As the Managing Editor of Inside Cybersecurity, Sara Friedman has dedicated herself to getting into the weeds of the latest cyber policies coming out of Washington, D.C. From the National Cyber Strategy to the Cybersecurity Maturity Model Certification (CMMC) program, Sara dives in head first to determine how these policies will impact the federal technology landscape. In 2024, Sara sees a few hot topics earning Congress’ attention, but the topic earning the number one spot – Generative AI.
Since this topic continues to evolve daily and only seems to get more complex, it’s going to take a huge team to cover this topic. Enter Inside AI Policy, Inside Cybersecurity’s newest sibling publication. “Inside AI Policy is going to be looking into emerging and technology policy frameworks for AI and looking at how Congress is trying to shape different regulations and industries,” says Sara.
On the latest episode of Inside the Media Minds podcast, our host Christine Blake and guest co-host Madison Farabaugh discuss the biggest policy changes Sara has seen over the years, as well as her other predictions of the policies that will be at the forefront in 2024.
To hear more of Sara’s expertise, insights and what she thinks will be the biggest headlines in 2024, listen to the full podcast below or read the transcript!
Timestamps:
0:44 – Sara’s Start Inside the Beltway
1:46 – Defining Inside Cybersecurity’s Audience
3:37 – The Latest on the NIST Cybersecurity Framework
5:24 – Nurturing Relationships Over Time
6:54 – What Else is Piquing Sara’s Interest
8:30 – Changes in Cyber Tech Policies Over the Years
9:33 – What to Expect Out of Washington in 2024
10:43 – Inside Washington’s Newest Publication, Inside AI Policy
12:23 – Sara’s Focus Topics for 2024
13:17 – Science, Cooking and Pilates
14:11 – Interesting Industry Perspectives
15:57 – The Challenges Sara’s Seen in Legislation
17:08 – Lessons Learned & Advice for All Professionals (Start By Mastering One Thing)
Missed an episode of Inside the Media Minds? Check out all of our past episodes here!
Transcript
Christine Blake (CB): Welcome to Inside the Media Minds. This is your host, Christine Blake. This show features in depth interviews with tech reporters who share everything from their biggest pet peeves to their favorite stories. From our studio at W2 Communications. Let’s go Inside the Media Minds.
Hi, everyone, this is Christine Blake, the host of Inside the Media Minds. And I’m very excited to bring you a great guest today, Sara Friedman, the Managing Editor at Inside Cybersecurity, and I am joined today with my co-host Madison Farabaugh. So hey, Madison, and hello, Sara, thanks for joining us.
Madison Farabaugh (MF): Hey, Sara.
Sara Friedman (SF): Thanks for having me.
CB: Yeah, absolutely. We’re excited to talk to you today, learn more about Inside Cybersecurity and some of those hot topics you’re covering. So, you’ve been in journalism for over a decade focusing on cybersecurity and technology within the federal space. So, we’d love to hear about, um, how you got your star, maybe a quick overview of your background.
SF: Yeah, so I started covering federal technology news, about seven years ago, at 1105 Media since then moved on to my current role covering, uh, federal cyber policy news at Inside Cybersecurity, and one of the things that interested me about working in this field is the ability to do a deep dive into cyber policy regulations. I grew up in the DC area and got my start writing for several trade publications in various areas and found the ability to go in depth in the topic and see all the twists and turns is what makes me excited.
CB: Hmm, okay, you know that makes sense. I’m sure you’re always learning something new every day. What is your, I guess, favorite part about covering this very unique space?
SF: I like doing deep dives into cyber regulations, um, and working for a subscription-based publication allows me to do that, because our readers have some knowledge on the topics that I’m writing about.
CB: Yeah, must be different with a subscription-based model. Can you talk to us a little bit a little bit about that, and how you sort of gain your audience and, um, and things of that nature.
SF: Our audience is looking for a specific kind of information from us. We are covering major headlines, but we’re also trying to get more into the onto the weeds on things.
CB: Sure.
