Bree Fowler has been a reporter for more than two decades, working for the AP, Consumer Reports, and now CNET, where she covers digital security as a Senior Reporter. 

She let us in on what makes experts shine in an interview, the word you should never use in a press release, and the question that all good security stories answer.

Mike: What makes for a good security story?

Bree: A good security story answers the question: “Why should I care?” The people I write for are interested in tech, but they’re not into inside baseball. Think about whether your best friend or mom would be interested in the story. If you’re pitching a funding announcement, executive appointment or most B2B stories, the answer is probably no.

But, on the other hand, while topics like ransomware, data privacy and misinformation were once too technical for a general audience, that’s not the case now. Even regular people now have a basic understanding and interest in data security and privacy.

What major cybersecurity trends or stories are you interested in right now?

Like ransomware itself, ransomware stories never seem to go away. The threats, and the stories, just keep mutating. My last job had a complete consumer focus, but now I’ve been tasked with covering more global issues and I find that very exciting.

I find the role of Russia and other nation states involved in cyberattacks to be fascinating, whether you’re talking about misinformation or straight-up cyber espionage. And tied in with that is how social media is affected by misinformation, not just by foreign actors, but by people at home as well. How do you combat misinformation while still protecting freedom of speech and minimizing political bias?

You’ve been a reporter for 20 years and covering the cybersecurity industry and high-profile security stories for eight of them. What advice do you have for industry experts and others that would help them understand what you need from an interview?

I’ve also worked as a “talking head” for several years now. I have my own PR people; I’ve gotten pretty good at morning TV. And it gives a different kind of perspective when it comes to what makes for a good interview. I know what you’re going through. Live TV still makes me nervous.

If you’re doing TV, speak in short soundbites, make eye contact and most importantly look happy to be there. If you’re doing an interview for a print story, don’t drone on, but tangents are OK, too. I like a good war story or anecdote and I will make time for interesting people. That said, if you’re only scheduled for 30 minutes, please don’t run over unless the reporter keeps asking questions. We have deadlines to make.

What’s the difference between a story that’s a good fit for security media vs one that would run in a business or technology focused publication? What distinguishes a CNET story from one in any other outlet?

Like I said before, I know you’re probably really excited about your Series B funding, but I’m not. Most of the major business publications probably aren’t either. I care more about what makes your company stand out and what’s going to make it hang around for the next year.

I love research and I write about a lot of it now, but again the “why should I care?” question plays in. If it’s a tiny vulnerability that’s already fixed, only affected a limited number of devices, and was never exploited, that’s not enough for CNET. But it may be enough for a cybersecurity trade publication.

If you could change anything about how cybersecurity companies communicate about their products and services, what would you improve? 

Never use the word “solution” in a press release. It’s not a solution, it’s a product or service. Journalists hate jargon and we really hate press releases that we can’t understand or don’t get straight to the point.

Also, never say that your product is “hacker proof.” People won’t take you seriously and you’re putting a target on your back. That said, over the top, cheesy marketing is bad, too. Remember Norse? The plastic Viking helmet I picked up at the crazy Black Hat party years ago has outlasted the company itself.   

What books/podcasts/other resources would you recommend to people working in cybersecurity PR and marketing? 

CyberScoop and Dark Reading are great for the really inside baseball cyber news. I also like the Security Ledger podcast. And the Washington Post’s Cybersecurity newsletter is a great way to quickly catch up on what’s going on in the world of cybersecurity as you drink your morning coffee.