I think that a lot of people are of the mind that having AI as part of the conversation sort of just keeps them, um, at the forefront. It sort of keeps them on trend keeps their keywords up. I would say that, um, I would. The answer, let me put it this way, the questions I will be asking the experts that I’m seeing is, where do we separate the hype versus where we really are. I think that, um, even outside of business publications like Dark Reading, people are talking all the time about AI at this point, you know, James Cameron is giving us his…
CB: Yeah.
BB: …input on AI and and Elon Musk, you know, so these are hardly experts on the topic. And so, what I would like to do specifically with machine learning and AI and the like, is I would like to have us drill down back to brass tacks on these topics. I think, um, zero trust is a very good example of how a buzzword can kind of overtake the reality and the technology. So, I think it’s very important as an industry, as someone who’s kind of trying to inject conversation, I would like to sort of do the gut check on AI. And I’m looking forward to doing that quite a bit at Black Hat.
CB: I like that. I think that’s really important. Because yeah, just like zero trust, you just hear and then it becomes its own technology, its own solution. And it just takes over, you know, marketing and every part of security. So, I’m really interested to see, when you ask that question, how do you separate the AI hype? You know, from reality and, and the basics, I’m really interested in seeing where you go with that, and kind of what you ended up reporting on at Black Hat.
BB: I am too, so stay tuned.
CB: Yeah, I love that. That’s interesting. Now, when we you look back at some of your career, I know you’ve been in the cybersecurity space for four to five years, what has been one of your most memorable stories to work on and to write?
BB: I gotta tell you, I had a, I had a fun one last week that really sort of jumped out. There had been a lot of conversation around logging and Microsoft 365. We all know what an important investment that is, across IT systems, all the way up and down, um, the scale. Interestingly, what I realized, especially when CISA put out their recent alert about tracking down the Chinese APT storm, um, they reference how important this deeper logging availability is to ferret out whether or not you’ve been compromised. And in my reporting, I found even certain customers of Microsoft who had been told “you we know you were compromised by this,” weren’t able to gather their own evidence because they didn’t have access to this premium tier of logging. Well, I went back to Microsoft, and this isn’t, certainly isn’t a new conversation. I mean, my experts that I talked to, Jake Williams and the like have said, we’ve been wrestling this with this for quite some time. But as cybersecurity seems to be maturing the thirst and the hunger for this sort of level of data, I think, sort of caught up with Microsoft’s model, I guess is a fair way to, to cast it. So a couple of days later, I was fortunate I woke up in the morning, I hadn’t heard back I thought, well, maybe they blew me off, been known to happen. And I got an email saying, you know, we’ve decided to completely change the tiering system, logging will be available. We’re working with CISA. Now, I certainly don’t take credit for, you know, breaking that story or causing Microsoft to move. But I think I had it first and I was thrilled to be in the middle of something that is so, you know, in the guts of…
CB: Yeah.
BB : …what my readership does. So that was one that I thought was particularly fun. I got a little rush on that one.
CB: That is really cool! Yeah, I don’t blame you. Because it’s something that’s so impactful on you, you are in in the middle of all of that happening. So, that that’s super cool.
BB: Thanks!
CB: Yeah. Um, you know, I asked earlier about topics that you think are interesting. Now, we talked about AI. Is there a certain topic in cybersecurity that you that you’re kind of sick of hearing about? I’m sure you get lots of pitches every day and you you read things every day, but what are you sick of hearing about?
BB: Well, I hate to that, that, you know, I mentioned it before zero trust.
CB: Hm.
BB: I think that, you know, as an opening salvo for the, for the conversation. I think it was smart, I think and you know, um, it served its purpose. But I think we’ve matured far beyond having that, um, blunt of a conversation about it, because it is really more about identity management and setting up a framework that is more flexible than the standard endpoint perimeter. And so that is one that I would be happy to see go by the wayside and replace with something more precise.
CB: Sure. No, that makes sense. Is there something that you think that should be people should start paying more attention to now?
