Category Archives: speeches and podcasts

FIR B2B #159: A tale of two newspapers

Posted on by
Reply

Paul Gillin and I are back with this episode after the recent events of the massive layoffs at the Washington Post and the LA Times, the shuttering of the Pittsburgh Post Gazette  and funding cuts at NPR. We describe the continuing train wreck of daily news there and contrast the Post’s approach with what has been going on at the New York Times digital property. The Times diversified its revenue stream beyond its core newsgathering with purchasing gaming, cooking, and sports-related content. Post’s owner Jeff Bezos didn’t diversify or even keep the news core. Part of the digital newspaper problem is that its ad revenue model is gone, as search traffic has dried up thanks to AI chatbots. Compounding this is that overall monthly visits to the Post’s website is down from 60M (in 2022) to 40M visits last year, and subscriptions are dropping too. We contrast the Post and the Times business models.

On our latest 17 min. podcast, we talk about some signs of success with subscriptions for smaller, more targeted sites, such as 404Media, which shows that a small group of independent journalists can keep quality high and report on significant stories. Also, individual creators (such as Mr. Beast and Mark Rober) can build a brand and attract significant audiences (Rober has more than 70M subscribers, for example) on YouTube and TikTok.

If you want to also listen to Marty Baron, former editorial director of the Post, here he is talking to Tim Miller about his thoughts on the decline of his former employer.

LinkedIn Live: Inside the threat hunt, turning signals into evidence

Posted on by
Reply

I recently moderated a live event (which has been recorded and can be accessed here, with registration), about how to do threat hunting using Corelight’s Investigator tool. My partner is Mark Overholser, who is their technical marketing engineer. Mark is an accomplished threat hunter and veteran of numerous Black Hat SOC tours of duty, so he has seen a lot of wonky circumstances go across his screens.

We talk about why being proactive is important in learning how to hone your investigations, how to use the MITRE ATT&CK foundation (shown above) and schema to hone your focus and guide your efforts.  (I wrote about the evolution of ATT&CK for CSO back in 2021 here), We also discuss how to drill down to suss out what is going on across your network. .

Corelight also has an excellent threat hunting guide that is keyed to the ATT&CK categories, with loads of suggestions to how you can leverage it to help in your hunts.

Podcast: with Sam Whitmore on offensive agentic AI tactics

Posted on by
1

This week I spoke to Sam Whitmore of MediaSurvey about two eports that came out this month, one from the Google Threat Intel group and one from Anthropic, the makers of Claude AI

The Google report says that “adversaries are no longer leveraging AI just for productivity gains, they are deploying novel AI-enabled malware in active operations. Malware threat groups are using LLMs during their execution to dynamically generate scripts on demand and hide their own code from detection.” They are also using social engineering pretexts to bypass security guardrails. That is pretty scary stuff.

The Anthropic report found ways that threat actors manipulate Claude Code to automate the orchestration of reconnaissance, vulnerability discovery, exploitation, lateral movement, credential harvesting, data analysis, and exfiltration operations largely autonomously. The researchers claim that this is the first documented attack without much human intervention or control at huge scale and showed how Claude agents were able to decompose these multiple attack stages into smaller parts. One small issue: the events depicted in this report happened about a year ago, using tools that now seem ancient given the rapid state of things in the AI world.

The key to the behavior chronicled in both reports was how AI assumed some pretty human role-play: the human operators claimed that they were employees of legitimate cybersecurity firms and convinced Claude that they were playing a capture-the-flag, a common white-hat technique.

Both reports show just how the bad guys can use agentic AI to be more effective at stealing data than any group of human operators. The challenge will be stopping these and even more advanced threats going forward.

Doing public relations in the lower literacy era: Sam Whitmore podcast

Posted on by
Reply

Literary rate is low, pubs still believe in words, and people don’t have the skill or patience or ability to concentrate and to read anymore. I talk with my long-time colleague and friend Sam Whitmore about how he thinks we are in the post-literacy era, (There is this Harvard study.)  I think the ability to analyze trends from the written word vs. a well-placed picture or video demo, what I call visual literacy. This 15-minute conversation talks about this perspective for PR agencies and their clients and how to craft multi-modal pitches in the modern era. We also discuss how AI-generated outage can shape and drive online advertising.

Sam Whitmore podcast: The presence of analytics in the online newsroom

Posted on by
Reply

I caught up with Sam Whitmore recently. Sam and I worked together at PC Week back in the 1980s. We had a ten minute discussion about the presence of analytics in the online newsroom, and their importance and utility to reporters and editors. The conversation came about after we both reviewed a presentation entitled, “Audience insights for the newsroom.” It was given at last year’s Online News Association annual conference by Tess Jeffers, who is the director of Newsroom Data and AI for the Wall Street Journal, and Fernanda Brackenrich, who is the US Audience Engagement editor for Financial Times.

 

Sam and I spoke about the role that analytics plays to help editors assign stories and shape coverage, comparing my decades of experience freelancing for dozens of publications. The ONA presentation is filled with helpful hints and suggested best practices, all in the name of improving content and increasing influence and reach within Tier 1 newsrooms.

This topic has long been an interest of mine. As I wrote back in 2014, for many years I dutifully kept track of how my blog posts were doing, who was commenting, where backlinks were coming from, and so forth. That post mentions how influence can be found in odd places, and can come from some long tail content that has been around for years, both things that Sam and I touched on during our talk.

This wasn’t the first time I have had a discussion about the relevance of analytics to publishing. Back in 2018, Paul Gillin and I did a podcast interview with Adam Jones with publisher Springer Nature. He spoke about the role of marketing analytics and how he creates stronger calls to action from these insights.