SF: When I see other publications, everybody has a different take on things. But my focus has to really be on our subscribers and getting the information that they are looking for, um, out of our publication.
CB: Mhmm.
MF: So when you talk about your audience, Sara, is there do you have your own method for kind of defining who your audiences and how you look for resources for them?
SF: A lot of it is about talking to, uh, sources in-person. I found going to events, um, can be very helpful just to get the temperature on different things and figure out what our readers might be interested in learning about more. Uh, for example, I learned that the FCCs US Cyber, uh, labeling program for Internet of Things devices, is a topic of interest to our readers.
MF: That’s awesome. And then you had just mentioned you have found that you enjoy finding some of your speaking to sources at events and conferences. Do you have one that you’ve particularly particularly enjoyed going to this year?
SF: One of the issues that I’ve been covering over the past year or so is the update to the NIST Cybersecurity Framework. Um, the NIST Cybersecurity Framework was put out 10 years ago. And they’re in the process of updating it now. One of the nice things about NIST is how collaborative it [cough] one of the nice things about NIST is how collaborative it is, with industry. And there’s so much that can be learned by just being in the room and taking the temperature of how people are responding to different things.
CB: Yeah, we’ve seen so many different headlines on the NIST updates this year. We’ve had a number of clients talking about it and heard and read a lot you know, of articles about it as well. What do you think is, um, kind of the most important part about that update right now? And what are you seeing from like a journalism perspective as you’re talking to resources?
SF: Well, the interesting thing at the moment is we’re very close to final publication.
CB: Mhmm.
SF: It’s been a two year process to get this, uh, across the finish line. Uh, my publication has the ability to go into a lot of the public comments that have been issued, and to get information, uh, from different sources about how they think about the different proposals.
CB: Mhmm. So, do you find yourself going to a lot of the same resources to discuss this? Or are you getting a lot of pitches, um, from different spokespeople wanting to talk to you about this? Like, how do you approach that?
SF: So, there are some familiar sources that I deal with on a day-to-day basis. And I’m also interested in getting new perspectives.
MF: So speaking of getting new perspectives, I know as as a Managing Editor, I’m sure you get a million pitches all the time for just, um, different sources or ideas to include in your articles, can you tell us a little bit about what you look for when people are pitching you maybe it’s a certain style of pitching that you prefer to receive from people and or if there are certain, you know, content things in those pitches that you look for?
SF: Sure. So, I want to know who the person is that you’re trying to pitch me, why they are important and what value they can provide to our readers. I’m not interested in getting comments that are solicited from someone that I don’t know and I found that it’s more important, important to nurture relationships over time, versus just sending out like emails on various topics and hoping that we might get around to it. I do read my email but we get a lot of stuff coming in and I may not have time to follow up on something, um, for every topic that I’m covering.
CB: Yeah, I’m sure you probably get inundated. So I know you mentioned NIST Framework, you’ve mentioned doing some deep dives on topics. What are some of the other most interesting topics in this space to you right now?
SF: So, one of the topics that I focused on a lot over the past few years is incident reporting, CISA is going to be putting out its proposed rule next year. So we’ll actually see for the first time, how the agency plans to require mandatory reporting for critical infrastructure, owners and operators. The other thing I’ve been following quite closely is the National Cyber Strategy…
CB: Mhmm.
SF: …and implementation of that.
CB: Okay, interesting. I’m sure that has been interesting to hear different perspectives on that strategy. I know when that first came out, it caused a lot of questions. And I’m sure a lot of your audience is looking to you all to get some perspectives on on that topic. Um, so covering this space for you mentioned about, like seven years or so, what has been one of your most memorable stories to write or topics to cover?
SF: Yes, I think going back to the NIST Cybersecurity Framework, um, was a really exciting experience for me. Um, being able to get out into the field and try and get a better idea of the different personalities and different thoughts that people have about this and trying to break this down into more digestible pieces of information that our readers can use.
CB: Mhmm,
MF: Yep, that makes sense. And I’m kind of curious being in this space for so long. I know. You know, we’re getting towards the end of the 2023 year heading into 2024. Soon, curious how you’ve witnessed the evolution of cyber and tech policy, whether that’s, you know, over this year, or over the time that you’ve been working in this space, what are what are just some changes that you’ve seen over the years?