BB: Well, I mean more attention to I don’t, I don’t think there’s a bigger story going on right now from my perspective than the MOVEit, uh, vulnerability and it is tearing through, you know, Fortune 500s, Fortune 100s. I mean, the list goes on and on and on of the companies who really are are just kind of sitting at this point and waiting to see if they’ve been breached, I think it sort of has opened up a whole new, um, or sort of level that maybe even this whole, uh, ransomware, um, business model, you know, the way you can lay and prepare the the statistics I saw, uh, yesterday out of IBM. And, uh, sorry, it is Coveware I believe. IBM has said that there’s, um, each incident is more expensive than ever for businesses, it’s up to five $4.5 million per incident. And there are things that they recommend you can do to decrease that. But importantly, at the same time Coveware released a report saying they expect CloP, who’s behind the MOVEit vulnerability stands to make $100 million off of that one vulnerability.
CB: Wow.
BB: So I mean, you can see where this concentration and how saying spending a couple of years investing in vulnerabilities, like these zero days are paying very serious dividends and doing serious damage.
CB: Yeah, that is an enormous amount of money. I hadn’t heard those recent figures. Wow, that is that’s crazy.
BB: Mhm, mhm, mhm.
CB: Wow, yeah, we’ll definitely keep an eye on that. That story is still unfolding. Um, so I know Dark Reading has always had a large presence at Black Hat. We always visit Dark Reading news desk and see all all of your team out there at the show. So, what are the plans for this year’s show in just a couple of weeks?
BB: We hate, uh, it’s we’ve been in intense discussions. Our our coverage really has already begun. Our our Managing Editor of News, Tara Seals, has orchestrated, um, deep reporting on, you know for us, this is exciting as cybersecurity enterprise journalists because this research is really the meat and potatoes, um, of of what we do and what our our readership does. So, uh, Tara, she’s, uh, working on deep reporting with all of our staff on the previews of the research. I, personally, will be at the news desk this year. I hope everybody stops by and, uh, checks us out live, please, no heckling, although a little is probably warranted. And so, we’ll be there for two full days of live 10-minute interviews with researchers and CEOs and just a whole bunch of people from our newly formed CISO advisory panel like Chenxi Wang, who I’ve been a fan girl of for years. So, it’s just gonna be two full days of exciting conversations. And then beyond that, our Editor in Chief who everyone knows, she’s legendary, Kelly Jackson Higgins.
CB: Yeah!
BB: So, she is going to be handling a panel as is Fahmida Y. Rashid, our other legendary editor over here, so it’ll be a full court press. Oh, and I should also mention, Tara will be, uh, hosting an early panel where she after gathering all of our reporting, will sort of give everybody, uh, a cheat sheet CliffsNotes version of what she’s eyeing as the the top sessions to see. So, people who are looking to make the most out of their time should really check that out.
CB: Yeah, that’s probably super helpful. What do you find, like I know, you mentioned research, interviews, what do you find most valuable at the show for you from a reporting perspective?
BB: For me, in this day and age, I want to say that being able to get face-to-face with people is such a treat. Um, so that in and of itself, you get so much on a Zoom or you know, you talk to your sources, but there’s absolutely nothing like sitting down over a drink and going “What did you think about that?” You know…
CB: Mhm.
BB: …so those are the conversations that I love, and I’m most looking forward to. Um, but also, it’s so helpful, the vendors, um, on the floor, they really show us so much about what the market wants, where the market is going. So, I mean, as much as our focus in our reporting is on the research and on the researchers and on a lot of top tier decision makers for obvious reasons. Um, there’s so much to be learned and so much to be gleaned from just walking the floor.
CB: Mhm.
BB: And again, coming back to why I’m here, listening to smart people, listening to experts, talk to you about what they know best and that is a treat no matter what your job.
CB: Mhm. Yeah, that makes that makes sense. And it’s so you know, I’ve been I’ve been to Black Hat probably the past five or six years. It’s so noisy there. There’s so much going on.
BB: [laughs]
CB: How how does a vendor stand out to you amongst all that noise?
BB: You know, there are people who are far more qualified than I, to you know, unpack the psychology of vendors and marketing and marketers, for me, you know, it is sometimes it’s just wandering around and running into somebody and going, okay, what are you guys doing?
CB: Sure.
BB: You know, I am also very fortunate in, in doing the webinars that I’m hearing conversations all the time. So, you know, something that I will have heard about, that I don’t know a lot about, I’ll seek out those vendors. Um, but I like everybody else I’m just trying to stay on top of what is new.