In 2012, I wrote about the work of two Boeing data analysts at a Gartner conference about various efforts using cloud computing and business intelligence projects. One of my insights from that era was to keep your data local and have consistent security controls, advice that is still relevant today (thanks DeepSeek).

Part of increasing the utility of data analytics is by using appropriate data visualization tools, such as data dashboards. The more patterns you can see graphically, the easier it is to glean something from the parade of numbers on the screen. I wrote about this topic back in 2015, reviewing several municipal applications.  During that era, I attended several Tableau user conferences (the company is now a part of Salesforce) where I learned of numerous analytics success stories.

PR people should get to know audience development and data analytics managers such as Jeffers and Brackenrich, because they have their fingers on the pulse of who is reading their pubs and posts.

As all my years writing about tech has taught me, the basics are still important, whether you are dealing with the first IBM PC or the latest AI whizbang model. If you can posit what can build engagement and gather interest, you are already ahead of the game when it comes to pitching a story that can resonate with the right audience.

Time to move away from Twitter

Posted on by
4

Yes, I know what it is now known as. When the Muskification began two years ago, I wrote that this was the beginning of its demise. I said then, “Troll Tweeting by your CEO is not a way to set corporate (or national) policy.” How true, even now.

Since then, I haven’t posted there. I still have my account, mainly because I don’t want anyone else with my name to grab it. But I have focused my efforts in content promotion over on LinkedIn. This week I give a more coherent reason why you might do the same and follow in the footsteps of The Guardian, who announced they are moving off the platform earlier this month. They said, “X now plays a diminished role in promoting our work.”

I got a chance to catch up with Sam Whitmore in this short video podcast. We discuss why PR pros should follow my example. Sam and I go way back nearly 40 years, when we both worked as reporters and editorial managers at PC Week (which has since been unsatisfactorily renamed too). Sam takes the position that PR folks need to stick with Twitter because of historical reasons, and because that is where they can get the best results of coverage by their clients and keep track of influential press people. I claim the site is a declining influence, and so toxic to anyone’s psyche, let alone their client’s brand equity.

In January 2023, I wrote a series of suggestions on Twitter’s future, including how hard it will be to do content moderation (well, hard if they actually did it, which they apparently don’t) and how little operational transparency the social media operators now have.

Since then, Twitter has become the platform of outrage. As my colleague Scott Fulton points out, this is different from encouraging engagement.  If I state a point of view on X, the only way I can expect my statements to be amplified is if they can be rebutted or maybe repudiated.” My colleague Tara Calishain pointed me to a post on The Scholarly Kitchen, where several of its contributors point out their own movements away from Twitter.

Is Sam or I right? You be the judge, and feel free to comment here or on LinkedIn if you’d like.

A new way to create podcasts using AI

Posted on by
2

I have been creating podcasts on and off — mostly off — since 2007, when Paul Gillin and I came up with the idea to talk to each other about war stories from the tech PR world. (You can listen to the very first pod here.) That series would eventually evolve into several different pods that Paul and I would do over the years, with the most recent episode here. In between these shows, I would freelance pods to various clients and publications such as eWeek and various IDG ones.

Dick and Jane: We LookI tell you this because today in the span of a few minutes, I managed to create some very credible podcasts out of previously just my written content, using a new Google tool called notebooklm.google.com. You upload your documents (PDFs or text files) and it converts them into two-host conversations that use some of it, along with using AI to bring in other information. The two “hosts” sound great: one is a male voice and the other a female voice. Call them Dick and Jane. The AI adds in almost the right amount of temporizing with “ums” and “likes” and back-and-forth byplay into the conversation. You can download the audio files here and hear it for yourself:

  • I wrote a handbook for CSOonline recently about AI security posture management. Here is the pod:
  • I also wrote an article for Internet Protocol Journal about the history of the Interop Shownet. Here is that pod:

I did almost no additional work to create these pods, other than search my own hard drive to find something that I wrote. Both of these samples are about ten minutes long. And while I wrote every word in both articles, the pods use examples that I never wrote (that were actually quite good) and bring in other information.) Using their ML routines to keep things more conversational works reasonably well and you almost believe that Dick and Jane are two live humans talking to each other about something that they “just read.” I could do with a few less inserted “likes” which seem to be the basic conversational building block of a certain generation. One thing that Google hasn’t coded into its system is to have the two hosts talk over each other, which I find annoying on other pods that have multiple human hosts.

Google’s tool is still very much in the experimental stage, but it is free to try out. In addition to creating podcasts, you can also query the content you upload just like any AI system, and it will also provide a summary and FAQs and other supporting things around your content. I would suggest that you don’t upload any private content however.

What does this mean for podcasters? Well, uh, things are going to get very interesting. While the Dick and Jane voices aren’t yet configurable, they are pleasant to listen to and seem 85% human. It also portends that my podcast business is probably dead in the water, not that I ever relied on it to produce any significant revenue. Given that I don’t cultivate any political outrage, or any outrage (other than from non-working tech or over-promised products), there was zero chance that my podcasting career would ever take off.

If you do produce some pods that you would like me to listen and compare to the original source materials, do drop a note in the comments.

Tech+Main podcast: The changing role of today’s CISOs

Posted on by
Reply

I spoke to Shaun St. Hill, host of the Tech&Main podcast, about the latest YL Ventures CISO Circuit Report. They have a very strong advisory panel of security professionals and annually poll them about industry trends, what their biggest organizational challenges are, and how they interact with their management and boards of directors to protect their companies.

You can listen to the 30 min. podcast here.