- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
PR folks: Read this before making RSA pitches
Some of my favorite PR folks include Michelle Schafer, Tim Whitman, Kevin Kosh, Jen Leggio, MaryCatherine Bassett Petermann and Tony Welz.
But the cold fact is that I get hundreds of pitches a day that go straight into the trash. It's nothing personal. But I have a responsibility to write about the things that are important to our readers. If you don't strike a chord in that regard, I move on to something else.
It's not that the pitch is bogus or without value (well, OK, a lot of them are). It's just that in a lot of cases, the PR practitioner isn't taking the time to really understand the writers they pitch to. Instead of getting the right feel for that writer's audience and which pitches would be helpful in that regard, they just launch into a reading of the latest press release the second you pick up the phone. It's like those telemarketers who like to call during dinner. They have their prepared text and in they go.
If you do this sort of thing, try not to take offense. I know you have a job to do. You make a lot of pitches you don't believe in, but your bosses have told you to do it, and you have to pay the rent, right?
I don't fault the security vendors, either. It's a competitive market and vendors have to scream loud to be heard. They rely on PR agencies to do it for them, and they are not always served very well by those they hire.
I bring all this up because the RSA security conference is next month and the RSA pitches have already started. I want to focus on the things my readers care about and I don't want to waste anyone's time, so I thought the following tips might be useful to the folks with the press releases and the long call sheet:
--When pitching by e-mail, don't come at me with self-evident statements.
Two examples of this recently landed in my inbox:
"[Security Vendor A] believes that the most popular services and platforms - such as Twitter, foursquare and Google TV—will be the platform of choice for cybercriminals in 2011."
"Newly released PCI DSS 2.0 requirements underscore the importance of securing networks for every organization that takes a credit card – and in today’s day and age, that is just about every company or organization, no matter how small, no matter how big, in every industry."
Most security journalists already know social networking is a big threat vector and we've been writing about what PCI DSS means to merchants for several years now.
Give us something new. Maybe it's fresh research from the vendor's lab showing specific shifts in how mobile attacks are being carried out. Maybe you have a client whose assessors are pinpointing specific, troubling trends in how companies continue to get the spirit of PCI DSS wrong.
Launch right in with WHAT'S NEW and you'll stand a better chance at getting my attention.
--Don't ask me to do vendor briefings for simple product releases.
There is certainly a purpose for product briefings. But if you're like me and you don't do product reviews, there's no real value in doing it. If someone wants to brief me on a new report like what I described above, that's of interest. If someone just released version 217.5 of their main product, you're knocking on the wrong door. We want case studies where a security practitioner can share their experiences from the trenches so others might learn from them. We want attack trend data readers can use to mount an effective defense.
--Keep your FUD to yourself.
Some PR types love to use big security conferences to promote their clients by scaring the pants off people. I see it every time there's a new data breach or malware outbreak. I see it every Patch Tuesday. Someone tells me the sky is falling because of a new flaw or piece of malware. Then I call a few security practitioners who tell me the sky looks perfectly normal out their window. If you call me to warn me of an emergency, you better have the facts handy to prove it's real. otherwise, I'll have to politely hang up.
--No, I'm not really interested in what Vedor A, B or C thinks of a particular keynote at RSA.
It's not that I disrespect those opinions. It's just that their comments are a lot more valuable when it's about stuff their customers are telling them; not something a keynoter is telling the rest of us.
When I go to RSA I won't be there for the keynotes or the product releases. I'll be there to learn about the latest challenges security practitioners are dealing with and who is finding a way to meet those challenges. True, someone's products will be part of an IT shop's solution, but I want the IT shop to tell me about which technologies work and which ones don't.
I hope this helps. Have a safe trip to RSA this year.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government