Maggie Miller, cybersecurity reporter at The Hill, has had her hands full this fall covering the twists and turns of election season. I’m grateful she also took the time to answer a few questions about what she looks for in a story.
Here’s Maggie on what got lost in reporting following election day, how best to support her as a source, and the trends and topics she’s most interested in right now.
Mike: What makes for a good security story?
Maggie: Working for The Hill means there is automatically more focus on Capitol Hill and the state of play of cybersecurity policy in the nation’s capital. I also have to keep in mind that The Hill reaches a wide array of readers, and that stories we put out tend to be those with a national interest. As a result, when I’m thinking about whether to write a story, I am always thinking about how it could relate back to the federal government, and the wider impact of the security story on the American public. Because of this, examples of issues I may be more likely to focus on are a major data breach of a well-known company or outcomes from a congressional hearing on cybersecurity policies.
What major cybersecurity trends or stories are you interested in right now?
I have been heavily focused for the past few months on the issue of election security, which has been increasingly in the spotlight with so much discussion this year around election integrity and the overall process. While that remains a focus, I have also been digging into various cybersecurity objections of the incoming Biden/Harris administration, cyberattacks on hospitals and other health sector groups during the COVID-19 pandemic, and most recently the impact of federal leadership changes on national security.
What do you think was the most overlooked or underappreciated election security story this year?
What I think was lost in the confusion following Election Day is how secure the 2020 elections actually were. After Russian efforts to interfere in 2016, election officials at all levels of government, along with social media platforms and other election stakeholders, were forced to reevaluate security, and come together to protect the voting process with much tighter coordination. While we did see a longer time period until winners were declared this year, the fact that there were very few cybersecurity issues on Election Day speaks volumes to the huge amount of work done to bolster election security over the past four years.
Now that the election’s over, what cybersecurity stories in business, government and politics will get more attention?
The Trump administration zeroed in heavily on potential technological threats from China, and under the Biden administration, I do not see that focus diminishing, although certain policies may change. I think ongoing issues such as concerns over Section 230 will also remain, along with a greater focus on the impacts of ransomware attacks, which have become so pernicious over the past two years.
What separates the most helpful sources from the least helpful sources?
Well, as a journalist that is often on tight deadlines, it’s always fantastic when sources are able to connect quickly and give concise but detailed insight for a story. Cybersecurity can be one of the more complex beats to cover, and so it’s also wonderful when a source is able to explain an issue in a way that most readers can understand and also find informative.
What’s the difference between a story that’s a good fit for the cybersecurity trade media vs one that would run in a major business or policy focused publication, like The Hill?
The main difference comes down to the audience. Stories for The Hill are read by a wide variety of people around the world who have various levels of interest and expertise in cybersecurity, whereas stories running in a trade publication like Inside Cybersecurity, my previous employer, are often read by those who work in the cybersecurity policy space and are looking for a much more detailed take on issues. Therefore, a story has to have a much larger impact to work for The Hill, and be of interest to a wider audience. I used to write heavily about the cyber regulation process for a variety of sectors, whereas that kind of story often does not work for a publication like The Hill.
What books/podcasts/other resources would you recommend to people working in cybersecurity PR and marketing?
In terms of material to better understand the cybersecurity policy space at the federal level, it’s a few years old, but one of my favorite cyber-related books is “Dawn of the Code War” by John Carlin and Garrett Graff. It gives a great rundown of the international cybersecurity threat, and the lead-up to where we are under the Trump administration.