CB: Mhm.
BB: But what is genuinely new, you know, my job for my readership, and and Kelly has instilled this and as in it is handed down from the late, great Tim Wilson, that our readership and our teams, we need to keep them in the forefront and top of mind in everything that we do. These cybersecurity teams are struggling with a communication and information problem, what is important, what do I care about, what do I need to care about? And so, if we can help them do that, so, I tend to have all the conversations so that I can go back and and report what’s what. So that’s a tough question to answer.
CB: Yeah.
BB: But I’ll know more when I come back, how about that?
CB: Yeah, I think that’s a great perspective and answer, though, because it’s like, you, obviously take it very seriously, you and your team at Dark Reading to talk to people and sort of pull out from those conversations, what’s new, and what’s important. And I think that’s really like, back to basics of of anything, it’s like, sure, there’s all these conversations happening, a bunch of vendors, all this stuff, but what truly is important and you delivering that to the readership is super helpful for everybody.
BB: It’s what we’re here to do. And again, we are reminded all the time, you know, because it’s easy to chase, or you think, oh, I love this topic. I think this is interesting. And you tend to veer and want to do new things and have new conversations. But you know, we are always anchored in serving our enterprise security readers and viewers and helping them do their jobs better.
CB: Mhm. Yeah, makes sense. So, you mentioned at least two full days, 10-minute interviews? How far in advance is the team plan the day, the day in the life right at Black Hat? How far in advance does it happen?
BB: I have been working on and again, I do the editorial side. So, I’m really only programming half of the two days, and I’ve been working on it for at least a month.
CB: Okay.
BB: So because it’s very important for our entire team that we have a diverse group, we have a diverse group of experience and thought, as well as background, that we have thought leaders that we are giving opportunities to new voices in the industry…
CB: Mhm.
BB: …and not just relying on the same old not to say same old as a person of a certain age…
CB: Sure.
BB: …veteran voices…
CB: Yeah.
BB: …I guess we could say, but I mean, it’s, it’s not. It’s not taken lightly and I hope that people who, um, listen or view these interviews know that our team has spent a lot of time, um, booking people that are not going to waste your time that have something to say. And so that is my greatest hope. Um, that’s what comes across in the at the end of the day or two days.
CB: Yeah, I love that. That’s super important. How do you, how are you able to figure out like the best people that come on, that has something to say, I’m sure you get inundated with requests to be on, so how do you sort of sort through that?
BB: We do get a request, alright we start with the researchers, you know, Black Hat… …is fundamentally about the research. And so, we want to get down to those roots. You know, one of our projects we have here is Black Hat flashback, where we talk about historical groundbreaking, monumental moments that happened at Black Hat that were [inaudible] they changed the way the whole industry…
CB: Okay. Mhm.
BB: …saw itself and and was seen and so we, at the end of the day, um, rely on the research, we rely on the researchers and so from there, but we also have, you know, people that are doing new interesting things or people we know that are going to have great takes, you know, on certain topics and so we try to have a mix, you know…
CB: Yeah.
BB: …of newbies and that’s and deeply technical and deeply business invested.
CB: Mhm.
BB: So, we hope we give everybody a little little bit of everything.
CB: Yeah, very cool. What is one of your favorite Black Hat flashbacks? We’ll put you on the spot.
BB: Oh my gosh, well, there are a lot. The one that comes to mind is, of course, the day, uh, the internet broke.
CB: Yeah.
BB: And so, it was the day I’m so sorry. I’m blanking on his name right now please give me one second…
CB: [inaudible] yeah.
BB: …your viewers are going to be horrified. I hold on…
CB: [laughs] After all the years, everything begins to blend together.
BB: …I’m doing live research as we speak on air. Dan Kaminsky, oh my gosh…
CB: Mhm.
BB: …that is so embarrassing. The day he saved the internet. And so, he is a beloved late, great member of the cybersecurity community. And here this newbie, walked up one day and presented the great DNS vulnerability that helped everybody realize that every webpage on the internet was exposed…
CB: Oh my gosh, yeah
BB: …badly. So, this is something that happened, um, you know, more than a decade ago, but still, you know, um, resonates. And so…
CB: Yeah.
