Lawrence Abrams, Owner and Editor-in-Chief of BleepingComputer, has spent two decades guiding what has become a must-read source of security news.
He was kind enough to answer some of my questions about what he looks for in research, trends he’s tracking, and how to prepare for an interview with BleepingComputer.
Mike: What elements or angles make a security story stand out for you at BleepingComputer?
Lawrence: BleepingComputer likes to focus on stories that demonstrate novel approaches to malware, cyberattacks, vulnerabilities, defenses, and threat hunting. Stories that go off the beaten path.
However, even if a report shares new information, without technical details to back it up, it makes it very hard for us to cover.
We also commonly receive reports covering the tactics or malware we have previously seen, only with a slight variation. In those cases, it makes it hard for us to cover it as a brand new story, but we can potentially reference it in future stories about the same subject.
It is also not uncommon for researchers/companies to find interesting information but not write up a dedicated report. Some of our best stories have been from researchers contacting us privately to share what they learned and we build a story from an interview. With that said, researchers/companies who do not want to invest in writing a report should still contact journalists if they want to get the word out.
What cybersecurity trends or emerging threats are particularly capturing your attention right now, and how do you prioritize covering them?
Ransomware has always been a strong focus for BleepingComputer, including the threat actors behind them. However, we typically don’t cover stories about small ransomware encryptors that are not seen in attacks often.
Other topics that we are focusing on now include infostealers, social engineering attacks, MFA bypasses, new phishing techniques, and supply chain attacks.
What can industry experts do to better prepare for interviews with BleepingComputer, and what makes for a truly insightful conversation?
Transparency, transparency, transparency. Journalists work best if we can get the full story behind an attack, research, or malware.
While I understand that some information cannot go public for a variety of reasons, even if we are told some information on background or off the record, it allows us to become educated about the subject and write a more accurate story.
Also it helps to have someone who knows the technical nature of a story for questions we may have.
What distinguishes a BleepingComputer story from one in broader business or technology outlets, and how do you decide if a topic fits your readership?
When BleepingComputer covers a story, we try to add our own technical details to it. This can include testing a new malware, researching additional campaigns from information gleaned in reports, and providing more technical information in a way that is understandable to anyone reading it.
While many outlets cover cybersecurity stories, many of the journalists don’t always understand the technical aspects of the story, so tend to gloss over those “confusing” details. We try to break it down and make it understandable.
As for how we pick our stories, we always prefer reports that are novel. However, we always encourage companies to send us their reports, even if we have not covered previous ones. There are a lot of factors that go into selecting a story, including recent events, trends we are seeing in cyber, private reports we may have received, and simply lack of manpower.
With that said, we typically do not cover reports based on surveys and forecasts/predictions. We also tend to avoid posts about fixed, non-exploited vulnerabilities, especially if they were fixed months ago.
Are there specific books, podcasts, or tools you think PR and marketing professionals in cybersecurity should dive into to better understand the industry’s nuances?
I don’t really read any books or listen to podcasts related to cybersecurity. I need a break after living in it all day 🙂
I hope Lawrence’s insights help you better understand what it takes to collaborate effectively with BleepingComputer, whether you’re pitching new research or preparing for an interview. A big thank you to Lawrence for sharing his expertise and shedding light on what makes BleepingComputer a trusted resource in the industry.