Davey Winder, Senior Contributor at Forbes, is always thinking about his audience. Whether he’s writing for CISOs or consumers, you’d be wise to keep his readers in mind when working with him as a source.

Davey recently filled us in on what he’s working on, stories that catch his eye, his pet peeves with PR emails, and what cybersecurity communications pros should be reading.

Here’s what he said.

Mike: What makes for a good security story?

Davey: For me personally it’s anything that I think will engage the reader and hopefully help with their security awareness. Obviously, this will vary depending upon the readership.

When I’m writing for a security industry publication it’s got to be something that will make a researcher, CISO, analyst, or pen test team take a second look and want to dig deeper.

For a consumer audience it’s all about getting the “take security seriously” message across. Be that through threat intel regarding a live vulnerability and how it can best be mitigated, news of a breach that can both inform customers regarding that incident but also reach a wider audience about what such breaches can lead to and how to mitigate the potential consequences, or even a big political story that serves to make the reader more aware of security issues that might not have occurred to them before.

In three words: informative, thought provoking, fresh. OK, so that was four words.

What major trends or stories in cybersecurity are you interested in right now?

Right at this moment I’m researching an exclusive to publish at Forbes.com about a new quantum-based authentication technology employing physically unclonable functions, another about the security reality of smart locks (and that reality is likely not what you are thinking), and have covered stuff including the dangers of using Windows 7 in 2020, the dangers of using Windows 10 in 2020, smartphone security update failures, and Court of Appeals rulings on automated facial recognition use by law enforcement this week.

I guess you could say that if it’s got a security or privacy angle in there, I’m interested in it — but those stories that are a little more technical, that push *me* to understand more as I’m writing them, those are my real interest-perkers.

How has Covid-19 affected what you cover and how you approach those stories?

The pandemic has brought privacy issues into the debate with a much louder voice than previously, so I’ve covered more privacy-related, tracking tech stories than I might otherwise have done. Privacy and security are, of course, different things — but the overlap is becoming increasingly prominent I’m finding.

As to approach, there’s no doubt that during such a global emergency one has to be aware of how words, even single words in a headline, can impact people emotionally. Which means being more sensitive to this, and avoiding overly inflammatory or fear-inducing words and phrases.

What separates the most helpful sources from the least helpful sources?

An ability to listen and respond, or not respond if what they hear is a stark silence. I cannot reply to every email that hits my inbox, so those press releases and leads that are out of scope for my areas of coverage will not get a reply. Neither will those jumping on whatever big story has broken by sending me talking head comments that are a stretch, being kind. Oh, and did I mention offering me experts to talk about something I have just that week already covered is also a no-no for me. “Revisiting this one,” “bumping up in your inbox,” “just checking what you thought of this” emails will not make me cover something I had no interest in covering before.

But, someone who has taken the time to know who I am, what I write about, who my target audience is, will likely get my attention. Especially if the story/idea is fresh, the expert is an expert and not a marketing or sales manager, and even better if it’s embargoed or exclusive. The people who do that become valued sources who I will return to again and again. I value building relationships that are genuinely helpful to all rather than just one side, and by all I mean source, writer, *and* reader.

What’s the difference between a story that’s a good fit for the cybersecurity trade media vs one that would run in mainstream business publications?

See answer one, I guess. More than anything, cybersecurity trade readers will likely have more technical knowledge than your average mainstream business reader so are not scared by a technical story, quite the opposite in fact. I find trade wants interesting, challenging, and technical stories above all else.

What books would you recommend to people working in cybersecurity PR and marketing?

“Tribe of Hackers” by Marcus Carey is a must read as it is the quickest single way of getting into the cybersecurity professional mindset.

Other than that, I think that books might be the wrong media: Read the stories that are being written in the publications you want to be in, by the journalists you want to interest. Then read more of them, and keep reading them.