BB: …we have that we have, um, you know what, I’m sorry, I should have been more prepared for this. But we have all kinds of different groundbreaking moments. So, if you all want to check those out, it’s where I sit down with Kelly and Fahmida and people who are in the room.
CB: Mmmm.
BB: And that is something that was also very important is, you know, how did that go over it. For instance, Dan Kaminsky, his grandmother had cookies for everyone the day that he presented this. So…
CB: That’s amazing.
BB: …it’s a fun way to relive some of the big moments. So please check it out.
CB: Yeah, thats so much fun. Definitely want to check that out. That sounds really fun to kind of look back at everything. Cool, and then I know, we have a couple additional questions here. So, I’m sure you know, you get inundated with requests with pitches. Do you have, um, any insight for our PR folks listening and marketing teams on how you prefer to be pitched? Are there any best practices to do or stay away from when trying to get in touch with you?
BB: Sure, to every PR and marketing person out there, I want to say thank you, your pitches and your information flow feeds all of the beast. And so, I want to first say we see it, I know…
BB & CB: [both laughing]
BB: … it may seem impossible to, um, break through. I want to know that want, um, all of you to know that when I’m researching a story, I will go through my inbox and revisit those pitches looking for experts on specific topics. Much like my job it is a it is a timing issue. And so, what I would say is, tell us what you’re doing. You don’t need all the extra we don’t need you to go, you know, do a big dance or anything like that we all know we have jobs to do we are all terribly busy. So please keep the information coming. Know that we see it, know that it’s in the hopper and probably when you least expect it we will show up on your doorstep.
CB: Mhm. Mhm.
BB: But I want to thank all of you who have stayed late on Friday to get me a quote on some esoteric thing. I want to thank all of you who have shepherded me to excellent sources, excellent guests, excellent ideas. So, I just want to say thank you keep doing what you’re doing. We see it. Keep it coming.
CB: Yeah, I love that. I think it’s, uh, definitely a team effort. And we definitely appreciate, um, people like you who are, you know, excited to collaborate and keep working together to tell these important stories.
BB: It’s critical.
CB: Yeah. And then are there any specific keynotes or sessions that you’re really excited to attend at Black Hat? Or that you’re kind of keeping an eye out for?
BB: Well, you know, during most of the really cool ones, I am going to be stuck behind the news desk and so…
CB: Right.
BB:…but the one I really am inter- you know, I love Jen Easterly. Talk about a fan girl moment I’m trying desperately to make her schedule work to sit down with me that I would never miss an opportunity to see her. She’s so bright and so exciting and and it’s such a breath of fresh air. So that’s what I would say is.
CB: Right. Yeah, that sounds perfect. And then last question sort of in a different direction. What is something that our listeners may not know about you, um, as a reporter? Um, something kind of outside of work that you’re interested in?
BB: Um, well, I am. I’m based in Phoenix, Arizona. I am very hot right now.
CB: [laughs]
BB: We are still in the midst of a but mostly I gotta tell you, I have a middle schooler. So, when I’m not working, I am driving to practice and trying to keep her hydrated. So yeah, I’m kind of in the thick of that. So, when I’m not working, I am dealing with my middle schooler, with joy.
CB: Oh, yeah, that is definitely a huge…
BB & CB: [both laughing]
CB: …driving around and everything so.
BB: Precisely, but someday I’ll get to have hobbies again. I’m looking forward to that. [laughing]
CB: Oh, perfect. Love that love it. Great. Well, um, it’s been a pleasure getting to know you a little bit better and hearing about, um, you know, the plans for Black Hat and about your background in general. It’s been really insightful and really appreciate your time today.
BB: Thank you for listening. Its been lovely. Appreciate it.
CB: Awesome. And we’ll definitely keep an eye out for all of Dark Reading’s amazing coverage from the show and we’ll be very interested in following up with you after.
BB: Excellent.
CB: Alright, thanks so much, Becky!
BB: Thank you!
CB: And for everyone listening thank you so much for tuning in to another episode of Inside the Media Minds. Thank you for joining us on today’s episode of Inside the Media Minds. To learn more about our podcast and hear all of our episodes, please visit us at W2Comm.com/podcast and follow us on Twitter @Media Minds Show, and you can subscribe anywhere podcasts are found.