SF: What’s been interesting is about every six months, there’s some big cyber policy news, it seems like since I started at Inside Cybersecurity. I started when the Cyberspace Solarium Commission put out their report in 2020. Uh, since then, there was the SolarWinds hack…
CB: Yeah.
SF: … the 2021 Cyber Executive Order, um, incident reporting law and the National Cyber Strategy that have all come out and taken up a lot of my time doing deep dives on all of those.
CB: Mmhmm. Yeah, and, you know, as a new government regulations for cybersecurity are being released frequently, as we’ve seen, looking back at, um, the year of 2023, what regulations do you feel have been the most impactful and then like, where do you feel major improvements are still needed? Going into 2024?
SF: So, we’re going to be seeing a lot more on incident reporting in 2024, um, trying to get them got clarity on that. I’m also expecting to see more on Secure by Design, CISA put out a couple of publications on it this year. But what’s going to be really interesting is to see to measure the effectiveness of what they are proposing, and to see whether industry actually buys in on it. The other thing that interests me is establishing baseline cybersecurity requirements for industry. Uh, EPA tried to do this earlier this year and that was, had to be walked back because of a court challenge. So it’s going to be interesting to see how other sectors respond, like health and the communications, uh, sector at the at the FCC.
CB: Mhmm, yeah I bet.
MF: And speaking kind of how the industry is reacting to all of these new regulations, I know you’ve mentioned to us, um, Inside Washington, is has recently launched a new publication Inside AI Policy. So we’d love to hear more from you about what sets this publication apart from others, and maybe what you and your colleagues will be looking into with this new publication since obviously, AI is a very hot topic and it’s great that this new publication will be keeping a pulse on how that might impact policy in the federal space. So could you tell us a little bit more about that?
SF: Sure, Inside AI Policy comes from the founders of Inside Cybersecurity. Inside Cybersecurity started about 10 years ago, when there wasn’t a lot going on in cyber policy, it was more of an emerging state, which we’re now kind of seeing more with the growth of generative AI. Inside Cyber Policy is going to be looking into emerging and technology policy frameworks for AI and looking at how Congress is trying to shape those and different regulations and industries. Looking for different rulemakings and publications from agencies in terms of providing direction on what the government’s going to be doing moving forward. It’s a work in progress at the moment…
CB: Mhmm.
SF: …determining how government is going to address AI, and there may be some overlap with cybersecurity. So as part of my role at Inside Cyber, I’m trying to figure out what we need to cover versus what we can, uh, have our colleagues at Inside AI Policy focus more on.
CB: Yeah, I’m sure that’s a, uh, interesting problem and I think everyone’s kind of trying to figure out right now where to go with AI, as we get into this new year here, like AI has been such a hot topic. You know, we we’ve learned a lot about how it works in the commercial sector. But it’ll be interesting to see how it kind of fits in with the regulations and the and the federal space as well. Um, so I know that’s probably a topic that you mentioned, like learning more about in the next couple of months, are there any other interesting projects or articles or topics that you’re focused on here early in 2024?
SF: So I’m going to continue following the Cybersecurity Maturity Model Certification program at DoD. We are expecting a proposed rule anytime now, that will provide information on implementation. This has been a long time coming, and I’m sure there’ll be a lot more to report on it in 2024.
CB: Yeah, I’m definitely sure that there will be so we’ll stay tuned to your, um, your coverage of that area. Um, so on every podcast, we do like to, um, get some questions from listeners, people who are looking to maybe work with you and some of your readers. So we’re gonna jump in, in the in the final few minutes here, on some listener questions, and I’m going to start with kind of a fun one. What are you most interested in outside of work? We’ve been talking about these federal policies and regulations and journalism. But when you’re not focused on that, is there anything you can share that our listeners wouldn’t know about you?
SF: Yeah, I really enjoy reading. One book that I’m reading right now is called Lessons in Chemistry…
CB: Oh?
SF: …by Bonnie, Bonnie Garmus, who was a female scientist in the 1950s, who agrees to host a daytime cooking show. I’m also really into Pilates as well.
CB: Oh, yes, love Pilates. That’s fun. Good for you. So reading and Pilates outside of all this federal cybersecurity stuff, it’s good to have some balance. Um, cool! And then a couple other listener questions. What are two to three of the most unique or interesting industry or policy perspectives you’ve heard from subject matter experts and government this year?
SF: It’s been really interesting to see how the conversation is evolving. When it comes to liability requirements. This is something industry has been pushing for when it comes to incident reporting. And as part of the National Cyber Strategy, there is some conversation on liability when it comes to software.
CB: Mhmm.
SF: The ONCD is working on software liability framework to try and get more information from academics initially in 2024. There was symposium, and ONCD has talked about this as a multi-year effort. So we’re going to be very interested in seeing what happens in the next year or so. The other thing that we’ve been following quite closely is the SEC cyber incident disclosure rule. Um, there’s a lot of different perspectives on that, uh, rulemaking, and they’ll be interesting to see what happens next year as that rulemaking starts to have an impact, potentially.
CB: Mhmm.
CB: Mhmm. Gosh, I was just thinking, have you when he first got into this space, was it hard to learn all the acronyms and everything?
SF: Absolutely!
CB: [laughs]
SF: Bit of acronym soup sometimes.
CB: Yeah, definitely. Well, I’m sure you’re used to it at this point.
MF: And going along with that, of just keeping up with, you know, all of the acronyms and all of these regulations that are, they keep changing, or there there are new updates all the time. I’m also curious what have you found most exciting or challenging about reporting and writing within the federal space, whether that’s between finding resources, or whether that’s narrowing down your topics and filing the stories? Um, what has been most exciting or challenging for you?
SF: I think, uh, focusing more on Capitol Hill is going to be interesting, uh, coming up, we’ve seen a lot of bipartisan work on the Hill on cyber. There are challenges in getting legislation across the finish line. Sometimes, I am going to be interested in seeing more about progress with initiatives like incident reporting. And this whole idea that CISA has an Operational Collaborate [inaudible], and trying to see how that actually works in a way that is helpful to industry, and also helpful to government, um, in general.
CB: Got it. Um, and then final question to kind of close us out here. What would you say is one of the biggest lessons that you’ve learned throughout your journalism career so far?
SF: So, one of the things that I found, um, in my work is, it’s really helpful to start with trying to become the best that you can at one specific slice of the beat that I’ve been covering. And that can be really helpful in terms of being able to specialize and get more information on things that you should be looking out for that can be applied to a wider element of stories, once you’ve had that specialization initially.
CB: Mhmm.
SF: The other thing that I found is, you don’t really necessarily need to go into a writing job with a lot of experience on the topic. Um, I’ve learned on the job in terms of the different topics that I’ve covered and being able to talk to sources, cover events, lean on the experience of my colleagues, has been really helpful as I tried to build out my knowledge base on different topics.
CB: That is really great advice. Because, you know, some of the the spaces that you’re covering are so niche, and it’s like how would you, you know, you’re learning as well as you’re writing and reporting. And I think that’s great advice to anyone in any career really is kind of learning as you go and then knowing that you’re not going to be an expert right away. But, um, I like I like your what you said earlier about being like a master of that one, that one segment you’re covering. I think that’s really valuable, um, advice. So Sara, it’s been really great talking to you and to get to know you and your role. Um, really appreciate you coming on the podcast today. We’ll definitely, um, be checking out your coverage Inside Cybersecurity and following you more in that 2024
SF: Thank you so much for having me!
CB: Yeah, thanks! And for everyone listening thanks for tuning in to this episode of Inside the Media Minds. Thank you.
Thank you for joining us on today’s episode of Inside the Media Minds. To learn more about our podcast and hear all of our episodes please visit us at w2comm.com/podcast and follow us on Twitter @MediaMindsShow and you can subscribe anywhere podcasts are found!